Changes between Initial Version and Version 1 of TracModPython

Show
Ignore:
Timestamp:
08/22/08 18:11:06 (6 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracModPython

    v1 v1  
     1= Trac and mod_python = 
     2[[TracGuideToc]] 
     3 
     4Trac supports [http://www.modpython.org/ mod_python], which speeds up Trac's response times considerably, especially compared to [TracCgi CGI], and permits use of many Apache features not possible with [wiki:TracStandalone tracd]/mod_proxy. 
     5 
     6These instructions are for Apache 2; if you are still using Apache 1.3, you may have some luck with [wiki:TracModPython2.7 TracModPython2.7]. 
     7 
     8== Simple configuration == 
     9 
     10If you just installed mod_python, you may have to add a line to load the module in the Apache configuration: 
     11{{{ 
     12LoadModule python_module modules/mod_python.so 
     13}}} 
     14 
     15 ''Note: The exact path to the module depends on how the HTTPD installation is laid out.'' 
     16On Debian using apt-get 
     17{{{ 
     18apt-get install libapache2-mod-python libapache2-mod-python-doc 
     19}}} 
     20(Still on Debian) after you have installed mod_python, you must enable the modules in apache2 (equivalent of the above Load Module directive): 
     21{{{ 
     22a2enmod mod_python 
     23}}} 
     24On Fedora use, using yum: 
     25{{{ 
     26yum install mod_python 
     27}}} 
     28You can test your mod_python installation by adding the following to your httpd.conf.  You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+. 
     29{{{ 
     30#!xml 
     31<Location /mpinfo> 
     32   SetHandler mod_python 
     33   PythonInterpreter main_interpreter 
     34   PythonHandler mod_python.testhandler 
     35</Location> 
     36}}} 
     37 
     38A simple setup of Trac on mod_python looks like this: 
     39{{{ 
     40#!xml 
     41<Location /projects/myproject> 
     42   SetHandler mod_python 
     43   PythonInterpreter main_interpreter 
     44   PythonHandler trac.web.modpython_frontend  
     45   PythonOption TracEnv /var/trac/myproject 
     46   PythonOption TracUriRoot /projects/myproject 
     47</Location> 
     48}}} 
     49 
     50The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option.  You will notice that the `Location` and '''`TracUriRoot`''' have the same path. 
     51 
     52The options available are 
     53{{{ 
     54    # For a single project 
     55    PythonOption TracEnv /var/trac/myproject 
     56    # For multiple projects 
     57    PythonOption TracEnvParentDir /var/trac/myprojects 
     58    # For the index of multiple projects 
     59    PythonOption TracEnvIndexTemplate /srv/www/htdocs/trac/project_list_tepmlate.html 
     60    # A space delimitted list, with a "," between key and value pairs. 
     61    PythonOption TracTemplateVars key1,val1 key2,val2 
     62    # Useful to get the date in the wanted order 
     63    PythonOption TracLocale en_GB.UTF8 
     64    # See description above         
     65    PythonOption TracUriRoot /projects/myproject 
     66}}} 
     67 
     68=== Configuring Authentication === 
     69 
     70Creating password files and configuring authentication works similar to the process for [wiki:TracCgi#AddingAuthentication CGI]: 
     71{{{ 
     72#!xml 
     73<Location /projects/myproject/login> 
     74  AuthType Basic 
     75  AuthName "myproject" 
     76  AuthUserFile /var/trac/myproject/.htpasswd 
     77  Require valid-user 
     78</Location> 
     79}}} 
     80 
     81Configuration for mod_ldap authentication in Apache is a bit tricky (httpd 2.2.x and OpenLDAP: slapd 2.3.19) 
     82 
     831. You need to load the following modules in Apache httpd.conf 
     84{{{ 
     85LoadModule ldap_module modules/mod_ldap.so 
     86LoadModule authnz_ldap_module modules/mod_authnz_ldap.so 
     87}}} 
     88 
     892. Your httpd.conf also needs to look something like: 
     90 
     91{{{ 
     92#!xml 
     93<Location /trac/> 
     94  SetHandler mod_python 
     95  PythonInterpreter main_interpreter 
     96  PythonHandler trac.web.modpython_frontend 
     97  PythonOption TracEnv /home/trac/ 
     98  PythonOption TracUriRoot /trac/ 
     99  Order deny,allow 
     100  Deny from all 
     101  Allow from 192.168.11.0/24 
     102  AuthType Basic 
     103  AuthName "Trac" 
     104  AuthBasicProvider "ldap" 
     105  AuthLDAPURL "ldap://127.0.0.1/dc=example,dc=co,dc=ke?uid?sub?(objectClass=inetOrgPerson)" 
     106  authzldapauthoritative Off 
     107  require valid-user 
     108</Location> 
     109}}} 
     110 
     111Or the LDAP interface to a Microsoft Active Directory: 
     112 
     113{{{ 
     114#!xml 
     115<Location /trac/> 
     116  SetHandler mod_python 
     117  PythonInterpreter main_interpreter 
     118  PythonHandler trac.web.modpython_frontend 
     119  PythonOption TracEnv /home/trac/ 
     120  PythonOption TracUriRoot /trac/ 
     121  Order deny,allow 
     122  Deny from all 
     123  Allow from 192.168.11.0/24 
     124  AuthType Basic 
     125  AuthName "Trac" 
     126  AuthBasicProvider "ldap" 
     127  AuthLDAPURL "ldap://adserver.company.com:3268/DC=company,DC=com?sAMAccountName?sub?(objectClass=user)" 
     128  AuthLDAPBindDN       ldap-auth-user@company.com 
     129  AuthLDAPBindPassword "the_password" 
     130  authzldapauthoritative Off 
     131  # require valid-user 
     132  require ldap-group CN=Trac Users,CN=Users,DC=company,DC=com 
     133</Location> 
     134}}} 
     135 
     136Note 1: This is the case where the LDAP search will get around the multiple OUs, conecting to Global Catalog Server portion of AD (Notice the port is 3268, not the normal LDAP 389). The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong. 
