Wednesday, June 23, 2010

Installing an Subversion 1.6 and Trac 0.12 server on CentOS 5.5

These are some notes that I took while setting up a new server to run Subversion 1.6.11 and Trac 0.12 on CentOS 5.5

I'm not claiming this is the perfect setup (it's probably far from that). I had a short window in which to get a dead SVN physical server back online as a VMware ESXi virtual machine.

The old server ran a very old install of Gentoo and SVN 1.1.3 along with Trac 0.9.3.

This server is also only access via a local network.

As always, feedback is welcome.

If I had the time, I would have preferred to build RPMs for each of the installed components...

Kickstart


# Kickstart file automatically generated by anaconda.
# boot: linux ks=http://<kickstart-source>/kickstart/svnsrv-centos5.cfg
#       ip=10.0.1.10 netmask=255.255.255.0 gateway=10.0.1.1 nameserver=10.0.1.1
# Subverions repository server

install
#cdrom
url --url http://mirror.mydom/distro-trees/centos-5-i386
lang en_US.UTF-8
langsupport --default=en_US.UTF-8 en_US.UTF-8
keyboard us
text

network --device eth0 --bootproto static --ip 10.0.1.10 --netmask 255.255.255.0 --gateway 10.0.1.1 --nameserver 10.0.1.1 --hostname svnsrv.mydom
rootpw --iscrypted xxxxxxxxxxxxxxxxxxxx
reboot
# Ports to open on the firewall, tcp port 5666 is for nagios client
firewall --enabled --port=22:tcp --port=443:tcp
selinux --enforcing
authconfig --enableshadow --enablemd5 --enableldapauth --enableldaptls --ldapserver ldap.mydom --ldapbasedn dc=my,dc=dom
timezone --utc America/Chicago
# For Virtual Machines, see this VMware KB to determine what grub setting (if any) is needed
# to keep the time in sync
# http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006427
#   32bit: --append="clock=pit"
#   32bit RHEL 5.4:     --append="divider=10"
#         RHEL 5.3,2,1: --append="clocksource=acpi_pm divider=10"
#   64bit RHEL 5.4:     --append="divider=10"
#         RHEL 5.3,2,1: --append="notsc divider=10"
bootloader --location=mbr --md5pass=xxxxxxxxxxxxxxxxxxxxxx --append="rhgb quiet divider=10"
clearpart --all --drives=sda --initlabel
part /boot --fstype ext3 --size=256 --ondisk=sda
part pv.2 --size=0 --grow --ondisk=sda
volgroup vg_svnsrv --pesize=32768 pv.2
part pv.3 --size=0 --grow --ondisk=sdb
volgroup vg_backup --pesize=32768 pv.3
logvol swap  --fstype swap --name=lv_swap  --vgname=vg_lmgr --recommended
logvol /var --fstype ext4 --name=lv_var --vgname=vg_svnsrv --size=4096
logvol /tmp --fstype ext3 --name=lv_tmp --vgname=vg_svnsrv --size=1024
logvol / --fstype ext4 --name=lv_root --vgname=vg_svnsrv --size=20480
logvol /home --fstype ext4 --name=lv_home --vgname=vg_svnsrv --size=1024 --grow
logvol /backup --fstype ext4 --name=lv_backup --vgname=vg_backup --size=1024 --grow

%packages --resolvedeps --nobase
# Minimal components to install
NetworkManager
audit
bzip2
crontabs
dhclient
logrotate
mailx
man
ntp
openssh
openssh-clients
openssh-server
pam_passwdqc
postfix
psacct
screen
sudo
tcpdump
telnet
wget
which
yum
# Additional tools
@development-libs
kernel-devel
rsync
gcc
vim-enhanced
make
autoconf
libtool
httpd
httpd-devel
mod_ssl
db4
db4-devel
db4-utils
db4-tcl
tcsh
# Needed to allow ldap authentication for BlazerIds
nss_ldap
nscd
# remove these
-rwho
-rusers
-sysreport
-system-config-httpd
-system-config-nfs
-system-config-samba

