You can install TeamForge with its database installed separately on an external PostgreSQL server such as AWS RDS/Aurora.

You can install TeamForge with its database installed separately on an external PostgreSQL server such as AWS RDS/Aurora. These instructions are for installing TeamForge in a three-server distributed setup with TeamForge and EventQ on two separate servers. All database services are hosted on a third server, which is an external PostgreSQL server not directly managed by TeamForge.

You can install TeamForge on both RHEL/CentOS 7.4 and 6.9.

In this distributed setup, TeamForge services are distributed across three servers, server-01 through server-03 as illustrated in the following table. It is assumed that server-03 is an externally managed PostgreSQL server.

server-01 server-02 server-03
TeamForge Application Server EventQ Server External Database Server
ctfcore eventq gerrit-database
mail mongodb reviewboard-database
search redis binary-database
codesearch rabbitmq ctfcore-database
etl   ctfcore-datamart
gerrit    
reviewboard    
reviewboard-adapter1    
subversion    
cvs    
binary    
cliserver    

Dos and Don’ts

Here’s a list of dos, don’ts and points to remember when you install or upgrade TeamForge.

Dos

  • Understand TeamForge installation requirements and plan your installation or upgrade.
  • Get your TeamForge license key and keep it handy.
  • Verify your basic networking setup before installing or upgrading TeamForge. See Set Up Networking for TeamForge.
  • Look for new or modified site-options.conf tokens and update your site-options.conf file as required during the upgrade process. See Site Options Change Log.
  • Set up a TeamForge Stage Server before you upgrade your Production Server.
  • Stop TeamForge services on all servers in a distributed setup while upgrading to TeamForge 18.1.
  • Uninstall hot fixes and add-ons, if any, before you start the TeamForge 18.1 upgrade procedure.
  • TeamForge 18.1 supports Java 9. As a result of changes to the logging framework in Java 9, the PrintGCDetails and PrintGCTimeStamps logging options are no longer supported. Remove these options from the following tokens while upgrading to TeamForge 18.1 or later.

    • JBOSS_JAVA_OPTS
    • PHOENIX_JAVA_OPTS
    • INTEGRATION_JAVA_OPTS
    • ETL_JAVA_OPTS
    • ELASTICSEARCH_JAVA_OPTS

    TeamForge provision fails on sites that use these options post TeamForge 18.1 upgrade.

Don'ts

  • Do not customize your operating system installation. Select only the default packages list.
  • While upgrading TeamForge, whether in place or on new hardware, always reuse the old site-options.conf file and make changes as necessary. Do not try to start with a new site-options.conf file. Reusing the old site-options.conf avoids many potential problems, particularly around the management of usernames and passwords.
  • Do not manually modify TeamForge-managed site option tokens such as the AUTO_DATA token. See AUTO_DATA for more information.
  • If you are creating symlinks, note that you must create symlinks only to the TeamForge data directory (/opt/collabnet/teamforge/var). You should not create symlinks to TeamForge application directories (such as /opt/collabnet).