     137 
     138Note 2: Active Directory requires an authenticating user/password to access records (AuthLDAPBindDN and AuthLDAPBindPassword). 
     139 
     140Note 3: The directive "require ldap-group ..."  specifies an AD group whose members are allowed access. 
     141 
     142 
     143 
     144=== Setting the !PythonPath === 
     145 
     146If the Trac installation isn't installed in your Python path, you'll have to tell Apache where to find the Trac mod_python handler  using the `PythonPath` directive: 
     147{{{ 
     148#!xml 
     149<Location /projects/myproject> 
     150  ... 
     151  PythonPath "sys.path + ['/path/to/trac']" 
     152  ... 
     153</Location> 
     154}}} 
     155 
     156Be careful about using the !PythonPath directive, and ''not'' `SetEnv PYTHONPATH`, as the latter won't work. 
     157 
     158== Setting up multiple projects == 
     159 
     160The Trac mod_python handler supports a configuration option similar to Subversion's `SvnParentPath`, called `TracEnvParentDir`: 
     161{{{ 
     162#!xml 
     163<Location /projects> 
     164  SetHandler mod_python 
     165  PythonInterpreter main_interpreter 
     166  PythonHandler trac.web.modpython_frontend  
     167  PythonOption TracEnvParentDir /var/trac 
     168  PythonOption TracUriRoot /projects 
     169</Location> 
     170}}} 
     171 
     172When you request the `/projects` URL, you will get a listing of all subdirectories of the directory you set as `TracEnvParentDir` that look like Trac environment directories. Selecting any project in the list will bring you to the corresponding Trac environment. 
     173 
     174If you don't want to have the subdirectory listing as your projects home page you can use a 
     175{{{ 
     176#!xml 
     177<LocationMatch "/.+/"> 
     178}}} 
     179 
     180This will instruct Apache to use mod_python for all locations different from root while having the possibility of placing a custom home page for root in your !DocumentRoot folder. 
     181 
     182You can also use the same authentication realm for all of the projects using a `<LocationMatch>` directive: 
     183{{{ 
     184#!xml 
     185<LocationMatch "/projects/[^/]+/login"> 
     186  AuthType Basic 
     187  AuthName "Trac" 
     188  AuthUserFile /var/trac/.htpasswd 
     189  Require valid-user 
     190</LocationMatch> 
     191}}} 
     192 
     193== Virtual Host Configuration == 
     194 
     195Below is the sample configuration required to set up your trac as a virtual server (i.e. when you access it at the URLs like 
     196!http://trac.mycompany.com): 
     197 
     198{{{ 
     199#!xml 
     200<VirtualHost * > 
     201    DocumentRoot /var/www/myproject 
     202    ServerName trac.mycompany.com 
     203    <Location /> 
     204        SetHandler mod_python 
     205        PythonInterpreter main_interpreter 
     206        PythonHandler trac.web.modpython_frontend 
     207        PythonOption TracEnv /var/trac/myproject 
     208        PythonOption TracUriRoot / 
     209    </Location> 
     210    <Location /login> 
     211        AuthType Basic 
     212        AuthName "MyCompany Trac Server" 
     213        AuthUserFile /var/trac/myproject/.htpasswd 
     214        Require valid-user 
     215    </Location> 
     216</VirtualHost> 
     217}}} 
     218 
     219if you have issues with login try using `<LocationMatch>` instead of `<Location>` 
     220 
     221For a virtual host that supports multiple projects replace "`TracEnv`" /var/trac/myproject with "`TracEnvParentDir`" /var/trac/ 
     222 
     223Note: !DocumentRoot should not point to your Trac project env. As Asmodai wrote on #trac: "suppose there's a webserer bug that allows disclosure of !DocumentRoot they could then leech the entire Trac environment". 
     224 
     225== Troubleshooting == 
     226 
     227In general, if you get server error pages, you can either check the Apache error log, or enable the `PythonDebug` option: 
     228{{{ 
     229#!xml 
     230<Location /projects/myproject> 
     231  ... 
