3.2. Step-by-step Install

3.2.1. Introduction

Installation of bugzilla is pretty straightforward, particularly if your machine already has MySQL and the MySQL-related perl packages installed. If those aren't installed yet, then that's the first order of business. The other necessary ingredient is a web server set up to run cgi scripts. While using Apache for your webserver is not required, it is recommended.

Bugzilla has been successfully installed under Solaris, Linux, and Win32. The peculiarities of installing on Win32 (Microsoft Windows) are not included in this section of the Guide; please check out the Win32 Installation Notes for further advice on getting Bugzilla to work on Microsoft Windows.

The Bugzilla Guide is contained in the "docs/" folder in your Bugzilla distribution. It is available in plain text (docs/txt), HTML (docs/html), or SGML source (docs/sgml).

3.2.2. Installing the Prerequisites

Note

If you want to skip these manual installation steps for the CPAN dependencies listed below, and are running the very most recent version of Perl and MySQL (both the executables and development libraries) on your system, check out Bundle::Bugzilla in Using Bundle::Bugzilla instead of manually installing Perl modules

The software packages necessary for the proper running of bugzilla are:

  1. MySQL database server and the mysql client (3.22.5 or greater)

  2. Perl (5.004 or greater, 5.6.1 is recommended if you wish to use Bundle::Bugzilla)

  3. DBI Perl module

  4. Data::Dumper Perl module

  5. Bundle::Mysql Perl module collection

  6. TimeDate Perl module collection

  7. GD perl module (1.8.3) (optional, for bug charting)

  8. Chart::Base Perl module (0.99c) (optional, for bug charting)

  9. DB_File Perl module (optional, for bug charting)

  10. The web server of your choice. Apache is recommended.

  11. MIME::Parser Perl module (optional, for contrib/bug_email.pl interface)

Warning

It is a good idea, while installing Bugzilla, to ensure it is not accessible by other machines on the Internet. Your machine may be vulnerable to attacks while you are installing. In other words, ensure there is some kind of firewall between you and the rest of the Internet. Many installation steps require an active Internet connection to complete, but you must take care to ensure that at no point is your machine vulnerable to an attack.

3.2.3. Installing MySQL Database

Visit MySQL homepage at http://www.mysql.com/ and grab the latest stable release of the server. Both binaries and source are available and which you get shouldn't matter. Be aware that many of the binary versions of MySQL store their data files in /var which on many installations (particularly common with linux installations) is part of a smaller root partition. If you decide to build from sources you can easily set the dataDir as an option to configure.

If you've installed from source or non-package (RPM, deb, etc.) binaries you'll want to make sure to add mysqld to your init scripts so the server daemon will come back up whenever your machine reboots. You also may want to edit those init scripts, to make sure that mysqld will accept large packets. By default, mysqld is set up to only accept packets up to 64K long. This limits the size of attachments you may put on bugs. If you add something like "-O max_allowed_packet=1M" to the command that starts mysqld (or safe_mysqld), then you will be able to have attachments up to about 1 megabyte.

Note

If you plan on running Bugzilla and MySQL on the same machine, consider using the "--skip-networking" option in the init script. This enhances security by preventing network access to MySQL.

3.2.4. Perl (5.004 or greater)

Any machine that doesn't have perl on it is a sad machine indeed. Perl for *nix systems can be gotten in source form from http://www.perl.com. Although Bugzilla runs with most post-5.004 versions of Perl, it's a good idea to be up to the very latest version if you can when running Bugzilla. As of this writing, that is perl version 5.6.1.

Perl is now a far cry from the the single compiler/interpreter binary it once was. It includes a great many required modules and quite a few other support files. If you're not up to or not inclined to build perl from source, you'll want to install it on your machine using some sort of packaging system (be it RPM, deb, or what have you) to ensure a sane install. In the subsequent sections you'll be installing quite a few perl modules; this can be quite ornery if your perl installation isn't up to snuff.

Warning

Many people complain that Perl modules will not install for them. Most times, the error messages complain that they are missing a file in "@INC". Virtually every time, this is due to permissions being set too restrictively for you to compile Perl modules or not having the necessary Perl development libraries installed on your system.. Consult your local UNIX systems administrator for help solving these permissions issues; if you are the local UNIX sysadmin, please consult the newsgroup/mailing list for further assistance or hire someone to help you out.

Tip

You can skip the following Perl module installation steps by installing "Bundle::Bugzilla" from CPAN, which includes them. All Perl module installation steps require you have an active Internet connection. If you wish to use Bundle::Bugzilla, however, you must be using the latest version of Perl (at this writing, version 5.6.1)

bash# perl -MCPAN -e 'install "Bundle::Bugzilla"'

Bundle::Bugzilla doesn't include GD, Chart::Base, or MIME::Parser, which are not essential to a basic Bugzilla install. If installing this bundle fails, you should install each module individually to isolate the problem.