Points to Remember

  • Installing or upgrading TeamForge needs root privileges. You must log on as root or use a root shell to install or upgrade TeamForge.
  • SSL is enabled by default and a self-signed certificate is auto-generated. However, you can use a few site-options.conf tokens to adjust this behavior. To generate the SSL certificates, see Generate SSL Certificates.
  • For the ETL service to run as expected in a distributed TeamForge installation, all servers must have the same time zone.
  • If you have Git integration on a separate server, both TeamForge and Git servers must have their time and date synchronized.
  • While you can run both EventQ and TeamForge on the same server, CollabNet recommends such an approach only for testing purposes. It’s always recommended to run EventQ on a separate server for optimal scalability.
  • No backup is required for same hardware upgrades. However, you can create a backup as a measure of caution. See Back up and Restore TeamForge for more information.
  • Always use compatible JDBC drivers meant for specific database versions. See JDBC Drivers Reference for more information. Also see: Why do ETL jobs fail post TeamForge upgrade?.
  • You can run the initial load job any time after the installation of TeamForge. We recommend that you run it before you hand over the site to the users. For more information, see ETL Initial Load Jobs.
  • SOAP50 APIs and event handlers are no longer supported in TeamForge 16.10 and later. Use the latest TeamForge SOAP/REST APIs.
  • TeamForge 18.1 installer expects the system locale to be LANG=en_US.UTF-8. TeamForge create runtime (teamforge provision) fails otherwise.
  • Installing TeamForge with service-specific FQDNs (instead of machine-specific host/domain names) is highly recommended so that you will be able to change the system landscape at a later point in time without having any impact on the URLs (in other words, end users do not have to notice or change anything). For example, you can create FQDNs specifically for services such as Subversion, Git, mail, Codesearch and so on. For more information, see Service-specific FQDNs.
  • All such service-specific FQDNs must be long to a single sub domain and it is recommended to create a new sub domain for TeamForge.
  • If you are using service-specific FQDNs
    • A wildcard SSL cert is required. SNI SSL cert cannot be used.
    • When SSL is enabled and no custom SSL certificates are provided, a self-signed wildcard cert is generated for the sub domain.
    • When SSL is enabled and a custom SSL certificate is provided, the CN of the certificate is verified to be a wildcard CN.
  • You cannot have a separate PUBLIC_FQDN for EventQ.
  • The ability to run separate PostgreSQL instances for TeamForge database and datamart on the same server is being deprecated in TeamForge 17.11. If you have TeamForge database and datamart on separate PostgreSQL instances on the same server and if you are upgrading on a new hardware, you must Create a Single Cluster for Both Database and Datamart while upgrading to TeamForge 18.1 or later.

Prepare the Servers for TeamForge Installation (server-01 and server-02)

  1. Install RHEL/CentOS 7.4 and log on as root.

    The host must be registered with the Red Hat Network if you are using Red Hat Enterprise Linux.

    See the RHEL 7.4 Installation Guide for help.
  2. Check your networking setup. See Set up Networking for more information.

  3. TeamForge Installation Repository Configuration for Sites with Internet Access

    1. Contact the CollabNet Support and download the TeamForge 18.1 installation repository package to /tmp.
    2. Install the repository package.
      yum install -y /tmp/collabnet-teamforge-repo-18.1-0-noarch.rpm
      
    3. Refresh your repository cache.
      yum clean all
      

    TeamForge Installation Repository Configuration for Sites without Internet Access

    1. Contact the CollabNet Support to get the auxiliary installer package for TeamForge 18.1 disconnected installation and save it in /tmp.
      • RHEL/CentOS 7.4 64 bit: CTF-Disconnected-media-18.1.446-1261.rhel7.x86_64.rpm
      • In addition to the above CentOS 7.4 64 bit RPM package, you must get the following CentOS 7.4 compatibility RPM, which is required for TeamForge 18.1 disconnected media installation on CentOS 7.4 profile: compat-ctf-dc-media-1.0-1.el7.centos.noarch.rpm.
    2. Unpack the disconnected installation package.
      rpm -ivh <package-name>
      
    3. Unpack the compat-ctf-dc-media-1.0-1.el7.centos.noarch.rpm package if you are installing TeamForge 18.1 on CentOS 7.4.
      rpm -ivh compat-ctf-dc-media-1.0-1.el7.centos.noarch.rpm
      
    4. If not mounted already, mount the RHEL/CentOS installation DVD.

      The DVD contains the necessary software and utilities required for installing TeamForge without internet access. In the following commands, replace “cdrom” with the identifier for your server’s CD/DVD drive, if necessary.

      cd /media/
      mkdir cdrom
      mount /dev/cdrom ./cdrom/
      

      If there are any spaces in the automount, unmount it first and mount it as a filepath, with no spaces.

    5. Create a yum configuration file that points to the RHEL/CentOS installation DVD.
      vi /etc/yum.repos.d/cdrom.repo
      

      Here’s a sample yum configuration file.

      [RHEL-CDROM]
      name=RHEL CDRom 			
      baseurl=file:///media/cdrom/Server/
      gpgfile=file:///media/cdrom/RPM-GPG-KEY-redhat-release 
      enabled=1
      gpgcheck=0
      
    6. Verify your yum configuration files.
      yum list httpd
      yum list apr
      

Install TeamForge Services

  1. Install TeamForge and Review Board services on the TeamForge Application Server (server-01)
    yum install teamforge
    
  2. Install EventQ services on the EventQ Server (server-02)
    yum install teamforge-eventq
    

Prepare the External Database Server for TeamForge Installation

  1. Log on to the Database Server and create the TeamForge database, datamart, Gerrit database, Binary database and Review Board database. Note down the following credentials that are required to set up the TeamForge site-options.conf tokens later in the process.

