I was looking into SVN and it was a great experience setting it up.
HOMEWORK before start!!! - For creating new Products and maintain the tags,branches and truck please refer Strategies for Repository Deployment
Taking Backup
I feel Single Repositories are easy to maintain and administer. Only if there are hundred's of project then I suggest Multiple Repositories.
An example of httpd.conf for multiple repositories.
svn create --fs-type fsfs <repos-path>NOTE: Why FSFS is used ?
HOMEWORK before start!!! - For creating new Products and maintain the tags,branches and truck please refer Strategies for Repository Deployment
Taking Backup
- Create Dump File
$ svnadmin dump <repos-path> > <dumpfile>
- Import Backup Dump File
$ svnadmin load <repos-path> < <dumpfile>
- Disable svn
- Make sure the svnserve is not running as deamon or inetd process.
OR - Disable read and write through svnserve - Edit the svnserve.conf and set anon-access=none and auth-access = none
- Make sure the svnserve is not running as deamon or inetd process.
- Basic Setup
- Load Access Modules in httpd.conf
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /repos>
DAV svn
SVNPath /absolute/path/to/repository
</Location> - Make sure that the repository has read-write permissions for apache
chown -R apache <repos-path>
- Restart server & check
- Load Access Modules in httpd.conf
- User Authentication
- Create a htpasswd file with users
- $ htpasswd -c /path/to/htpasswd/file user - Create User Credential
- $ htpasswd /path/to/htpasswd/file user - Append Users to List
- $ htpasswd -b /path/to/htpasswd/file user password - Batch mode, password is visible
- Add the below to httpd.conf under the SVN Location
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/htpasswd/file
# only authenticated users may access the repository
Require valid-user- Restart and check
- Create a htpasswd file with users
- Per-Directory Access Control
- Create an Access control Policy File
[groups]
Full-SVN-RO = svnreader
Proj1-RW = user1 user2 user3
Proj1-RO = user4
Proj2-RW = user1 user6 user7
Proj2-RO = user8 user2
EveryOne = @Full-SVN-RO, @Proj1-RW, @Proj1-RO, @Proj2-RW, @Proj2-Ro
# Access control to whole SVN
[/]
svnadmin = rw # No Groups allowed to Read-Write the whole SVN Repos
@Full-SVN-RO = are
# Access to Proj1
[/Proj1]
@Proj1-RW = rw
@Proj1-RO = r
# Access to Proj2
[/Proj2]
@Proj2-RW = rw
@Proj2-RO = r - Add the below module to httpd.conf
LoadModule authz_svn_module modules/mod_authz_svn.so
- Add Access control Policy File in Location of SVN
AuthzSVNAccessFile /path/to/access/file
- Restart httpd and check
- Create an Access control Policy File
- Enable SSL
- Setup Apache with SSL.
- Redirect Request to HTTPS
#Redirect all port 80 requests to 443
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] - Deny if not accessed without SSL. Add the below under the Location of SVN
SSLRequireSSL
- Restart and check
- Apache logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION
I feel Single Repositories are easy to maintain and administer. Only if there are hundred's of project then I suggest Multiple Repositories.
An example of httpd.conf for multiple repositories.
<Location /svn/>
DAV svn
SVNParentPath /data/subv/repos/
</Location>
<Location /svn/testA/>
# Authenticate a user
AuthType Basic
AuthName "TestA Subversion Repository"
AuthUserFile /data/subv-testA/perms/users
Require valid-user
# Authenticate permissions
AuthzSVNAccessFile /data/subv-testA/perms/perms
# Requires SSL
SSLRequireSSL
</Location>
<Location /svn/testB/>
# Authenticate a user
AuthType Basic
AuthName "TestB Subversion Repository"
AuthUserFile /data/subv-testB/perms/users
Require valid-user
# No permissions
# AuthzSVNAccessFile /data/subv-testB/perms/perms
# No SSL
# SSLRequireSSL
</Location>
No comments:
Post a Comment