Trac – Part 2

In Part 1 I mentioned that I had recently selected Trac as my project management tool of choice. It is fairly feature complete for my needs and where a core feature is lacking, there is usually a plugin to facilitate it.

In this part I will describe how I setup this system. I had specific goals in mind so this may need to be adapted for your needs. Additionally I will briefly cover the Subversion setup that was required to make this work.

Goals

  1. Multiple Trac projects needed to be hosted
  2. Seamless integration to the Subversion server
  3. Simple adding of new projects without the need for configuration changes
  4. Single Sign On (SSO) for all projects (see #5)
  5. Centralized authentication for all projects (one account is all you need)
  6. Per project authorization / permissions

Requirements / Supplies

  1. Ubuntu Server 8.04.1 LTS
  2. Subversion 1.5
  3. Python 2.5
  4. Setuptools (for Python)
  5. Trac 0.11.3
  6. Apache 2
    1. mod_wsgi
    2. mod_dav

Preliminary Notes

In order to attain the goals I mentioned before, I determined the easiest way to proceed was to use subdomains for the “sections” and then subdirectories for the projects. For example:

http://dev.mydomain.com/<project1>
http://dev.mydomain.com/<project2>

and

http://svn.mydomain.com/<project1>
http://svn.mydomain.com/<project2>

Additionally, it is important to note that I will be applying authentication at the root of each subdomain (thus there is no anonymous access to the Trac instances. If this is not what you want, it is possible to modify your Apache configuration to allow anonymous access.

When I am referring to configuration names and paths, I will use to represent any generic project name for which you may have a Trac and Subversion instance.

Procedure

First of all we will need to prepare space on the server for the Trac instances as well as the Subversion repository. These can really be anywhere but for my server I chose the following:

Subversion Repositories: /var/repos/
Trac Instances: /var/trac/


Next we will setup the Apache2 server for the Subversion server. I will assume you are familiar with making a new VirtualHost within Apache and will just go over the snippet for the Subversion handler.


1
2
3
4
5
6
7
8
9
10
11
<Location />
    AuthType Basic
    AuthName "My Subversion Server"
    AuthUserFile /var/trac/htpasswd
    Require valid-user
 
    DAV svn
    SVNParentPath /var/repos/
    SVNListParentPath on
    AuthzSVNAccessFile /etc/apache2/subversion.authz
</Location>

The first section deals with enforcing authentication. Notice that it points to /var/trac/htpasswd which will be the global password file for all Trac instances and Subversion.

Also, I used the SVNParentPath to point to /var/repos so that it will automatically map any repository under that path without having to change the VirtualHost.

Notice also the AuthzSVNAccessFile. This is the permissions file for the Subversion server. If you specify this, then you can grant read and write permissions to the repository on a user by user basis. NOTE: If you choose to omit this, then anyone that is in your htpasswd file will be able to write to the repository. For the sake of consistance I placed the global authz file in /var/apache2/

Here is an example “subversion.authz” file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Groups
[groups]
admin = myusername
 
# Global permissions ( "* = "  means default is no access)
[/]
* =
@admin = rw
 
# Permissions for <project1>
[<project1>:/]
 
# Permissions for <project2>
[<project2>:/]
user1 = rw
user2 = r

So, now that we have the Subversion hosting working via apache, we will setup the Trac instance. Start by making sure you have the latest version of Trac installed. At the time of writing this was Trac 0.11.3:

easy_install Trac

Next, you will need the following WSGI handler code to dispatch requests to the Trac server.

Create a file “trac.wsgi” in /var/www/wsgi/

1
2
3
import trac.web.main
 
application = trac.web.main.dispatch_request

After we have this file, we will add the following code to the VirdualHost for trac.mydomain.com:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
WSGIScriptAlias / /var/www/wsgi/trac.wsgi
 
<Location />
    WSGIApplicationGroup %{GLOBAL}
    Order deny,allow
    Allow from all
 
    SetEnv trac.env_parent_dir /var/trac
 
    AuthType Basic
    AuthName "My Trac Server"
    AuthUserFile /var/trac/htpasswd
    Require valid-user
</Location>

Once you have added that restart the web server and you should have the Trac site enabled.


Now we will make a new project called “TestProject”. The following commands will do that:

1
2
3
4
5
6
7
8
9
10
11
cd /var/repos
 
mkdir TestProject
svnadmin create TestProject
 
cd /var/trac
mkdir TestProject
trac-admin TestProject initenv
 
chown www-data:www-data -R /var/repos
chown www-data:www-data -R /var/trac

This will create the Subversion repository as well as initialize the Trac instance.  Note the last two lines where we set the owner of the Subversion and Trac instances to “www-data” this is so that the Apache process owns the files and manages all permissions to them.

Next Steps

The next steps will be to configure your Trac instances. The config for each instance will be located at “/var/trac/<project>/config/trac.ini”. If you used the SVN authz file as I did, there is a place in the config file to specify this:

1
2
3
4
[trac]
authz_file = /etc/apache2/subversion.authz
authz_module_name = <project>
# Where <project> is the repository name.

This configuratuion will ensure that even if someone has trac browser access, they still must have svn autorization otherwise the browser will display a permission denied error.

The End!

I hope you found this useful. If you have any comments or find any errors in my tutorial, please leave me a comment so that I may answer you or fix the issue.

 

 

2 Responses to “ Trac – Part 2 ”

  1. I love trac! Looks like you have used a far more recent version that I’ve used. Glad to hear it is still a decent system!

    • Yea, I find it works perfectly for my development style. And I have it setup now so i can add a new project with one command. No more mucking with configuration files all the time.

Leave a Reply