Changes between Version 1 and Version 2 of TracModPython


Ignore:
Timestamp:
12/04/2008 10:19:05 PM (16 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracModPython

    v1 v2  
    11= Trac and mod_python =
    2 
    3 Trac supports [http://www.modpython.org/ mod_python], which speeds up Trac's response times considerably and permits use of many Apache features not possible with [wiki:TracStandalone tracd]/mod_proxy.
     2[[TracGuideToc]]
     3
     4Trac supports [http://www.modpython.org/ mod_python], which speeds up Trac's response times considerably, especially compared to [TracCgi CGI], and permits use of many Apache features not possible with [wiki:TracStandalone tracd]/mod_proxy.
     5
     6These instructions are for Apache 2; if you are still using Apache 1.3, you may have some luck with [wiki:TracModPython2.7 TracModPython2.7].
    47
    58== Simple configuration ==
     
    1013}}}
    1114
     15''Note: The exact path to the module depends on how the HTTPD installation is laid out.''
     16
     17On Debian using apt-get
     18{{{
     19apt-get install libapache2-mod-python libapache2-mod-python-doc
     20}}}
     21(Still on Debian) after you have installed mod_python, you must enable the modules in apache2 (equivalent of the above Load Module directive):
     22{{{
     23a2enmod mod_python
     24}}}
     25On Fedora use, using yum:
     26{{{
     27yum install mod_python
     28}}}
     29You can test your mod_python installation by adding the following to your httpd.conf.  You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+.
     30{{{
     31#!xml
     32<Location /mpinfo>
     33   SetHandler mod_python
     34   PythonInterpreter main_interpreter
     35   PythonHandler mod_python.testhandler
     36</Location>
     37}}}
     38
    1239A simple setup of Trac on mod_python looks like this:
    1340{{{
     41#!xml
    1442<Location /projects/myproject>
    1543   SetHandler mod_python
     44   PythonInterpreter main_interpreter
    1645   PythonHandler trac.web.modpython_frontend
    1746   PythonOption TracEnv /var/trac/myproject
     