%post
###########################################################
### Create script to configure the server at first boot ###
###########################################################
/sbin/chkconfig ntpd on
/sbin/service ntpd start

########################################
# Enable/Disable Services
/sbin/chkconfig smartd on
/sbin/chkconfig isdn off
/sbin/chkconfig pcmcia off
/sbin/chkconfig openibd off

########################################
# Add user accounts (no passwords, let ldapauth handle that
/usr/sbin/authconfig --kickstart --enablelocauthorize
/usr/sbin/groupadd -g 10000 flakrat
/usr/sbin/useradd -u 10000 -g 10000 -c "FlakRat's Rat House" flakrat
/usr/sbin/usermod -a -G wheel flakrat
/bin/sed -i 's/^# \(%wheel\tALL=(ALL)\tALL\)$/\1/' /etc/sudoers

# Perform a full update
/bin/rm -rf /var/cache/yum/*
/usr/bin/yum clean all
rm -rf /etc/yum.repos.d/*

/usr/bin/yum -y update 2>&1 > /root/yum-update.log

##########################################
#Return rc.local back to the original copy so we don't rerun this each reboot
/bin/mv /etc/rc.d/rc.local /etc/rc.d/rc.local.firstboot
/bin/mv /etc/rc.d/rc.local.sav /etc/rc.d/rc.local

# Reboot the system to pick up all the updates
/sbin/shutdown -r now

EOF3
# make configuration script executable
chmod +x /root/postinstall-config.sh

#####################################################
# save a copy of rc.local
cp /etc/rc.d/rc.local /etc/rc.d/rc.local.sav

# add postinstall-config.sh to rc.local
cat >> /etc/rc.d/rc.local <<EOF
/root/postinstall-config.sh
EOF
#


Once the kickstart is complete, install the VMware tools and enable puppet client.

After which, add the SVN admin users to the svnadmin group and provide access to the svn home

$ sudo /usr/sbin/usermod -a -G svnadmin flakrat
$ sudo /usr/sbin/usermod -a -G svnadmin otheruser
$ sudo /usr/sbin/usermod -a -G svnadmin apache


$ sudo chmod g+rwx /home/svn
$ sudo chmod g+s /home/svn

Http Server

Self Signed Certificate

  1. Create a working directory to create the certificates (the symlinks are simply helpful reminders for where the cert and key will be stored)
    
    $ sudo su -
    # mkdir /root/certificates
    # cd /root/certificates
    # ln -s /etc/pki/tls/private
    # ln -s /etc/pki/tls/certs
    
    
  2. Generate the new SSL private key
    
    # openssl genrsa 4096 > svnsrv.mydom.key
    
    Generating RSA private key, 4096 bit long modulus
    .......................................................................................................................................................................++
    .................................++
    e is 65537 (0x10001)
    
    
  3. Generate the self signed certificate (make sure that the common name is correct, otherwise newer browsers will reject the cert!)
    
    # openssl req -new -key svnsrv.mydom.key -x509 -days 3650 -out svnsrv.mydom.crt
    
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [GB]:US
    State or Province Name (full name) [Berkshire]:Texas
    Locality Name (eg, city) [Newbury]:College Station
    Organization Name (eg, company) [My Company Ltd]:Some Company
    Organizational Unit Name (eg, section) []:Some Department
    Common Name (eg, your name or your server's hostname) []:svnsrv.mydom
    Email Address []:flakrat@mydom
    
    
  4. Copy the cert and key to the correct location
    
    # chmod 600 svnsrv.*
    # cp svnsrv.mydom.crt /etc/pki/tls/certs/
    
    # cp svnsrv.mydom.key /etc/pki/tls/private/
    
    
  5. Edit ssl.conf to use the new cert and key
    
    # vim /etc/httpd/conf.d/ssl.conf 
    
    SSLEngine on
    
    #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateFile /etc/pki/tls/certs/svnsrv.mydom.crt
    
