Root must not be specified via an Alias or a symlink from theĭocumentRoot it’s a completely manufactured URI, managed by the Interestingly, the Location of the Subversion directory Simplicity by providing directives that understand parent paths for bothĪpplications. Subversion repositories live in /srv/svn. It also needs theĪs mentioned above, all Trac instances live in /srv/trac and all Needs to load the Python module at start time. The Apache configuration file, /etc/httpd/conf/nf, Its standard Apache package, that’s the acceleration method we chose toĮmploy. Trac is a fairly hefty process, so it is typically run under FastCGI or
Theĭigest password database is completely divorced from system accounts. LDAP, PAM, /etc/passwd, or any other system-authentication scheme. Poses one difficulty: it cannot currently be used in conjunction with HTTP Basic authentication is terribly weak, so authentication for TracĪccess is provided by the HTTP digest access There was no need to establish an SSL infrastructure. The security profile of our Trac site wasn’t terribly stringent, so u system_u -r object_r -t httpd_sys_content_t \ Took a single invocation of chcon: chcon -R \ Given the local filesystem setup, the retyping Web content needs to be typed as httpd_sys_content_t. To get Trac to work in an SELinux-enabled environment, therefore, all Listing of /var/www/html on Red Hat systems: $ stat -Z -c %C /var/www/html The standard context for a web-readable directory can be seen in a Read files assigned a security context type of httpd_sys_content_t. In Red Hat’s targeted SELinux policies, the Apache web server can only
enablerepo option: yum -enablerepo=dag -enablerepo=kbs-CentOS-Extras update To get updates from dag and/or pyvault, use yum’s This allows yum to work automaticallyįrom the official CentOS repository without hitting any snags from the Please note that the enabled directives in both third-party repositoryĭefinitions is set to 0 (false). name = Dag RPM Repository for Red Hat Enterprise Linux baseurl = $releasever/en/$basearch/dag gpgcheck = 1 enabled = 0 includepkgs = clearsilver python-clearsilver trac name = -EL$releasever - Stable gpgcheck = 1 gpgkey = enabled = 0 baseurl = $releasever/extras/stable/$basearch/RPMS/ includepkgs = python-docutils python-imaging The yum configuration on the host system: Packages from the other repositories was a simple matter of expanding Dag’s repository didn’t have a package for it either, so Iĭependency checking and remote installation of packages, so using Python-docutils, a collection of Python modules not included withĬentOS. Somewhat later, after Trac was up and running, I discovered that its Rather than building those packages in house, I used pre-built packages The base CentOS distibution doesn’t include Trac or the ClearSilver Trac to function: httpd, mod_dav_svn, mod_python, and subversion. They depend, must be installed from the base CentOS distribution for System PackagesĪ few Apache- and Python-related packages, along with packages on which Management, SELinux, and Apache-needed modification in our setup. The system’s securityĬertain applications, Apache among them, are governed by fairly strictĪnd comprehensive security policies.
Our wiki server, like all Red Hat-based systems, manages most software Hosts both the Subversion repositories ( /srv/svn) and TracĪpache manages all access to Subversion repositories on the wiki The default, primus inter pares, but all instances would live at We expected to host multiple Trac instances. Trac and Subversion on our wiki server, it’s worth noting our local Special instructions someone would have to follow to re-implement ourīefore launching into the gory details of installing and configuring Trouble is that CentOS doesn’t ship with Trac, and our our system setupĪnd implementation requirements conspired to make Trac’s installation a The system hosting Trac is running CentOS 4, aįreely redistributable rebuild of Red Hat Enterprise Linux 4. Tools: trouble tickets, milestones, and strong ties to the Which in addition to a wiki provides a bunch of project-management After a fairly drawn-out process of identifying which wiki software toĭeploy at work, we finally settled on Trac,