The Third Bear

Just Right.

Integrating Trac and Gitolite: Using Postgres

egj trac , gitolite , sysadmin

Now that the basics are set up and confirmed working, let's create a new Trac environment using postgres instead of sqlite.

You should already have the necessary system packages (python-dev, postgres and libpq-dev) installed.

Getting Permissions Right, Part 2: The Postgres Database

We need to create a postgres database for Trac to use, before we create the Trac environment. As I mentioned above, the Gitolite post-receive-hook needs read and write access to Trac's database, and we're running Gitolite and Trac from separate system users ... so the user running the Gitolite process needs database access too.

There are several ways we could configure this, including:

  • Granting database access to both "trac" and "git" database users
  • Setting up a single database user "infra" with a password, and ensuring that both trac and gitolite connect to the database with that password
  • Setting up a single database user "infra" without a password, and configuring postgres to let both the trac and git system users to connect as that "infra" database user over a local connection

Any of these would work well enough.  We'll go with the last option.

As root, edit the postgres configuration file pg_hba.conf to add a "map=infra" parameter to the line that configures local peer authentication:

sudo su
echo "90c90
< local   all             all                                     peer
---
> local   all             all                                     peer map=infra" > /tmp/pg_hba.diff
patch /etc/postgresql/9.1/main/pg_hba.conf < /tmp/pg_hba.diff

We then need to define a ​User Name Map "infra", by appending a line that maps the "git" and "trac" system users to a "trac" database user to the `pg_ident.conf` file:

sudo su
echo "infra           git                     infra" >> /etc/postgresql/9.1/main/pg_ident.conf
echo "infra           trac                     infra" >> /etc/postgresql/9.1/main/pg_ident.conf

Now reload the postgres server, create an "infra" user in postgres, create a database owned by the "infra" user for our trac project, and make sure everything works:

sudo service postgresql restart
sudo su postgres
createuser infra --no-superuser --no-createdb --no-createrole
createdb test.trac --owner=infra --encoding=utf8
^D
sudo su git -c "psql -U infra test.trac"
^D
sudo su trac -c "psql -U infra test.trac"
^D
Trac, Postgres, Gitolite

We've now created an empty "test.trac" database owned by an "infra" database user. So we'll set up a new Trac project using this database.

First install the Python postgres client library:

su - trac
echo "psycopg2" >> web/requirements.txt
./web/ve/bin/pip install -r web/requirements.txt

And now create a new environment, passing in a database connection string to tell Trac that we're using postgres, and how to connect to the database:

su - trac
rm -rf sites/test
./web/ve/bin/trac-admin sites/test initenv Test postgres://infra:@/test.trac
./web/ve/bin/trac-admin sites/test permission add anonymous TRAC_ADMIN

We'll need to set those permissions again on the new project, for gitolite:

chmod g+r sites/test/conf/trac.ini
chmod -R g+w sites/test/db/  sites/test/log/
find /home/trac/sites/ -type d -exec chmod +s {} \;

And once again we'll need to enable the Trac components for git repositories, then add the gitolite "testing" repo and test the post-receive hook:

su - trac
echo "[components]
tracopt.ticket.commit_updater.committicketreferencemacro = enabled
tracopt.ticket.commit_updater.committicketupdater = enabled
tracopt.versioncontrol.git.git_fs.csetpropertyrenderer = enabled
tracopt.versioncontrol.git.git_fs.gitconnector = enabled
tracopt.versioncontrol.git.git_fs.gitwebprojectsrepositoryprovider = enabled
" >> sites/test/conf/trac.ini

web/ve/bin/trac-admin sites/test repository add testing /home/git/repositories/testing.git

Once again, create a new ticket and then ensure that everything is working well together by cloning the gitolite "testing" repo and committing a change with a comment that references a ticket number.


Related Posts