Trace: » trac_user_guide » svn_user_guide » start » trac_crea_manag
 

Index

This is an index over all available pages ordered by namespaces.

Page Actions
Wiki Actions
User Actions
Submit This Story
Table of Contents

Create and Manage a trac project

This page helps to create a SVN and Trac project. To main steps are needed:

  1. Create the LDAP users and groups
  2. Create the SVN/Trac project (See the Script that automates this step)

Create account and group of the member of the project

Go to PHPLDAPAdmin

Login with the administrator account. (login: cn=admin,dc=sds-project,dc=fr)

Go to ou=People and create a new entry with User Account schema. 

Warning: Specify the same cn (Common Name) and uid (User ID) as firstname.name.

SDS member

Then if the account is for an sds-member, you need to go and add the uid (using add Value under the list of memberUid) in the memberUid list in the cn=sds-member,ou=Group,dc=sds-project,dc=fr entry.

Student group (optional)

If the account is for a student, you need to do the same thing but with cn=students,ou=Group,dc=sds-project,dc=fr entry.

Trac Group

Now, you need to add a group for the TRAC project that the users will access. 

Warning: All sds-member have access to all project, you do not need to add sds-member in group project.

To add a new group, you need to go to ou=Group and create a new entry with posixGroup.

Then you will add a new attribute that will contain the list of the uid of each member of this group (the attribute name is memberUid) then as value, you add the uid of each member of this group.

Now, all the user and group account need in LDAP repository are now set.

Creating a SVN repository

First you need to create the repository: 

svnadmin create /var/lib/svn/PROJECT_NAME

And then initialize it using: 

svn mkdir file:///var/lib/svn/PROJECT_NAME/branches file:///var/lib/svn/PROJECT_NAME/tags file:///var/lib/svn/PROJECT_NAME/trunk -m "initial structure"

Then to be able to use this repository, you need to add a DAV page for apache that will permit to connect and use the repository by a remote user.

First, create and edit a new configuration file in /etc/apache2/sites-available/ for example: 

vim /etc/apache2/sites-available/svn-PROJECT_NAME

The configuration file will look something like this: 

<Location /svn/PROJECT_NAME>
        DAV svn

        SVNPath "/var/lib/svn/PROJECT_NAME/"

        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthType Basic
        AuthName "LDAP"
        AuthLDAPURL "ldap://127.0.0.1/ou=People,dc=sds-project,dc=fr?uid?sub?(objectClass=inetOrgPerson)"
        AuthLDAPCompareDNOnServer off
        AuthLDAPGroupAttribute memberUid
        AuthLDAPGroupAttributeIsDN off

        Require ldap-group cn=sds-member,ou=Group,dc=sds-project,dc=fr
        Require ldap-group cn=PROJECT_NAME-member,ou=Group,dc=sds-project,dc=fr
</Location>

Of course, you need to change the last ldap-group by the correct regex for the group project. For example, if you have add a group for the project in LDAP that is name foobar, you will modify the last line to: 

Require ldap-group cn=foobar,ou=Group,dc=sds-project,dc=fr

Finally, you need to add the site to the list of site manage by apache2 (under Debian): 

a2ensite svn-PROJECT_NAME

Now, you can use the SVN repository by connecting to http://www.sds-project.fr/svn/$PROJECT_NAME$

Finally, change permissions : 

chown -R www-data /var/lib/svn/PROJECT_NAME/

Create a trac project

First you need to create the trac project by running (as root) 

trac-admin <projectpath/project> initenv

For instance, for project SRD: 

trac-admin /var/www/trac/srd/ initenv

Warning, you need to use /var/www/trac/$PROJECT_NAME$ (with $PROJECT_NAME$ replace by your project name) otherwise apache2 will not found the project.

You need to set the owner of the directory to apache user (www-data under Debian). 

chown -R www-data /var/www/trac/srd/

Now, you can connect to the trac website using http://www.sds-project.fr/trac/$PROJECT_NAME$.

A list of all trac project is available at http://www.sds-project.fr/trac/

Managing a trac project

The first thing to do is to setup the permission.

