August 26, 2008
Operating System |
Platform |
Application(s) |
Database(s) |
Other |
|
|
|
|
|
This document describes the process of setting up a Subversion (SVN) code version control system with the Trac wiki and issue tracking system (using Apache2) for Gentoo Linux on the x86/64 platforms.
Test Platform:
- IBM eServer 345
- 2x Intel XEON 2.66Ghz / 1GB RAM
- Gentoo Linux
Keep in mind that this document does not cover hardening the system. That process is outlined in other documents from myself or others. This machine needs to be well protected. It may be in a very vulnerable position, facing that filthy and scary Internet.
Also, you will need root access to do most of these tasks.
Installing Gentoo can be a challenge for those used to a Microsoft wanna-be distribution like Ubuntu or Fedora. I'm not going to go over the process, but the guides created by the Gentoo team are great! Learn it, love it. You'll never be the same.
You will want to make sure the following USE flags are present in your make.conf file (in addition to your system specific entries):
- apache2
- php
- python
- sqlite
- ssl
First, make sure your portage cache is sync'd and up to date. We want to install the latest version of Trac. To do so - we need to add some lines to the /etc/portage/package.keywords file (create it if you don't already have one):
pluto ~ # echo "www-apps/trac" >> /etc/portage/package.keywords
pluto ~ # echo "dev-python/pygments" >> /etc/portage/package.keywords
pluto ~ # echo "dev-python/genshi" >> /etc/portage/package.keywords
pluto ~ # echo "www-apache/mod_python" >> /etc/portage/package.keywords |
Now, let's do the fun stuff. To make sure we have Apache and PHP as well, and they are up to date, we'll mention them in the command too:
| pluto ~ # emerge -uD apache php trac |
To get mod_python on your system, do the following:
| pluto ~ # emerge mod_python |
This is needed for Trac. To look at other modules for Apache, check out this Gentoo-Portage page.
SSL should have been configured for you in the /etc/conf.d/apache2 file. Verify this by ensuring the -D SSL flag is set in the APACHE2_OPTS line. All this considered, some things are still needed. Make sure that APACHE2_OPTS line has at least the following flags present:
| APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D PHP5 -D PYTHON -D DAV -D SVN" |
For SSL to work, we need to create the SSL key / certificate pair.
First, generate the SSL server key (keep this extra super secret private). You will have to enter a passphrase for this process, however if you do not wish to use one (for practical / unattended reboot purposes), don't enter the -aes256 flag:
pluto ~ # cd /etc/apache2/ssl
pluto ~ # rm *
pluto ~ # openssl genrsa -out server.key -aes256 2048 |
Next, create a CSR certificate request:
| pluto ~ # openssl req -new -key server.key -out server.csr |
Now, you can either send the certificate request (server.csr) to a Certificate Authority (CA) to be signed, or you can sign it yourself. CAs can be expensive, but it can be better to gain trust from customers - as the browser warning from a self-signed certificate can scare away some folks. The following process will create a self-signed certificate with a two year expiration:
pluto ~ # openssl req -x509 -days 730 -key server.key -in server.csr > server.crt
pluto ~ # rm server.csr |
This is optional for you, but I don't have a use for an unsecured HTTP instance. Thus, I do the following to disable it:
pluto ~ # cd /etc/apache2/vhosts.d
pluto ~ # mv 00_default_vhost.conf 00_default_vhost.conf_DISABLED |
Now, edit the /etc/apache2/vhosts.d/default_vhost.include file to match your environment. For example, I added a hard drive and mounted it as /www just for Web stuff. So, I changed the DocumentRoot definition to:
DocumentRoot "/www"
Read the file and edit carefully.
Next, we need to configure SSL Apache2 instance for our Web server. On my system, I have a folder for password protected stuff under /www/pw (where the trac directory will go). Edit the /etc/apache2/vhosts.d/00_default_ssl_vhost.conf file to include the following:
...blah blah blah...
<VirtualHost _default_:443>
...blah blah blah...
# Trac Settings
<Location /pw/trac>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /www/pw/trac
PythonOption TracUriRoot /pw/trac
</Location>
## SSL Engine Switch:
...blah blah blah...
|
We will be creating one software development project for this task. You can add more using the same steps with a different project name. To setup a Subversion repository, do the following:
pluto ~ # mkdir /var/repos
pluto ~ # svnadmin create /var/repos/testproject |
To configure a Trac environment using this repository, run the following command and follow the prompts:
pluto ~ # mkdir /www/pw/trac
pluto ~ # trac-admin /www/pw/trac/testproject initenv
Creating a new Trac environment at /www/pw/trac/testproject
Trac will first ask a few questions about your environment
in order to initialize and prepare the project database.
Please enter the name of your project.
This name will be used in page titles and descriptions.
Project Name [My Project]> Your project name
Please specify the connection string for the database to use.
By default, a local SQLite database is created in the environment
directory. It is also possible to use an already existing
PostgreSQL database (check the Trac documentation for the exact
connection string syntax).
Database connection string [sqlite:/db/trac.db]> <enter>
Please specify the type of version control system,
By default, it will be svn.
If you don't want to use Trac with version control integration,
choose the default here and don't specify a repository directory
in the next question.
Repository type [svn]> <enter>
Please specify the absolute path to the version control
repository, or leave it blank to use Trac without a repository.
You can also set the repository location later.
Path to repository [/path/to/repos]> /var/repos/testproject
Please enter location of Trac page templates.
Default is the location of the site-wide templates installed with Trac.
Templates directory [/usr/local/share/trac/templates]> <enter>
Creating and Initializing Project
...blah blah blah...
pluto ~ # chown -R apache:apache /var/repos
pluto ~ # chown -R apache:apache /www/pw/trac |
I will not configure Subversion access over HTTP/S because using SSH is far easier and more widely supported. For example, to check out files from our testproject repository on another machine, you would do this (with a user account on the Linux box)
randy@mars ~/temp $ svn checkout svn+ssh:// randy@192.168.3.3/var/repos/testproject
|
For authentication to the Trac frontend, we add the following to a file called .htaccess int the /www/pw/trac directory (or /www/pw to protect the parent and all subs):
AuthType Basic
AuthName "Password Required"
AuthUserFile /etc/apache2/trac.htpasswd
require valid-user
|
As you can see, we reference a password file at /etc/apache2/ht.passwords. Now, we can add an accounts (via the htpasswd method) to this file. First, we need to create the trac.htpasswd file and add an account at the same time:
pluto ~ # htpasswd -c /etc/apache2/trac.htpasswd randy
|
The -c flag creates the file. Now we can add more - just omit the -c to append accounts to the file (otherwise you'll overwrite it!).
We need to restart Apache, since we've been poking at it quite a bit:
pluto ~ # /etc/init.d/apache2 restart
|
Now go to your URL (https://domainname_or_IP) to view your new Trac setup.
|
