| Version 6 (modified by , 18 years ago) ( diff ) |
|---|
Trac on Red Hat Enterprise Linux 4 WITHOUT using YUM
Because of the environment I'm setting up my Trac, I had no external internet access, barring an SFTP pipe.
Here's what I did.
Installing Files
- Install the standard RHEL 4 system, with the Web Server functionality. I needed it for the rest of the sites I was putting together.
- Install Subversion, mod_dav_svn and Python (if you've not already installed them - I wasn't making notes at this point!)
- Install the following packages (and I know it's overkill, but I wanted to be sure I had everything I needed). These were all on the redhat disks.
- libdbi-dbd-pgsql
- perl-DBD-Pg
- php-pgsql
- postgresql
- postgresql-contrib
- postgresql-docs
- postgresql-libs
- postgresql-perl
- postgresql-pl
- postgresql-python
- postgresql-server
- Download and install pyPgSql - I think this was on Sourceforge.
- Download and install clearsilver - I didn't do this bit, a collegue did. I think a google search will turn it up.
- Download and install trac.
Creating your Paths
mkdir /var/www/auth mkdir /var/svn mkdir /var/svn/repo mkdir /var/svn/trac
Creating your groups and users
Obviously, if you already have your users, you don't need to do this part.
groupadd MyRepo_Access
This is the group to which all users who can access your Repo should belong, for SVN+SSH protocol, or just SVN.`
useradd Fred_Bloggs -G MyRepo_Access passwd Fred_Bloggs
At this point, create a password for the user Fred_Bloggs - I'll use Fred_Bloggs_Password for the purposes of this document
Creating the Support Files for Subversion
svnadmin create /var/svn/repo/MyRepo chown -R apache.MyRepo_Access /var/svn/repo/MyRepo chmod -R g+rw /var/svn/repo/MyRepo chmod -R g+s /var/svn/repo/MyRepo
This creates your Repo, then makes it owned by Apache (which means it can write to it), and is group owned by MyRepo_Access, which is the group your users should be in. This means they can write to this repository using the SVN client application. By making it writable from Apache (the owner), means that you can later configure mod_dav_svn to provide a fully-accessible repository via the web. The chmod -R g+s statement means that all changes preserve the group permissions as well as owner - I think.
Creating the Support Structure for Postgres
su - postgres -c 'createuser -E -P -A -D MyRepoUser'
At this point - you need to assign a password to the user MyRepo - I'll use MyRepoPassword for the purposes of this document. You should perform these steps as the "postgres" user, otherwise it will complain that there's no such database as "root". It's possible to work around it, but easier to do with su.
These switches mean:
- -E = Encrypt password
- -P = Assign a password
- -A = Not an admin (and can't create users)
- -D = Can't create other databases
su - postgres -c 'createdb MyRepoDB'
By keeping this all the same, it's a security hole, but easier to remember. Adjust according to your local policies! Also take into account, who can connect to this service. Bear in mind that the default install of postgres does not allow you to connect to the server using TCP/IP Sockets. You'll need to adjust the following files:
- /var/lib/pgsql/data/pg_hba.conf
host all all 127.0.0.1 255.255.255.255 md5 local template1 all trust sameuser local all all md5
These lines seem to mean
1) host all all = TCP/IP connections from localhost need to authenticate with an MD5 hashed password
2) local template1 all = Socket connections to the database master table is trusted provided it's talking to (is it about?) a database with the same name as your user account.
3) local all all = Socket connections from the localhost need to authenticate with an MD5 hashed password
- /etc/init.d/postgres
Find the line
$SU -l postgres -c "$PGENGINE/postmaster -p ${PGPORT} -D '${PGDATA}' ${PGOPTS} &" >> $PGLOG 2>&1 < /dev/null
Replace it with
$SU -l postgres -c "$PGENGINE/postmaster -i -p ${PGPORT} -D '${PGDATA}' ${PGOPTS} &" >> $PGLOG 2>&1 < /dev/null
(Note the additional -i which allows "Internet" traffic - I think. This was the main blocker for me.)
