Switch to Zammad 6.2.

zammad · Dec 6, 2023 · afdd7f4 · afdd7f4
2 parents 594aa4b + c30d5d3
commit afdd7f4
Show file tree

Hide file tree

Showing 7 changed files with 70 additions and 104 deletions.
diff --git a/admin/console/zammad-settings.rst b/admin/console/zammad-settings.rst
@@ -86,6 +86,7 @@ to ensure that Zammad still can access Elasticsearch.
    >> Setting.set('es_index', Socket.gethostname + '_zammad')  # Change the index name
    >> Setting.set('es_attachment_ignore', %w[.png .jpg .jpeg .mpeg .mpg .mov .bin .exe .box .mbox])  # A list of ignored file extensions (they will not be indexed)
    >> Setting.set('es_attachment_max_size_in_mb', 50)          # Limit the Attachment-Size to push to your elasticsearch index
+   >> Setting.set('es_ssl_verify', 'false')                    # Turn SSL verification on or off
 
 Enable proxy
 ------------

diff --git a/install/elasticsearch.rst b/install/elasticsearch.rst
@@ -4,7 +4,7 @@ Set up Elasticsearch
 Zammad's search function is powered by Elasticsearch, and requires the
 `ingest attachment plugin <https://www.elastic.co/guide/en/elasticsearch/plugins/current/ingest-attachment.html>`_.
 
-.. note:: 
+.. note::
 
    This guide uses the ``zammad run`` command prefix in command line examples.
    This prefix is only applicable to package installations
@@ -18,10 +18,10 @@ Step 1: Installation
 
    .. note:: **🧐 To use OSS or not to use...**
 
-      Starting with Zammad 4.0 our packages allow you to decide whether to use 
+      Starting with Zammad 4.0 our packages allow you to decide whether to use
       ``elasticsearch`` or ``elasticsearch-oss``.
 
-      ``elasticsearch-oss`` users please use below "direct download" tab for 
+      ``elasticsearch-oss`` users please use below "direct download" tab for
       further installation steps.
 
       .. warning::
@@ -90,15 +90,15 @@ Step 1: Installation
 
    .. tab:: Direct Download
 
-      Find the latest release on the 
+      Find the latest release on the
       `downloads page <https://www.elastic.co/downloads/elasticsearch>`_,
-      or see the 
+      or see the
       `installation guide <https://www.elastic.co/guide/en/elasticsearch/reference/current/install-elasticsearch.html>`_
-      for in-depth instructions. Ensure to also install the fitting 
+      for in-depth instructions. Ensure to also install the fitting
       (and mandatory!) attachment plugin for elasticsearch.
 
-      If you prefer the Open Source version of Elasticsearch, please use the 
-      `Elasticsearch-OSS <https://www.elastic.co/downloads/past-releases#elasticsearch-oss>`_ 
+      If you prefer the Open Source version of Elasticsearch, please use the
+      `Elasticsearch-OSS <https://www.elastic.co/downloads/past-releases#elasticsearch-oss>`_
       download page.
 
       .. code-block:: sh
@@ -109,23 +109,23 @@ Step 1: Installation
          # Increase the virtual memory map limit
          $ sysctl -w vm.max_map_count=262144
 
-After you installed Elasticsearch and its attachment plugin, 
+After you installed Elasticsearch and its attachment plugin,
 ensure to enable it by default and start it.
 
 .. code-block:: sh
-   
+
    $ systemctl start elasticsearch
    $ systemctl enable elasticsearch
 
 .. note:: 🐋 **Docker installations on macOS/Windows:**
 
-   Setting the ``vm.max_map_count`` kernel parameter requires 
+   Setting the ``vm.max_map_count`` kernel parameter requires
    `additional steps <https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#_set_vm_max_map_count_to_at_least_262144s>`_.
 
 Step 2: Suggested Configuration
 ===============================
 
-We use the following settings to optimize the performance of our Elasticsearch 
+We use the following settings to optimize the performance of our Elasticsearch
 servers. Your mileage may vary.
 
 .. code-block:: sh
@@ -160,7 +160,7 @@ Step 3: Connect Zammad
 
 .. hint:: **🤓 Before proceeding here...**
 
-   Make sure to install Zammad before running below commands, as this will 
+   Make sure to install Zammad before running below commands, as this will
    fail other wise.
 
       * install from :doc:`package <package>`
@@ -174,6 +174,10 @@ Step 3: Connect Zammad
    # Build the search index
    $ zammad run rake zammad:searchindex:rebuild
 
+   # Optionally, you can specify a number of CPU cores which are used for
+   # rebuilding the searchindex, as in the following example with 8 cores:
+   $ zammad run rake zammad:searchindex:rebuild[8]
+
 Optional settings
 -----------------
 
@@ -189,8 +193,8 @@ Optional settings
 
       .. hint:: 🤔 **How do I set up authentication on my Elasticsearch server?**
 
-         Elasticsearch provides many different authentication methods. 
-         Some of them may require paid X-Pack, please check the 
+         Elasticsearch provides many different authentication methods.
+         Some of them may require paid X-Pack, please check the
          `elastic documentation <https://www.elastic.co/guide/en/elasticsearch/reference/current/setting-up-authentication.html>`_
          for more information.
 
