Installation and Configuration of Trac
SANOG 10, New Delhi, India
September 1, 2007

These instructions are based upon a guide created by Luis Soares, but with considerable changes. The original guides is available here:

http://www.mdlabs.est.ips.pt/majestic13/TracFeisty

This installation allows for the following:

* Multiple trac projects on a single box.
* Authentication via trac and not the web server.
* Administration of trac users via a web interface.
* Write-protection of your trac project from anonymous users (i.e. avoid spammer defacing of your site).
* Ability to add-on Subversion version control to future trac projects.
* Use of the Aztec planning calendar plug-in.

Let's now do the installation of the trac system. For trac to work we'll be needing python and a number of other packages. Then we'll have to create a trac environment for each repository we want trac to serve. Your instructor will describe what you are doing in more detail in class. This guide is available as text at:

http://noc/workshop/day3/trac/install-trac.txt


     $ sudo apt-get install trac libapache2-svn libapache2-mod-python libapache2-mod-python-doc python-setuptools

     $ sudo mkdir /var/lib/trac

     $ sudo chown -R www-data:www-data /var/lib/trac

     $ sudo ln -s /var/lib/trac/ /trac

Now to add your trac site as a virtual site in Apache:

     $ sudo vi /etc/apache2/sites-available/trac

In this file you will add the code on the next page:

      

      <Location /trac>
        SetHandler mod_python
        PythonHandler trac.web.modpython_frontend
        PythonOption TracEnvParentDir /var/lib/trac
        PythonOption TracEnv /trac/sanog
        PythonOption TracUriRoot /trac/sanog
        SetEnv PYTHON_EGG_CACHE /trac/sanog/python-eggs
       </Location>

Now we enable the new virtual site:

     $ sudo a2ensite trac

     $ sudo /etc/init.d/apache2 reload
Next, we must initialize the trac project using the trac-admin facility. You will be asked several questions with lots of explanatory text. Here are the answers for each prompt you will see. If it says [ENTER], then just press ENTER and continue:

     $ sudo trac-admin /trac/sanog initenv

     Project Name [My Project]> WHATEVER YOU WANT
     Database connection string [sqlite:db/trac.db]> [ENTER]
     Repository type [svn]> [ENTER]
     Path to repository [/path/to/repos]> [ENTER]
     Templates directory [/usr/share/trac/templates]> [ENTER]

Now you will see quite a bit of text on your screen detailing items as your new trac project is created. Once this is done we have several more things to do:

     $ sudo chown -R www-data:www-data /var/lib/trac

     $ sudo apache2ctl restart

Now to install some customization features for trac in the form of trac plug-ins:

     $ sudo easy_install http://svn.edgewall.com/repos/trac/sandbox/webadmin

     $ sudo easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.10

    $ sudo easy_install http://trac-hacks.org/svn/calendarplugin

Now we must edit the main trac configuration file with a number of items. For this we recommend that you view the file in a web browser at http://noc/worksop/day4/trac/trac.ini while completing this section.


trac.ini
Below are the items you need to add or change in your default trac.ini file. To edit this file do:

     $ sudo vi /trac/sanog/conf/trac.ini

The first 2 items (account-manager and components) can go at the top of the file starting on line 3:

     [account-manager]
     password_file = /trac/sanog/.htpasswd
     password_format = htpasswd
     password_store = HtPasswdStore
     [components]
     acct_mgr.* = enabled
     acct_mgr.admin.accountmanageradminpage = enabled
     acct_mgr.api.accountmanager = enabled
     acct_mgr.db.sessionstore = enabled
     acct_mgr.htfile.htpasswdstore = enabled
     acct_mgr.web_ui.accountmodule = enabled
     acct_mgr.web_ui.loginmodule = enabled
     acct_mgr.web_ui.registrationmodule = enabled
     trac.web.auth.loginmodule = disabled
          webadmin.* = enabled
     azcalendar.* = enabled

The following three sections (header_logo, notification, project) replace what is in your trac.ini file:

     [header_logo]
     alt = SANOG 10 Net Mgmnt Workshop 
     height = 50 
     link = http://www.sanog.org/sanog10 
     src = site/apnic-sanog10.jpg
     width = 200 

     [notification]
     always_notify_owner = true
     always_notify_reporter = false
     always_notify_updater = true
     mime_encoding = base64
     smtp_always_bcc = admin@localhost
     smtp_always_cc = 
     smtp_default_domain = 
     smtp_enabled = true
     smtp_from = sanog10@localhost
     smtp_password = 
     smtp_port = 25
     smtp_replyto = sanog10@localhost
     smtp_server = localhost
     smtp_subject_prefix = __default__
     smtp_user = 
     use_public_cc = false
     use_short_addr = false
     use_tls = false

     [project]
     descr = SANOG 10 Network Management Workshop 
     footer = SANOG 10, New Delhi, India<br><a href="mailto:admin@localhost">admin@localhost</a>
     icon = common/favicon.ico
     name = SANOG 10, India 
     url = http://www.sanog.org/sanog10/

Note: Some items are not strictly necessary, and a couple will not work as we are currently configured, but won't cause problems either. You can find the apnic-sanog10.jpg file in http://noc/workshop/day4/trac/. This goes in /trac/sanog/htdocs on your machine.

Once all this is done you have just a few more steps. First we must configure the trac user environment. We'll set up a user called sanog that is an authenticated user, and a user called admin that will be a trac-admin user. Finally, all other users who view the project will be anonymous users. We will restrict their view of the project to be read-only. To do all this do:

     $ sudo trac-admin /trac/sanog permission remove anonymous CAL_ADMIN CAL_EDIT CONFIG_VIEW MILESTONE_VIEW REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW TICKET_CREATE TICKET_MODIFY WIKI_CREATE WIKI_MODIFY WIKI_DELETE

     $ sudo trac-admin /trac/sanog permission add authenticated CAL_ADMIN CAL_EDIT MILESTONE_MODIFY MILESTONE_VIEW REPORT_ADMIN REPORT_CREATE REPORT_MODIFY TICKET_APPEND TICKET_CREATE TICKET_MODIFY TICKET_VIEW WIKI_CREATE WIKI_MODIFY WIKI_VIEW

     $ sudo trac-admin /trac/sanog permission add sanog authenticated

     $ sudo trac-admin /trac/sanog permission add admin TRAC_ADMIN

Now we need to be sure that Apache has access to all the trac files using the user/group of www-data:

     $ sudo chown -R www-data:www-data /trac/*

     $ sudo apache2ctl restart

Last, but not least, you must actually create the users admin and sanog and give them passwords:

     $ sudo htpasswd -c /trac/sanog/.htpasswd admin       [use any password]

     $ sudo htpasswd /trac/sanog/.htpasswd sanog          [use workshop password]

     $ sudo trac-admin /trac/sanog upgrade

At this point you are done setting up trac. You can now look at the result of your work by going to:

http://localhost/trac/sanog

By default you are seeing your trac project as an anonymous user. You can log in as sanog to see how things look as an authenticated user and then as admin to see things as a trac-admin user.