maandag 6 februari 2012

Hosting multiple Trac environments

Trac is in my opinion a great tool to manage projects. Although most Trac installations are aimed at software development projects this isn't necessary. Trac can be a great tool to manage non-software-development projects too.
I use Trac for almost any project and so I have have a server running with several instances of Trac. One instance per project. The different Trac installs I manage are accessed through a subdomain, trac.example.org for example. Each Trac instance is located in a virtual directory, e.g. trac.example.org/trac1, trac.example.org/trac2, etc.

For some projects I use subversion. I configured apache to serve subversion through DAV. The subversion repositories are accessible using svn.example.org as subdomain and a virtual directory per repository, similar to Trac.

Now as I am the only user of these projects I used a messy configuration that led to some sort of single sign on. Now I've reached the point that more people are going to use Trac and SVN, so the single sign on is no longer desirable (except for me, the administrator). So I came up with a solution to let apache determine access at directory level and let Trac manage its own permissions.

In my apache's "vhost.d" directory I've put a file named trac.conf. This configuration file looks like this:
<IfDefine TRAC> #only run this file if TRAC is defined
        <IfModule !dav_svn_module> #load dav_svn_module if it isn't loaded already (required by authz_svn_module)
                LoadModule dav_svn_module modules/mod_dav_svn.so
        </IfModule>
        <IfModule !authz_svn_module> #load authz_svn_module if it isn't loaded
                LoadModule authz_svn_module modules/mod_authz_svn.so
        </IfModule>
        Listen 443 #listen on port 443 (SSL)
        NameVirtualHost *:443
        <VirtualHost *:443>
                ServerName trac.example.org #hostname, just an example
                Include /etc/apache2/vhosts.d/ssl.include #include some ssl stuff
                Include /etc/apache2/vhosts.d/trac/*.conf #include trac projects

                Alias /[^/]+/chrome/common /var/www/trac/common #map common trac libs

                <Location />
                        SVNPath /var/www/trac #directory containing Trac http dirs
                        AuthzSVNAccessFile /var/www/trac/access #policy file
                        Require valid-user
                        AuthType Digest
                        AuthName "/" #must match the realm in the digest file
                        AuthUserFile /var/www/trac/trac.htpasswd #the digest file
                        Order deny,allow
                        SSLRequireSSL #because I want things to be safe :-)
                </Location>
        </VirtualHost>
</IfDefine>

In the "vhost.d" directory I have a directory named "trac" containing config files that create a trac instance.
example:
<IfDefine TRAC>
        WSGIScriptAlias /project1 /var/www/trac/project1/cgi-bin/trac.wsgi
        <Directory /var/www/trac/project1/cgi-bin>
                WSGIApplicationGroup %{GLOBAL}
                Order deny,allow
                Allow from all
        </Directory>
</IfDefine>
 This file only maps the virtual directory to the Trac wsgi script, generated by trac-admin.

The Trac hosting is done with this. The SVN hosting is done by a module. The module is located in apache's "modules.d" directory and it's named "47_mod_dav_svn.conf".
Mine looks like this:
<IfDefine SVN> #only host when SVN is defined
        <IfModule !dav_svn_module> #load dav_svn_module
                LoadModule dav_svn_module modules/mod_dav_svn.so
        </IfModule>
        <IfDefine SVN_AUTHZ>
                <IfModule !authz_svn_module> #load authz module if desired
                        LoadModule authz_svn_module modules/mod_authz_svn.so
                </IfModule>
        </IfDefine>

        <VirtualHost *:443> #again only listening on SSL
                ServerName svn.example.org
                Include /etc/apache2/vhosts.d/ssl.include #include common ssl stuff
                <Location />
                        DAV svn
                        SVNParentPath /var/svn #directory containing the repositories
                        AuthType Digest
                        AuthName "/" #matching the digest realm
                        AuthUserFile /var/www/trac/trac.htpasswd #same digest file as the one used for Trac
                        AuthzSVNAccessFile /var/svn/access #access file for all SVN repositories
                        Order deny,allow
                        Require valid-user
                        SSLRequireSSL #require SSL :-)
                </Location>
        </VirtualHost>
</IfDefine>

