Usuario:LordT/apuntes/Montar un servidor de Subversion
backup and restore your repository data[editar]
subversion repositories use either the Berkeley Database system libraries, or the FSFS database format which comes with the subversion package. Since the BDB system libraries often introduce a new incompatible format during version upgrade, a backup/restore of all the subversion repositories must be performed _BEFORE_ doing such a system upgrade. 'svnadmin dump' will write the repository to stdout in a 'dumpfile' format. This dumpfile can be loader later with 'svnadmin load'.
create svn user/group for svnserve[editar]
subversion repositories can be served either via http, or via the svnserve daemon and a special network protocol. svnserve should not run as root user. The startup script rcsvnserve expects a user/group named 'svn', configureable via /etc/sysconfig/svnserve. But this user/group must be created before first use:
useradd svn groupadd svn
mini-howto for 2 projects[editar]
To run a subversion server, you need to configure apache2 to load two apache2 modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is installed together with apache2.)
This is done by editing the apache2 configuration (/etc/sysconfig/apache2) and adding "dav dav_svn" to the APACHE_MODULES setting, and restarting the server.
A default/example configuration of the dav_svn module can be found in /etc/apache2/conf.d/subversion.conf. With more recent apache packages, this configuration is *not* loaded automatically by the apache server, since many people configure virtual hosts and it is unlikely that the repositories shall be available from any virtual host. To load the configuration for a certain virtual host, add
Include /etc/apache2/conf.d/subversion.conf
or
Include /path/to/your_subversion_configuration
in the respective virtual host configuration. This *may* be done in the default virtual host (/etc/apache2/default-server.conf).
Minihowto[editar]
The plan:
host 2 source projects with subversion both must have anonymous read access both must have limited write access for a few users they are accessed only via HTTP, not (!) locally they will be reachable via:
http://hostname/repos/project1 http://hostname/repos/project2
Both will have the official version of the source tree and our modified version for the distribution. Projects in question are: project1 project2
The realisation:
find a machine to host the projects. Keep backup (and restore!) in mind when hunting for hardware.
install needed packages (you might check for update packages on ftp://ftp.suse.com/pub/projects/apache/ )
rpm -Uvh \ apache2 \ apache2-doc \ apache2-prefork \ libapr0 \ neon \ subversion \ subversion-doc \ subversion-server
Update /etc/sysconfig/apache2 add 'dav dav_svn' to $APACHE_MODULES
create a few directories:
mkdir -p /srv/svn/repos mkdir -p /srv/svn/user_access mkdir -p /srv/svn/html
Add the http repository data to /etc/apache2/conf.d/subversion.conf:
#------------------------------------------------------------------------
#
# project related HTML files
#
<IfModule mod_alias.c>
Alias /repos "/srv/svn/html"
</IfModule>
<Directory /srv/svn/html>
Options +Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
order allow,deny
allow from all
</Directory>
# project repository files for project1
<Location /repos/project1>
DAV svn
SVNPath /srv/svn/repos/project1
# Limit write access to certain people
AuthType Basic
AuthName "Authorization for project1 required"
AuthUserFile /srv/svn/user_access/project1_passwdfile
AuthGroupFile /srv/svn/user_access/project1_groupfile
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group project1_committers
</LimitExcept>
# Limit read access to certain people
<Limit GET PROPFIND OPTIONS REPORT>
Require group project1_committers
Require group project1_readers
</Limit>
</Location>
# project repository files for project2
<Location /repos/project2>
DAV svn
SVNPath /srv/svn/repos/project2
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "Authorization for project2 required"
AuthUserFile /srv/svn/user_access/project2_passwdfile
Require valid-user
</LimitExcept>
</Location>
#------------------------------------------------------------------------
create the repositories itself:
cd /srv/svn/repos svnadmin create project1 chown -R wwwrun:www project1/{dav,db,locks} svnadmin create project2 chown -R wwwrun:www project2/{dav,db,locks}
The webserver must be configured and started:
SuSEconfig --module apache2 rcapache2 restart
Now create the user access files:
project1 is a restricted project.
read access requires a password
write access is limited to a few users
touch /srv/svn/user_access/project1_passwdfile chown root:www /srv/svn/user_access/project1_passwdfile chmod 640 /srv/svn/user_access/project1_passwdfile
htpasswd /srv/svn/user_access/project1_passwdfile olaf htpasswd /srv/svn/user_access/project1_passwdfile olh
this is the group file for project1: /srv/svn/user_access/project1_groupfile
content: project1_committers: olh project1_readers: olaf olh
project2 is world readable, but only a few can commit to the sources.
touch /srv/svn/user_access/project2_passwdfile chown root:www /srv/svn/user_access/project2_passwdfile chmod 640 /srv/svn/user_access/project2_passwdfile htpasswd2 /srv/svn/user_access/project2_passwdfile olaf
You should be able to connect to the server: http://host/repos/project2 http://host/repos/project1
Now import the data, e.g. svn import /path/to/project2-tree http://host/repos/project2 -m "initial import"
Añadir un usuario a un repositorio existente[editar]
Crear el usuario y asignarle una clave:
htpasswd /srv/svn/user_access/REPOSITORIO_passwdfile NUEVOUSUARIO
Añadirle permisos de commiter o reader en:
/srv/svn/user_access/REPOSITORIO_groupfile
Añadir un nuevo repositorio[editar]
Añadir la información del nuevo repositorio a /etc/apache2/conf.d/subversion.conf:
#------------------------------------------------------------------------
# Archivos del repositorio para NuevoProyecto
<Location /repos/NuevoProyecto>
DAV svn
SVNPath /srv/svn/repos/NuevoProyecto
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "Authorization for NuevoProyecto required"
AuthUserFile /srv/svn/user_access/NuevoProyecto_passwdfile
Require valid-user
</LimitExcept>
</Location>
#------------------------------------------------------------------------
crear el repositorio:
cd /srv/svn/repos svnadmin create NuevoProyecto chown -R www-data:www-data NuevoProyecto/{dav,db,locks}
Ahora creamos los archivos de acceso a usuarios:
touch /srv/svn/user_access/NuevoProyecto_passwdfile chown root:www-data /srv/svn/user_access/NuevoProyecto_passwdfile chmod 640 /srv/svn/user_access/NuevoProyecto_passwdfile
htpasswd /srv/svn/user_access/NuevoProyecto_passwdfile NuevoUsuario
Y el archivo de grupo para el NuevoProyecto: /srv/svn/user_access/NuevoProyecto_groupfile
content: project1_committers: NuevoUsuario project1_readers: NuevoUsuario
Reniciar el apache:
/etc/init.d/apache2 restart
Ahora debería funcionar el nuevo repositorio:
http://host/repos/NuevoProyecto
Final mente el import inicial, p.e.
svn import /ruta/a/nuevoproyecto http://host/repos/NuevoProyecto -m "initial import"