Only two group are available by default, the first one will contain all anonymous user (in our case, no anonymous user are possible because you need to authenticate with your ldap login and password when you connect to any trac project). The second one will contain all authenticated user. The authenticated group inherit all permission of anonymous group.

By default, trac allowed anonymous (and authenticated) users to edit/modify all wiki and tickets entries, in our case, that mean every student can edit every wiki and tickets entries in any projects so it's not a good default configuration. So you need to remove these rights by typing: 

trac-admin /var/www/trac/$PROJECT_NAME$/ permission remove anonymous WIKI_CREATE
trac-admin /var/www/trac/$PROJECT_NAME$/ permission remove anonymous WIKI_MODIFY
trac-admin /var/www/trac/$PROJECT_NAME$/ permission remove anonymous TICKET_MODIFY
trac-admin /var/www/trac/$PROJECT_NAME$/ permission remove anonymous TICKET_CREATE

Also, you can list all current permission using: 

trac-admin /var/www/trac/$PROJECT_NAME$/ permission list

Now, you need to create a pool of permission for the member of this project. First, we setup a group developer with all the permissions they need. All the permission available are: 

BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, FILE_VIEW, LOG_VIEW,
MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY,
MILESTONE_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY,
REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW,
TICKET_ADMIN, TICKET_APPEND, TICKET_CHGPROP, TICKET_CREATE, TICKET_MODIFY,
TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, WIKI_ADMIN, WIKI_CREATE,
WIKI_DELETE, WIKI_MODIFY, WIKI_VIEW

Usual developer group are create with these permissions: 

trac-admin /var/www/trac/$PROJECT_NAME$/ permission add developer BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW TICKET_ADMIN TIMELINE_VIEW WIKI_CREATE WIKI_DELETE WIKI_MODIFY ROADMAP_VIEW REPORT_ADMIN SEARCH_VIEW

Then you add each member to this group (using their member uid): 

trac-admin /var/www/trac/$PROJECT_NAME$/ permission add $student_member_1$ developer
trac-admin /var/www/trac/$PROJECT_NAME$/ permission add $student_member_2$ developer

Finally, you allowed yourself and each sds-member you would to be admin on this trac project: 

trac-admin /var/www/trac/$PROJECT_NAME$/ permission add $yourname$ TRAC_ADMIN

If you want to disallow anonymous acces to your TRAC project, do: 

trac-admin /var/www/trac/$PROJECT_NAME$/ permission remove anonymous '*'

NEW

Now, you can add yourself (in command line) in the admin group. 

trac-admin /var/www/trac/$PROJECT_NAME$/ permission add $yourname$ TRAC_ADMIN

And then, when you connect to the trac webpage, you will see a page “Admin” where you can manage all the permissions and the configuration of the page.

Changing .ini configuration

If you need to change something in the .ini file of your TRAC project, for example the path of the SVN repository of your project, you add to resync the TRAC project: 

trac-admin /var/www/trac/PROJECT_NAME resync

Script

:!: NEW !!!

A script has been written to help you to create automatically:

  • SVN repository
  • TRAC project

The script is on the root homedirectory of sds-project host is called ./create-trac.sh. To use it:

  1. Run it
  2. Enter the name of your project
  3. Enter the LDAP group name
  4. The script creates the SVN/Trac project. Some question have to be answered
  5. For the SVN Path to repository, enter: /var/lib/svn/$PROJECT_NAME$
  6. Add each developper to the TRAC developper group (it is written at the end of the script)

Using the SVN

Initial upload

jf@lalande:ensib/projets> svn import -m "Initial upload" flashbin https://www.sds-project.fr/svn/flashbin/trunk    ~/ensib/projets
Domaine d'authentification : <https://www.sds-project.fr:443> LDAP
Mot de passe pour 'jf' :
Ajout   (bin)  flashbin/projet_flashbin.pdf
Ajout          flashbin/src
Ajout          flashbin/src/flashbin.sh
Ajout          flashbin/src/syslog.c
Ajout          flashbin/src/flashbin.c
Ajout          flashbin/src/flashbin.conf
Ajout          flashbin/src/flashbin.h
Ajout          flashbin/src/Makefile
Ajout          flashbin/src/modification.sh

Révision 2 propagée.

