Trac on CentOS
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
I have seen Trac before but until recently never really used it. In a project I’ve been working on with Codename:Tuesday we’ve been using Trac as the central source for bugs / tickets, documentation, UCTs etc. It’s a very nice tool, with SVN integration and a ticketing system that has just what you need for development.
I run a server on CentOS and had a little trouble getting my install to work, so I decided to post this guide to getting trac up and running. This setup will allow you multiple instances of trac sites to support different projects. At the time of writing, my server runs CentOS 4.5 final.
This guide assumes all trac instances will exist under /srv/trac and all subversion instances will exist under /srv/svn and assumes you have subversion, apache and python installed.
Before you start, disable SELinux.
Repositories
If you don’t have them already, add Karanbir Singh’s repositories:
cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
wget http://centos.karan.org/kbsingh-CentOS-Misc.repoAdd the gpg key:
rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txtInstall the prerequisites for Trac:
yum install mod_dav_svn mod_python clearsilver python-clearsilver python-sqlite tracAdd the following to your apache httpd.conf:
# load relevent modules
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule python_module modules/mod_python.so
...
### trac
Alias /trac/ "/srv/trac/"
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# mod_python speeds things up considerably
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir "/srv/trac"
PythonOption TracUriRoot "/trac"
# authentication
AuthType Digest
AuthName "wiki-server"
AuthDigestDomain /trac
AuthDigestFile "/etc/httpd/conf/digestpw"
Require valid-user
# authorization is handled internally by trac
### subversion
DAV svn
SVNParentPath /srv/svn
Order allow,deny
Allow from all
# authentication
AuthType Digest
AuthName "wiki-server"
AuthDigestDomain /svn
AuthDigestFile "/etc/httpd/conf/digestpw"
Require valid-user
# authorization
AuthzSVNAccessFile "/etc/httpd/conf/svn-auth.ini"Setup your svn instance:
svnadmin create /srv/svn/myproj --fs-type fsfs
chown -R apache /srv/svn/myproj
chmod -R go-rwx /srv/svn/myproj
[/code]
Run the following commands to create a trac instance (replacing "myproj" with the name of your project):
[codesyntax lang="bash"]
trac-admin /srv/trac/myproj initenv
chgrp -R apache /srv/trac/myproj
chown -R apache /srv/trac/myproj/{attachments,db,log}
chmod -R o-rwx /srv/trac/myproj
[/code]
Remove anonymous write access to Trac:
[codesyntax lang="bash"]
trac-admin /srv/trac/myproj permission remove anonymous TICKET_CREATE TICKET_MODIFY WIKI_CREATE WIKI_MODIFYadd admin user priveledges:
trac-admin /srv/trac/myproj permission add myuser TRAC_ADMINsetup special privs for other priveledged users
trac-admin /srv/trac/myproj permission add cooluser WIKI_DELETEtweak everyone's base priveledges:
trac-admin /srv/trac/myproj permission add authenticated \
BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW \
REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW \
TICKET_CREATE TICKET_MODIFY TICKET_VIEW TIMELINE_VIEW \
WIKI_CREATE WIKI_MODIFY WIKI_VIEWsetup svn authorization; create the file /etc/httpd/conf/svn-auth.ini) with the following contents:
[groups]
projectadmins = adminuser1, adminuser2
othercoolfolks = projectuserA, projectuserB, projectuserC
# repository (r = read, w = write, or none)
[myproj:/]
@projectadmins = rw
@othercoolfolks = rw
* = r
[myproj:/admin-only/]
@projectadmins = rw
@othercoolfolks = rCreate the password file and add a password for the admin user:
htdigest -c /etc/httpd/conf/digestpw wiki-server adminuserCreate passwords for any other users:
htdigest /etc/httpd/conf/digestpw wiki-server userRestart apache, and now you should be able to access your project at http://server/trac/myproj - login with the user and password you just setup and bob's yer wossname.
CAVEAT: you may find when you load the trac page you see "Error: Unsupported File Format". If you do, you need to disable the pdo_sqlite module as it's likely conflicting with the version installed by python. Edit the file /etc/php.d/pdo_sqlite.ini and comment out anything in the file by putting a # symbol at the beginning of each line.
Credits: I got a lot of this from here so many thanks to the original author - I've just modified a little and added more basic instructions.
Server woes
Bah. I stupidly put a simple password on a temporary user I was setting up for someone to ftp to my server and it happened to be just the right timing for some script kiddie to be running brute force dictionary attacks across my ip range. I’ve had to rebuild the whole darn thing – lesson learned I suppose. Thank god with CentOS and yum it was very very easy to get back up and running! I didn’t lose any data, so that’s a plus.
More bloggage coming soon!