FlipsideReality Once upon a time, in a land far far away…

Installing subversion (svn) and trac on a Centos 4.6, virtuoso VM running cPannel & WHM

Or, "how to cause yourself much pain and mental anguish by inflicting silly challenges on yourself when you should really be getting some sleep"

cPannel supports apache2 now. svn needs apache2, so all is good. Or so you would think.

When installing SVN on VPS' such as Virtuozzo, you may find that the process of creating the repository hangs, due to a lack on entropy with /dev/random. It is therefore a better bet to actually develop and use SVN outside of the VPS realm, using a dedicated box.[1]

Nice. Entropy. (I'm getting visions of Oliver Ridge, my old physics teacher, who used to fix computers with his bare hands, and a big box of resistors. Seriously, someone once gave him a broken hard disk, and he gave it back a week later. It had about ten extra components soldered to the pcb and worked better than it had originally. The man was a genius.)

OK then. We are going to setup the subversion server svn.example.com and the trac server trac.example.com, you will need to setup your DNS to point those two A records to the same correct IP (I use [IP ADDRESS] below) before anything else. In WHM you can edit your zone file under the DNS confiuration bit. It is assumed that when you created the example account in whm it has the home folder, user & group exampl (home folder /home/exampl).

We are going to need apache to be compiled with DAVFs & DAV support, so use easyapache (software -> Apache update) in WHM and add them, then recompile.

The default centos repo has an ancient copy of svn in it (1.1.4-2). Someone suggested using dag which seems to have 1.4.6-0.1 which is odd, as the so called official source only has 1.6.5-1. After checking the most recent version, I chose to do the dag.
vi /etc/yum.repos.d/dag.repo
and add
[dag]
Name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgkey=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
gpgcheck=1
enabled=1
then, because of an unmet dependency:
wget http://whiteboxlinux.osmirror.nl/4/en/os/i386/WhiteBox/RPMS/perl-URI-1.30-4.noarch.rpm
rpm -Uvh ./perl-URI-1.30-4.rpm
now you should be able to
yum install trac
Now to compile mod_svn. Download the correct source for your version of subversion, you can find out what version you installed by
yum info subversion
then grab the source for that version
mkdir -p /usr/local/src/subverison && cd /usr/local/src/subversion
wget http://subversion.tigris.org/downloads/subversion-1.4.6.tar.bz2
tar xfj subversion-1.4.6.tar.bz2
Now build the modules. If you get errors here try using the updatadb and locate commands to find the files in question.
./configure --with-apxs=/usr/local/apache/bin/apxs \
--with-apr=/usr/local/apache/bin/apr-config \
--with-apr-util=/home/cpeasyapache/src/httpd-2.0.63/srclib/apr-util
make
make install
this will dump the files mod_authz_svn.so & mod_dav_svn.so into the folder /usr/local/apache/modules which is good, 'cos that's where we want 'em.
Now create a repo:
mkdir -p /var/local/repo/svn.example.com
svnadmin create /var/local/repo/svn.example.com
chmod 2770 /var/local/repo/svn.example.com
rm svn.example.com/conf/passwd
touch svn.example.com/conf/passwd
chown nobody:exampl -R /var/local/repo/svn.example.com
mkdir -p /usr/local/apache/domlogs/exampl/svn.example.com/
set read access for the user admin to the repo:
echo "[/]" >> /var/local/repo/svn.example.com/conf/authz
echo "admin = rw" >> /var/local/repo/svn.example.com/conf/authz
and the http basic auth:
htpasswd -cm /var/local/repo/svn.example.com/conf/passwd admin
Edit your cPanel httpd include file /usr/local/apache/conf/includes/pre_virtualhost_global.conf and add:

#svn stuff

ServerName svn.example.com
ServerAlias www.svn.example.com

DAV svn
AuthType Basic
AuthName "svn.example.com"
AuthUserFile /var/local/repo/svn.example.com/conf/passwd
AuthzSVNAccessFile /var/local/repo/svn.example.com/conf/authz
SVNPath /var/local/repo/svn.example.com
Require valid-user

CustomLog /usr/local/apache/domlogs/exampl/svn.example.com/access.log combined
ErrorLog /usr/local/apache/domlogs/exampl/svn.example.com/error.log
SSLEngine on
SSLCertificateFile /usr/share/ssl/cert.pem
# remove the above line and add this once there is a real (non self-signed) certificate.
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/share/ssl/certs/example.com.crt
#SSLCertificateKeyFile /usr/share/ssl/private/example.com.key
#SSLCACertificateFile /usr/share/ssl/certs/example.com.cabundle
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown


ServerName svn.example.com
Redirect / https://svn.example.com/

test your http config with
httpd -t
if it's ok (it may be lying, it did to me a couple of times) you can restart apache
httpd restart
You should now be able to browse your svn repo https://svn.example.com

Now the Trac stuff.

You need to install mod_python
yum instll mod_python
and copy the .so
cp /usr/lib/httpd/modules/mod_python.so /usr/local/apache/modules/
now edit the httpd.conf and add the line
LoadModule python_module modules/mod_python.so
after the other LoadModule statements (line 35ish), then to make this change stick you have to run the distiller:
/usr/local/cpanel/bin/apache_conf_distiller --update --main
To check that it worked run
/scripts/rebuildhttpdconf
and check that the freshly generated httpd.conf still has the line in it.

Now setup the trac folder.
mkdir -p /var/local/trac/trac.example.com
chmod 2770 /var/local/trac/trac.example.com/
chown nobody:exampl -R /var/local/trac/trac.example.com/
mkdir -p /usr/local/apache/domlogs/exampl/svn.example.com/
trac-admin /var/local/trac/trac.example.com/ initenv
now (optionally) edit /var/local/trac/trac.example.com/conf/trac.ini to customize the trac install. It may be worthwhile changing the default charset to UTF-8
#default_charset = iso-8859-15
default_charset = UTF-8
Next it's more cPanel httpd include file /usr/local/apache/conf/includes/pre_virtualhost_global.conf editing. append:

#trac stuff

ServerName trac.example.com
Redirect / https://trac.example.com/


ServerName trac.example.com
DocumentRoot /var/local/trac/trac.example.com/
Alias /trac/ /usr/share/trac/htdocs

Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all


SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonInterpreter main_interpreter
PythonOption TracEnv /var/local/trac/trac.example.com/
PythonOption TracUriRoot /
AuthType Basic
AuthName "trac.example.com"
# Use the SVN password file.
AuthUserFile /var/local/repo/svn.example.com/conf/passwd
Require valid-user


CustomLog /usr/local/apache/domlogs/exampl/trac.example.com/access.log combined
ErrorLog /usr/local/apache/domlogs/exampl/trac.example.com/error.log
SSLEngine on
SSLCertificateFile /usr/share/ssl/cert.pem
# remove the above line and add this once there is a real (non self-signed) certificate.
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/share/ssl/certs/example.com.crt
#SSLCertificateKeyFile /usr/share/ssl/private/example.com.key
#SSLCACertificateFile /usr/share/ssl/certs/example.com.cabundle
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown


That's it.

You should now be able to logon to trac.exaple.com with the password that you set for admin earlier.

Further reading:

http://www.cpanel.net/support/docs/easyapache.htm#flags

http://www.cpanel.net/support/docs/ea/ea3/customdirectives.html

http://www.howtoforge.com/subversion-trac-virtual-hosts-on-ubuntu-server

http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html

http://imthi.com/blog/linux/centos-cpanel-subversion-apache-2-proxy-works.php

I wrote most of this after the fact, so if i have missed anything i'm sorry. If you find anything that's wrong please let me know & i'll correct it.