    • Database name (DATABASE_NAME)
    • Database username (DATABASE_USERNAME)
    • Database password (DATABASE_PASSWORD)
    • Database read-only username (DATABASE_READ_ONLY_USER)
    • Database read-only password (DATABASE_READ_ONLY_PASSWORD)
    • Reports database name (REPORTS_DATABASE_NAME)
    • Reports database username (REPORTS_DATABASE_USERNAME)
    • Reports database password (REPORTS_DATABASE_PASSWORD)
    • Reports database read-only username (REPORTS_DATABASE_READ_ONLY_USER)
    • Reports database read-only password (REPORTS_DATABASE_READ_ONLY_PASSWORD)
    • Gerrit database password (GERRIT_DATABASE_PASSWORD)
    • IAF database name (IAF_DBNAME)
    • IAF database username (IAF_DBUSER)
    • IAF database password (IAF_DBPASS)
    • Review Board database name (REVIEWBOARD_DATABASE_NAME)
    • Review Board database username (REVIEWBOARD_DATABASE_USER)
    • Review Board database password (REVIEWBOARD_DATABASE_PASSWORD)
  2. Create users and grant access rights.
    • Access rights for read-only users: LOGIN,NOCREATEDB,NOCREATEROLE,NOSUPERUSER
    • Access rights for other users: LOGIN,CREATEDB,NOCREATEROLE,NOSUPERUSER
  3. TeamForge Installation Repository Configuration for Sites with Internet Access

    1. Contact the CollabNet Support and download the TeamForge 18.1 installation repository package to /tmp.
    2. Install the repository package.
      yum install -y /tmp/collabnet-teamforge-repo-18.1-0-noarch.rpm
      
    3. Refresh your repository cache.
      yum clean all
      

    TeamForge Installation Repository Configuration for Sites without Internet Access

    1. Contact the CollabNet Support to get the auxiliary installer package for TeamForge 18.1 disconnected installation and save it in /tmp.
      • RHEL/CentOS 7.4 64 bit: CTF-Disconnected-media-18.1.446-1261.rhel7.x86_64.rpm
      • In addition to the above CentOS 7.4 64 bit RPM package, you must get the following CentOS 7.4 compatibility RPM, which is required for TeamForge 18.1 disconnected media installation on CentOS 7.4 profile: compat-ctf-dc-media-1.0-1.el7.centos.noarch.rpm.
    2. Unpack the disconnected installation package.
      rpm -ivh <package-name>
      
    3. Unpack the compat-ctf-dc-media-1.0-1.el7.centos.noarch.rpm package if you are installing TeamForge 18.1 on CentOS 7.4.
      rpm -ivh compat-ctf-dc-media-1.0-1.el7.centos.noarch.rpm
      
    4. If not mounted already, mount the RHEL/CentOS installation DVD.

      The DVD contains the necessary software and utilities required for installing TeamForge without internet access. In the following commands, replace “cdrom” with the identifier for your server’s CD/DVD drive, if necessary.

      cd /media/
      mkdir cdrom
      mount /dev/cdrom ./cdrom/
      

      If there are any spaces in the automount, unmount it first and mount it as a filepath, with no spaces.

    5. Create a yum configuration file that points to the RHEL/CentOS installation DVD.
      vi /etc/yum.repos.d/cdrom.repo
      

      Here’s a sample yum configuration file.