@@ -207,18 +211,44 @@ Optional settings
 
       Zammad supports searching by the contents of file attachments,
       which means Elasticsearch has to index those, too.
-      
+
       Limiting such indexing can help conserve system resources.
 
       .. code-block:: sh
 
          # Files with these extensions will not be indexed
-         $ zammad run rails r "Setting.set('es_attachment_ignore',\ 
+         $ zammad run rails r "Setting.set('es_attachment_ignore',\
            [ '.png', '.jpg', '.jpeg', '.mpeg', '.mpg', '.mov', '.bin', '.exe', '.box', '.mbox' ] )"
 
          # Files larger than this size (in MB) will not be indexed
          $ zammad run rails r "Setting.set('es_attachment_max_size_in_mb', 50)"
 
+   .. tab:: Remote host
+
+      Change your Elasticsearch URL if you have a separate Elasticsearch server.
+      Default is ``localhost``.
+
+      .. code-block:: sh
+
+         $ zammad run rails r "Setting.set('es_url', 'https://example.com')"
+
+   .. tab:: SSL Verification
+
+      You can define if a SSL verification will be performed. Default is
+      ``true``.
+
+      .. code-block:: sh
+
+         # Deactivating SSL verification is NOT recommended
+         $ zammad run rails r "Setting.set('es_ssl_verify', false)"
+
+      .. hint:: 🤔 **But how to handle an Elasticsearch server with custom
+         certificates?**
+
+         You can import custom certificates and custom CA certificates to
+         Zammad. Please have a look
+         :admin-docs:`in the admin documentation </settings/security/ssl-certificates.html>`.
+
 Appendix
 ========
 

diff --git a/install/includes/firewall-and-selinux.rst b/install/includes/firewall-and-selinux.rst
@@ -21,18 +21,15 @@ SELinux
 
    .. tab:: OpenSUSE
 
-      SELinux support on SUSE seems to be in early state, at least for SLES 12 
-      (and Leap 42.x). This is why we won't cover it in this documentation.
-
-      See `the documentation <https://doc.opensuse.org/documentation/leap/archive/42.3/security/html/book.security/cha.selinux.html>`_ 
-      for more input if you still wish to continue.
+      See `the documentation <https://doc.opensuse.org/documentation/leap/security/html/book-security/cha-selinux.html>`_
+      for more input if you wish to continue.
 
 Firewall
 --------
 
-   .. note:: 
+   .. note::
 
-      Below only covers the distributions default firewall. 
+      Below only covers the distribution's default firewall.
       It may not cover your case.
 
 .. tabs::
@@ -48,13 +45,13 @@ Firewall
 
    .. tab:: Debian
 
-      .. warning:: 
+      .. warning::
 
-         We're covering ``nftables`` in this part - iptables is discouraged 
-         starting from Debian 10 (Buster). 
+         We're covering ``nftables`` in this part - iptables is discouraged
+         starting from Debian 10 (Buster).
          Our example uses the ``input`` chain, yours may be a different one!
 
-      Add the following lines to ``/etc/nftables.conf`` or your specific rule 
+      Add the following lines to ``/etc/nftables.conf`` or your specific rule
       file. Ensure to add these lines to your input-chain.
 
       .. code-block::
@@ -63,7 +60,7 @@ Firewall
          tcp dport { http, https } accept
          udp dport { http, https } accept
 
-      The result should look like the following. Keep in mind that your 
+      The result should look like the following. Keep in mind that your
       enviroment could require different / more rules.
 
       .. code-block::
@@ -102,8 +99,8 @@ Firewall
 
    .. tab:: OpenSUSE
 
-      If your system does not yet know webserver rules, you can add a new one 
-      for your firewall by creating the file 
+      If your system does not yet know webserver rules, you can add a new one
+      for your firewall by creating the file
       ``/etc/sysconfig/SuSEfirewall2.d/services/webserver`` with this content:
 
       .. code-block::
@@ -116,9 +113,9 @@ Firewall
          # space separated list of allowed UDP ports
          UDP="http https"
 
-      After that locate ``FW_CONFIGURATIONS_EXT`` within 
-      ``/etc/sysconfig/SuSEfirewall2`` and add the option ``webserver`` to the 
-      list. The list is seperated by spaces. 
+      After that locate ``FW_CONFIGURATIONS_EXT`` within
+      ``/etc/sysconfig/SuSEfirewall2`` and add the option ``webserver`` to the
+      list. The list is seperated by spaces.
       You may require a different zone, above covers the external zone.
 
