Edgewall Software

Changes between Version 5 and Version 6 of Trac0.11OnUbuntuHardy


Ignore:
Timestamp:
Jun 7, 2008 10:53:56 AM (6 years ago)
Author:
ThurnerRupert
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Trac0.11OnUbuntuHardy

    v5 v6  
    1 = trac 0.11 rc1 on Ubuntu 8.04 Server, without mod_python (because of bugs), multiple repositories and authentication =
    2 
    3 This guide shows all the steps to correctly install a Trac system on a Ubuntu 8.04 Server. If you have any corrections, be sensible and document it here. This guide is based on [wiki:TracOnUbuntuHardy Johannes' original] covering trac 0.10 (Ubuntu stock).
    4 
    5 Differences from Johannes' guide
    6  * trac 0.11 rc1 (obviously)
    7  * No mod_python (there are some bugs related to it) - using CGI instead to keep it simple (you can try FastCGI, WSGI or mod_python if you want later - it's just a matter of changing Apache configuration)
    8  * Multiple projects are implemented under a single Subversion repository
    9 
    10 Enjoy and comment!
    11 
    12 == Benefits of this approach ==
    13  * Access to SVN paths are always consistant
    14  * ...
    15 
    16 == Needed software ==
    17 
    18 Throughout the guide, we'll need to install some packages from Ubuntu repositories. Let's install what we need to get Trac running first so we can download the rest of the packages while we install and configure Trac. You may want to exchange SQLite for one of the [DatabaseBackend]s, but we'll be using SQLite on this guide.
    19 
    20 {{{
    21  $ sudo apt-get install python-setuptools genshi python-pysqlite2 subversion
    22 }}}
    23 
    24 After it's installed, you can start getting the rest of the packages and carry on with the guide as APT does its work.
    25 
    26 {{{
    27  $ sudo apt-get install libapache2-svn apache2
    28 }}}
    29 
    30 
    31 == Subversion ==
    32 
    33 We will have a single subversion repository for all trac environments, each environment residing in a subdirectory in our subversion tree.
    34 
    35 The idea with our subversion installation is to have a main directory and several repositories under it. We'll be setting {{{/svn}}} as our subversion parent dir and then create {{{/svn/project1}}}, {{{/svn/project2}}}, etc as needed. This second step will configure subversion, set apache to use mod_dav_svn and enable Basic authentication.
    36 
    37  * We start by apt-getting the packages
    38 
    39  {{{
    40  $ sudo apt-get install subversion libapache2-svn
    41  }}}
    42 
    43  * Our next task is to create the subversion repository, and add a dummy project named test to it:
    44 
    45  {{{
    46  $ sudo mkdir /var/lib/svn
    47  $ sudo ln -s /var/lib/svn /svn
    48  $ sudo svnadmin create /svn
    49  $ sudo chmod -R 777 /var/lib/svn
    50  $ sudo chown -R www-data:www-data /var/lib/svn
    51 
    52  $ mkdir /tmp/svn
    53  $ mkdir /tmp/svn/test
    54  $ mkdir /tmp/svn/test/branches
    55  $ mkdir /tmp/svn/test/tags
    56  $ mkdir /tmp/svn/test/trunks
    57 
    58  $ svn import /tmp/svn file:///svn -m "initial import"
    59  }}}
    60 
    61 
    62 == trac ==
    63 
    64 Trac installation is straightforward once setuptools is installed.
    65 
    66  {{{
    67  $ sudo easy_install Trac==0.11rc1
    68  }}}
    69 
    70 Trac needs a directory to put the environments on where apache can read/write. We'll also add a symlink to this directory so it's easier to get there:
    71 
    72  {{{
    73  $ sudo mkdir /var/lib/trac
    74  $ sudo chown -R www-data:www-data /var/lib/trac
    75  $ sudo ln -s /var/lib/trac/ /trac
    76  }}}
    77 
    78 Let's initialize the trac environment for our test project. The only thing I had to fill in here was the name of my project and the path to my subversion repository:
    79 
    80  {{{
    81  $ trac-admin /trac/test initenv
    82  Project Name [My Project]> Test
    83  Database connection string [sqlite:db/trac.db]>
    84  Repository type [svn]>
    85  Path to repository [/path/to/repos]> /svn/teste
    86  Templates directory [/usr/share/trac/templates]>
    87  Congratulations!
    88  }}}
    89 
    90 If you haven't been congratulated at the end, there's something wrong. You can test your new Trac setup by issuing:
    91 {{{
    92  $ sudo tracd --port 8080 /trac/test
    93 }}}
    94 
    95 Then point your browser to http://localhost:8080/ . You should see the list of available projects (with only the one you just created). Click on it, and go to Browse source. Everything should be fine.
    96 
    97  * We will not use tracd's digest authentication support.
    98 
    99 
    100 == Apache ==
    101 
    102 If you are going to use TracStandalone, stop right here. Everything is set. This guide won't cover how to set tracd up.
    103 
    104  apt-get configures everything you need and your webroot will be configured to {{{/var/www}}}. Ubuntu (actually, Debian) divides apache websites (virtualhost) in a set of directories under {{{/etc/apache2/sites-available}}} and has two utilities to configure them: {{{a2ensite}}} and {{{a2dissite}}}. We'll make use of these tools throughout this guide.
