The company server will be named pumi-X.ida.liu.se, where X is the number of your company. It is a virtual server running on a hardware with 8x2.2GHz CPUs, which will give each company server at least 2x2.2 GHz (probably more if not all companies are using their server at once).
Each server is setup with 8GB harddisk space and 3 GB RAM. Initially it will contain a Debian Wheezy (Stable) installation, with Trac (web based SCM and project management system).
Users and access
In the basic setup, the root user has a randomized (unknown) password. To run things as root, you can either:
- Login as yourself, run "sudo su", enter your own password and you are root. or
- Prefix every command you want to run as root with sudo (super-user do)
The company server is running NIS, and has therefore access to validate login from all students at LIU. This is not wanted, because only the students in the company should be allowed to login. Therefore the access is restricted. By editing the file /etc/security/access.conf you can add or remove students that are allowed to log in. Remember to also add/remove the student from /etc/sudoers using the command visudo if they need/had sudo rights.
Trac is setup in /var/lib/pumtrac with a sqlite database and standalone server. Subversion is setup in /var/lib/pumsvn. Trac is running on port 8000, which means it is accessable from a browser at http://pumi-X.ida.liu.se:8000/
The access to Trac is not limited to the people in the company. The easy way is to create a htpasswd-file somewhere. Create users in the file with the htpasswd command:
> htpasswd -c /path/to/my/htpasswdfile nisseThen, configure Trac to use the htpasswd file by adding
[account-manager] force_passwd_change = true password_file = /path/to/my/htpasswdfile password_store = HtPasswdStoreto /var/lib/pumtrac/conf/trac.ini and edit the second last line in the file /etc/rc.local to read
tracd -p 8000 --basic-auth="pumtrac,/path/to/my/htpasswdfile,Welcome to our company" --daemonize /var/lib/pumtracrestart the trac server by running
> pkill tracd > /etc/rc.local
To give a user admin privileges (so you can see which plugins has been installed and configure them) use trac-admin
> trac-admin /var/lib/pumtrac permission add myusr123 TRAC_ADMIN
Plugins can be installed manually (by downloading, compiling and copying to the pumtrac/plugins folder. Every plugin has their own instructions on how to do it) or by using easy_install. To install easy_install run
> apt-get install python-setuptools python-dev build-essentialand then, to install i.e. AccountManagerPlugin run
> easy_install TracAccountManagerand restart the trac daemon tracd.
More information about Trac and plugins is available at the Trac webpages http://trac.edgewall.org/
Some good plugins:
The problem with using the above method to access Trac is that you need to store passwords in an unsafe manner on the server. The passwords are sent in clear text and can therefore easily be spoofed. CAS works like OpenID or Facebook login. The user authenticates to login.liu.se with normal username & password and is then redirected back to the server.
Copy login.liu.se.pem to /etc/ssl/certs/ on the server
sudo wget http://www.ida.liu.se/~TDDC88/system/login.liu.se.pem /etc/ssl/certs/install Apache and libapache2-mod-auth-cas
sudo aptitude install apache2 libapache2-mod-auth-casenable auth_cas
sudo a2enmod auth_casEdit the file /etc/apache2/sites-available/default by using eg. nano or emacs. Add the following lines after <VirtualHost... but before the first <Directory
<IfModule mod_auth_cas.c> CASCookiePath /var/cache/apache2/mod_auth_cas/ CASLoginURL https://login.liu.se/cas/login CASValidateURL https://login.liu.se/cas/serviceValidate CASCertificatePath /etc/ssl/certs/login.liu.se.pem CASDebug Off CASValidateServer Off </IfModule>Then you need to configure the actual place where password should be needed. If you put all the secret files in /var/www/secret, to be displayed at http://pumi-X.ida.liu.se/secret/, you add a Directory directive like this:
<Directory /var/www/secret/> Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType CAS AuthName "PUM group X secret pages (or whatever)" require user abcde123 bcdef345 </Directory>You can add as many users as you want on the require user-line. Save the file and restart apache
sudo /etc/init.d/apache restart
To do the same thing for Trac, see http://trac-hacks.org/wiki/TracCasPlugin
Page responsible: Kristian Sandahl
Last updated: 2012-09-10