Checkout

jf@lalande:~/swap> svn co https://www.sds-project.fr/svn/flashbin/trunk                                                     ~/swap
A    trunk/projet_flashbin.pdf
A    trunk/src
A    trunk/src/flashbin.sh
A    trunk/src/syslog.c
A    trunk/src/flashbin.c
A    trunk/src/flashbin.conf
A    trunk/src/flashbin.h
A    trunk/src/Makefile
A    trunk/src/modification.sh
Révision 2 extraite.

Managing permission

We now can declare a TRAC project public or private, using the managing of permissions. By default, using the script, a TRAC is private. To disallow anonymous access to a project, just look below the command to run. If you have been added to the group of developers, when logged you will have full access to the project.

Declare private a TRAC project

Script for all projects: 

www:/var/www/trac# for i in *; do  trac-admin /var/www/trac/$i permission remove anonymous '*'   ; done

For just one project: 

trac-admin /var/www/trac/flashbin permission remove anonymous '*'

Allow anonymous access to the TRAC project

This command allow anonymous users to view the content of the TRAC project, to submit tickets and to edit the wiki: 

trac-admin /var/www/trac/$PROJECT_NAME$ permission add anonymous BROWSER_VIEW LOG_VIEW FILE_VIEW CHANGESET_VIEW TICKET_VIEW TICKET_CREATE TICKET_APPEND MILESTONE_VIEW REPORT_VIEW WIKI_VIEW WIKI_CREATE WIKI_MODIFY WIKI_DELETE TIMELINE_VIEW SEARCH_VIEW

Allow anonymous access to the SVN project

By default, the SVN repository is authenticated using LDAP. Two rules allow to sds-members and to the specific group of the project to download the project. this file is generated into /etc/apache2/sites-available like this one: 

<Location /svn/flashbin>
  DAV svn

  SVNPath "/var/lib/svn/flashbin/"

  AuthBasicProvider ldap
  AuthzLDAPAuthoritative off
  AuthType Basic
  AuthName "LDAP"
  AuthLDAPURL "ldap://127.0.0.1/ou=People,dc=sds-project,dc=fr?uid?sub?(objectClass=inetOrgPerson)"
  AuthLDAPCompareDNOnServer off
  AuthLDAPGroupAttribute memberUid
  AuthLDAPGroupAttributeIsDN off

  Require ldap-group cn=sds-member,ou=Group,dc=sds-project,dc=fr
  Require ldap-group cn=flashbin,ou=Group,dc=sds-project,dc=fr

</Location>

In order to allow anonymous download of your SVN repository, add a LimitExcept directive like this: 

<Location /svn/flashbin>
  DAV svn

  SVNPath "/var/lib/svn/flashbin/"

  AuthBasicProvider ldap
  AuthzLDAPAuthoritative off
  AuthType Basic
  AuthName "LDAP"
  AuthLDAPURL "ldap://127.0.0.1/ou=People,dc=sds-project,dc=fr?uid?sub?(objectClass=inetOrgPerson)"
  AuthLDAPCompareDNOnServer off
  AuthLDAPGroupAttribute memberUid
  AuthLDAPGroupAttributeIsDN off

<LimitExcept GET PROPFIND OPTIONS REPORT>
  Require ldap-group cn=sds-member,ou=Group,dc=sds-project,dc=fr
  Require ldap-group cn=flashbin,ou=Group,dc=sds-project,dc=fr
</LimitExcept>

</Location>

and then reload the apache configuration: 

/etc/init.d/apache2 reload

Conclusion

You have now a trac website for your project: http://www.sds-project.fr/trac/$PROJECT_NAME$/

And a SVN repository: http://www.sds-project.fr/svn/$PROJECT_NAME$/

Copyright

This document has been write by Jonathan ROUZAUD-CORNABAS.

For any informations or re-use of this document, please mail the author (jonathan.rouzaud-cornabas AT ensi-bourges DOT fr).

 
collaborative_work/trac_crea_manag.txt · Last modified: 2008/06/14 15:20 by jf     Back to top
Get Firefox! Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki