Install TeamForge in a Distributed Setup

Distributed setup with TeamForge, Database (including Datamart), EventQ, Review Board, SCM (Subversion, CVS and Git), Code Search and Baseline installed on separate servers.

In this distributed setup, TeamForge services are distributed across seven servers, server-01 through server-07 as illustrated in the following table.

You can install TeamForge on both RHEL/CentOS 7.6 and 6.10. In this distributed setup, all the following services are installed on RHEL/CentOS 7.6 servers.

server-01	server-02	server-03	server-04	server-05	server-06	server-07
TeamForge Application Server	TeamForge Database Server	EventQ Server	Review Board Server	SCM Server	Code Search Server	Baseline Server
ctfcore	ctfcore-database	eventq	reviewboard	subversion	codesearch	baseline¹
mail	ctfcore-datamart	rabbitmq		cvs		baseline-post-install²
etl	gerrit-database	mongodb		gerrit		baseline-database
search	binary-database	redis
reviewboard-adapter³	reviewboard-database
binary	webr-database
cliserver
webr⁴

Note: EventQ is not installed by default when you install TeamForge 19.0 or later. However, you can install EventQ seprately, if required. EventQ installation instructions are included in this topic, which you can ignore if EventQ is not required for you.

Dos and Don’ts

Here’s a list of dos, don’ts and points to remember when you install or upgrade TeamForge.

Dos

Understand TeamForge installation requirements and plan your installation or upgrade.
Get your TeamForge license key and keep it handy.
Verify your basic networking setup before installing or upgrading TeamForge. See Set Up Networking for TeamForge.
Look for new or modified site-options.conf tokens and update your site-options.conf file as required during the upgrade process. See Site Options Change Log.
Set up a TeamForge Stage Server before you upgrade your Production Server.
Stop TeamForge services on all servers in a distributed setup while upgrading to TeamForge 19.2.
Uninstall hot fixes and add-ons, if any, before you start the TeamForge 19.2 upgrade procedure.
As a result of changes to the logging framework in Java 9, the PrintGCDetails and PrintGCTimeStamps logging options are no longer supported. Remove these options from the following tokens while upgrading to TeamForge 18.1 or later. TeamForge provision fails otherwise.
- JBOSS_JAVA_OPTS
- PHOENIX_JAVA_OPTS
- INTEGRATION_JAVA_OPTS
- ETL_JAVA_OPTS
- ELASTICSEARCH_JAVA_OPTS
TeamForge 16.10 and earlier versions use Oracle JDK. As TeamForge 19.2 and later use OpenJDK, the TeamForge installer checks if Oracle JDK is present when you upgrade to TeamForge 19.2 or later—and if found—would error out when you provision TeamForge. You must uninstall Oracle JDK and proceed.

Run the following command to uninstall Oracle JDK:
```
rpm -e jdk1.8.0_74-1.8.0_74-fcs.x86_64
```

Don'ts

Do not customize your operating system installation. Select only the default packages list.
While upgrading TeamForge, whether in place or on new hardware, always reuse the old site-options.conf file and make changes as necessary. Do not try to start with a new site-options.conf file. Reusing the old site-options.conf avoids many potential problems, particularly around the management of usernames and passwords.
Do not manually modify TeamForge-managed site option tokens such as the AUTO_DATA token. See AUTO_DATA for more information.
If you are creating symlinks, note that you must create symlinks only to the TeamForge data directory (/opt/collabnet/teamforge/var). You should not create symlinks to TeamForge application directories (such as /opt/collabnet).

