How to install OTRS (OpenSource Trouble Ticket System) on CentOS 7

OTRS (open-source trouble ticket system software) is a sophisticated open source software used by companies to improve their operation related to customer support, help desk, call centers and more. OTRS is written in PERL and provides the following important features:

  • Customers can register and create/interact with a Ticket via the customer portal and by email, phone, and fax with each queue (Attendants/Technicians post box).
  • Tickets can be managed by their priority, assignment, transmission and follow-up. A ticket can be split, merged, bulk actions can be applied, and links to each other and notifications can be set. Services can be configurated through the service catalog.
  • To increase the team capacity, auto email (automatic answers), text templates and signatures can be configured. The system supports notes and attachments on tickets.
  • Others capabilities include: statistics and reports (CSV/PDF), SLA and many other features.

The Environment

This article covers the OTRS 5 installation and basic configuration. This article was writen based on the following enviroment: A Virtual Box VM with CENTOS 7 Minimal, 2GB RAM, 8GB HD and 2 network interfaces (host only and NAT).


Assuming that you use a fresh installation of Centos 7 Minimal,  before to install OTRS, run the following command to update the system and install aditional packages: 

yum update

Transaction Summary ================================================================================ Install 1 Package Upgrade 39 Packages Total download size: 91 M Is this ok [y/d/N]: y

Install a text editor or use VI. In this article we use VIM, run the following command to install it:

yum install vim

To install the WGET package, run the following command:

yum install wget

To configure the Centos 7 network, run the following command to open the NMTUI (Network Manager Text User Interface) tool and edit the interfaces and hostname if nescessary:


 After setup of network settings and hostname on CentOS 7, run the following command to apply the changes:

service networks restart

To verify the network information, run the following command:

ip addr

The output looks like this on my system:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:67:bc:73 brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic enp0s3
       valid_lft 84631sec preferred_lft 84631sec
    inet6 fe80::9e25:c982:1091:90eb/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:68:88:f3 brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic enp0s8
       valid_lft 1044sec preferred_lft 1044sec
    inet6 fe80::a00:27ff:fe68:88f3/64 scope link 
       valid_lft forever preferred_lft forever 

Disable SELINUX (Security Enhanced Linux) on Centos 7, edit the following config file:

vim /etc/selinux/config

"/etc/selinux/config" 14L, 547C# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are prootected. 
#     mls - Multi Level Security protection.

Change the value enforcing of directive SELINUX to disabled, save the file and reboot the server.

To check the status of SELinux on Centos 7, run the following command:


The output must be:


Install MariaDB on Centos 7

To install MariaDB on Centos 7, run the following command:

yum -y install mariadb-server

Create the file with the name zotrs.cnf in the following directory:


To create and edit the file, run the following command:

vim /etc/my.cnf.d/zotrs.cnf

Fill the file with the following content and save it:

max_allowed_packet = 20M
query_cache_size = 32M
innodb_log_file_size = 256M

To start MariaDB, run the following command:

systemctl start mariadb

To increase the security of MariaDB, run the following command:


Setup the options accordind the following output:


In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):<Press Enter>
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] <Press Y>

Set the root password:

New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <Press Y>
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <Choose acording your needs>
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <Press Y>
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <Press Y>
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Setup MariaDB to start up automatically at boot time:

systemctl enable mariadb.service

To download OTRS, run the following command:

wget oarch.rpm

Install EPEL 

Before we install OTRS, setup the EPEL repositoy on Centos 7. Run the following command to do so:

[[email protected] ~]# yum -y release-7-9.noarch.rpm

Install OTRS

Install OTRS with the following command:

yum install -nogpgcheck otrs-5.0.15-01.noarch.rpm

A list of software package will be installed, eg. Apache and all dependencies will be resolved automatically, at to the end of output press Y:

Transaction Summary
Install  1 Package (+143 Dependent packages)

Total size: 148 M
Total download size: 23 M
Installed size: 181 M
Is this ok [y/d/N]: y 

To start Apache (httpd), run the following command:

systemctl start httpd.service

To enable Apache (httpd) startup with systemd on Centos7, run the following command:

systemctl enable httpd.service

Enable SSL in Apache and configure a SelfSigned Certificate. Install the Mod_SSL module for the Apache HTTP Server, run the following command:

yum -y install mod_ssl

To generate a self-signed SSL certificate, go to the following directory:

cd /etc/pki/tls/certs/

And run the following command to generate the key (centos7.key is the name of my certificate, feel free to change it):

make centos7.key

umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > centos7.key Generating RSA private key, 2048 bit long modulus .+++ .........................................................................................+++ e is 65537 (0x10001) Enter pass phrase: <Insert your Own Password>