    #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateKeyFile /etc/pki/tls/private/svnsrv.mydom.key
    
    
  6. Restart apache



Python

  1. Download the latest Python software (the OS installed version is 2.4.x, we'll use 2.6.5)
    
    $ sudo mkdir /opt/python
    $ sudo chown flakrat:flakrat /opt/python
    
    $ mkdir ~/software/python
    $ cd ~/software/python
    $ wget http://www.python.org/ftp/python/2.6.5/Python-2.6.5.tar.bz2
    $ wget http://pypi.python.org/packages/2.6/s/setuptools/setuptools-0.6c11-py2.6.egg
    $ tar -jxf Python-2.6.5.tar.bz2
    
    
  2. Compile Python and install it
    
    $ cd Python-2.6.5
    $ make clean
    $ ./configure --prefix=/opt/python
    $ make
    
    Failed to find the necessary bits to build these modules:
    _tkinter           bsddb185           sunaudiodev     
    To find the necessary bits, look in setup.py in detect_modules() for the module's name.
    
    $ make install
    
    
  3. Install setuptools
    
    $ alias python="/opt/python/bin/python2.6"
    $ export PATH=/opt/python/bin:$PATH
    
    $ python -V
    Python 2.6.5
    
    $ cd ~/software/python
    $ sh setuptools-0.6c11-py2.6.egg
    
    Processing setuptools-0.6c11-py2.6.egg
    Copying setuptools-0.6c11-py2.6.egg to /opt/python/lib/python2.6/site-packages
    Adding setuptools 0.6c11 to easy-install.pth file
    Installing easy_install script to /opt/python/bin
    Installing easy_install-2.6 script to /opt/python/bin
    
    Installed /opt/python/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg
    Processing dependencies for setuptools==0.6c11
    Finished processing dependencies for setuptools==0.6c11
    
    
  4. Install a new mod_python
    
    $ alias python="/opt/python/bin/python2.6"
    
    $ cd ~/software/python
    $ wget http://mirrors.ecvps.com/apache/httpd/modpython/mod_python-3.3.1.tgz
    $ tar -zxf mod_python-3.3.1.tgz
    $ cd mod_python-3.3.1
    $ ./configure --with-apxs=/usr/sbin/apxs
    $ make
    
    make[1]: Entering directory `/home/flakrat/software/python/mod_python-3.3.1'
    make[2]: Entering directory `/home/flakrat/software/python/mod_python-3.3.1/src'
    make[2]: Leaving directory `/home/flakrat/software/python/mod_python-3.3.1/src'
    make[2]: Entering directory `/home/flakrat/software/python/mod_python-3.3.1/dist'
    make[2]: `build' is up to date.
    make[2]: Leaving directory `/home/flakrat/software/python/mod_python-3.3.1/dist'
    
    Now su and make install
      (or, if you only want to perform a partial install,
       you can use make install_dso and make install_py_lib)
    
    $ make install
    
    Performing DSO installation.
    