3.2.5. DBI Perl Module

The DBI module is a generic Perl module used by other database related Perl modules. For our purposes it's required by the MySQL-related modules. As long as your Perl installation was done correctly the DBI module should be a breeze. It's a mixed Perl/C module, but Perl's MakeMaker system simplifies the C compilation greatly.

Like almost all Perl modules DBI can be found on the Comprehensive Perl Archive Network (CPAN) at http://www.cpan.org. The CPAN servers have a real tendency to bog down, so please use mirrors. The current location at the time of this writing (02/17/99) can be found in Appendix A.

Quality, general Perl module installation instructions can be found on the CPAN website, but the easy thing to do is to just use the CPAN shell which does all the hard work for you.

To use the CPAN shell to install DBI:

bash# perl -MCPAN -e 'install "DBI"'

Note

Replace "DBI" with the name of whichever module you wish to install, such as Data::Dumper, TimeDate, GD, etc.

To do it the hard way:

Untar the module tarball -- it should create its own directory

CD to the directory just created, and enter the following commands:

  1. bash# perl Makefile.PL

  2. bash# make

  3. bash# make test

  4. bash# make install

If everything went ok that should be all it takes. For the vast majority of perl modules this is all that's required.

3.2.6. Data::Dumper Perl Module

The Data::Dumper module provides data structure persistence for Perl (similar to Java's serialization). It comes with later sub-releases of Perl 5.004, but a re-installation just to be sure it's available won't hurt anything.

Data::Dumper is used by the MySQL-related Perl modules. It can be found on CPAN (link in Appendix A) and can be installed by following the same four step make sequence used for the DBI module.

3.2.7. MySQL related Perl Module Collection

The Perl/MySQL interface requires a few mutually-dependent perl modules. These modules are grouped together into the the Msql-Mysql-modules package. This package can be found at CPAN. After the archive file has been downloaded it should be untarred.

The MySQL modules are all built using one make file which is generated by running: bash# perl Makefile.pl

The MakeMaker process will ask you a few questions about the desired compilation target and your MySQL installation. For many of the questions the provided default will be adequate.

When asked if your desired target is the MySQL or mSQL packages, select the MySQL related ones. Later you will be asked if you wish to provide backwards compatibility with the older MySQL packages; you should answer YES to this question. The default is NO.

A host of 'localhost' should be fine and a testing user of 'test' and a null password should find itself with sufficient access to run tests on the 'test' database which MySQL created upon installation. If 'make test' and 'make install' go through without errors you should be ready to go as far as database connectivity is concerned.

3.2.8. TimeDate Perl Module Collection

Many of the more common date/time/calendar related Perl modules have been grouped into a bundle similar to the MySQL modules bundle. This bundle is stored on the CPAN under the name TimeDate. A link link may be found in Appendix B, Software Download Links. The component module we're most interested in is the Date::Format module, but installing all of them is probably a good idea anyway. The standard Perl module installation instructions should work perfectly for this simple package.

3.2.9. GD Perl Module (1.8.3)

The GD library was written by Thomas Boutell a long while ago to programatically generate images in C. Since then it's become almost a defacto standard for programatic image construction. The Perl bindings to it found in the GD library are used on a million web pages to generate graphs on the fly. That's what bugzilla will be using it for so you'd better install it if you want any of the graphing to work.

Actually bugzilla uses the Graph module which relies on GD itself, but isn't that always the way with OOP. At any rate, you can find the GD library on CPAN (link in Appendix B, Software Download Links).

Note

The Perl GD library requires some other libraries that may or may not be installed on your system, including "libpng" and "libgd". The full requirements are listed in the Perl GD library README. Just realize that if compiling GD fails, it's probably because you're missing a required library.

3.2.10. Chart::Base Perl Module (0.99c)

The Chart module provides bugzilla with on-the-fly charting abilities. It can be installed in the usual fashion after it has been fetched from CPAN where it is found as the Chart-x.x... tarball in a directory to be listed in Appendix B, "Software Download Links". Note that as with the GD perl module, only the version listed above, or newer, will work. Earlier versions used GIF's, which are no longer supported by the latest versions of GD.

3.2.11. DB_File Perl Module

DB_File is a module which allows Perl programs to make use of the facilities provided by Berkeley DB version 1.x. This module is required by collectstats.pl which is used for bug charting. If you plan to make use of bug charting, you must install this module.

3.2.12. HTTP Server

You have a freedom of choice here - Apache, Netscape or any other server on UNIX would do. You can easily run the web server on a different machine than MySQL, but need to adjust the MySQL "bugs" user permissions accordingly.

You'll want to make sure that your web server will run any file with the .cgi extension as a cgi and not just display it. If you're using apache that means uncommenting the following line in the srm.conf file: AddHandler cgi-script .cgi

With apache you'll also want to make sure that within the access.conf file the line: Options ExecCGI is in the stanza that covers the directories you intend to put the bugzilla .html and .cgi files into.

If you are using a newer version of Apache, both of the above lines will be (or will need to be) in the httpd.conf file, rather than srm.conf or access.conf.

Warning

There are two critical directories and a file that should not be a served by the HTTP server. These are the "data" and "shadow" directories and the "localconfig" file. You should configure your HTTP server to not serve content from these files. Failure to do so will expose critical passwords and other data. Please see .htaccess files and security for details.

3.2.13. Installing the Bugzilla Files

You should untar the Bugzilla files into a directory that you're willing to make writable by the default web server user (probably "nobody"). You may decide to put the files off of the main web space for your web server or perhaps off of /usr/local with a symbolic link in the web space that points to the bugzilla directory. At any rate, just dump all the files in the same place (optionally omitting the CVS directories if they were accidentally tarred up with the rest of Bugzilla) and make sure you can access the files in that directory through your web server.

Tip

If you symlink the bugzilla directory into your Apache's HTML heirarchy, you may receive "Forbidden" errors unless you add the "FollowSymLinks" directive to the <Directory> entry for the HTML root.

Once all the files are in a web accessible directory, make that directory writable by your webserver's user (which may require just making it world writable). This is a temporary step until you run the post-install "checksetup.pl" script, which locks down your installation.

Lastly, you'll need to set up a symbolic link to /usr/bonsaitools/bin/perl for the correct location of your perl executable (probably /usr/bin/perl). Otherwise you must hack all the .cgi files to change where they look for perl. To make future upgrades easier, you should use the symlink approach.

Example 3-1. Setting up bonsaitools symlink

Here's how you set up the Perl symlink on Linux to make Bugzilla work. Your mileage may vary; if you are running on Solaris, you probably need to subsitute "/usr/local/bin/perl" for "/usr/bin/perl" below; if on certain other UNIX systems, Perl may live in weird places like "/opt/perl". As root, run these commands:
bash# mkdir /usr/bonsaitools
bash# mkdir /usr/bonsaitools/bin
bash# ln -s /usr/bin/perl /usr/bosaitools/bin/perl
	      

Tip

If you don't have root access to set this symlink up, check out the The setperl.csh Utility, listed in Useful Patches and Utilities for Bugzilla. It will change the path to perl in all your Bugzilla files for you.

3.2.14. Setting Up the MySQL Database

After you've gotten all the software installed and working you're ready to start preparing the database for its life as a the back end to a high quality bug tracker.

First, you'll want to fix MySQL permissions to allow access from Bugzilla. For the purpose of this Installation section, the Bugzilla username will be "bugs", and will have minimal permissions.

Warning

Bugzilla has not undergone a thorough security audit. It may be possible for a system cracker to somehow trick Bugzilla into executing a command such as DROP DATABASE mysql.

That would be bad.

Give the MySQL root user a password. MySQL passwords are limited to 16 characters.

bash# mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD ('new_password') WHERE user='root';
mysql> FLUSH PRIVILEGES;

From this point on, if you need to access MySQL as the MySQL root user, you will need to use "mysql -u root -p" and enter your new_password. Remember that MySQL user names have nothing to do with Unix user names (login names).

Next, we create the "bugs" user, and grant sufficient permissions for checksetup.pl, which we'll use later, to work its magic. This also restricts the "bugs" user to operations within a database called "bugs", and only allows the account to connect from "localhost". Modify it to reflect your setup if you will be connecting from another machine or as a different user.

Remember to set bugs_password to some unique password.

mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX, ALTER,CREATE,DROP,REFERENCES ON bugs.* TO bugs@localhost IDENTIFIED BY 'bugs_password';
mysql> FLUSH PRIVILEGES;

Next, run the magic checksetup.pl script. (Many thanks to Holger Schurig <holgerschurig@nikocity.de> for writing this script!) It will make sure Bugzilla files and directories have reasonable permissions, set up the "data" directory, and create all the MySQL tables.

bash# ./checksetup.pl

The first time you run it, it will create a file called "localconfig".

3.2.15. Tweaking "localconfig"

This file contains a variety of settings you may need to tweak including how Bugzilla should connect to the MySQL database.

The connection settings include:

  1. server's host: just use "localhost" if the MySQL server is local

  2. database name: "bugs" if you're following these directions

  3. MySQL username: "bugs" if you're following these directions

  4. Password for the "bugs" MySQL account above

You may also install .htaccess files that the Apache webserver will use to restrict access to Bugzilla data files. See .htaccess files and security.

