Edgewall Software

A Comprehensive Multi-Project Solution

Notice: This solution was drafted based on Trac releases 0.10 and before and may not work with the current stable versions. Updates to this document founded on test cases is appreciated.

This page describes a comprehensive solution for many of the problems of maintaining or participating in multiple projects under Trac. We briefly analyze some of the other approaches and explain why we're not using them.

This method supports:

  • Cross-project ticket queries. Find out what your most important issues are in your project portfolio.
  • Single sign-on. Login once and move around Trac instances, subject to per-instance permissions.
  • Central configuration. You'll no longer have to edit multiple trac.ini files just to make a configuration change across many Trac instances.
  • Common permissions. User permissions can be granted across all projects or on a per-project basis. [this is misphrased; I haven't figured out how to say what I actually mean precisely, but it's good]

Note: this solution owes much to the work of others; I'm not claiming to be an innovator here, just an integrator.


  • This method requires the use of not-yet-released versions of Trac, Genshi, and several plugins, available from those projects' Subversion repositories.
  • This approach is not one-size-fits-all. Ticket #130 contains a long and enlightening discussion of what people need from multi-project support. Nonetheless, this solution gives most people most of what they're looking for, and more importantly, can be relatively easily set up by anyone who is willing to use bleeding-edge Trac software and my choice of database technology.


When you host multiple Trac projects, it is very common to have users that are members of more than one of these projects. If, like me, you're using your Tracs to support multiple customers, you probably need to be a member of each Trac instance. Even when using a TRAC_ENV_PARENT_DIR setup, one typically ends up having to log in to multiple Trac instances per day as you review your most active projects. Additionally, if you're tracking tickets in several projects, there's no way to see them all together in stock Trac. You actually need to log into each project and check your tickets there, and it becomes very likely that you'll miss something important.

The other problem is that, when administering multiple similar Tracs, you end up repeating the same configuration steps over and over. The tedious jobs include:

  • creation and initialization of new Trac instances
  • setting up common user permissions
  • making trac.ini adjustments across all projects

Basic Strategy

  • Use PostgreSQL to collect all projects into a single database using separate PostgreSQL schemas.
  • Change the SQL of your ticket report queries to:
    • Do the query in all schemas.
    • Add an extra column to the report that names each ticket's project.
  • Use trachacks:MultipleProjectQueryFilterPlugin to fix up urls in those query results to point to the right tickets.
  • Use TracForge to get:
    • Single Sign-On.
    • An improved project list.
    • Global "member" and "admin" roles that represent standard sets of permissions.
  • Use the inherit feature to avoid massive replication of trac.ini configuration information.
  • Share a single Subversion repository between all your Trac instances, and use the SVN AuthzGroups Plugin to avoid replicating group membership information between your SVN authz file and your Trac instances.


Creating Multiproject Queries

As noted above, the strategy is to change the SQL queries to iterate over all projects and aggregate the results, while adding an extra column to indicate which project will be used. This information will be used by trachacks:MultipleProjectQueryFilterPlugin to fix up the URLs in each row of the resulting HTML table.

Getting my queries to have an extra "project" column without tying my SQL to the current Trac ticket table layout was lots of fun. I have to thank Pedro Gimeno Fortea for his SQL expertise and help in working it out. The problem is as follows:

  • The core multi-project query logic is nontrivial. You want to factor it into an SQL function so you don't repeat it in every query.
  • Functions' return types need to be declared. In this case, the return type is a table just like Trac's ticket table, but with one extra column
  • We don't want our SQL to be dependent on the format of the ticket table, since that could change when you upgrade Trac or even when you install a plugin.

We ended up doing a bit of SQL metaprogramming: we wrote a function called declare_multitrac_query that declares the actual multiproject query function. If you call declare_multitrac_query() at the beginning of every query, you can then use multitrac_query(WHERE-condition-as-string) to get the actual table. Just make sure to add the project column to the beginning of the result. I know this sounds complicated, but it's actually a simple transformation of any of your existing queries. For example, here's what happened to report:1:

  • .sql

    old new  
     1set search_path to trac_instance_master,public;
     2SELECT declare_multitrac_query();
    14SELECT p.value AS __color__,
    2    id AS ticket, summary, component, version, milestone, t.type AS type,
     5   project, id AS ticket, summary, component, version, milestone, t.type AS type,
    36   (CASE status WHEN 'assigned' THEN owner||' *' ELSE owner END) AS owner,
    47   time AS created,
    58   changetime AS _changetime, description AS _description,
    69   reporter AS _reporter
    7   FROM ticket t WHERE status <> 'closed'
     10  FROM multitrac_query('status <> ''closed''') t
    811  LEFT JOIN enum p ON p.name = t.priority AND p.type = 'priority'
    912  ORDER BY p.value, milestone, t.type, time


  • Line 1: we set the PostgreSQL schema search path so that declare_multitrac_query, which is in the public schema, can be found. trac_instance_master is the schema I used for the TracForge master Trac instance.
  • Line 5: we prepend the project name to the results
  • Line 10: Notice that the WHERE condition has been string-ized. Single quotes are embedded in strings by doubling them. If there's no WHERE condition, just pass '1=1'.

What Next?

At the bottom of the page I've attached some (rough) scripts that I used to migrate my SQLite DBs to PostgreSQL. Getting this set up still takes some doing and there's no GUI that takes care of it.

From the point of view of users, the solution works really well. However, there's a long way to go before this really works smoothly from the point-of-view of the Trac administrator. In particular, TracForge's admin interface still has lots of rough edges, so please be patient.