    /usr/bin/install -c -d /usr/lib/httpd/modules
    /usr/bin/install: cannot change permissions of `/usr/lib/httpd/modules': Operation not permitted
    make[1]: *** [install_dso] Error 1
    make[1]: Leaving directory `/home/flakrat/software/python/mod_python-3.3.1'
    make[1]: Entering directory `/home/flakrat/software/python/mod_python-3.3.1'
    cd dist && make install_py_lib
    make[2]: Entering directory `/home/flakrat/software/python/mod_python-3.3.1/dist'
    make[3]: Entering directory `/home/flakrat/software/python/mod_python-3.3.1/src'
    make[3]: `psp_parser.c' is up to date.
    make[3]: Leaving directory `/home/flakrat/software/python/mod_python-3.3.1/src'
    if test -z "" ; then \
      /opt/python/bin/python setup.py install --optimize 2 --force ; \
     else \
      /opt/python/bin/python setup.py install --optimize 2 --force --root  ; \
     fi
    running install
    running build
    running build_py
    running build_ext
    running install_lib
    creating /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/util.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/cache.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/psp.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/cgihandler.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/_psp.so -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/publisher.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/importer.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/__init__.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/testhandler.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/python22.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/Cookie.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/Session.py -> /opt/python/lib/python2.6/site-packages/mod_python
    copying build/lib.linux-i686-2.6/mod_python/apache.py -> /opt/python/lib/python2.6/site-packages/mod_python
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/util.py to util.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/cache.py to cache.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/psp.py to psp.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/cgihandler.py to cgihandler.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/publisher.py to publisher.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/importer.py to importer.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/__init__.py to __init__.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/testhandler.py to testhandler.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/python22.py to python22.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/Cookie.py to Cookie.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/Session.py to Session.pyc
    byte-compiling /opt/python/lib/python2.6/site-packages/mod_python/apache.py to apache.pyc
    writing byte-compilation script '/tmp/tmpgowmQp.py'
    /opt/python/bin/python -OO /tmp/tmpgowmQp.py
    removing /tmp/tmpgowmQp.py
    running install_egg_info
    Writing /opt/python/lib/python2.6/site-packages/mod_python-3.3.1-py2.6.egg-info
    make[2]: Leaving directory `/home/flakrat/software/python/mod_python-3.3.1/dist'
    make[1]: Leaving directory `/home/flakrat/software/python/mod_python-3.3.1'
    
    
  5. Now copy the new mod_python.so library to the httpd modules folder
    
    $ sudo cp ~/software/python/mod_python-3.3.1/src/.libs/mod_python.so \
     /etc/httpd/modules/mod_python26.so
    
    
  6. edit python.conf to point to the new library
    
    $ sudo vim /etc/httpd/conf.d/python.conf
    
    
    
    #
    # Mod_python is a module that embeds the Python language interpreter
    # within the server, allowing Apache handlers to be written in Python.
    #
    
    # 20100614 - MJH replacing system mod_python with recompiled version for python 2.6
    #LoadModule python_module modules/mod_python.so
    LoadModule python_module modules/mod_python26.so
    
    # Override type-map handler for /var/www/manual
    <Directory "/var/www/manual/mod/mod_python">
     <Files *.html>
      SetHandler default-handler
     </Files>
    </Directory>
    
    # This will cause files beneath /var/www/html with the extension .spam
    # to be handled by the Python script /var/www/html/eggs.py
    #
    #<Directory /var/www/html>
    #    AddHandler python-program .spam
    #    PythonHandler eggs
    #</Directory>
    
    # This will cause all requests to the /python heirachy of your
    # webserver to be handled by the python script /path/to/myhandler.py
    #
    #<Location /python>
    #    SetHandler python-program
    #    PythonPath "sys.path + ['/path/to']"
    #    PythonHandler myhandler
    #</Location>
    
    # This will cause all requests to the /python hierachy of your
    # webserver to be handled by mod_python's Publisher handler
    # (see http://localhost/manual/mod/mod_python/hand-pub.html)
    #
    #<Location /python>
    #    SetHandler python-program
    #    PythonHandler mod_python.publisher
    #</Location>
    
    # This will cause the output of all requests to files beneath
    # /var/www/html with the extension .flt to be filtered through
    # the Python script /var/www/html/filter.py
    #
    #<Directory /var/www/html>
    #    PythonOutputFilter filter MYFILTER
    #    AddOutputFilter MYFILTER .flt
    #</Directory>
    
    # This will enable use of "Python Server Pages", HTML pages with
    # inline Python code which is interpreted by the server:
    #
    #<Directory /var/www/html>
    #    AddHandler mod_python .psp
    #    PythonHandler mod_python.psp
    #</Directory>
    
    
  7. Restart the httpd service
  8. Set up the profile scripts to use the new python and trac
    
    $ sudo vim /etc/profile.d/trac-12.sh
    
    
    
    #!/bin/sh
    alias python="/opt/python/bin/python2.6"
    export PATH=/opt/python/bin:$PATH
    
    
    