Points to Remember

Installing or upgrading TeamForge needs root privileges. You must log on as root or use a root shell to install or upgrade TeamForge.
SSL is enabled by default and a self-signed certificate is auto-generated. However, you can use a few site-options.conf tokens to adjust this behavior. To generate the SSL certificates, see Generate SSL Certificates.
For the ETL service to run as expected in a distributed TeamForge installation, all servers must have the same time zone.
If you have Git integration on a separate server, both TeamForge and Git servers must have their time and date synchronized. Similarly, if Subversion is on a separate server, both TeamForge and Subversion servers must have their time and date synchronized.
While you can run both EventQ and TeamForge on the same server, CollabNet recommends such an approach only for testing purposes. It’s always recommended to run EventQ on a separate server for optimal scalability.
It’s highly recommended that you install the TeamForge Baseline services on a separate server as the baselining process can consume considerable CPU and database resources. For more information, see Install TeamForge in a Distributed Setup.
No backup is required for same hardware upgrades. However, you can create a backup as a measure of caution. See Back up and Restore TeamForge for more information.
Always use compatible JDBC drivers meant for specific database versions. See JDBC Drivers Reference for more information. Also see: Why do ETL jobs fail post TeamForge upgrade?
You can run the initial load job any time after the installation of TeamForge. We recommend that you run it before you hand over the site to the users. For more information, see ETL Initial Load Jobs.
SOAP50 APIs and event handlers are no longer supported in TeamForge 16.10 and later. Use the latest TeamForge SOAP/REST APIs.
TeamForge 19.2 installer expects the system locale to be LANG=en_US.UTF-8. TeamForge create runtime (teamforge provision) fails otherwise.
Installing TeamForge with service-specific FQDNs (instead of machine-specific host/domain names) is highly recommended so that you will be able to change the system landscape at a later point in time without having any impact on the URLs (in other words, end users do not have to notice or change anything). For example, you can create FQDNs specifically for services such as Subversion, Git, mail, Codesearch and so on. For more information, see Service-specific FQDNs.
All such service-specific FQDNs must belong to a single sub domain and it is recommended to create a new sub domain for TeamForge.
If you are using service-specific FQDNs
- A wildcard SSL cert is required. SNI SSL cert cannot be used.
- When SSL is enabled and no custom SSL certificates are provided, a self-signed wildcard cert is generated for the sub domain.
- When SSL is enabled and a custom SSL certificate is provided, the CN of the certificate is verified to be a wildcard CN.
You cannot have a separate PUBLIC_FQDN for EventQ.
The ability to run separate PostgreSQL instances for TeamForge database and datamart on the same server is being deprecated in TeamForge 17.11. If you have TeamForge database and datamart on separate PostgreSQL instances on the same server and if you are upgrading on a new hardware, you must Create a Single Cluster for Both Database and Datamart while upgrading to TeamForge 17.11 or later.
While upgrading TeamForge-Git integration servers, it is important that Git master and slave servers are upgraded to the same version of TeamForge-Git integration. On sites with Git Replica Servers, you must upgrade the Git Replica Servers first and then upgrade the master Git servers.
EventQ is not installed by default when you install TeamForge 19.0 or later. However, you can install EventQ separately, if required. EventQ installation instructions are included in the TeamForge installation/upgrade instructions, which you can ignore if EventQ is not required for you.
You must have adequate disk space (proportionate to your site’s data volume) to ensure a successful historical data migration while upgrading from TeamForge 17.1 or earlier to TeamForge 19.2. You can reclaim the additional disk space after the first successful ETL incremental run, if required.

Prepare the Servers for TeamForge Installation (server-01 through server-07)

Install RHEL/CentOS 7.6 and log on as root.

The host must be registered with the Red Hat Network if you are using Red Hat Enterprise Linux.

