Edgewall Software

Trac on Red Hat Enterprise Linux 4 without using YUM

Warning: Trac ⇐ 0.10 will not work on RHEL x86_64 due to the ClearSilver dependency. ClearSilver will not compile on an x86_64 RHEL (CentOS, WBL, etc.) Linux system. Consider Trac 0.11-devel instead; it uses Genshi instead of ClearSilver.

Update 31-May-2007: I installed Trac 0.10.4 on Centos 4.4 (x86_64) with clearsilver-0.10.4-2.el4.rf rpm and it worked.

Installing Files

  • Install the standard RHEL 4 system with the Web Server functionality.
  • Install Subversion, mod_dav_svn and Python, if you've not already installed them.
  • Install the following packages (and I know it's overkill, but I wanted to be sure I had everything I needed). These were all on the RedHat disks:
    • libdbi-dbd-pgsql
    • perl-DBD-Pg
    • php-pgsql
    • postgresql
    • postgresql-contrib
    • postgresql-docs
    • postgresql-libs
    • postgresql-perl
    • postgresql-pl
    • postgresql-python
    • postgresql-server
  • Download and install PyPgSql.
  • Download and install ClearSilver; note the deprecation of this template engine in favor of Genshi.
  • Download and install Trac.

Creating your Paths

mkdir /var/www/auth
mkdir /var/svn
mkdir /var/svn/repo
mkdir /var/svn/trac

Creating your groups and users

Obviously, if you already have your users, you don't need to do this part:

groupadd MyRepo_Access

This is the group to which all users who can access your Repo should belong, for SVN+SSH protocol, or just SVN:

useradd Fred_Bloggs -G MyRepo_Access
passwd Fred_Bloggs

At this point, create a password for the user Fred_Bloggs with password Fred_Bloggs_Password.

Creating the Support Files for Subversion

svnadmin create /var/svn/repo/MyRepo
chown -R apache.MyRepo_Access /var/svn/repo/MyRepo
chmod -R g+rw /var/svn/repo/MyRepo
chmod -R g+s /var/svn/repo/MyRepo

This creates your Repo, then makes it owned by Apache (which means it can write to it), and is group owned by MyRepo_Access, which is the group your users should be in. This means they can write to this repository using the SVN client application. By making it writable from Apache (the owner), means that you can later configure mod_dav_svn to provide a fully-accessible repository via the web. The chmod -R g+s statement means that all changes preserve the group permissions as well as owner.

Creating the Support Structure for PostgreSQL

su - postgres -c 'createuser -E -P -A -D MyRepoUser'

At this point you need to assign a password to the user MyRepo with password MyRepoPassword. You should perform these steps as the "postgres" user, otherwise it will complain that there's no such database as "root". It is possible to work around it, but easier to do with su.

The switches are:

  • -E = Encrypt password
  • -P = Assign a password
  • -A = Not an admin and can't create users
  • -D = Can't create other databases
su - postgres -c 'createdb MyRepoDB'

By keeping this all the same, it's a security hole, but easier to remember. Adjust according to your local policies! Also take into account who can connect to this service. Bear in mind that the default install of PostgreSQL does not allow you to connect to the server using TCP/IP Sockets. You'll need to adjust the following files:

  • /var/lib/pgsql/data/pg_hba.conf
host all all 127.0.0.1 255.255.255.255 md5
local template1 all trust sameuser
local all all md5

These lines mean the following:

  1. host all all: TCP/IP connections from localhost need to authenticate with an MD5 hashed password.
  2. local template1 all: Socket connections to the database master table is trusted, provided it is talking to a database with the same name as your user account.
  3. local all all: Socket connections from the localhost need to authenticate with an MD5 hashed password.
  • /etc/init.d/postgres

Find the line:

$SU -l postgres -c "$PGENGINE/postmaster -p ${PGPORT} -D '${PGDATA}' ${PGOPTS} &" >> $PGLOG 2>&1 < /dev/null

Replace it with:

$SU -l postgres -c "$PGENGINE/postmaster -i -p ${PGPORT} -D '${PGDATA}' ${PGOPTS} &" >> $PGLOG 2>&1 < /dev/null

Note the additional -i which allows "Internet" traffic, which was the main blocker.