    #!csh
    $ sudo vim /etc/profile.d/trac-12.csh
    
    
    
    #!/bin/tcsh
    alias python '/opt/python/bin/python2.6'
    setenv PATH "/opt/python/bin:${PATH}"
    
    

Subversion

This section documents the installation of Subversion 1.6.x. CentOS 5 comes with 1.4.x.
  1. Create the install location
    
    $ sudo mkdir /opt/subversion
    $ sudo chown -R flakrat:flakrat /opt/subversion
    
    
  2. Download Subversion
    
    $ mkdir -p ~/software/subversion
    $ cd ~/software/subversion
    $ wget http://subversion.tigris.org/downloads/subversion-1.6.11.tar.bz2
    $ wget http://subversion.tigris.org/downloads/subversion-deps-1.6.11.tar.bz2
    $ tar -jxf subversion-1.6.11.tar.bz2
    $ tar -jxf subversion-deps-1.6.11.tar.bz2
    
    
  3. Compile Subversion (during 'make check' XFAILs are expected failures that are sort of like a TODO for the SVN developers), the 'make swig-py' will build the SVN Python libraries
    
    $ . /etc/profile.d/trac-12.sh
    $ cd subversion-1.6.11
    $ make clean
    $ sh ./autogen.sh
    
    $ ./configure \
      --prefix=/opt/subversion \
      --with-apr=/usr/bin/apr-1-config \
      --with-apr-util=/usr/bin/apu-1-config \
      --with-apxs=/usr/sbin/apxs
    
    $ make
    $ make check
    $ sudo make install
    
    $ make swig-py
    $ sudo make install-swig-py 
    
    
  4. Copy the Python libraries to the Python directory
    
    $ cp -a /opt/subversion/lib/svn-python/{svn,libsvn} \
      /opt/python/lib/python2.6/site-packages/
    
    
  5. Create the profile scripts
    * Bash
    
    $ sudo vim /etc/profile.d/svn.sh
    
    
    
    #!/bin/sh
    export PATH=/opt/subversion/bin:$PATH
    export LD_LIBRARY_PATH=/opt/subversion/lib:$LD_LIBRARY_PATH
    
    
    * CSH
    
    $ sudo vim /etc/profile.d/svn.csh
    
    
    
    #!/bin/tcsh
    setenv PATH "/opt/subversion/bin:${PATH}"
    setenv LD_LIBRARY_PATH "/opt/subversion/lib:${LD_LIBRARY_PATH}"
    
    
  6. Edit the yum.conf file to exclude subverion and mod_dav_svn from being installed
    
    $ sudo vim /etc/yum.conf
    
    
    
    [main]
    cachedir=/var/cache/yum
    keepcache=0
    debuglevel=2
    logfile=/var/log/yum.log
    distroverpkg=redhat-release
    tolerant=1
    exactarch=1
    obsoletes=1
    gpgcheck=1
    plugins=1
    
    exclude=subversion,mod_dav_svn
    
    # Note: yum-RHN-plugin doesn't honor this.
    #metadata_expire=1h
    
    # Default.
    # installonly_limit = 3
    
    # PUT YOUR REPOS HERE OR IN separate files named file.repo
    # in /etc/yum.repos.d
    
  7. The Subversion repositories on the old svn server used BDB format. Newer version of Subversion use FSFS as the standard. In order to facilitate migrating the repos to the new server I had to first dump the repos (these commands were run on my old server where repos were stored in ~svn/repositories):
    
    $ cd ~svn/repositories
    $ for n in $(ls); do \
     if [ -d $n ]; then echo "Dumping: $n"; \
       svnadmin dump ${n} | gzip -c > /backups/dumps/${n}.dmp.gz ; \
    fi; done
    
  8. Create md5sum checksums of each dump file (also run on the old server)
    
    $ cd /backups/dumps
    $ find $@ ! -type d -print0 | xargs -0 md5sum > /backups/MD5SUMS.svn.dumps 
    