Verifying - Enter pass phrase:<Retype the Password>

To generate the server SSL private key with OpenSSL, run the following command:

openssl rsa -in centos7.key -out centos7.key

Enter pass phrase for centos7.key: <Type the Password> writing RSA key

Run the following command to create the CSR (Certificate Signing Request) file (centos7.csr is the name of my certificate, feel free to change it):

make centos7.csr

Fill the questions acording your needs:

umask 77 ; \ /usr/bin/openssl req -utf8 -new -key centos7.key -out centos7.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----

Country Name (2 letter code) [XX]:

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Centos7 Common Name (eg, your name or your server's hostname) []:

Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <press enter>

An optional company name []:

Generate a CSR (Certificate Signing Request) for the server with the OpenSSL tool:

openssl x509 -in centos7.csr -out centos7.crt -req -signkey centos7.key

The output is:

Signature ok subject=/C=BR/ST=SP/L=Campinas/O=Centos7/OU=Centos7/CN=centos7.local Getting Private key

Before we edit the ssl.conf file, make a copy of the file with the following command:

cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.old

Then edit the file:

vim /etc/httpd/conf.d/ssl.conf

Find the following directives, uncomment each one and edit them like this:

SSLCertificateKeyFile /etc/pki/tls/certs/centos7.key

SSLCertificateFile /etc/pki/tls/certs/centos7.csr

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

ServerName centos7.local:443

Restart Apache with the following command:

systemctl restart httpd

To force OTRS to run in https mode, edit the following file:

vim /etc/httpd/conf/httpd.conf

At the end of file, uncoment the following directive:

IncludeOptional conf.d/*.conf

Edit the file zzz_otrs.conf:

vim /etc/httpd/conf.d/zzz_otrs.conf

After the line 26 (before the line module  mod_version.c) add the following directives:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Restart Apache:

[[email protected] ~]# systemctl restart httpd

To use extended features in OTRS, we have to install some PERL modules. Run the following command to install them:

yum -y install "perl(Text::CSV_XS)" "perl(Crypt::Eksblowfish::Bcrypt)" "perl(YAML::XS)" "perl(JSON::XS)" "perl(Encode::HanExtra)" "perl(Mail::IMAPClient)" "perl(ModPerl::Util)"

The OTRS system has a tool to check the PERL modules, run it like this to verify the system requirements:

cd /opt/otrs/bin

and run:


The output for our configuration must be:

o Apache::DBI......................ok (v1.12) o Apache2::Reload..................ok (v0.13) o Archive::Tar.....................ok (v1.92) o Archive::Zip.....................ok (v1.30) o Crypt::Eksblowfish::Bcrypt.......ok (v0.009) o Crypt::SSLeay....................ok (v0.64) o Date::Format.....................ok (v2.24) o DBI..............................ok (v1.627) o DBD::mysql.......................ok (v4.023) o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.) o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.) o DBD::Pg..........................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.) o Digest::SHA......................ok (v5.85) o Encode::HanExtra.................ok (v0.23) o IO::Socket::SSL..................ok (v1.94) o JSON::XS.........................ok (v3.01) o List::Util::XS...................ok (v1.27) o LWP::UserAgent...................ok (v6.13) o Mail::IMAPClient.................ok (v3.37) o IO::Socket::SSL................ok (v1.94) o ModPerl::Util....................ok (v2.000010) o Net::DNS.........................ok (v0.72) o Net::LDAP........................ok (v0.56) o Template.........................ok (v2.24) o Template::Stash::XS..............ok (undef) o Text::CSV_XS.....................ok (v1.00) o Time::HiRes......................ok (v1.9725) o Time::Piece......................ok (v1.20_01) o XML::LibXML......................ok (v2.0018) o XML::LibXSLT.....................ok (v1.80) o XML::Parser......................ok (v2.41) o YAML::XS.........................ok (v0.54)

To start the OTRS Daemon with the "otrs" user, run the following command:

su -c "/opt/otrs/bin/ start" -s /bin/bash otrs

To disable the CentOS 7 firewall, run the following command:

systemctl stop firewalld

To disable CentOS 7 Firewall to start up automaticaly, run:

systemctl disable firewalld.service

Start the OTRS Daemon with:

su -c "/opt/otrs/bin/ start" -s /bin/bash

The output of command must be:

/opt/otrs/bin - start/stop OTRS cronjobs Copyright (C) 2001-2012 OTRS AG, (using /opt/otrs) done

If you want to check the OTRS Daemon status, run the following command:

su -c "/opt/otrs/bin/ status" -s /bin/bash

Configuring OTRS in the crontab. Change the user root to otrs and start to edit the crontab:

su otrs

crontab -e

Fill the crontab with the following content and save it:

# --
# Copyright (C) 2001-2016 OTRS AG,
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see
# --

# Who gets the cron emails?
MAILTO="[email protected]"
# --
# Copyright (C) 2001-2016 OTRS AG,
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see
# --

# check OTRS daemon status
*/5 * * * *    $HOME/bin/ start >> /dev/null

Configure OTRS on CentOS 7

Open a web browser and open the URL https://centos7.local/otrs/ Remember, centos7.local is the name of my server, insert your hostname or IP address. The first screen shows the 4 steps to conclude the OTRS installation, press Next.  

