Revision as of 00:35, 12 October 2019

Summary

October 12, 2018 tracvm was migrated to lxd container called tracsvn on osgeo7 As of February 2017 Trac 1.2.1dev (r15513 patched) is running at http://trac.osgeo.org/ (the tracsvn VM at OSU OSL).

Trac Guide
Configurations are in /var/www/trac/*/conf/trac.ini and inherit /etc/trac/trac-common.ini
All data lives under /var/www/trac and in trac_* PostgreSQL databases
Authentication uses the OSGeo LDAP database
virtual server configurations are under /etc/apache2/includes/trac/*.conf, included by /etc/apache2/sites-available/trac.conf
Existing Instances
Actual python is installed in /usr/local/lib/python2.6/dist-packages/Trac*.egg (May 2015)
Frank Warmerdam and Howard Butler have configuration experience, and can help maintain instances.
Sandro Santilli is helping with trac since late 2015, driving the upgrade from 1.0.5 to 1.2.1dev in Feb 2017

Procedures

Local Customizations

As of 2017-02-01, after upgrading to Trac-1.2.1, there is a minor modifications to allow notifying OSGeo users who have never logged into trac yet.

See https://trac.osgeo.org/osgeo/ticket/1863

Creating a trac instance

  $ sudo -u postgres createdb -O trac trac_<proj_name>
  $ sudo trac-admin \
    /var/www/trac/env/<proj_name> initenv \
    --inherit=/etc/trac/trac-common.ini

Make sure to set the db connection to postgres://trac@/trac_<proj_name> (password for the user is kept in ~www-data/.pgpass)
Use /var/www/svn/repos/<proj_name> for the svn path or /var/www/git/repos/<proj_name> for the git path
For SVN, write a /var/www/repos/<proj_name>/post-commit with this content:

 REPOS="$1"
 REV="$2"
 TRAC_ENV=`basename ${REPOS}`
 /var/www/svn/hookscripts/osgeo-post-commit-hook "${TRAC_ENV}" "${REPOS}" "${REV}" &

Set the project admin user:

  $ sudo trac-admin /var/www/trac/<proj_name> permission add <osgeo_userid> TRAC_ADMIN

Set permissions on the trac environment dir:

  $ sudo chown -R www-data:www-data /var/www/trac/<proj_name>

Update /var/www/trac/<proj_name>/conf/trac.ini to enable email notification (TODO: move to /etc/trac/trac-common.ini)
Add virtual host file /etc/apache2/conf.d/trac/<proj_name>.conf enabling LDAP based authentication.
Logo can be referenced in /var/www/trac/<proj_name>/conf/trac.ini and placed in /var/www/trac/<proj_name>/htdocs
Add to /var/www/trac/index.html
Add to /var/www/trac/trac_instances.txt
Add to /etc/trac/intertrac.ini
Regenerate the robots.txt file with the command:

 $ sudo /var/www/trac/mkrobots.sh

Permissions

Recommended Trac permissions:

       anonymous       BROWSER_VIEW
       anonymous       CHANGESET_VIEW
       anonymous       FILE_VIEW
       anonymous       LOG_VIEW
       anonymous       MILESTONE_VIEW
       anonymous       REPORT_SQL_VIEW
       anonymous       REPORT_VIEW
       anonymous       ROADMAP_VIEW
       anonymous       SEARCH_VIEW
       anonymous       TICKET_VIEW
       anonymous       TIMELINE_VIEW
       anonymous       WIKI_VIEW
       authenticated   TICKET_CHGPROP
       authenticated   TICKET_CREATE
       authenticated   TICKET_MODIFY
       authenticated   WIKI_CREATE
       authenticated   WIKI_MODIFY
       developers      DOXYGEN_VIEW
       developers      MILESTONE_ADMIN
       developers      REPORT_ADMIN
       developers      REPORT_CREATE
       developers      WIKI_ADMIN
       warmerdam       developers
       warmerdam       TRAC_ADMIN
       strk            TRAC_ADMIN
       ...

SQL Compatability Issue with Postgres

You will have to modify the SQL statement of the All Ticket by Milestone report. This can be done by accessing the trac report page and click the Edit report button (You need to be an admin of the trac instance). Check the sql statement of another trac instance and replace the one of the new instance.

Permissions Reference

Plugins

Shared plugins are installed in /usr/local/lib/python2.6/dist-packages/ (usually having a name starting with "Trac") and need be explicitly enabled for each project (can be done by trac admin).