  9. Copy the dumps and check sum file from the old server and verify the dump files (commands run on the new server)
    
    $ mkdir ~svn/dumps
    $ rsync -a oldserver:/backups/dumps/ ~svn/dumps/
    $ rsync -a oldserver:/backups/MD5SUMS.svn.dumps ~svn/
    $ cd ~svn/dumps
    $ md5sum -c ~svn/MD5SUMS.svn.dumps | grep -v OK$
    
  10. If everything checks out, the md5sum command shouldn't produce any output since we are greping out lines ending in OK
  11. Load the Subversion repositories from their gzip compressed dump files
    
    $ cd ~svn/dumps
    $ sudo mkdir -p /var/lib/svn/repos
    $ sudo chown -R svn:svnadmin /var/lib/svn
    $ sudo chmod -R g+rwxs /var/lib/svn
    
    $ for n in $(ls | awk -F. '{print $1}'); do \
      svnadmin create /var/lib/svn/repos/$n ; \
      gunzip -c ${n}.dmp.gz | svnadmin load /var/lib/svn/repos/$n ; \
    done
    
  12. Next verify the repositories
    
    $ cd /var/lib/svn/repos
    $ for n in $(ls); do svnadmin verify $n ; done
    
    

Trac

  1. Source the trac environment script
    
    $ . /etc/profile.d/trac-12.sh
    
    
  2. Install Genshi
    
    $ easy_install Genshi
    
    Searching for Genshi
    Reading http://pypi.python.org/simple/Genshi/
    Reading http://genshi.edgewall.org/
    Reading http://genshi.edgewall.org/wiki/Download
    Best match: Genshi 0.6
    Downloading http://ftp.edgewall.com/pub/genshi/Genshi-0.6-py2.6.egg
    Processing Genshi-0.6-py2.6.egg
    Moving Genshi-0.6-py2.6.egg to /opt/python/lib/python2.6/site-packages
    Adding Genshi 0.6 to easy-install.pth file
    
    Installed /opt/python/lib/python2.6/site-packages/Genshi-0.6-py2.6.egg
    Processing dependencies for Genshi
    Finished processing dependencies for Genshi
    
    
  3. Install Trac 0.12 using easy_install
    
    $ easy_install Trac==0.12
    
    Searching for Trac==0.12
    Reading http://pypi.python.org/simple/Trac/
    Reading http://trac.edgewall.org/
    Reading http://trac.edgewall.org/wiki/TracDownload
    Reading http://trac.edgewall.com/
    Reading http://projects.edgewall.com/trac
    Reading http://projects.edgewall.com/trac/wiki/TracDownload
    Best match: Trac 0.12
    Downloading ftp://ftp.edgewall.com/pub/trac/Trac-0.12.zip
    Processing Trac-0.12.zip
    Running Trac-0.12/setup.py -q bdist_egg --dist-dir /tmp/easy_install-m7d5G7/Trac-0.12/egg-dist-tmp-gqKlcr
    Adding Trac 0.12 to easy-install.pth file
    Installing trac-admin script to /opt/python/bin
    Installing tracd script to /opt/python/bin
    
    Installed /opt/python/lib/python2.6/site-packages/Trac-0.12-py2.6.egg
    Processing dependencies for Trac==0.12
    Finished processing dependencies for Trac==0.12
    
    
  4. Install the Git plugin (for future support of Git repos on this server)
    
    $ easy_install http://trac-hacks.org/svn/gitplugin/0.12
    
    Downloading http://trac-hacks.org/svn/gitplugin/0.12
    Doing subversion checkout from http://trac-hacks.org/svn/gitplugin/0.12 to /tmp/easy_install-9ULtKC/0.12
    Processing 0.12
    Running setup.py -q bdist_egg --dist-dir /tmp/easy_install-9ULtKC/0.12/egg-dist-tmp-iTzr9l
    warning: install_data: setup script did not provide a directory for 'COPYING' -- installing right in 'build/bdist.linux-i686/egg'
    warning: install_data: setup script did not provide a directory for 'README' -- installing right in 'build/bdist.linux-i686/egg'
    zip_safe flag not set; analyzing archive contents...
    Adding TracGit 0.12.0.2dev-r7757 to easy-install.pth file
    