Once you are happy with the settings, re-run checksetup.pl. On this second run, it will create the database and an administrator account for which you will be prompted to provide information.

When logged into an administrator account once Bugzilla is running, if you go to the query page (off of the bugzilla main menu), you'll find an 'edit parameters' option that is filled with editable treats.

Should everything work, you should have a nearly empty copy of the bug tracking setup.

The second time around, checksetup.pl will stall if it is on a filesystem that does not fully support file locking via flock(), such as NFS mounts. This support is required for Bugzilla to operate safely with multiple instances. If flock() is not fully supported, it will stall at: Now regenerating the shadow database for all bugs.

Note

The second time you run checksetup.pl, you should become the user your web server runs as, and that you ensure that you set the "webservergroup" parameter in localconfig to match the web server's group name, if any. I believe, for the next release of Bugzilla, this will be fixed so that Bugzilla supports a "webserveruser" parameter in localconfig as well.

Example 3-2. Running checksetup.pl as the web user

Assuming your web server runs as user "apache", and Bugzilla is installed in "/usr/local/bugzilla", here's one way to run checksetup.pl as the web server user. As root, for the second run of checksetup.pl, do this:
bash# chown -R apache:apache /usr/local/bugzilla
bash# su - apache
bash# cd /usr/local/bugzilla
bash# ./checksetup.pl
		  

Note

The checksetup.pl script is designed so that you can run it at any time without causing harm. You should run it after any upgrade to Bugzilla.

3.2.16. Setting Up Maintainers Manually (Optional)

If you want to add someone else to every group by hand, you can do it by typing the appropriate MySQL commands. Run ' mysql -u root -p bugs' You may need different parameters, depending on your security settings. Then:

mysql> update profiles set groupset=0x7fffffffffffffff where login_name = 'XXX';

replacing XXX with the Bugzilla email address.

3.2.17. The Whining Cron (Optional)

By now you have a fully functional bugzilla, but what good are bugs if they're not annoying? To help make those bugs more annoying you can set up bugzilla's automatic whining system. This can be done by adding the following command as a daily crontab entry (for help on that see that crontab man page):

cd <your-bugzilla-directory> ; ./whineatnews.pl

Tip

Depending on your system, crontab may have several manpages. The following command should lead you to the most useful page for this purpose:
 man 5 crontab
	  

3.2.18. Bug Graphs (Optional)

As long as you installed the GD and Graph::Base Perl modules you might as well turn on the nifty bugzilla bug reporting graphs.

Add a cron entry like this to run collectstats daily at 5 after midnight:

bash# crontab -e
5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl

After two days have passed you'll be able to view bug graphs from the Bug Reports page.

3.2.19. Securing MySQL

If you followed the installation instructions for setting up your "bugs" and "root" user in MySQL, much of this should not apply to you. If you are upgrading an existing installation of Bugzilla, you should pay close attention to this section.

Most MySQL installs have "interesting" default security parameters:

mysqld defaults to running as root
it defaults to allowing external network connections
it has a known port number, and is easy to detect
it defaults to no passwords whatsoever
it defaults to allowing "File_Priv"

This means anyone from anywhere on the internet can not only drop the database with one SQL command, and they can write as root to the system.

To see your permissions do:

bash# mysql -u root -p
mysql> use mysql;
mysql> show tables;
mysql> select * from user;
mysql> select * from db;

To fix the gaping holes:

DELETE FROM user WHERE User='';
UPDATE user SET Password=PASSWORD('new_password') WHERE user='root';
FLUSH PRIVILEGES;

If you're not running "mit-pthreads" you can use:

GRANT USAGE ON *.* TO bugs@localhost;
GRANT ALL ON bugs.* TO bugs@localhost;
REVOKE DROP ON bugs.* FROM bugs@localhost;
FLUSH PRIVILEGES;

With "mit-pthreads" you'll need to modify the "globals.pl" Mysql->Connect line to specify a specific host name instead of "localhost", and accept external connections:

GRANT USAGE ON *.* TO bugs@bounce.hop.com;
GRANT ALL ON bugs.* TO bugs@bounce.hop.com;
REVOKE DROP ON bugs.* FROM bugs@bounce.hop.com;
FLUSH PRIVILEGES;

Use .htaccess files with the Apache webserver to secure your bugzilla install. See .htaccess files and security

Consider also:

  1. Turning off external networking with "--skip-networking", unless you have "mit-pthreads", in which case you can't. Without networking, MySQL connects with a Unix domain socket.

  2. using the --user= option to mysqld to run it as an unprivileged user.

  3. starting MySQL in a chroot jail

  4. running the httpd in a "chrooted" jail

  5. making sure the MySQL passwords are different from the OS passwords (MySQL "root" has nothing to do with system "root").

  6. running MySQL on a separate untrusted machine

  7. making backups ;-)