      [RHEL-CDROM]
      name=RHEL CDRom 			
      baseurl=file:///media/cdrom/Server/
      gpgfile=file:///media/cdrom/RPM-GPG-KEY-redhat-release 
      enabled=1
      gpgcheck=0
      
    6. Verify your yum configuration files.
      yum list httpd
      yum list apr
      
  4. Install TeamForge database services on the External PostgreSQL Server (server-03)
    yum install teamforge
    

Set up Your Site’s Master Configuration File

  1. Do this on the TeamForge Application Server (server-01).
    vi /opt/collabnet/teamforge/etc/site-options.conf
    

    host:SERVICES Token

    server-01:SERVICES=ctfcore mail etl search subversion cvs codesearch cliserver gerrit binary reviewboard reviewboard-adapter
    server-02:SERVICES=eventq mongodb redis rabbitmq
    server-03:SERVICES=tfcore-database ctfcore-datamart gerrit-database  binary-database reviewboard-database
    

    host:PUBLIC_FQDN Token

    server-01:PUBLIC_FQDN=my.app.domain.com
    

    Set up the Following Site Option Tokens

    • DATABASE_NAME=
    • DATABASE_USERNAME=
    • DATABASE_PASSWORD=
    • DATABASE_READ_ONLY_USER=
    • DATABASE_READ_ONLY_PASSWORD=
    • REPORTS_DATABASE_NAME=
    • REPORTS_DATABASE_USERNAME=
    • REPORTS_DATABASE_PASSWORD=
    • REPORTS_DATABASE_READ_ONLY_USER=
    • REPORTS_DATABASE_READ_ONLY_PASSWORD=
    • GERRIT_DATABASE_PASSWORD=
    • IAF_DBNAME=
    • IAF_DBUSER=
    • IAF_DBPASS=
    • REVIEWBOARD_DATABASE_NAME=
    • REVIEWBOARD_DATABASE_USER=
    • REVIEWBOARD_DATABASE_PASSWORD=

    Save the site-options.conf file.

    For further customization of your site configuration (SSL settings, password policy settings, PostgreSQL settings, LDAP settings and so on):

    SSL Tokens

    SSL is enabled by default and a self-signed certificate is auto-generated. Use the following tokens to adjust this behavior.

    SSL_CERT_FILE=
    SSL_KEY_FILE=
    SSL_CHAIN_FILE=
    
    • To generate the SSL certificates, see Generate SSL certificates.
    • Have the custom SSL certificate and private key for custom SSL certificate in place and provide their absolute paths in these tokens. SSL_CHAIN_FILE (intermediate certificate) is optional.

    Password Tokens

    Prevent Cross-site Scripting

    An attacker could potentially upload an HTML page to TeamForge that contains active code, such as JavaScript. This active code would then be executed by clients’ browsers when they view the page, which can harm the system.

    To prevent an attack of this sort, you can specify whether or not HTML code is displayed in TeamForge. This flag applies to all documents, tracker, task, and forum attachments, and files in the file release system.

    Set the SAFE_DOWNLOAD_MODE token according to your requirements. For more information, see SAFE_DOWNLOAD_MODE.

    PostgreSQL Tokens and Settings

    Make sure the PostgreSQL tokens in the site-options.conf file are set as recommended in the following topic: What are the right PostgreSQL settings for my site?

    Save the site-options.conf file.

  2. Copy the /opt/collabnet/teamforge/etc/site-options.conf file from the TeamForge Application Server to the /opt/collabnet/teamforge/etc/ directory of all other servers.

Provision Services on All the Servers

  1. Provision services.
    teamforge provision
    
    TeamForge 18.1 installer expects the system locale to be LANG=en_US.UTF-8. TeamForge create runtime (teamforge provision) fails otherwise.

You must provision services in a particluar sequence. Usually you start with the Database Server, followed by the Application Server and then by other servers such as the EventQ server.

The TeamForge installer derives this sequence from your site-options.conf file and shows you the order of provisioning servers when you try to provision one of the distributed servers. Follow the exact sequence as instructed.

  1. Provision the Database Server (server-03)
  2. Provision the Application Server (server-01)
  3. Provision the EventQ Server (server-02)

Verify TeamForge Installation

  1. Verify TeamForge installation.
    1. Reboot the server and make sure all services come up automatically at startup.
    2. Log on to the TeamForge web application using the default Admin credentials.
      • Username: admin
      • Password: admin
    3. Create a sample project. See Create a TeamForge Project.
    4. Write a welcome message to your site’s users. See Create a Site-wide Broadcast.

Post Install Tasks


  1. reviewboard-adapter must always be installed on the TeamForge Application Server.