Project specific plugins (discouraged) are under /var/www/trac/<project>/plugins/ and are enabled by default.

For more info see the plugin install guide.

Available shared plugins (updated May '16):

TracLDAPEmailResolverPlugin _0.1 - uses LDAP lookup to resolve OSGeo users email. WORKS with Trac 1.2
TracStatsPlugin _0.6 - shows project statistics. WORKS with Trac 1.2
TracSpamFilter _1.0.10dev - spam filtering plugin. WORKS with Trac 1.2
TracDoxygen _0.11.0 - mix doxygen docs into trac interface (needs extra admin support). . WORKS with Trac 1.2
TracSectionEditPlugin _1.2.0dev - ability to edit one section in a wiki page. WORKS with Trac 1.2
TracTocMacro _11.0.0.6 - multi page tables of contents. WORKS with Trac 1.2
~~TracSecureTickets _0.1.4 - The authz policy mechanism provides fine-grained permissions for tickets.~~ REMOVED in Jan 2017
~~Tracticketsstats _3.0.0dev - visualizes trac ticket statistics~~ REMOVED in Jan 2017
~~TracAdvParseArgsPlugin _1.0.5 - dependency of TicketStatsMacro~~ REMOVED in Jan 2017
~~sensitivetickets 0.22 (deprecated by SecureTicketsPlugin ?)~~ REMOVED in Jan 2017
~~MediaWikiMacro - provides media wiki like format support (link? details?)~~ NOT FOUND as of Nov 2015
~~TracMetrixPlugin _0.1.8dev - quality metrix and progress statistics.~~ REMOVED in Jan 2017 as it FAILED with Trac 1.2 - https://trac-hacks.org/ticket/13041

Custom fields

See http://trac.edgewall.org/wiki/TracTicketsCustomFields

for example, in trac.ini:

    [ticket-custom]
    platform = select
    platform.label = Platform
    platform.options = Unspecified|MSWindows 2K|MSWindows XP|MSWindows Vista|MSWindows CygWin|MacOSX|Linux|Other Unix|All
    platform.value = Unspecified

    cpu = select
    cpu.label = CPU
    cpu.options = Unspecified|x86-32|x86-64|OSX/PPC|OSX/Intel|Other|All
    cpu.value = Unspecified

ZIP support for directories

Docs: https://trac.edgewall.org/wiki/TracIni#browser-section

Used in GRASS GIS trac instance to enable zip download support for g.extension addon manager downloads: Directories are to be enabled as a comma separated list.

# file: /var/www/trac/grass/conf/trac.ini
[browser]
downloadable_paths = /grass-addons/grass7/*/*,/sandbox/*/*

Making Trac Read-Only

It appears the usual way of making Trac read-only is to remove all permissions on the "authenticated" group in the Admin/Permissions dialog. This will remove the authenticated group and then only those with special admin priviledges can edit the wiki, create tickets, etc.

Timeline with filename indication

 [timeline]
 changeset_long_messages = false
 changeset_show_files = 1
 changeset_files_count = 3
 default_daysback = 30
 ticket_show_details = false

(see for example here)

Hotcopy a trac instance

  $ sudo trac-admin /var/www/html/trac/<proj_name> hotcopy /path/to/copy/trac/to

Trac Spam

We have had problems with trac spam when ticket create and ticket modify permissions were set to anonymous (the default). To get around this most (all?) instances have been changed to require authenticated users to do these actions.

But some projects strongly desire to support anonymous ticket creation and modification and at some point this might be viable using image captcha technology to keep out the spammers. A Trac plugin for this is currently installed, see SpamFilter for usage.

SpamFilter management

The bare minimum that each instance admin should take care of:

Edit of a BadContent page, made read-only, for example: https://trac.osgeo.org/XXXX/wiki/BadContent
Frequently check the monitoring page training bayes for ham/spam: https://trac.osgeo.org/XXXX/admin/spamfilter/monitor

A global SpamFilter configuration is used unless any instance admin changed the configuration via the GUI ("Apply Changes"). The global configuration (in /etc/trac/spamfilter.ini) sets, other than the defaults:

SessionFilterStrategy: 0
Karma of authenticated users: 0

Instructions to delete a spam user from LDAP: see SAC:LDAP#Editing_the_LDAP_database

Trac notification forward to project mailing list

To fwd notifications from trac to e.g. a project developers mailing list, you need to

set in trac the mailing list address as default (trac Admin section)
add the trac@osgeo.org address (or trac_osgeo@.., or ...) in Mailman to
- "Privacy options"
  - "Subscription rules"
  - "[Sender filters]"
    - "Non-member filters"
      - "List of non-member addresses whose postings should be automatically accepted."