    105 
    106 === Setting up Apache+SVN ===
    107 
    108 If you want to keep SVN access local only, you can skip to the next subsection.
    109 
    110 We'll now configure {{{mod_dav_svn}}}. We start by editing {{{/etc/apache2/mods-enabled/dav_svn.conf}}}
    111 
    112  {{{
    113  $ sudo vim /etc/apache2/mods-enabled/dav_svn.conf
    114  }}}
    115 
    116  This file probably has already a set of directives in it. I just show here the final version without the comments and changed to enable Basic authentication:
    117 
    118  {{{
    119 <Location /svn>
    120   DAV svn
    121   SVNPath /svn
    122   SVNListParentPath Off
    123 
    124   AuthType Basic
    125   AuthName "Subversion Repository"
    126   AuthUserFile /etc/apache2/dav_svn.passwd
    127   AuthzSVNAccessFile /etc/apache2/authz_svn.access
    128 
    129   Require valid-user
    130 </Location>
    131 }}}
    132 
    133  * The next step is to create a user for subversion.
    134 
    135  {{{
    136  $ sudo htpasswd -cm /etc/apache2/dav_svn.passwd johndoe
    137  New password: my_password
    138  Re-type new password: my_password
    139  }}}
    140 
    141  * Additionally we'll create the authorization file for our users
    142 
    143  {{{
    144  $ sudo vim /etc/apache2/authz_svn.access
    145  }}}
    146 
    147  * And add the following rule for our user. In this case, we'll be allowing him full access to the {{{teste}}} repository.
    148 
    149  {{{
    150  [svn:/test]
    151  johndoe = rw
    152  }}}
    153 
    154  * Finally we restart apache.
    155 
    156  {{{
    157  $ sudo /etc/init.d/apache2 restart
    158  * Restarting web server apache2
    159    ...done.
    160  }}}
    161 
    162  We can now point a browser to http://localhost/svn and an authentication pop-up should appear and, after that, our repository. Our projects will be located at http://localhost/svn/projectname. Now is a good time to read some more on the "Per-Directory Access Control" part of the subversion book. One big part of the security involved in this installation only has to do with Subversion so some reading on [http://svnbook.red-bean.com/en/1.0/svn-book.html#svn-ch-6-sect-4.4.2 Per-Directory Access Control] might be useful at this time. In particular, if you want people to access only some of the projects, you '''must''' configure this.
    163 
    164 
    165 === Trac on Apache ===
    166 
    167 
    168 Now we need another site for apache:
    169 
    170  {{{
    171  $ sudo vim /etc/apache2/sites-available/trac
    172  }}}
    173 
    174  * And add the following code to it:
    175 
    176  {{{
    177 Alias /trac/[^/]+/chrome/common /usr/share/python-support/trac/trac/htdocs
    178 
    179 <Directory "/usr/share/python-support/trac/trac/htdocs">
    180   Order allow,deny
    181   Allow from all
    182 </Directory>
    183 
    184 ScriptAlias /trac /usr/lib/cgi-bin/trac.cgi
    185 
    186 <Location /trac>
    187   SetEnv TRAC_ENV_PARENT_DIR "/boreste/trac"
    188 </Location>
    189 
    190 <LocationMatch "/trac/[^/]+/login">
    191   AuthType Basic
    192   AuthName "Trac"
    193   AuthUserFile /etc/apache2/dav_svn.passwd
    194   SVNPath /svn
    195   AuthzSVNAccessFile /etc/apache2/authz_svn.access
    196   Require valid-user
    197 </LocationMatch>
    198  }}}
    199 
    200 We must give Apache permission to read and write your trac environment:
    201 
    202 {{{
    203  $ sudo chown -R www-data.www-data /trac
    204 }}}
    205 
    206 Let's now enable this site:
    207 
    208  {{{
    209  $ sudo a2ensite trac
    210  Site trac installed; run /etc/init.d/apache2 reload to enable.
    211  }}}
    212 
    213 At this point we are still without any authentication. We'll start by removing permissions to the anonymous user, allowing him only to see the initial page. Then we'll also set our main user as the trac's root:
    214 
    215  {{{
    216  $ sudo trac-admin /trac/test permission remove anonymous BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW TICKET_CREATE TICKET_MODIFY TICKET_VIEW TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY
    217 
    218  $ sudo trac-admin /trac/teste permission add johndoe TRAC_ADMIN
    219  }}}
    220 
    221  Let's now reload apache:
    222 
    223  {{{
    224  $ sudo  /etc/init.d/apache2 reload
    225  Reloading web server config...                                                     [ OK ]
    226  }}}
    227 
    228  You can now check http://localhost/trac and you should see a list with all the projects for which you have a trac environment set. clicking on one of them will get you to a page where you could have a small description of your project but you won't see any other links (important ones at least). Try to login to see the differences.
    229 
    230 If performance bugs you, then head to TracGuide, TracInstall, TracFastCgi, TracModPython or [wiki:TracModWSGI]
     1moved to wiki:0.11/TracOnUbuntuHardy