Then restart PostgreSQL with:

service postgres restart

Create your Trac

trac-admin will not create a repository if the path already exists (although I have seen a patch which changes this statement), so the first line in the following statements will remove the folder if you've already tried to make something there:

rm -Rf /var/svn/trac/MyRepo
trac-admin /var/svn/trac/MyRepo initenv "My Trac Project" postgres://MyRepoUser:MyRepoPassword@localhost/MyRepoDB svn /var/svn/repo/MyRepo /usr/share/trac/templates

System user accounts are not the same as the user accounts for your site. If you have users who you want to be able to use only specific functions on Trac, then use this command:

htpasswd -nb Site_Username Site_Password >> /var/www/auth/MyRepo.htpasswd 

Setup Apache

The default install path for the Trac CGI files are in /usr/share/trac/cgi-bin. These need to be copied to the relevant path for your Trac install and renamed if you have multiple Trac installations:

cp /usr/share/trac/cgi-bin/trac.*cgi /var/www/cgi-bin
mv /var/www/cgi-bin/trac.fcgi /var/www/cgi-bin/MyRepo.fcgi
mv /var/www/cgi-bin/trac.cgi /var/www/cgi-bin/MyRepo.cgi

I don't actually know what the benefits of FCGI over CGI are, so I've made configs for both of them. Create a file in /etc/httpd.d/conf.d/Trac_MyRepo.conf:

<LocationMatch /cgi-bin/MyRepo\.f?cgi>
    SetEnv TRAC_ENV /var/svn/trac/MyRepo
</LocationMatch>
<LocationMatch /cgi-bin/MyRepo\.f?cgi/login>
    # Remove the # sign below to require SSL.
    # SSLRequireSSL

    AuthType Basic
    AuthName "MyRepo Trac Login"
    AuthUserFile /var/www/auth/MyRepo.htpasswd
    Require valid-user
</LocationMatch>
<IfModule mod_python.c>
        <Location /cgi-bin/MyRepo.cgi>
            SetHandler mod_python
            PythonHandler trac.web.modpython_frontend
            PythonOption TracEnv /var/svn/trac/MyRepo
        </Location>
        <Location /cgi-bin/MyRepo.cgi/login>
          # Remove the # sign below to require SSL.
          # SSLRequireSSL

          AuthType Basic
          AuthName "MyRepo Trac Login"
          AuthUserFile /var/www/auth/MyRepo.htpasswd
          Require valid-user
        </Location>
</IfModule>

Finally, restart your httpd service with:

service httpd restart

Accommmodating multiple repositories and wikis

Essentially, you can do a Search & Replace on MyRepo and put in your repository name. This stage requires input:

su - postgres -c 'createuser  -E -P -A -D  MyRepoUser'

The rest of these steps can be performed without input:

svnadmin create /var/svn/repo/MyRepo
chown -R apache.MyRepo_Access /var/svn/repo/MyRepo
chmod -R g+rw /var/svn/repo/MyRepo
chmod -R g+s /var/svn/repo/MyRepo
su - postgres -c 'createdb MyRepoDB'
rm -Rf /var/svn/trac/MyRepo
trac-admin /var/svn/trac/MyRepo initenv "My Trac Project" postgres://MyRepoUser:MyRepoPassword@localhost/MyRepoDB svn /var/svn/repo/MyRepo /usr/share/trac/templates
cp /usr/share/trac/cgi-bin/trac.fcgi /var/www/cgi-bin/MyRepo.fcgi
cp /usr/share/trac/cgi-bin/trac.cgi /var/www/cgi-bin/MyRepo.cgi

Create this file /etc/httpd/conf.d/Trac_MyRepo.conf:

<LocationMatch /cgi-bin/MyRepo\.f?cgi>
    SetEnv TRAC_ENV /var/svn/trac/MyRepo
</LocationMatch>
<LocationMatch /cgi-bin/MyRepo\.f?cgi/login>
    # Remove the # sign below to require SSL.
    # SSLRequireSSL

    AuthType Basic
    AuthName "MyRepo Trac Login"
    AuthUserFile /var/www/auth/MyRepo.htpasswd
    Require valid-user
</LocationMatch>
<IfModule mod_python.c>
        <Location /cgi-bin/MyRepo.cgi>
            SetHandler mod_python
            PythonHandler trac.web.modpython_frontend
            PythonOption TracEnv /var/svn/trac/MyRepo
        </Location>
        <Location /cgi-bin/MyRepo.cgi/login>
          # Remove the # sign below to require SSL.
          # SSLRequireSSL

          AuthType Basic
          AuthName "MyRepo Trac Login"
          AuthUserFile /var/www/auth/MyRepo.htpasswd
          Require valid-user
        </Location>
</IfModule>
Last modified 4 years ago Last modified on Feb 22, 2015, 1:00:42 PM
Note: See TracWiki for help on using the wiki.