See the RHEL 7.6 Installation Guide for help.
Check your networking setup. See Set up Networking for more information.
TeamForge Installation Repository Configuration for Sites with Internet Access
1. Contact the CollabNet Support and download the TeamForge 19.2 installation repository package to /tmp.
2. Install the repository package.
  yum install -y /tmp/collabnet-teamforge-repo-19.2-0-noarch.rpm
3. Refresh your repository cache.
  yum clean all
TeamForge Installation Repository Configuration for Sites without Internet Access
1. Contact the CollabNet Support to get the auxiliary installer package for TeamForge 19.2 disconnected installation and save it in /tmp.
  - RHEL/CentOS 7.6 64 bit: CTF-Disconnected-media-19.2.443-622.rhel7.x86_64.rpm
  - In addition to the above CentOS 7.6 64 bit RPM package, you must get the following CentOS 7.6 compatibility RPM, which is required for TeamForge 19.2 disconnected media installation on CentOS 7.6 profile: compat-ctf-dc-media-1.2-1.el7.noarch.rpm.
2. Unpack the disconnected installation package.
  rpm -ivh <package-name>
3. Unpack the compat-ctf-dc-media-1.2-1.el7.noarch.rpm package if you are installing TeamForge 19.2 on CentOS 7.6.
  rpm -ivh compat-ctf-dc-media-1.2-1.el7.noarch.rpm
4. If you are installing TeamForge 19.2 on RHEL/CentOS 6.10, contact the CollabNet Support to get the python-modules-sources-el6.zip file and unzip it to /opt/collabnet/teamforge/service/reviewboard/resources/SOURCES/python-modules-sources.
  unzip python-modules-sources-el6.zip -d /opt/collabnet/teamforge/service/reviewboard/resources/SOURCES/python-modules-sources
  If you are installing TeamForge 19.2 on RHEL/CentOS 7.6, contact the CollabNet Support to get the python-modules-sources-el7.zip file and unzip it to /opt/collabnet/teamforge/service/reviewboard/resources/SOURCES/python-modules-sources.
  unzip python-modules-sources-el7.zip -d /opt/collabnet/teamforge/service/reviewboard/resources/SOURCES/python-modules-sources
5. If not mounted already, mount the RHEL/CentOS installation DVD.
  
  The DVD contains the necessary software and utilities required for installing TeamForge without internet access. In the following commands, replace “cdrom” with the identifier for your server’s CD/DVD drive, if necessary.
  cd /media/ mkdir cdrom mount /dev/cdrom ./cdrom/
  If there are any spaces in the automount, unmount it first and mount it as a filepath, with no spaces.
6. Create a yum configuration file that points to the RHEL/CentOS installation DVD.
  vi /etc/yum.repos.d/cdrom.repo
  Here’s a sample yum configuration file.
  [RHEL-CDROM] name=RHEL CDRom baseurl=file:///media/cdrom/Server/ gpgfile=file:///media/cdrom/RPM-GPG-KEY-redhat-release enabled=1 gpgcheck=0
7. Verify your yum configuration files.
  yum list httpd yum list apr

Install TeamForge Services

Install the TeamForge application packages on the TeamForge Application Server (server-01).
```
yum install teamforge
```
Install these packages on the TeamForge Application Server (server-01), if you are installing EventQ on a separate server.
```
yum install teamforge-eventq (run this command only on RHEL/CentOS 6.x)
yum install CN-eventq CN-eventq-runtime CN-mongodb CN-rabbitmq
```
Install the Baseline packages on the TeamForge Application Server (server-01) if you are installing TeamForge Baseline.
```
yum install teamforge-baseline
```
Install the TeamForge Webhooks-based Event Broker packages on the TeamForge Application Server (server-01) if you are installing TeamForge Baseline.
```
yum install teamforge-webr
```
Install TeamForge database packages on the TeamForge Database Server (server-02).
```
yum install teamforge
```
Install the Baseline packages on the TeamForge Database Server (server-02) if you are installing TeamForge Baseline.
```
yum install teamforge-baseline
```
Install the TeamForge Webhooks-based Event Broker packages on the TeamForge Database Server (server-02) if you are installing TeamForge Baseline.
```
yum install teamforge-webr
```

Install the EventQ packages on the EventQ Server (server-03).

yum install teamforge-eventq (run this command only on RHEL/CentOS 6.x)
yum install CN-eventq CN-eventq-runtime CN-mongodb CN-rabbitmq

Install Review Board packages on the Review Board Server (server-04).
Before You Begin
If you are installing TeamForge 19.2 on RHEL/CentOS 6.10, contact CollabNet Support to get the python-modules-sources-el6.zip file and unzip it to /opt/collabnet/teamforge/service/reviewboard/resources/SOURCES/python-modules-sources.
unzip python-modules-sources-el6.zip -d /opt/collabnet/teamforge/service/reviewboard/resources/SOURCES/python-modules-sources
```
yum install teamforge
```
Install SCM packages on the SCM Server (server-05).
```
yum install teamforge-scm teamforge-git
```
Install the Code Search packages on the Code Search Server (server-06).
```
yum install teamforge-codesearch
```
Install the Baseline packages on the Baseline Server (server-07).
```
yum install teamforge-baseline
```

