Ubuntu server setup: LAMP+LDAP+SVN+Trac+MoinMoin

I have wanted to rebuild a particular server at work for ages now, but just haven’t had the time. It is a relatively well-utilized server, with many students and student teams relying on it for daily use. With Ubuntu Hoary not really being supported anymore (actual end-of-life was October 31st, 2006), things were getting out of date pretty quickly. Then, after a scheduled power outage a week or two ago, the machine came back up with LVM segfaulting all over itself. I limped it along until Friday, when it went under the knife. This log just might be useful for someone else building a similar box, so here it is.

The goal is to get the following services up and running on a Dell PowerEdge SC1420 with RAID5+LVM: LAMP, LDAP, SVN, Trac, MoinMoin, and a few others. LDAP integration is important, and clean, package-based installations are preferred. I’m choosing Ubuntu Dapper Drake Server LTS for its 2011 EOL date. That’s plenty of life for this thing.

Install

Using the server CD, the install is pretty standard. One issue that often comes up with mixed PATA/SATA environments is the drive enumeration differences between the installer and grub when the system is actually installed. The problem comes from my boot drive being on a motherboard PATA channel, and the RAID drives being on a PCI SATA card.

Fixing it is easy. When grub boots for the first time, hit ‘e’ to edit the boot parameters and change the boot drive from hd(x,0) (usually x is not right), to hd(0,0) for the main PATA drive. Then edit /boot/grub/menu.lst to fix all the kernel entries and uncomment the “groot=” line with the correct target boot drive.

LAMP

Easy.

aptitude install apache2 libapache2-mod-php5 php5 mysql-server php5-mysql phpmyadmin
mysqladmin -u root password foo

LDAP

LDAP is great for centrally managing users.

1. Used smbldap-installer to do the basic install
2. aptitude install php5-ldap phpldapadmin
3. Configure it a bit through /etc/apache2/conf.d/ldap:

   LDAPSharedCacheSize 200000
   LDAPCacheEntries 1024
   LDAPCacheTTL 600
   LDAPOpCacheEntries 1024
   LDAPOpCacheTTL 600
   
   <Location /ldap-status>
   SetHandler ldap-status
   </Location>

SVN

We want multiple SVN repositories accessible through an http interface with LDAP user authentication.

1. Install SVN and activate authentication modules:

   aptitude install subversion libapache2-svn
   a2enmod auth_ldap
   a2enmod ldap

2. Edit /etc/apache2/mods-enabled/dav_svn.conf
   

   <Location /svn>
   
     DAV svn
   
     SVNParentPath /svn
   
     AuthType Basic
     AuthName "Subversion Server"
     AuthLDAPEnabled on
     AuthLDAPAuthoritative on
     AuthLDAPURL ldap://localhost/ou=Users,dc=example,dc=com
     AuthzSVNAccessFile /etc/svn-users
   
     Require valid-user
   
   </Location>

3. Create a subversion repository

   sudo mkdir /svn
   sudo svnadmin create /svn/testrepository

4. Give Apache permissions

   sudo chown -R www-data: /svn

5. Create /etc/svn-users

   [test:/]
   * = r
   me = rw

SVN Migration

Older svn repositories (like the ones created in hoary) utilized an older BDB (4.1?) which uses a different format for the database. Dapper svn (1.2.0) uses BDB 4.3, so you need to change over the databases before svn will work. Might as well convert to FSFS as well, as it is the default now with svn.

Basically you want to follow the directions here: /usr/share/doc/subersion/README.db4.3.gz.

Some references for this part:

• Base install of subversion from ubuntuguide.org
• Kind of okay notes on installation w/LDAP
• Good notes on SVN + Auth on Ubuntu, but no LDAP
• Subversion SVN and LDAP and Webdav

Trac

1. Install trac

   aptitude install trac libapache2-mod-python libapache2-mod-python-doc

2. Set up Apache someplace like /etc/apache2/conf.d/trac

   <Location /projects>
     SetHandler mod_python
     PythonInterpreter main_interpreter
     PythonHandler trac.web.modpython_frontend
     PythonOption TracEnvParentDir /tracroot
     PythonOption TracUriRoot /projects
   </Location>
   
   <LocationMatch "/projects/[^/]+/login">
     AuthType Basic
     AuthName "Trac Authentication"
     AuthLDAPEnabled on
     AuthLDAPAuthoritative on
     AuthLDAPURL ldap://localhost/ou=Users,dc=exampl,dc=com
     Require valid-user
   </LocationMatch>

3. Create a tracroot: mkdir /tracroot
4. References

• Trac with Multiple Projects
• Trac with mod_python with a little auth stuff too

Trac plugins

• Web Admin
  • Download and create /usr/share/trac/conf directory
  • Create trac.ini file with contents:

    [components]
    webadmin.* = enabled

• Plugin List
• Account Manager

Trac Migration

This is annoying. Be sure to check out the upgrade notes first.

• Copy the trac directories over, then issue the system upgrade command:

  trac-admin /path/to/projenv upgrade

• Upgrade the wiki stuff:

  trac-admin /path/to/projenv wiki upgrade

• If the stylesheets are busted, remove htdocs_location in trac.ini
• Update the database backend to the new SQlite as in next section
• Dump and load all the svn repositories to compensate for the BDB version change

  svnadmin dump /path/to/repos | svnadmin load /path/to/repos

Migrating from 0.8.x to 0.9.x

If you have PySQLite 2.x installed, Trac will now try to open your SQLite database using the SQLite 3.x file format. The database formats used by SQLite 2.8.x and SQLite 3.x are incompatible. If you get an error like “file is encrypted or is not a database” after upgrading, then you must convert your database file.

To do this, you need to have both SQLite 2.8.x and SQLite 3.x installed (they have different filenames so can coexist on the same system). Then use the following commands:

 $ apt-get install sqlite3
 $ mv trac.db trac2.db
 $ sqlite trac2.db .dump | sqlite3 trac.db

To update multiple database files at once on linux you may use the following command (replace /var/trac withe the location where your trac installtions reside):

 $ find /var/trac/ -iname "trac.db" | xargs -i bash -c "mv {} {}.2; sqlite {}.2 .dump | sqlite3 {};"

Remember to give the webserver write permission to trac.db.

After testing that the conversion was successful, the trac2.db file can be deleted. For more information on the SQLite upgrade see http://www.sqlite.org/version3.html.

LimeSurvey

http://wiki.oss-watch.ac.uk/LimeSurveyInUbuntu

MoinMoin

• Basically follow https://wiki.ubuntu.com/HelpOnInstalling
• But if you need to migrate, it is annoying, and you want to read this page

There you go. A server that with LDAP user management that plugs into SVN and Trac. Plus, SVN and Trac both support multiple projects, which is nice. Just head over to http://yoursever/projects for the trac stuff, and /svn for the svn stuff. Very cool.

Now if you have more machines to manage that use this same LDAP authentication, run the smbldap-installer for the client, and follow the instructions on my Ubuntu LDAP Authentication Goodness post to get host-based authentication too.

Ah. Finished. At least until 2011.