       Now ensure to restart the firewall service.
@@ -129,5 +126,5 @@ Firewall
 
    .. tab:: other
 
-      If we didn't cover your distribution or firewall in question, ensure to 
+      If we didn't cover your distribution or firewall in question, ensure to
       open ports ``80`` and ``443`` (TCP & UDP) beside of the ports you need.
diff --git a/install/includes/postgres-dependencies.rst b/install/includes/postgres-dependencies.rst
@@ -11,9 +11,6 @@ Install PostgreSQL Dependencies
 
             .. code-block:: sh
 
-                # CentOS 7
-                $ yum install postgresql14-libs postgresql14-devel
-
                 # CentOS 8
                 $ yum install postgresql-libs postgresql-devel
 
@@ -29,8 +26,3 @@ Install Gems for Zammad
         $ su - zammad
         $ bundle config set without "test development mysql"
         $ bundle install
-
-        # CentOS 7 users - above command might fail, run the following
-        # command and repeat above bundle install.
-        # Adjust pg_config path according to your environment
-        $ gem install pg -v '1.2.3' -- --with-pg-config=/usr/pgsql-14/bin/pg_config
diff --git a/install/includes/postgres-installation.rst b/install/includes/postgres-installation.rst
@@ -13,13 +13,6 @@
 
       .. code-block:: sh
 
-         # CentOS 7
-         $ yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
-         $ yum install postgresql15-server postgresql15-contrib
-         $ postgresql-15-setup initdb
-         $ systemctl start postgresql-15
-         $ systemctl enable postgresql-15
-
          # CentOS 8
          $ yum install postgresql-server postgresql-contrib
          $ postgresql-setup initdb

diff --git a/install/package.rst b/install/package.rst
@@ -41,9 +41,6 @@ some operating systems may require additional packages if not already installed.
 
          $ yum install wget epel-release
 
-         # CentOS 7
-         $ yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
-
 .. include:: /install/includes/prerequisites.rst
 
 Add Repository and install Zammad
@@ -60,12 +57,6 @@ Add Repository
                $ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \
                  gpg --dearmor | tee /etc/apt/trusted.gpg.d/pkgr-zammad.gpg> /dev/null
 
-         Ubuntu 18.04
-            .. code-block:: sh
-
-               $ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 18.04 main"| \
-                  tee /etc/apt/sources.list.d/zammad.list > /dev/null
-
          Ubuntu 20.04
             .. code-block:: sh
 
@@ -86,12 +77,6 @@ Add Repository
                $ curl -fsSL https://dl.packager.io/srv/zammad/zammad/key | \
                  gpg --dearmor | tee /etc/apt/trusted.gpg.d/pkgr-zammad.gpg> /dev/null
 
-         Debian 10
-            .. code-block:: sh
-
-               $ echo "deb [signed-by=/etc/apt/trusted.gpg.d/pkgr-zammad.gpg] https://dl.packager.io/srv/deb/zammad/zammad/stable/debian 10 main"| \
-                  tee /etc/apt/sources.list.d/zammad.list > /dev/null
-
          Debian 11
             .. code-block:: sh
 
@@ -111,12 +96,6 @@ Add Repository
 
                $ rpm --import https://dl.packager.io/srv/zammad/zammad/key
 
-         RHEL 7 / CentOS 7
-            .. code-block:: sh
-
-               $ wget -O /etc/yum.repos.d/zammad.repo \
-               https://dl.packager.io/srv/zammad/zammad/stable/installer/el/7.repo
-
          RHEL 8 / CentOS 8
             .. code-block:: sh
 
@@ -125,23 +104,11 @@ Add Repository
 
       .. tab:: OpenSUSE / SLES
 
-         Remove obsolete Let's Encrypt CA (SLES12 and openSUSE 42.x only)
-            .. code-block:: sh
-
-               $ rm /usr/share/pki/trust/DST_Root_CA_X3.pem
-               $ update-ca-certificates
-
          Install Repository Key
             .. code-block:: sh
 
                $ rpm --import https://dl.packager.io/srv/zammad/zammad/key
 
-         SLES 12 / openSUSE 42.x
-            .. code-block:: sh
-
-               $ wget -O /etc/zypp/repos.d/zammad.repo \
-               https://dl.packager.io/srv/zammad/zammad/stable/installer/sles/12.repo
-
          SLES 15 / openSUSE 15.x
             .. code-block:: sh
 
@@ -162,12 +129,6 @@ Install Zammad
 
          .. code-block:: sh
 
-            # CentOS 7
-            $ yum install postgresql14-server
-            $ postgresql-14-setup initdb
-            $ systemctl start postgresql-14
-            $ systemctl enable postgresql-14
-
             # general
             $ yum install zammad