    Installed /opt/python/lib/python2.6/site-packages/TracGit-0.12.0.2dev_r7757-py2.6.egg
    Processing dependencies for TracGit==0.12.0.2dev-r7757
    Finished processing dependencies for TracGit==0.12.0.2dev-r7757
    
    
  5. Install TOCMacro http://trac-hacks.org/wiki/TocMacro (the version for 0.11 appears to work, we'll use it until 0.12 toc releases)
    
    $ easy_install http://trac-hacks.org/svn/tocmacro/0.11
    
    
  6. Install pygments for syntax highlighting
    
    $ easy_install pygments
    Searching for pygments
    Reading http://pypi.python.org/simple/pygments/
    Reading http://pygments.org/
    Reading http://pygments.pocoo.org/
    Best match: Pygments 1.3.1
    Downloading http://pypi.python.org/packages/2.6/P/Pygments/Pygments-1.3.1-py2.6.egg#md5=05270ee059c038407364b28993980960
    Processing Pygments-1.3.1-py2.6.egg
    creating /opt/python/lib/python2.6/site-packages/Pygments-1.3.1-py2.6.egg
    Extracting Pygments-1.3.1-py2.6.egg to /opt/python/lib/python2.6/site-packages
    Adding Pygments 1.3.1 to easy-install.pth file
    Installing pygmentize script to /opt/python/bin
    
    Installed /opt/python/lib/python2.6/site-packages/Pygments-1.3.1-py2.6.egg
    Processing dependencies for pygments
    Finished processing dependencies for pygments
    
    
  7. Change ownership of the python install
    
    $ sudo chown -R root:root /opt/python
    
    

Trac Pages

This section will document how to configure trac and convert each to use the updated format for version 0.12
  1. Copy the old trac instances to /var/www/trac (during the install I staged all of the files in /backup/oldsrv)
    
    $ sudo mkdir /var/www/trac
    $ sudo rsync -a /backup/oldsrv/var/www/trac/ /var/www/trac/
    $ sudo chown -R apache:apache /var/www/trac
    
    
  2. Upgrade the trac instances to the current format
    
    $ for n in $(ls); do \
      sudo trac-admin /var/www/trac/$n upgrade; \
      sudo trac-admin /var/www/trac/$n wiki upgrade; \
      sudo trac-admin /var/www/trac/$n repository '*'; \
     done
    
    
  3. Create the trac.conf httpd file
    
    $ sudo vim /etc/httpd/conf.d/trac.conf
    
    
    
    <Location /trac>
      SetHandler mod_python
      PythonHandler trac.web.modpython_frontend
      PythonOption TracEnvParentDir /var/www/trac
      PythonOption TracUriRoot /trac
    </Location>
    
    <LocationMatch /trac/[^/]+/login>
      AuthType Basic
      AuthName "trac"
      AuthUserFile /var/lib/svn/repos/repousers
      Require valid-user
    </LocationMatch>
    
    

9 comments:

Robert said...

I was wondering how much customizing you had done to Trac? We are looking to go through the same conversion excpet we have quite a bit of customization done to Trac, such as pages, templates, and DB. CentOS and RHEL are not too different so aside from the customization I think your tutorial will help us a lot.

FlakRat said...

Howdy, I haven't done much customizing.

I have run into an issue with Trac 0.12 that has me concerned regarding the authz_file and source browsing permissions. I have duplicated this issue against the stock SVN, mod_dav_svn, python... provided by Fedora 13 as well, so it's not unique to this configuration.

I cannot get the authz_file to work in version 0.12, but the same SVN access file works properly in 0.11.

If I disable BROWSER_VIEW for anonymous, and enable it for authenticated users (the users authorization file is shared by Trac and SVN, so the user names are identical), once a user logs in to the Trac instance, they are able to browse the entire source tree for that instance. Even if I set (flakrat = ) to specifically deny myself access!

