CentOS: Creare un ambiente di sviluppo con Subversion e Trac

  • 29 Sep 2013
  • subversion, CentOS, trac, Apache, SSL, Postfix

Prima di cominciare

yum install screen htop tmux

Installare il repo EPEL

rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Installare Subversion

yum install mod_dav_svn subversion

Requisiti prima d'installare Trac

yum install python
easy_install Genshi==0.6

Installare Trac

easy_install Trac

Disabilitare il firewall

# setup
  Firewall -> Uncheck “enable”

Creare il repository subversion

mkdir /var/www/svn
cd /var/www/svn
svnadmin create repos
chown -R apache.apache repos
chcon -R -t httpd_sys_content_t repos/

Sync trac ad ogni commit

Creare il file /var/www/svn/repos/hooks/post-commit

#!/bin/sh
export PYTHON_EGG_CACHE="/path/to/dir"
/usr/bin/trac-admin /var/www/trac/projects/project-name changeset added "$1" "$2"
chmod +x post-commit
chown apache:apache *

Creare utenti Subversion

Queste credenziali saranno utili per lavorare con Subversion (checkouts, commits, updates..) e per accedere a https://trac.domain.it e https://svn.domain.it

htpasswd -cm /etc/subversion/svn-auth-conf ialbano
htpasswd -m /etc/subversion/svn-auth-conf eviegas

Restore Subversion dump (optional)

Nel caso in cui questa installazione sia la migrazione da un'altro server.

svnadmin load /var/www/svn/repos < repo_name.svn_dump

Configurare Apache + SSL

yum install mod_ssl openssl

Generate a self-signed certificate

# Generate private key
openssl genrsa -out ca.key 1024

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Copiare i file generati nel posto giusto

cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

Configurare Apache

Apache sarà configurato per rispondere a

  • https://svn.domain.it
  • https://trac.domain.it
  • https://nagios.domain.it

Creare (o modificare) il file /etc/httpd/conf.d/subversion.conf che ci permeterà di raggiungere subversion visitando https://svn.dominio.it

NameVirtualHost *:443


  DocumentRoot /var/www/svn/repos
  ServerName svn.dominio.it
  #ServerAlias svn.dominio.it

  
   DAV svn
   SVNPath /var/www/svn/repos

    # Limit write permission to list of valid users.
#   
      # Require SSL connection for password protection.
      # SSLRequireSSL

      AuthType Basic
      AuthName "Authorization Realm"
      AuthUserFile /etc/subversion/svn-auth-conf
      Require valid-user
#   
  
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Autostart Apache

chkconfig httpd on

Creare ambiente Trac

mkdir -p /var/www/trac/projects/project-name
trac-admin /var/www/trac/projects/project-name initenv
trac-admin /var/www/trac/projects/project-name deploy /tmp/deploy
mv /tmp/deploy/* /var/www/trac

Configurare Apache per Trac

# Trac Configuration

  ServerName trac.dominio.it
  Redirect / https://trac.dominio.it/



  ServerName trac.dominio.it
  DocumentRoot /var/www/trac/projects/project-name
  Alias /trac/ /var/www/trac/htdocs

  
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
  

  
    SetHandler mod_python
    PythonHandler trac.web.modpython_frontend
    PythonInterpreter main_interpreter
    PythonOption TracEnv /var/www/trac/projects/project-name
    PythonOption TracUriRoot /
    AuthType Basic
    AuthName "trac.dominio.it"
    # Use the SVN password file.
    AuthUserFile /etc/subversion/svn-auth-conf
    Require valid-user
  

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key


Abilitare il modulo webadmin

trac-admin /var/www/trac/projects/project-name/
> permission add eviegas TRAC_ADMIN

Aggiungere repository a Trac e sincronizzare

trac-admin /var/www/trac/projects/project-name repository resync "Project Name"

Installare Nagios

yum install nagios nagios-plugins*

Configurare Apache per Nagios

# nagios configuration
# File: /etc/httpd/conf.d/nagios.conf


  DocumentRoot /usr/share/nagios/html
  ServerName nagios.dominio.it
  ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"

  
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /etc/nagios/passwd
    Require valid-user
  

  Alias /nagios "/usr/share/nagios/html"

  
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /etc/nagios/passwd
    Require valid-user
  

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key


Configurare Postfix

Aggiungere queste righe alla fine del file /etc/postfix/main.cf

relayhost = smtp.dominio.it:25
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
smtp_cname_overrides_servername = no
smtp_sasl_security_options = noanonymous

Creare il file /etc/postfix/sasl_passwd con il nome utente e password dell'account di posta

smtp.dominio.it:25 nome_account@dominio.it:******
postmap /etc/postfix/sasl_passwd

Test

echo "Test mail from postfix" | mail -s "Test Postfix" nome_account@dominio.it

Creare contatti per le notifiche di Nagios

define contact{
        contact_name                    ialbano
        use                             generic-contact
        alias                           Ignacio Albano
        email                           ialbano@dominio.it
        }

define contact{
        contact_name                    eviegas
        use                             generic-contact
        alias                           Eduardo Viegas
        email                           eviegas@dominio.it
        }

define contactgroup{
        contactgroup_name               support
        alias                           Linux System Administrator
        members                         ialbano, eviegas
        }

Attach group to service

define service{
        use                     generic-service
        host_name               project-name
        service_description     SIP voipnet
        check_command           check_nrpe!check_sip_voipnet
        contact_groups          support
        }

Definire il template "critical-service" per utilizzarlo nei servizi

define service{
        name                            critical-service
        use                             generic-service
        max_check_attempts              1
        normal_check_interval           3
        retry_check_interval            1
        register                        0
        }