    2049}}}
    2150
    22 Note that the option `TracUriRoot` may or may not be necessary in your setup. Try without first, and if the URLs produced by Trac look wrong or if Trac does not seem to recognize the URLs correctly, add the `TracUriRoot` option.
    23 
    24 Configuring authentication works the same as for [wiki:TracCgi#AddingAuthentication CGI]:
    25 {{{
    26 <Location "/projects/myproject/login">
     51The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option.  You will notice that the `Location` and '''`TracUriRoot`''' have the same path.
     52
     53The options available are
     54{{{
     55    # For a single project
     56    PythonOption TracEnv /var/trac/myproject
     57    # For multiple projects
     58    PythonOption TracEnvParentDir /var/trac/myprojects
     59    # For the index of multiple projects
     60    PythonOption TracEnvIndexTemplate /srv/www/htdocs/trac/project_list_template.html
     61    # A space delimitted list, with a "," between key and value pairs.
     62    PythonOption TracTemplateVars key1,val1 key2,val2
     63    # Useful to get the date in the wanted order
     64    PythonOption TracLocale en_GB.UTF8
     65    # See description above       
     66    PythonOption TracUriRoot /projects/myproject
     67}}}
     68
     69=== Python Egg Cache ===
     70
     71Compressed python eggs like Genshi are normally extracted into a directory named `.python-eggs` in the users home directory. Since apache's home usually is not writable an alternate egg cache directory can be specified like this:
     72{{{
     73PythonOption PYTHON_EGG_CACHE /var/trac/myprojects/egg-cache
     74}}}
     75
     76=== Configuring Authentication ===
     77
     78Creating password files and configuring authentication works similar to the process for [wiki:TracCgi#AddingAuthentication CGI]:
     79{{{
     80#!xml
     81<Location /projects/myproject/login>
    2782  AuthType Basic
    2883  AuthName "myproject"
    29   AuthUserFile /var/trac/myproject/.htaccess
     84  AuthUserFile /var/trac/myproject/.htpasswd
    3085  Require valid-user
    3186</Location>
    3287}}}
    3388
     89Configuration for mod_ldap authentication in Apache is a bit tricky (httpd 2.2.x and OpenLDAP: slapd 2.3.19)
     90
     911. You need to load the following modules in Apache httpd.conf
     92{{{
     93LoadModule ldap_module modules/mod_ldap.so
     94LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
     95}}}
     96
     972. Your httpd.conf also needs to look something like:
     98
     99{{{
     100#!xml
     101<Location /trac/>
     102  SetHandler mod_python
     103  PythonInterpreter main_interpreter
     104  PythonHandler trac.web.modpython_frontend
     105  PythonOption TracEnv /home/trac/
     106  PythonOption TracUriRoot /trac/
     107  Order deny,allow
     108  Deny from all
     109  Allow from 192.168.11.0/24
     110  AuthType Basic
     111  AuthName "Trac"
     112  AuthBasicProvider "ldap"
     113  AuthLDAPURL "ldap://127.0.0.1/dc=example,dc=co,dc=ke?uid?sub?(objectClass=inetOrgPerson)"
     114  authzldapauthoritative Off
     115  require valid-user
     116</Location>
     117}}}
     118
     119Or the LDAP interface to a Microsoft Active Directory:
     120
     121{{{
     122#!xml
     123<Location /trac/>
     124  SetHandler mod_python
     125  PythonInterpreter main_interpreter
     126  PythonHandler trac.web.modpython_frontend
     127  PythonOption TracEnv /home/trac/
     128  PythonOption TracUriRoot /trac/
     129  Order deny,allow
     130  Deny from all
     131  Allow from 192.168.11.0/24
     132  AuthType Basic
     133  AuthName "Trac"
     134  AuthBasicProvider "ldap"
     135  AuthLDAPURL "ldap://adserver.company.com:3268/DC=company,DC=com?sAMAccountName?sub?(objectClass=user)"
     136  AuthLDAPBindDN       ldap-auth-user@company.com
     137  AuthLDAPBindPassword "the_password"
     138  authzldapauthoritative Off
     139  # require valid-user
     140  require ldap-group CN=Trac Users,CN=Users,DC=company,DC=com
     141</Location>
     142}}}
     143
     144Note 1: This is the case where the LDAP search will get around the multiple OUs, conecting to Global Catalog Server portion of AD (Notice the port is 3268, not the normal LDAP 389). The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong.
     145
     146Note 2: Active Directory requires an authenticating user/password to access records (AuthLDAPBindDN and AuthLDAPBindPassword).
     147
     148Note 3: The directive "require ldap-group ..."  specifies an AD group whose members are allowed access.
     149
     150
     151
     152=== Setting the !PythonPath ===
     153
    34154If the Trac installation isn't installed in your Python path, you'll have to tell Apache where to find the Trac mod_python handler  using the `PythonPath` directive:
    35155{{{
     156#!xml
    36157<Location /projects/myproject>
    37158  ...
     
    41162}}}
    42163
     164Be careful about using the !PythonPath directive, and ''not'' `SetEnv PYTHONPATH`, as the latter won't work.
    43165
    44166== Setting up multiple projects ==
    45167
    46 The Trac mod_python handler handler supports a configuration option similar to Subversion's `SvnParentPath`, called `TracEnvParentDir`:
    47 {{{
     168The Trac mod_python handler supports a configuration option similar to Subversion's `SvnParentPath`, called `TracEnvParentDir`:
     169{{{
     170#!xml
    48171<Location /projects>
    49172  SetHandler mod_python
     173  PythonInterpreter main_interpreter
    50174  PythonHandler trac.web.modpython_frontend
    51175  PythonOption TracEnvParentDir /var/trac
     
    54178}}}
    55179
    56 When you request the `/projects` URL, you will get a listing of all subdirectories of the directory you set as `TracEnvParentDir`. Selecting any project in the list will bring you to the corresponding Trac environment.
     180When you request the `/projects` URL, you will get a listing of all subdirectories of the directory you set as `TracEnvParentDir` that look like Trac environment directories. Selecting any project in the list will bring you to the corresponding Trac environment.
    57181
    58182If you don't want to have the subdirectory listing as your projects home page you can use a
    59183{{{
     184#!xml
    60185<LocationMatch "/.+/">
    61186}}}
     