Set up Your Site’s Master Configuration File

Do this on the TeamForge Database Server (server-02).
```
vi /opt/collabnet/teamforge/etc/site-options.conf
```
host:SERVICES Token
```
server-01:SERVICES=ctfcore search mail etl binary reviewboard-adapter cliserver webr 
server-02:SERVICES=ctfcore-database ctfcore-datamart gerrit-database binary-database reviewboard-database webr-database
server-03:SERVICES=eventq rabbitmq mongodb redis
server-04:SERVICES=reviewboard
server-05:SERVICES=subversion cvs gerrit
server-06:SERVICES=codesearch
server-07:SERVICES=baseline baseline-post-install baseline-database
```
host:PUBLIC_FQDN Token
```
server-01:PUBLIC_FQDN=my.app.domain.com
```
Note: You cannot have a separate PUBLIC_FQDN for EventQ.

Save the site-options.conf file.

For further customization of your site configuration (SSL settings, password policy settings, PostgreSQL settings, LDAP settings and so on):
SSL Tokens

SSL is enabled by default and a self-signed certificate is auto-generated. Use the following tokens to adjust this behavior.

Note: TeamForge runs only with SSL from TeamForge 19.2. Hence the site-options.conf token option SSL=off is not supported any more. TeamForge provision fails and throws an error, if SSL is set to off.
SSL_CERT_FILE= SSL_KEY_FILE= SSL_CHAIN_FILE=
- To generate the SSL certificates, see Generate SSL certificates.
- Have the custom SSL certificate and private key for custom SSL certificate in place and provide their absolute paths in these tokens. SSL_CHAIN_FILE (intermediate certificate) is optional.
- You can also encrypt the data traffic between the application and database servers and between the ETL and datamart servers in a distributed setup. Use the [DATABASE_SSL][siteoptiontokens.html#DATABASE_SSL] token to do that. See Encrypt Database Network Traffic.
Password Tokens
- TeamForge 7.1 and later support automatic password creation. See AUTO_DATA for more information.
- Set the REQUIRE_PASSWORD_SECURITY token to true to enforce password security policy for the site.
  
  If the token REQUIRE_PASSWORD_SECURITY is enabled, then set a value for the token, PASSWORD_CONTROL_EFFECTIVE_DATE.
  
  Warning: The Password Control Kit (PCK) disables, deletes or expires user accounts that don’t meet the password security requirements starting from the date set for the PASSWORD_CONTROL_EFFECTIVE_DATE token. If a date is not set, the PCK disables, deletes or expires user accounts immediately. See PASSWORD_CONTROL_EFFECTIVE_DATE for more information.
  
  You can also set the following tokens to enforce a more stricter password policy:
- If the token REQUIRE_RANDOM_ADMIN_PASSWORD is already set to true, then set the token ADMIN_EMAIL with a valid email address.
  ADMIN_EMAIL=root@{__APPLICATION_HOST__}
- If you have LDAP set up for external authentication, you must set the REQUIRE_USER_PASSWORD_CHANGE site options token to false.
Prevent Cross-site Scripting

An attacker could potentially upload an HTML page to TeamForge that contains active code, such as JavaScript. This active code would then be executed by clients’ browsers when they view the page, which can harm the system.

To prevent an attack of this sort, you can specify whether or not HTML code is displayed in TeamForge. This flag applies to all documents, tracker, task, and forum attachments, and files in the file release system.

Set the SAFE_DOWNLOAD_MODE token according to your requirements. For more information, see SAFE_DOWNLOAD_MODE.

PostgreSQL Tokens and Settings

Make sure the PostgreSQL tokens in the site-options.conf file are set as recommended in the following topic: What are the right PostgreSQL settings for my site?

Save the site-options.conf file.
Provision the Database Server (server-02).
```
teamforge provision
```
Copy the /opt/collabnet/teamforge/etc/site-options.conf file from the TeamForge Database Server (server-02) to the /opt/collabnet/teamforge/etc/ directory of all other servers.