You'll then need to restart postgresql with
service postgres restart
Create your Trac
trac-admin will not create a repository if the path already exists (although I have seen a patch which changes this statement), so the first line in the following statements will remove the folder if you've already tried to make something there.
rm -Rf /var/svn/trac/MyRepo trac-admin /var/svn/trac/MyRepo initenv "My Trac Project" postgres://MyRepoUser:MyRepoPassword@localhost/MyRepoDB svn /var/svn/repo/MyRepo /usr/share/trac/templates
System user accounts are not the same as the user accounts for your site. If you've got users who you want to be able to use only specific functions on trac, then use this command
htpasswd -nb Site_Username Site_Password >> /var/www/auth/MyRepo.htpasswd
Setup Apache
The default install path for the trac CGI files are in /usr/share/trac/cgi-bin. These need to be copied to the relevant path for your Trac install, and renamed (if you've got multiple Trac installations.)
cp /usr/share/trac/cgi-bin/trac.*cgi /var/www/cgi-bin mv /var/www/cgi-bin/trac.fcgi /var/www/cgi-bin/MyRepo.fcgi mv /var/www/cgi-bin/trac.cgi /var/www/cgi-bin/MyRepo.cgi
I don't actually know what the benefits of FCGI over CGI are, so I've made configs for them both. Create a file in /etc/httpd.d/conf.d/Trac_MyRepo.conf
<LocationMatch /cgi-bin/MyRepo\.f?cgi>
SetEnv TRAC_ENV /var/svn/trac/MyRepo
</LocationMatch>
<LocationMatch /cgi-bin/MyRepo\.f?cgi/login>
# Remove the # sign below to require SSL.
# SSLRequireSSL
AuthType Basic
AuthName "MyRepo Trac Login"
AuthUserFile /var/www/auth/MyRepo.htpasswd
Require valid-user
</LocationMatch>
<IfModule mod_python.c>
<Location /cgi-bin/MyRepo.cgi>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnv /var/svn/trac/MyRepo
</Location>
<Location /cgi-bin/MyRepo.cgi/login>
# Remove the # sign below to require SSL.
# SSLRequireSSL
AuthType Basic
AuthName "MyRepo Trac Login"
AuthUserFile /var/www/auth/MyRepo.htpasswd
Require valid-user
</Location>
</IfModule>
Finally, restart your HTTPD service with
service httpd restart
Adjusting this document for multiple repositories and wikis
Essentially, you can do a Search & Replace on MyRepo and put in your repository name.
This stage requires input
su - postgres -c 'createuser -E -P -A -D MyRepoUser'
The rest of these steps can be performed without input
svnadmin create /var/svn/repo/MyRepo chown -R apache.MyRepo_Access /var/svn/repo/MyRepo chmod -R g+rw /var/svn/repo/MyRepo chmod -R g+s /var/svn/repo/MyRepo su - postgres -c 'createdb MyRepoDB' rm -Rf /var/svn/trac/MyRepo trac-admin /var/svn/trac/MyRepo initenv "My Trac Project" postgres://MyRepoUser:MyRepoPassword@localhost/MyRepoDB svn /var/svn/repo/MyRepo /usr/share/trac/templates cp /usr/share/trac/cgi-bin/trac.fcgi /var/www/cgi-bin/MyRepo.fcgi cp /usr/share/trac/cgi-bin/trac.cgi /var/www/cgi-bin/MyRepo.cgi
Create this file /etc/httpd/conf.d/Trac_MyRepo.conf
<LocationMatch /cgi-bin/MyRepo\.f?cgi>
SetEnv TRAC_ENV /var/svn/trac/MyRepo
</LocationMatch>
<LocationMatch /cgi-bin/MyRepo\.f?cgi/login>
# Remove the # sign below to require SSL.
# SSLRequireSSL
AuthType Basic
AuthName "MyRepo Trac Login"
AuthUserFile /var/www/auth/MyRepo.htpasswd
Require valid-user
</LocationMatch>
<IfModule mod_python.c>
<Location /cgi-bin/MyRepo.cgi>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnv /var/svn/trac/MyRepo
</Location>
<Location /cgi-bin/MyRepo.cgi/login>
# Remove the # sign below to require SSL.
# SSLRequireSSL
AuthType Basic
AuthName "MyRepo Trac Login"
AuthUserFile /var/www/auth/MyRepo.htpasswd
Require valid-user
</Location>
</IfModule>