Why Some Other Approaches Don't Quite Work (Yet)

As #130 shows, this has been an area of intense interest, and several alternative techniques have been tried. To date, none of them meet my basic requirements. I explain why below.

Sharing a Single Trac

There's been some work on managing multiple projects within a single Trac instance, but Trac can't yet give my customers the privacy they need in a shared environment. Sometimes we're working on proprietary software that must be kept private, but even when we're working on open source, customers generally feel uncomfortable when all their issues are automatically exposed to the world.

There are at least two areas that need to be improved in Trac to make a shared Trac workable:

  • TracDev/SecurityBranch (which, despite its name, is on Trac's trunk now) needs to be extended to cover Trac resources other than Wiki pages.
  • We need a flexible and automatic way to attach these permissions to resources upon creation. In my usage model, when a customer enters a ticket, it should be visible to and writable by everyone in his company and everyone in my company, but nobody else. Also, I occasionally need to create a ticket myself, with those same properties, and assign it to the customer. These capabilities are outside the scope of TracDev/SecurityBranch, so they need to be addressed separately. The Private Tickets Plugin can do the first part of the job for me (using the old permissions system), but not the second. See also #1316.

Naturally, the same kinds of issues apply to other resources such as Milestones. Upon creation by a customer, they need to be private to that customer and (some subset of) my people. When I create these resources there needs to be an easy way to make them private to a particular customer's company. And I'm sure that other people will have vastly different "permission workflow" requirements than I do, so the system probably needs to be more flexible than what I've described.

I do think this approach has a future, I just don't know how close it is.

Previous Attempts to Use PostgreSQL Schemas

TracMultipleProjects/MultipleEnvironmentsSingleDatabase describes two approaches to using PostgreSQL schemas for doing multi-project reports:

  • The first (main) approach probably works, but it fundamentally changes the layout of the database, so trac-admin upgrade will fail, maybe even spectacularly. That wasn't acceptable to me.
  • The second (alternative) approach is much simpler, but it also has a fatal flaw: although you can get a report, clicking any of the tickets still takes you to the ticket with the same ID as the ticket you clicked, but in the current project.

TracForge Ticket Subscriptions

TracForge contains a feature called "subscriptions" that replicates data from one Trac instance to another. One could try to use that to make all those tickets available in a master project where they can be queried. However,

  1. Once the subscription is established, tickets are only replicated across Trac instances when new tickets are created. That means I'm out-of-luck when it comes to querying across my pre-existing Trac instances.
  2. All that data replication is wasteful (this is minor) and probably slow (could be significant).
  3. This approach has basically the same flaw as the alternative approach above using PostgreSQL, just one level removed: yes, if you click on a ticket in the report, it takes you to a ticket with the right content… but that ticket is still in the wrong context, so any project-local links to wiki pages changesets, etc. that are embedded in the ticket will take you to the wrong place. One could try to patch the subscription code to fix them up, but in my opinion that is a hopeless fight. To handle all the possible wiki syntax, you'd have to do a reverse translation for all the macros, plugins, etc. that introduce new wiki syntax. There are just too many to account for all of them, and trying to keep up with new ones would be a maintenance nightmare.


  • Just a quick feedback to mention that at this point, what your solution is isn't immediately clear ;-). From the requirements section below it appears that it is based on TracForge, so maybe this should be made more clear from the start. Note that TracForge itself is probably implementing something quite close to what is discussed in TracMultipleProjects/MultipleEnvironments.
    — cboos 06/25/2007 11:02:46 AM
  • I think most of that should be clear now. My earlier response: Yes, I know. As I said, "work in progress," which I hope to have finished in the next few days. I'm actually combining stuff from TracForge, various other plugins from TracHacks, stuff from TracMultipleProjects/MultipleEnvironmentsSingleDatabase, and some of my own code. The approach for supporting cross-project queries is entirely different from what TracForge does, so characterizing it as "based on TracForge" won't really tell people what it is.
    — dave 06/28/2007 04:45:59 PM
  • Is there a possibility to reach the same thing with sqlight?
  • Not in this way; this particular scheme relies on the unique ability of PostgreSQLto use multiple schemas in the same database and do queries across those schemas. If you don't care about cross-project queries, then of course SQLite should work fine.
    — dave 01/28/2008
  • The migration and multitrac query use schema but do not actually use the inheritance feature in PostgreSQL, so its not clear to me how this is actually much more than a union query where the joined queries are set in a loop. If you use inheritance, you could simplify the multitrac_query to be a join like "select bar, relname from foo join pg_class on pg_class.oid=foo.tableoid;" This does not alter the trac schema at all, so I think trac DDL changes with version upgrades should work. I've modifiyed sqlite2pq and migrate.py to use inheritance. Any interest in persuing this variation on your approach?
    — karl 04/13/2008
  • Karl, I didn't know anything about table inheritance in PostgreSQL when I did this, but now that I look, it seems like that could be used to substantially improve on my scheme. I still don't have very strong DB-fu so I'd need some handholding, but I _would_ like to pursue your idea. Please be in touch with me at dave-AT-boostpro-dotcom.
    —dave 05/29/2008
  • Just a few lines of documentation on using migrate.py would help!
    — gautam - 06/21/2008
  • Is there an updated version of the report queries that'll work with 0.11.1? The above gives an error "SELECT COUNT(*) FROM (SET SEARCH_PATH"
    — Shawn S 10/29/2008

Last modified 7 years ago Last modified on Dec 16, 2015, 12:07:26 PM

Attachments (3)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.