    65190You can also use the same authentication realm for all of the projects using a `<LocationMatch>` directive:
    66191{{{
    67 <LocationMatch "/[^/]+/login">
     192#!xml
     193<LocationMatch "/projects/[^/]+/login">
    68194  AuthType Basic
    69195  AuthName "Trac"
    70   AuthUserFile /var/trac/.htaccess
     196  AuthUserFile /var/trac/.htpasswd
    71197  Require valid-user
    72198</LocationMatch>
     
    79205
    80206{{{
     207#!xml
    81208<VirtualHost * >
    82     DocumentRoot /var/trac/myproject
     209    DocumentRoot /var/www/myproject
    83210    ServerName trac.mycompany.com
    84     <Directory />
     211    <Location />
    85212        SetHandler mod_python
     213        PythonInterpreter main_interpreter
    86214        PythonHandler trac.web.modpython_frontend
    87215        PythonOption TracEnv /var/trac/myproject
    88216        PythonOption TracUriRoot /
    89     </Directory>
     217    </Location>
    90218    <Location /login>
    91219        AuthType Basic
    92220        AuthName "MyCompany Trac Server"
    93         AuthUserFile /var/trac/myproject/.htusers
     221        AuthUserFile /var/trac/myproject/.htpasswd
    94222        Require valid-user
    95223    </Location>
     
    97225}}}
    98226
     227This does not seem to work in all cases. What you can do if it does not:
     228 * Try using `<LocationMatch>` instead of `<Location>`
     229 * <Location /> may, in your server setup, refer to the complete host instead of simple the root of the server. This means that everything (including the login directory referenced below) will be sent to python and authentication does not work (i.e. you get the infamous Authentication information missing error). If this applies to you, try using a sub-directory for trac instead of the root (i.e. /web/ and /web/login instead of / and /login).
     230
     231For a virtual host that supports multiple projects replace "`TracEnv`" /var/trac/myproject with "`TracEnvParentDir`" /var/trac/
     232
     233Note: !DocumentRoot should not point to your Trac project env. As Asmodai wrote on #trac: "suppose there's a webserver bug that allows disclosure of !DocumentRoot they could then leech the entire Trac environment".
     234
    99235== Troubleshooting ==
    100236
     237In general, if you get server error pages, you can either check the Apache error log, or enable the `PythonDebug` option:
     238{{{
     239#!xml
     240<Location /projects/myproject>
     241  ...
     242  PythonDebug on
     243</Location>
     244}}}
     245
     246For multiple projects, try restarting the server as well.
     247
     248=== Expat-related segmentation faults === #expat
     249
     250This problem will most certainly hit you on Unix when using Python 2.4.
     251In Python 2.4, some version of Expat (an XML parser library written in C) is used,
     252and if Apache is using another version, this results in segmentation faults.
     253As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem
     254can now hit you even if everything was working fine before with Trac 0.10.
     255
     256See Graham Dumpleton's detailed [http://www.dscpl.com.au/wiki/ModPython/Articles/ExpatCausingApacheCrash explanation and workarounds] for the issue.
     257
    101258=== Form submission problems ===
    102259
    103260If you're experiencing problems submitting some of the forms in Trac (a common problem is that you get redirected to the start page after submission), check whether your {{{DocumentRoot}}} contains a folder or file with the same path that you mapped the mod_python handler to. For some reason, mod_python gets confused when it is mapped to a location that also matches a static resource.
    104261
     262=== Problem with virtual host configuration ===
     263
     264If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed (in a corresponding `<Directory>` block).
     265
     266Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able download any CSS or images/icons. I used <Location /trac> `SetHandler None` </Location> to circumvent the problem, though I do not know if this is the most elegant solution.
     267
    105268=== Using .htaccess ===
    106269
     