OTRS installation screen

License: to continue, read and accept the license to continue:

Accept the license and continue 

Database Selection: select  the option MySQL and in the Install Type, mark the Create a new database for OTRS option and click on the next button:

Select database type mysql

Configure MySQL: fill the fields User, Password and Host (remember the data of the MariaDB configuration that we made) and press check database settings:

Insert database login details

The OTRS installer will create the database in MariaDB, press next button:

Create OTRS database

OTRS database created successfully: 

OTRS Database created

Config system settings: fill the fields with your own information and press next:

Set the personal config details

OTRS E-mail configuration: fill in the fields acording your e-mail server. In my setup, for outbound email I use SMPTTLS and port 587, for inbound email, I use pop3, you will need an e-mail account. Check mail configuration or skip this step:

Email setup in OTRS

To finish, take a note about the user and password to access the OTRS, after login you can change the password:

OTRS Username and password

The OTRS url login is https://centos7.local/otrs/, centos7.local is the name of my server, insert your hostnamen or IP address.:

Login to OTRS

Login at the OTRS:

OTRS Admin Login

OTRS is installed and ready to be configured with your support rules or business model.

Share this page:

Suggested articles

13 Comment(s)

Add comment


From: Roy at: 2017-01-31 19:45:59

There's no need to bypass the EPEL repository contained in CentOS. It's availabel via yum install epel-release

From: Alexandre Costa at: 2017-02-02 15:34:20

Roy, thanks you for your feedback, You are right!

From: TiTex at: 2017-02-01 18:43:40

why did you disable SELinux and firewalld ?

From: Alexandre Costa at: 2017-02-02 15:55:41

Titex for your feedback, it was my mistake! Is not a good practice to disable firewall and SELinux. I forget to cover this topics. If you want to keep SELinux and Firewalld running, we need to setup SElinux and Firewall polices. Run the following commands: 

Firewall police:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanentsudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --reload

SELinux police:

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/var/httpd/htdocs(/.*)?" sudo semanage fcontext -a -t httpd_sys_content_t "/opt/otrs/bin/cgi-bin(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/Kernel(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/var/sessions(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/var/log(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/var/packages(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/var/stats(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/var/tmp(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/opt/otrs/bin(/.*)?" restorecon -vR /opt/otrs sudo setsebool -P httpd_can_network_connect_db 1 sudo setsebool -P httpd_can_network_connect 1

Create the file httpd_shm.te with the following content:

module httpd_shm1 1.0; require { type unconfined_t; type httpd_t; class shm { unix_read unix_write associate }; } #============= httpd_t ============== allow httpd_t unconfined_t:shm associate; allow httpd_t unconfined_t:shm { unix_read unix_write };

Run the following command and reboot your server to create the SELinux police:

sudo checkmodule -M -m -o /root/httpd_shm.mod /root/httpd_shm.te sudo semodule_package -o /root/httpd_shm.pp -m /root/httpd_shm.mod sudo semodule -i /root/httpd_shm.pp

Best Regards


From: deserter at: 2017-02-07 16:59:57

after entering this line:

su -c "/opt/otrs/bin/ status" -s /bin/bash

i get this error :

su: user does not exist

since i'm new to this whole thing, iwonder if u can help me some how.

there is no otrscron,sh file when i took a ls from /opt/otrs/bin

From: ed at: 2017-02-16 06:17:06

Maybe,   su -c "/opt/otrs/bin/ status" -s /bin/bash otrs

From: edo at: 2017-02-10 08:19:08

little syntax error in text                                                              wget oarch.rpm


From: edo at: 2017-02-10 08:30:56

for install EPEL 7.9 used: sudo yum install epel-release

From: edo at: 2017-02-14 12:55:12

MariaDB and Apache are starters,./ is OK,  but I can not get my local http:// Please post content etc /httpd/conf/httpd.conf.

Also I can not see in opt/otrs/ file ?

From: ed at: 2017-02-17 18:07:21

Missing content files httpd.conf ; my.cnf  ; problem  in starting otrs (innodb_log_file_size = 256M ) I will try.....

From: Sergey at: 2017-04-03 13:19:11

After command

systemctl restart httpd

I have error:

Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

Please help

From: Luis Alberto Hernandez Miranda at: 2017-04-10 19:57:11

Hola, disculpa la molestia podrias apoyarme a configurar el envio de correos por parte de la herramienta OTRS, lo que pasa es que ya llevo rato tratando de hacerlo y no me queda, el servidor de correos que ocupo es Exchange, gracias por tu tiempo, saludos.

From: reinout at: 2018-02-08 10:26:25

i am getting this error when i check the database 


Error: Please make sure your database accepts packages over 20 MB in size (it currently only accepts packages up to 1 MB). Please adapt the max_allowed_packet setting of your database in order to avoid errors.

 i folowed the tutorial