I still need to bring this up on the Trac mailing list to see if it's some new config parameter in 0.12 that I'm missing, or a valid bug.

Robert said...

So it seems like the 0.12 Trac authz_file is associated with the version 0.11 and not the 0.12. Did you backup the authz_file before you upgraded Trac and SVN? I am wondering if the SVN 1.6 authz_file is different then the authz_file for 1.5. wondering... Also what version of Python are you running?

FlakRat said...

Python 2.6.5
SVN 1.6.11

The authz_file works properly with Subversion. Using the svn client on a remote machine, I can only access the parts of the repository specified in the authz_file allowed to my user (connections are done via https and mod_dav_svn). So I believe that the structure of the auth and user name/password files are correct.

In the trac.ini file:
[trac]
authz_file = /somedir/svnaccess
authz_module_name = myrepo

That works if I run Trac 0.11, when I switch to Trac 0.12 it allows everyone full access :-)

Note that this is just for BROWSER_VIEW and not the user rights to the other parts of the Trac site (wiki, ticketing, etc...).

Very strange.

In the mean time, I have had to remove BROWSER_VIEW completely for each of the Trac sites. Luckily, this isn't a critical feature in our environment, but it is nice to have.

Robert said...

Looks good man, Thanks a lot for your input. We are probably gonna attack this soon, I will let you know how it goes? You are in College Station, TX? I am in San Antonio... small world.

blackfin said...

Thanks for taking the time to put this together. This is really helpful. I'm getting ready to upgrade a similar server. Forgive me for perhaps an obvious question, but - I'm currently running trac 0.11 on Fedora Core 6, and I upgraded Python to 2.5.1 a while back, but then I ran into problems with various utilities (like yum) not working as I'd messed up the version of the python libs it was looking for. I've never had enough time to devote to cleaning that up, as trac/svn worked fine. With the way you go about installing python here, I'm assuming you're keeping the newer version out of the way so that the 5.5 dist utils won't find them? (The error I get when trying to run yum is:
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

No module named _struct
)

thanks....

FlakRat said...

Correct, These steps should leave the system python and other libraries intact.

CentOS 5 and FC6 use similar package versions, if I recall correctly.

As for the Yum issue, you may have to manually uninstall and reinstall the system packaged Python, which would be 2.4.x, I believe.

Hope this helps,

Mike

Robert said...

Hey FlakRat, we are finally going ahead with everything. Work made a VM to test SVN 1.6 Trac 0.12 and all that jazz together, so I am using your instructions and some other sources since the VM has nothing on it other then the kickstart and some of the required yum installs. I have a question though for the SVN section: I cannot find this directory:
$ cd ~svn/dumps
no such file or directory.

Any help? thanks buddy

FlakRat said...

Howdy Robert,

It looks like I forgot to include the dump creation / copy :-)

Thanks for pointing that out, I'll update the original post with the following info:

The Subversion repositories on the old svn server used BDB format. Newer version of Subversion use FSFS as the standard. In order to facilitate migrating the repos to the new server I had to first dump the repos:

$ cd ~svn/repositories
$ for n in $(ls); do \
if [ -d $n ]; then echo "Dumping: $n"; \
svnadmin dump ${n} | gzip -c > /backups/dumps/${n}.dmp.gz ; \
fi; done

Create md5sum checksums of each dump file

# cd /backups/dumps
# find $@ ! -type d -print0 | xargs -0 md5sum > /backups/MD5SUMS.svn.dumps

Copy the dumps and check sum file to the new server and verify the dump files

On the new server
$ mkdir ~svn/dumps
$ rsync -a oldserver:/backups/dumps/ ~svn/dumps/
$ rsync -a oldserver:/backups/MD5SUMS.svn.dumps ~svn/
$ cd ~svn/dumps
$ md5sum -c ~svn/MD5SUMS.svn.dumps | grep -v OK$

If everything checks out, the md5sum command shouldn't produce any output since we are greping out lines ending in OK