Provision Services on All the Servers

Provision services.
```
teamforge provision
```
TeamForge 19.2 installer expects the system locale to be LANG=en_US.UTF-8. TeamForge create runtime (teamforge provision) fails otherwise.

You must provision services in a particluar sequence. Usually you start with the Database Server, followed by the Application Server and then by other servers such as SCM, Review Board, EventQ and Code Search servers.

The TeamForge installer derives this sequence from your site-options.conf file and shows you the order of provisioning servers when you try to provision one of the distributed servers. Follow the exact sequence as instructed.

Provisioning Sequence without Baseline

Provision the Application Server (server-01).
Provision the SCM server (server-05).
Provision the EventQ Server (server-03).
Provision the Review Board Server (server-04).
Provision the Code Search Server (server-06).

Provisioning Sequence with Baseline

Provision the Application Server (server-01).
Provision the Baseline Server (server-07).
Copy the /opt/collabnet/teamforge/etc/site-options.conf file from the TeamForge Baseline Server (server-07) to the /opt/collabnet/teamforge/etc/ directory of all other servers.
Provision the Database Server (server-02) again.
Provision the Application Server (server-01) again.
Provision the SCM server (server-05).
Provision the EventQ Server (server-03).
Provision the Review Board Server (server-04).
Provision the Code Search Server (server-06).

Reinitialize TeamForge

Reinitialize TeamForge on the Review Board Server.
```
teamforge reinitialize
```
During teamforge provision, the Register SCM integration process fails on sites that use self-signed certificates. Perform these steps in such cases.
1. Restart JBoss on the TeamForge Application Server.
```
teamforge restart -s jboss
```
2. Reinitialize TeamForge on the SCM Server.
```
teamforge reinitialize
```
Do you have Git and other SCM tools (SVN and CVS) on two separate servers?
Git and other SCM tools (SVN and CVS) are typically installed on a separate server dedicated for SCM. However, if you have Git and SCM (SVN and CVS) on two separate servers, restart Jboss on the TeamForge Application Server and reinitialize TeamForge on the SCM Server (SVN and CVS) as discussed earlier. In addition, you must also restart TeamForge on the Git Server.

Restart TeamForge on the Git Server: teamforge restart

Verify TeamForge Installation

Verify TeamForge installation.
1. Reboot the server and make sure all services come up automatically at startup.
2. Log on to the TeamForge web application using the default Admin credentials.
  - Username: admin
  - Password: admin
3. Create a sample project. See Create a TeamForge Project.
4. Write a welcome message to your site’s users. See Create a Site-wide Broadcast.

Post Install Tasks

Supply Your TeamForge License Key
Run TeamForge in SELinux enabled Mode
Install EventQ Integration Adapters
Integrate Jenkins, JIRA, and TestLink using the TeamForge Webhooks-based Event Broker
Users are not getting email notifications for review requests and reviews. What should I do?
Custom schema registration fails for the Binary application on sites without EventQ. What should I do?

Also See…

FAQs on Install / Upgrade / Administration

It’s highly recommended that you install the TeamForge Baseline services on a separate server as the baselining process can consume considerable CPU and database resources. ↩
Synchronizes the user information between the baseline database and TeamForge database. ↩
reviewboard-adapter must always be installed on the TeamForge Application Server. ↩
TeamForge Baseline, if installed, requires TeamForge Webhooks-based Event Broker. ↩

Tags for this page:

Install TeamForge in a Distributed Setup

Dos and Don’ts

Dos

Don'ts

Points to Remember

Prepare the Servers for TeamForge Installation (server-01 through server-07)

TeamForge Installation Repository Configuration for Sites with Internet Access

TeamForge Installation Repository Configuration for Sites without Internet Access

Install TeamForge Services

Set up Your Site’s Master Configuration File

host:SERVICES Token

host:PUBLIC_FQDN Token

SSL Tokens

Password Tokens

Prevent Cross-site Scripting

PostgreSQL Tokens and Settings

Save the site-options.conf file.