As the mail may be addressed to "undisclosed recipients" instead of directly to the list, the messages may be held for moderator approval. To avoid this add "undisclosed recipients" to the list of acceptable aliases at
- "Privacy options"
  - "[Recipient filters]"
    - acceptable_aliases

@@ Line 1: / Line 1: @@
 = Summary =
-Trac 1.0.5 is running at http://trac.osgeo.org/ (the [[TracsvnVM|tracsvn VM]] at OSU OSL).
+October 12, 2018 tracvm was migrated to lxd container called tracsvn on osgeo7
+As of February 2017 Trac 1.2.1dev (r15513 [https://trac.osgeo.org/osgeo/ticket/1863#comment:3 patched]) is running at http://trac.osgeo.org/ (the [[TracsvnVM|tracsvn VM]] at OSU OSL).
 * [http://trac.edgewall.org/wiki/TracGuide Trac Guide]
@@ Line 11: / Line 12: @@
 * Actual python is installed in /usr/local/lib/python2.6/dist-packages/Trac*.egg (May 2015)
 * Frank Warmerdam and Howard Butler have configuration experience, and can help maintain instances.
-* Sandro Santilli is helping with trac since late 2015
+* Sandro Santilli is helping with trac since late 2015, driving the upgrade from 1.0.5 to 1.2.1dev in Feb 2017
 = Procedures =
@@ Line 17: / Line 18: @@
 == Local Customizations ==
-The file /usr/local/lib/python2.6/dist-packages/Trac-1.0.5-py2.6.egg/trac/notification.py was substantially modified to support looking up email addresses in LDAP, and will need to be re-adjusted if we upgrade to a new version of Trac.
+As of 2017-02-01, after upgrading to Trac-1.2.1, there is a minor modifications
+to allow notifying OSGeo users who have never logged into trac yet.
-* http://trac.osgeo.org/osgeo/ticket/39
+See https://trac.osgeo.org/osgeo/ticket/1863
 == Creating a trac instance ==
-    $ sudo createdb -U postgres trac_<proj_name>
+    $ sudo -u postgres createdb -O trac trac_<proj_name>
-    $ sudo trac-admin --inherit=/etc/trac/trac-common.ini \
+    $ sudo trac-admin \
-     /var/www/trac/<proj_name> initenv
+     /var/www/trac/env/<proj_name> initenv \
+     --inherit=/etc/trac/trac-common.ini
-* Make sure to set the db connection to postgres://postgres@/trac_<proj_name>
+* Make sure to set the db connection to postgres://trac@/trac_<proj_name> (password for the user is kept in ~www-data/.pgpass)
 * Use /var/www/svn/repos/<proj_name> for the svn path or /var/www/git/repos/<proj_name> for the git path
 * For SVN, write a /var/www/repos/<proj_name>/post-commit with this content:
@@ Line 48: / Line 51: @@
 * Logo can be referenced in /var/www/trac/<proj_name>/conf/trac.ini and placed in /var/www/trac/<proj_name>/htdocs
 * Add to /var/www/trac/index.html
+* Add to /var/www/trac/trac_instances.txt
 * Add to /etc/trac/intertrac.ini
 * Regenerate the robots.txt file with the command:
@@ Line 99: / Line 103: @@
 Available shared plugins (updated May '16):
-* [https://trac.edgewall.org/wiki/SpamFilter TracSpamFilter] <sub>1.0.9dev</sub> - spam filtering plugin
-* [https://trac-hacks.org/wiki/AdvParseArgsPlugin TracAdvParseArgsPlugin] <sub>1.0.5</sub> - dependency of TicketStatsMacro (to verify, might not be needed anymore)
+* [https://git.osgeo.org/gogs/sac/TracLDAPEmailResolverPlugin TracLDAPEmailResolverPlugin] <sub>0.1</sub> - uses LDAP lookup to resolve OSGeo users email. '''WORKS with Trac 1.2'''
-* [http://trac-hacks.org/wiki/DoxygenPlugin TracDoxygen] <sub>0.11.0</sub> - mix doxygen docs into trac interface (needs extra admin support)
+* [https://trac-hacks.org/wiki/TracStatsPlugin TracStatsPlugin] <sub>0.6</sub> - shows project statistics. '''WORKS with Trac 1.2'''
