SVN Environment Quick Build (SVN|HTTP|LDAP) +ifsvnadmin

Source: Internet
Author: User
Tags aliases http authentication ldap parent directory ssl connection pkill tortoisesvn

SVN Service Rapid deployment:
Here are 3 ways to authenticate: SVN, HTTP, LDAP

1. SVN certification

#查看系统版本信息
Cat/etc/redhat-release
Uname-rm
#安装软件并启动
Yum Install Subversion-y
Mkdir-p/APPLICATION/{SVNDATA,SVNPASSWD}
/usr/bin/svnserve-d-r/application/svndata--pid-file=/application/svndata/svn.pid
Ps-ef|grep SVN
Netstat-tulpn|grep 3690
Lsof-i tcp:3690

Svnadmin Create/application/svndata/sadoc
Ls/application/svndata/sadoc/conf
Cd/application/svndata/sadoc/conf
Cp-a svnserve.conf svnserver.conf.$ (date +%f)

Sed-i ' s/# anon-access = read/anon-access = None/g '/application/svndata/sadoc/conf/svnserve.conf
Sed-i ' s/# auth-access = write/auth-access = Write/g '/application/svndata/sadoc/conf/svnserve.conf
Sed-i ' [email protected]# authz-db = [email protected] =/application/svnpasswd/[email protected] '/application/svndata/ Sadoc/conf/svnserve.conf
Sed-i ' [email protected]# password-db = [email protected] =/application/svnpasswd/[email protected] '/application/svnda Ta/sadoc/conf/svnserve.conf

CP Authz passwd/application/svnpasswd/
cd/application/svnpasswd/

#配置密码文件:
vim/application/svnpasswd/passwd
Nick = china123
Adamon = america123
SVN account before equals sign, svn password after equals sign (plaintext unencrypted)
When changing svnserve.conf, you need to restart SVN, change passwd and Authz no need to restart

Quick setup:
echo "Nick = china123" >>/application/svnpasswd/passwd
Tail-1/application/svnpasswd/passwd

#配置授权文件:
Vim/application/authz
Authorized Subject:
1. Single SVN user
2. SVN user group (define user groups under [Gruops])
3. Alias user (define alias under [aliases])
4. $authenticated variable (this variable represents all authenticated users)
5. $anonymous variable (the variable represents an anonymous user)
6. * Denotes anyone
Permissions:
W, R, rw, Empty (")

[Aliases]

[Groups]
Group name = User 1, user 2, User 3 ...

Format:
[< Repository >:/project/catalog]
[/] The root directory is specified at svnserve startup, previously specified as/application/svndata, [/] for all repository set permissions
[Repos:/sadoc] means setting permissions on Sadoc items in the repository repos
[Repos:/sadoc/test] means to set permissions on the test directory of Sadoc projects in the repository repos
@< user Group Name > = < permissions >
< user name > = < permissions >

[sadoc:/] #表示对版本库sadoc的根目录授权
User Name = R #为该用户赋予对sadoc库根目录的只读权限
@ Group name = RW #为该组中的所有户赋予对sadoc库根目录的读写权限

chmod 700-r/application/svnpasswd
Pkill Svnserve
/usr/bin/svnserve-d-r/application/svndata
Netstat-tunlp|grep 3690

The above configuration is accessed via the SVN protocol (password is plaintext) svn://
Access using the SVN://protocol on the TORTOISESVN client
The first time you checkout, a checkout window pops up
URL of repository: Enter Svn://10.0.0.20/sadoc #10.0.0.20 when the SVN server is located, Sadoc the repository name created with Svnadmin create
Checkout directory: Enter the Winddows local side of this library

2. HTTP Authentication
The following is access via HTTP (s)
Yum install httpd mod_dav_svn php php-devel-y
/ETC/INIT.D/HTTPD start
Netstat-tunlp|grep httpd
Generate a subversion.conf configuration file #安装后会在 the/etc/httpd/conf.d/directory
cd/etc/httpd/conf.d/
CP subversion.conf{,. date +%F }

Vim subversion.conf #修结果如下
LoadModule Dav_svn_module modules/mod_dav_svn.so
LoadModule Authz_svn_module modules/mod_authz_svn.so
<Location/repos> #这里的/repos can be arbitrarily assigned, specify what access to use, access to Http://localhost/repos/sadoc (must use this format to access, Sadoc is the repository name created with Svnadmin)
DAV SVN
Svnparentpath/application/svndata #svn的根目录, the directory specified with the-r parameter when starting with Svnserve
#

Limit Write permission to list of valid users.<limitexcept GET PROPFIND OPTIONS report>require SSL Connection for PA ssWOrd protection. Sslrequiressl

#
AuthType Basic
AuthName "Authorization Realm"
Authuserfile/etc/httpd/conf.d/.svnuser
Authzsvnaccessfile/etc/httpd/conf.d/authz
Require Valid-user

</LimitExcept>

</Location>

Htpasswd-cb/etc/httpd/conf.d/.svnuser Nick China123
Chown Apache:apache/etc/httpd/conf.d/.svnuser
chmod 600/etc/httpd/conf.d/.svnuser #这里使用600, instead of using 400, mainly because the latter to configure Ifsvnamin to manage SVN, this software management SVN will use the Apache user to read and write this file, If Ifsvnadmin is not applicable, you can use 400 permissions

Cp/application/svnpasswd/authz/etc/httpd/conf.d/authz #授权文件最好和用户认证文件. Svnuser placed in a directory, such as the Apache configuration file directory
Chown Apache:apache/etc/httpd/conf.d/authz
chmod 600/etc/httpd/conf.d/authz #这里使用600, instead of using 400, mainly because the latter to configure Ifsvnamin to manage SVN, this software management SVN will use the Apache user to read and write this file, If Ifsvnadmin is not applicable, you can use 400 permissions

