|Version 19 (modified by coderanger, 10 years ago) (diff)|
Experimental Trac multi-project support
Still developing this concept.
Note: What is in subversion is currently usable, but there isn't (yet) much documentation. If you would like to try this out you should probably try finding me on #trac (I am usually on as coderanger).
An alternate(in idled/stalled/rethinking development) implementation of the same idea, and with the same name (great minds etc etc), is at http://tracforge.net.
In order to add projects right now, create a prototype containing only DoNothing. You still need to make the Trac environment and other things the normal way for now.
First designate one env to be the master. This will manage SSO, and hold the central roles and permissions. This is also commonly the aggregate trac if you are using the data subscription system, but it doesn't need to be.
On the master env, activate these components:
tracforge.* = enabled tracforge.linker.* = disabled tracforge.linker.auth.tracforgecookiemunger = enabled tracforge.subscriptions.* = disabled
On each client env activate these:
trac.web.auth.loginmodule = disabled tracforge.admin.perm.* = enabled tracforge.linker.* = enabled tracforge.perms.* = enabled
NOTE: The last module was not previously listed for clients, please make sure to add it when upgrading to a newer version of TracForge.
ANOTHER NOTE: If you are using AccountManager, make sure it is disabled in all clients.
In the master be sure you set base_url. You will also need some kind of authentication setup on the master, either the default HTTP auth system or the AccountManagerPlugin are popular choices (I recommend the latter).
For all envs set this in [trac]:
permission_store = TracForgePermissionModule
and add this in [tracforge]:
master_path = /path/to/master/env
That should be all config changes you need. If you want to use the data subscription system, just enable tracforge.subscriptions.* on all envs.
To setup the TracForge system, go into WebAdmin on the master, and there should be a TracForge Project Admin screen. In there add each of your projects. For now TracForge cannot actually create the projects, so make them the normal way and then just enter them into TracForge (see above about prototypes). Once that is done you should be able to add central roles and permissions. Permissions work exactly the same way as normal, with the central ones combined with the per-project permissions. Roles show up as groups, so you can do something like give the group "member" the permission WIKI_MODIFY, and then add some users as members to a project. The "*" project on the roles screen means that user will have the given role on all projects (very handy for configuring global admin accounts).
TracForge now can handle displaying the project index, and dispatching to subordinate environments (in a similar fashion a TRAC_ENV_PARENT_DIR setup). To use this you just need to setup the master environment normally, but do not setup anything in the webserver for the TRAC_ENV_PARENT_DIR. One advantage this has over the built-in system is that it can control access using Trac permissions, specifically PROJECT_VIEW. This check is done against the project they are trying to access, not the master. The project index will also be filtered so they can only see projects they can access.
There isn't much configuration to the subscription system. It should autodetect all sibling envs (envs sharing the same enclosing folder), and let you add subscriptions from one env to another. Changesets work very well, and tickets are mostly working (though there is no support for attachments yet).
If you have any issues, create a new ticket.
Download the zipped source from [download:tracforgeplugin here].