     232  PythonDebug on 
     233</Location> 
     234}}} 
     235 
     236For multiple projects, try restarting the server as well. 
     237 
     238=== Expat-related segmentation faults === #expat 
     239 
     240This problem will most certainly hit you on Unix when using Python 2.4. 
     241In Python 2.4, some version of Expat (an XML parser library written in C) is used,  
     242and if Apache is using another version, this results in segmentation faults. 
     243As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem 
     244can now hit you even if everything was working fine before with Trac 0.10. 
     245 
     246See Graham Dumpleton's detailed [http://www.dscpl.com.au/wiki/ModPython/Articles/ExpatCausingApacheCrash explanation and workarounds] for the issue. 
     247 
     248=== Form submission problems === 
     249 
     250If you're experiencing problems submitting some of the forms in Trac (a common problem is that you get redirected to the start page after submission), check whether your {{{DocumentRoot}}} contains a folder or file with the same path that you mapped the mod_python handler to. For some reason, mod_python gets confused when it is mapped to a location that also matches a static resource. 
     251 
     252=== Problem with virtual host configuration === 
     253 
     254If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed (in a corresponding `<Directory>` block). 
     255 
     256Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able download any CSS or images/icons. I used <Location /trac> `SetHandler None` </Location> to circumvent the problem, though I do not know if this is the most elegant solution. 
     257 
     258=== Using .htaccess === 
     259 
     260Although it may seem trivial to rewrite the above configuration as a directory in your document root with a `.htaccess` file, this does not work. Apache will append a "/" to any Trac URLs, which interferes with its correct operation. 
     261 
     262It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth. Stick to the provided instructions. :) 
     263 
     264=== Win32 Issues === 
     265If you run trac with mod_python < 3.2 on Windows, uploading attachments will '''not''' work. This problem is resolved in mod_python 3.1.4 or later, so please upgrade mod_python to fix this. 
     266 
     267 
     268=== OS X issues === 
     269 
     270When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, but there's also a patch available for earlier versions [http://www.dscpl.com.au/projects/vampire/patches.html here]. 
     271 
     272=== SELinux issues === 
     273 
     274If Trac reports something like: ''Cannot get shared lock on db.lock'' 
     275The security context on the repository may need to be set: 
     276 
     277{{{ 
     278chcon -R -h -t httpd_sys_content_t PATH_TO_REPOSITORY 
     279}}} 
     280 
     281See also [[http://subversion.tigris.org/faq.html#reposperms]] 
     282 
     283=== FreeBSD issues === 
     284Pay attention to the version of the installed mod_python and sqlite packages. Ports have both the new and old ones, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in python, and the latter requires a threadless install. 
     285 
     286If you compiled and installed apache2, apache wouldn´t support threads (cause it doesn´t work very well on FreeBSD). You could force thread support when running ./configure for apache, using --enable-threads, but this isn´t recommendable. 
     287The best option [[http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be]] adding to /usr/local/apache2/bin/ennvars the line  
     288 
     289{{{ 
     290export LD_PRELOAD=/usr/lib/libc_r.so 
     291}}} 
     292 
     293=== Subversion issues === 
     294 
     295If you get the following Trac Error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. (The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.) 
     296 
     297If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the apache ones (an incompatibility of the `apr` libraries is usually the cause). In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`). 
     298 
     299You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. 3.2.8 ''should'' work, though it's probably better to use the workaround described in #3371, in order to force the use of the main interpreter: 
     300{{{ 
     301PythonInterpreter main_interpreter 
     302}}} 
     303This is anyway the recommended workaround for other well-known issues seen when using the Python bindings for Subversion within mod_python (#2611, #3455). See in particular Graham Dumpleton's comment in [comment:ticket:3455:9 #3455] explaining the issue. 
     304 
     305=== Page layout issues === 
     306 
     307If the formatting of the Trac pages look weird chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration: 
     308{{{ 
     309#!xml 
     310Alias /myproject/css "/usr/share/trac/htdocs/css" 
     311<Location /myproject/css> 
     312    SetHandler None 
     313</Location> 
     314}}} 
     315 
     316Note: For the above configuration to have any effect it must be put after the configuration of your project root location, i.e. {{{<Location /myproject />}}}. 
     317 
     318=== HTTPS issues === 
     319 
     320If you want to run Trac fully under https you might find that it tries to redirect to plain http. In this case just add the following line to your apache configuration: 
     321{{{ 
     322#!xml 
     323<VirtualHost * > 
     324    DocumentRoot /var/www/myproject 
     325    ServerName trac.mycompany.com 
     326    SetEnv HTTPS 1 
     327    .... 
     328</VirtualHost> 
     329}}} 
     330 
     331=== Fedora 7 Issues === 
     332Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd 
     333 
     334 
     335=== Segmentation fault with php5-mhash or other php5 modules === 
     336You may encounter segfaults (reported on debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See debian bug report [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487]] 
     337 
     338Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check here [[http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault]] 
     339 
     340---- 
     341See also TracGuide, TracInstall, TracCgi, TracFastCgi