System Configuration

Server setup

The company server will be named pumi-X.ida.liu.se, where X is the number of your company. It is a virtual server running on a hardware with 8x2.2GHz CPUs, which will give each company server at least 2x2.2 GHz (probably more if not all companies are using their server at once).

Each server is setup with 8GB harddisk space and 3 GB RAM. Initially it will contain a Debian Wheezy (Stable) installation, with Trac (web based SCM and project management system).

Users and access

In the basic setup, the root user has a randomized (unknown) password. To run things as root, you can either:

• Login as yourself, run "sudo su", enter your own password and you are root.
or
• Prefix every command you want to run as root with sudo (super-user do)

Note that if something goes terribly wrong, we cannot help you fix a broken server with a new root password, only reinstall it from scratch.

The company server is running NIS, and has therefore access to validate login from all students at LIU. This is not wanted, because only the students in the company should be allowed to login. Therefore the access is restricted. By editing the file /etc/security/access.conf you can add or remove students that are allowed to log in. Remember to also add/remove the student from /etc/sudoers using the command visudo if they need/had sudo rights.

Trac

Trac is setup in /var/lib/pumtrac with a sqlite database and standalone server. Subversion is setup in /var/lib/pumsvn. Trac is running on port 8000, which means it is accessable from a browser at http://pumi-X.ida.liu.se:8000/

The access to Trac is not limited to the people in the company. The easy way is to create a htpasswd-file somewhere. Create users in the file with the htpasswd command:

    > htpasswd -c /path/to/my/htpasswdfile nisse
  

Then, configure Trac to use the htpasswd file by adding

[account-manager]
force_passwd_change = true
password_file = /path/to/my/htpasswdfile
password_store = HtPasswdStore
  

to /var/lib/pumtrac/conf/trac.ini and edit the second last line in the file /etc/rc.local to read

    tracd -p 8000 --basic-auth="pumtrac,/path/to/my/htpasswdfile,Welcome to our company" --daemonize /var/lib/pumtrac
  

restart the trac server by running

    > pkill tracd
    > /etc/rc.local
  

To give a user admin privileges (so you can see which plugins has been installed and configure them) use trac-admin

    > trac-admin /var/lib/pumtrac permission add myusr123 TRAC_ADMIN
  

Plugins can be installed manually (by downloading, compiling and copying to the pumtrac/plugins folder. Every plugin has their own instructions on how to do it) or by using easy_install. To install easy_install run

    > apt-get install python-setuptools python-dev build-essential
  

and then, to install i.e. AccountManagerPlugin run

    > easy_install TracAccountManager
  

and restart the trac daemon tracd.

More information about Trac and plugins is available at the Trac webpages http://trac.edgewall.org/

Some good plugins:

• AccountManagerPlugin
• TimingAndEstimationPlugin
• EstimationToolsPlugin
• DiscussionPlugin

CAS

The problem with using the above method to access Trac is that you need to store passwords in an unsafe manner on the server. The passwords are sent in clear text and can therefore easily be spoofed. CAS works like OpenID or Facebook login. The user authenticates to login.liu.se with normal username & password and is then redirected back to the server.

Copy login.liu.se.pem to /etc/ssl/certs/ on the server

    sudo wget http://www.ida.liu.se/~TDDC88/system/login.liu.se.pem /etc/ssl/certs/
  

install Apache and libapache2-mod-auth-cas

    sudo aptitude install apache2 libapache2-mod-auth-cas
  

enable auth_cas

    sudo a2enmod auth_cas
  

Edit the file /etc/apache2/sites-available/default by using eg. nano or emacs. Add the following lines after <VirtualHost... but before the first <Directory

    <IfModule mod_auth_cas.c>
      CASCookiePath /var/cache/apache2/mod_auth_cas/
      CASLoginURL https://login.liu.se/cas/login
      CASValidateURL https://login.liu.se/cas/serviceValidate
      CASCertificatePath /etc/ssl/certs/login.liu.se.pem
      CASDebug Off
      CASValidateServer Off
    </IfModule>
    

Then you need to configure the actual place where password should be needed. If you put all the secret files in /var/www/secret, to be displayed at http://pumi-X.ida.liu.se/secret/, you add a Directory directive like this:

    <Directory /var/www/secret/>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      AuthType CAS
      AuthName "PUM group X secret pages (or whatever)"
      require user abcde123 bcdef345
    </Directory>
  

You can add as many users as you want on the require user-line. Save the file and restart apache

    sudo /etc/init.d/apache restart
  

To do the same thing for Trac, see http://trac-hacks.org/wiki/TracCasPlugin

Page responsible: Kristian Sandahl
Last updated: 2012-09-10