    109272It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth. Stick to the provided instructions. :)
    110273
     274A success story: For me it worked out-of-box, with following trivial config:
     275{{{
     276SetHandler mod_python
     277PythonInterpreter main_interpreter
     278PythonHandler trac.web.modpython_frontend
     279PythonOption TracEnv /system/path/to/this/directory
     280PythonOption TracUriRoot /path/on/apache
     281
     282AuthType Basic
     283AuthName "ProjectName"
     284AuthUserFile /path/to/.htpasswd
     285Require valid-user
     286}}}
     287
     288The TracUriRoot is obviously the path you need to enter to the browser to get to the trac (e.g. domain.tld/projects/trac)
     289
    111290=== Win32 Issues ===
    112 
    113 If you run trac with mod_python (3.1.3 or 3.1.4) on Windows,
    114 uploading attachments will '''not''' work.
    115 This is a known problem which we can't solve cleanly at the Trac level.
    116 
    117 However, there is a workaround for this at the mod_python level,
    118 which is to apply the following patch [http://projects.edgewall.com/trac/attachment/ticket/554/util_py.patch attachment:ticket:554:util_py.patch]
    119 to the (Lib/site-packages)/modpython/util.py file.
    120 
    121 If you don't have the `patch` command, that file can be replaced with the [http://svn.apache.org/viewcvs.cgi/httpd/mod_python/trunk/lib/python/mod_python/util.py?rev=103562&view=markup  fixed util.py] (fix which, although done prior to the 3.1.4 release, is ''not''
    122 present in 3.1.4).
     291If you run trac with mod_python < 3.2 on Windows, uploading attachments will '''not''' work. This problem is resolved in mod_python 3.1.4 or later, so please upgrade mod_python to fix this.
     292
    123293
    124294=== OS X issues ===
    125295
    126296When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, but there's also a patch available for earlier versions [http://www.dscpl.com.au/projects/vampire/patches.html here].
     297
     298=== SELinux issues ===
     299
     300If Trac reports something like: ''Cannot get shared lock on db.lock''
     301The security context on the repository may need to be set:
     302
     303{{{
     304chcon -R -h -t httpd_sys_content_t PATH_TO_REPOSITORY
     305}}}
     306
     307See also [[http://subversion.tigris.org/faq.html#reposperms]]
     308
     309=== FreeBSD issues ===
     310Pay attention to the version of the installed mod_python and sqlite packages. Ports have both the new and old ones, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in python, and the latter requires a threadless install.
     311
     312If you compiled and installed apache2, apache wouldn´t support threads (cause it doesn´t work very well on FreeBSD). You could force thread support when running ./configure for apache, using --enable-threads, but this isn´t recommendable.
     313The best option [[http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be]] adding to /usr/local/apache2/bin/ennvars the line
     314
     315{{{
     316export LD_PRELOAD=/usr/lib/libc_r.so
     317}}}
     318
     319=== Subversion issues ===
     320
     321If you get the following Trac Error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. (The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.)
     322
     323If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the apache ones (an incompatibility of the `apr` libraries is usually the cause). In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`).
     324
     325You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. 3.2.8 ''should'' work, though it's probably better to use the workaround described in #3371, in order to force the use of the main interpreter:
     326{{{
     327PythonInterpreter main_interpreter
     328}}}
     329This is anyway the recommended workaround for other well-known issues seen when using the Python bindings for Subversion within mod_python (#2611, #3455). See in particular Graham Dumpleton's comment in [comment:ticket:3455:9 #3455] explaining the issue.
     330
     331=== Page layout issues ===
     332
     333If the formatting of the Trac pages look weird chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration:
     334{{{
     335#!xml
     336Alias /myproject/css "/usr/share/trac/htdocs/css"
     337<Location /myproject/css>
     338    SetHandler None
     339</Location>
     340}}}
     341
     342Note: For the above configuration to have any effect it must be put after the configuration of your project root location, i.e. {{{<Location /myproject />}}}.
     343
     344=== HTTPS issues ===
     345
     346If you want to run Trac fully under https you might find that it tries to redirect to plain http. In this case just add the following line to your apache configuration:
     347{{{
     348#!xml
     349<VirtualHost * >
     350    DocumentRoot /var/www/myproject
     351    ServerName trac.mycompany.com
     352    SetEnv HTTPS 1
     353    ....
     354</VirtualHost>
     355}}}
     356
     357=== Fedora 7 Issues ===
     358Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd
     359
     360
     361=== Segmentation fault with php5-mhash or other php5 modules ===
     362You may encounter segfaults (reported on debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See debian bug report [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487]]
     363
     364Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check here [[http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault]]
    127365
    128366----