Chown-r Apache:apache/application/svndata
Apachectl Graceful

Pkill Svnserve
/usr/bin/svnserve-d-r/application/svndata
Netstat-tunlp|grep 3690

Use the above settings to access SVN via the HTTP (s) protocol
The same applies to the TortoiseSVN client, at the first checkout time,
URL of repository: Enter the http://10.0.0.20/repos/sadoc/#注意这里与svn协议不同的是访问地址多了repos, which is the network path specified when configuring the MOD_DAV_SVN module. Sadoc is a repository for entities that exist under the network path (Svnadmin created)
#10.0.0.20 when the SVN server is located, repos is configuring the network path specified by Apache, sadoc the repository name created with Svnadmin create
Checkout directory: Enter the Winddows local side of this library

Attention:
1, although this is already possible through the Apache user authentication file (. svnuser) as SVN authentication user, but for the user authorization in the authentication file, still in the Authz file, the specific details of the authorization is shown above
2. Use HTTP to access SVN, be sure to put the user authentication profile (. svnuser) and authorization files together with the Apache configuration file (in other directories may cause Apache to be unable to read these two files, resulting in an access failure)
3, although configure HTTP access on the basis of SVN access, but the previous use of SVN access to the configuration is still in effect, so you can use both SVN and HTTP access (except the authentication file used by the two different), but the authorization file needs to use the same, otherwise management trouble (try not to use at the same time, Either just use SVN, or just use HTTP, or just use LDAP to avoid management clutter)
4, when using HTTP access, as far as possible, the SVN root directory in the Apache Site Directory (/var/www), of course, can not do so, as we did not do the above operation, But user authentication files (. svnuser) and authorization files Authz to be placed in the same directory as the Apache configuration file for easy administration
5, note When using the TORTOISESVN client, using the SVN protocol and the HTTP protocol path, the HTTP protocol input path IP address, you need to first connect to the network path configured in the MOD_DAV_SVN module configuration file, and then use the svndamin created by the code base name

3. Using LDAP authentication
See LDAP section

4. Use Ifsvnadmin to manage SVN configuration
Note: There is no relationship between the configuration here and the above HTTP access to SVN, which is configured to manage SVN (add users, authorizations, etc.); the configuration above is to have SVN support HTTPD protocol access
Preferred to build a virtual host in Apache
[Email protected] conf.d]# vim vhost.conf
Listen 8080
<virtualhost 10.0.0.20:8080>
Servername 10.0.0.20:8080
Documentroot/var/www/html/svnadmin
Errorlog Logs/svnhost-err.log
Customlog Logs/svnhost-access.log Common
</Virtualhost>

Mkdir-p/var/www/html/svnadmin
Cd/var/www/html/svnadmin
wget Http://sourceforge.net/projects/ifsvnadmin/files/svnadmin-1.6.2.zip
Unzip Svnadmin-1.6.2.zip
MV if.svnadmin-stable-1.6.2/*./
Chmod-r 777 data/

Apachectl-t
Apachectl Graceful
Enter 10.0.0.20:8080 in the browser
Will enter the Ifsvnadmin management configuration Interface
Enter the following fields as specified in the/etc/httpd/conf.d/subversion.conf file:
Path to the authorization file:/etc/httpd/conf.d/authz
Path to the authentication file:/etc/httpd/conf.d/.svnuser
The path to the parent directory of the codebase specified by the Svnparentpath directive:/application/svndata
Absolute path to SVN instructions in Linux system:/USR/BIN/SVN
Absolute path to svnadmin directives in Linux systems:/usr/bin/svnadmin

Then click Save Configuration
Popup Prompt "No permissions!" Please configure the user's admin permissions "
Select an SVN user in the User drop-down list as the Super administrator of the Ifsvnadmin Web program
Click "Save" to go to the home Welcome screen
Code Warehouse--list: See all the code warehouses that have been built on SVN
Code Warehouse-Add: Enter the name of the code base (equivalent to creating a code base in the code Coogan directory using avnadmin create); Select the database type (default FSFS or BDB)
Select the structure of the library you want to create:
1, no pre-defined structure: just create a code base, nothing in the library
2, but the project structure: Create a code base, while creating 3 directories in the library "trunk", "branches", "tags"
3, multi-project structure: need to enter the project name, in the code base to create a subdirectory of the project name, and then create 3 directories in this subdirectory "trunk", "branches", "tags"
User-list: Lists all the users in SVN, there is a "Select Role" Assignment option, which is used primarily to assign a user permission to what can be done in this ifsvnadmin interface
User-add: Enter user name and password to create an SVN user
Access Path--permissions: Select a user, select a permission, select a code base, assign the user the appropriate permissions (permissions for the user to access the code library)

Group--List: Lists all the groups
Group--Add: Create a group
Group-Relationship: You can select users to add to a group in bulk

Access Path--list: List of access paths for SVN configuration information to set a user (project manager) to access the root path of a code base
Access List-add: Use the <RepoName>:/<path> format to add a path in the code base (the path code must exist, otherwise even if the permission is added and assigned, and cannot be accessed because it does not exist), if "/" is used as the path, Contains all the permissions for the code warehouse.
Access Path--permissions: Assigning permissions to a user or group to access a path (code library)
Settings-Backend: Set the authentication authorization file and instructions, the first step in the previous article entered the interface has been done
session--Change Password: Modify the Super Administrator's login password

SVN Environment Quick Build (SVN|HTTP|LDAP) +ifsvnadmin

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.