-* [https://trac-hacks.org/wiki/TracMetrixPlugin TracMetrixPlugin] <sub>0.1.8dev</sub> - quality metrix and progress statistics
+* [https://trac.edgewall.org/wiki/SpamFilter TracSpamFilter] <sub>1.0.10dev</sub> - spam filtering plugin. '''WORKS with Trac 1.2'''
-* [https://trac-hacks.org/wiki/SectionEditPlugin TracSectionEditPlugin] <sub>0.2.6</sub> - ability to edit one section in a wiki page
+* [http://trac-hacks.org/wiki/DoxygenPlugin TracDoxygen] <sub>0.11.0</sub> - mix doxygen docs into trac interface (needs extra admin support). . '''WORKS with Trac 1.2'''
-* [[#Secure Tickets|TracSecureTickets]] <sub>0.1.4</sub> - The authz policy mechanism provides fine-grained permissions for tickets.
+* [https://trac-hacks.org/wiki/SectionEditPlugin TracSectionEditPlugin] <sub>1.2.0dev</sub> - ability to edit one section in a wiki page. '''WORKS with Trac 1.2'''
-* [https://trac-hacks.org/wiki/TracTicketStatsPlugin Tracticketsstats] <sub>3.0.0dev</sub> - visualizes trac ticket statistics
+* [http://trac-hacks.org/wiki/TocMacro TracTocMacro] <sub>11.0.0.6</sub> - multi page tables of contents. '''WORKS with Trac 1.2'''
-* [http://trac-hacks.org/wiki/TocMacro TracTocMacro] <sub>11.0.0</sub> - multi page tables of contents.
+* <strike>[http://trac-hacks.org/wiki/SecureTicketsPlugin TracSecureTickets] <sub>0.1.4</sub> - The authz policy mechanism provides fine-grained permissions for tickets.</strike> '''REMOVED in Jan 2017'''
-* <strike>sensitivetickets 0.22 (deprecated by SecureTicketsPlugin ?)</strike> '''REMOVED as of Jan 2017'''
+* <strike>[https://trac-hacks.org/wiki/TracTicketStatsPlugin Tracticketsstats] <sub>3.0.0dev</sub> - visualizes trac ticket statistics</strike> '''REMOVED in Jan 2017'''
+* <strike>[https://trac-hacks.org/wiki/AdvParseArgsPlugin TracAdvParseArgsPlugin] <sub>1.0.5</sub> - dependency of TicketStatsMacro</strike> '''REMOVED in Jan 2017'''
+* <strike>sensitivetickets 0.22 (deprecated by SecureTicketsPlugin ?)</strike> '''REMOVED in Jan 2017'''
 * <strike>MediaWikiMacro - provides media wiki like format support (link? details?)</strike> '''NOT FOUND as of Nov 2015'''
+* <strike>[https://trac-hacks.org/wiki/TracMetrixPlugin TracMetrixPlugin] <sub>0.1.8dev</sub> - quality metrix and progress statistics.</strike> '''REMOVED in Jan 2017 as it FAILED with Trac 1.2 - https://trac-hacks.org/ticket/13041'''
 === Custom fields ===
@@ Line 139: / Line 146: @@
 downloadable_paths = /grass-addons/grass7/*/*,/sandbox/*/*
 </pre>
-=== Secure Tickets ===
-See http://trac-hacks.org/wiki/SecureTicketsPlugin (Note that the installed plugin has been modified for OSGeo)
-The initial behavior of the plugin was to set all tickets private, then let the user
-defines what are the public components. It has been modified this to fit osgeo needs.
-Since everything is public by default, we'll set manually the private
-components and everything else will be public.
-'''Using the plugin'''
-- Enable the plugin in trac.ini:
-  [components]
-  securetickets.* = enabled
-- Modify the permission_policies in trac.ini:
-  permission_policies = SecureTicketsPolicy, DefaultPermissionPolicy, ...
-- Define private components in trac.ini:
-  [securetickets]
-  private_components = Vulnerabilities, Component2, ...
-To allow a user or a group to view the private tickets, you'll have to add him
-the permission SECURE_TICKET_VIEW
 == Making Trac Read-Only ==
@@ Line 226: / Line 205: @@
 [[Category:Infrastructure]]
+[[Category:Services]]

Difference between revisions of "Trac"