Now I can define access for SVN per repository using a ACL file. Example:
[groups]
admin = admin, siebz0r
prjA = foo
prjB = bar

[/]
@admin = rw

[project-A:/]
@prjA = rw

[project-B:/]
@prjB = rw

The file defines 3 groups:
  • admin
  • prjA
  • prjB
admin has read/write access to the root directory of all projects.
prjA only has read/write access to the project-A repository.
prjB only has read/write access to the project-B repository.

note: You can do more things like add a group to a group.
To revoke all permissions in a directory simply specify the user or group followed by a =.
For example if I would like to revoke all permissions for "foo" I'd write a line "foo = " under the directory I want.

The file for the Trac environments is likewise. The difference is that in stead of "[project-A:/]" I would have to specify "[/project-A]" to configure the directory.
Only read access is required as the rest of the permissions depend on Trac's configuration.

The only caveats are that if you use a global config/policy file for all Trac environments and if a user has access to multiple Trac environments, the user has the same permissions in all environments. Luckily this doesn't create a problem for me.

woensdag 1 februari 2012

UML as text?

Since I'm working a lot with UML these days I found the need for an open source UML tool that works on Linux and could do more than just a class diagram or a sequence diagram.
Some tools I tried were StarUML, Visual Paradigm (which I use for my education), Umbrello and Dia. All these tools have their good and bad points.

As a die hard Linux user I always try to avoid Windows based applications for obvious reasons, so my experience with StarUML wasn't really good. I believe that if you're a Windows user It's a great tool, but as I said I was looking to do more then a hand full of diagrams.



Umbrello is a neat looking tool, QT based (which I like) and is cross platform. Too bad Umbrello doesn't support all the diagrams I want it to. Umbrello also seemed to crash quite often and it sometimes didn't behave to my liking. (resizing classes in class diagrams made text in the class jump out of the class, etc).

Dia is a well known diagram tool which I use quite often to draw a quick diagram. Unfortunately Dia is a very simple tool and it isn't flexible enough (or it is too flexible). Diagrams need a lot of work to keep them clean. Linking to other diagrams isn't supported and as I hate using a mouse, Dia isn't my tool of choice. I might as well use Microsoft Visio. :-P

Visual Paradigm suited my needs quite fine. It's a great tool if you want to document a lot of diagrams and it also has some neat features like reverse engineering. Linking to other diagrams within Visual Paradigm is allowed and this is super handy. Visual Paradigm however is based on Java (which is a fine language to code in, but doesn't run smooth on my Linux laptop). The user interface is one big mess and the automatic update feature is super annoying, as is the message box in the bottom of the screen. (message box takes literally half the screen on a default install) A lot of features and options I never touched or couldn't find because the UI isn't quite self explaining. The most annoying thing about Visual Paradigm is that it requires an Internet connection to check the license key, each time you start the damn thing. As I am on the road a lot this forms a problem quite often.
Visual Paradigm also comes in two flavors, a paid (Professional, Enterprise, etc) version and a free (community) version. The school I go to provides me with a professional edition so I can create almost all diagrams. However the community edition only allows to create a couple of these (class diagram, sequence diagram, etc.).
Today I wanted to create a diagram and so I fired up Visual Paradigm, it was then I discovered the license key was expired. This left me with yUML.





yUML is an on-line tool that allows you to create a couple of diagrams from text! It then generates an image for you. This is when I came up with an idea that could possibly be quite helpful. A textual representation of UML that can be used as a standard. I'm calling this project "OUDS", Open UML Definition Standard.
OUDS is going to be a way to define any diagram as text. This way a set of libraries can be made in multiple language that can work with an open standard. On top of those libraries a developer can create a GUI tool or anything that would be handy. As a developer I find it my task to take a look at this and if it's possible, create a set of libraries so developers can import, export, parse and do other kinds of neat things.