TMDBug

Code Change The World And Make It Better!

TMD.Bug

CentOS搭建svn服务器并配置

心血来潮,想在自己服务器上搭建个svn服务器,便于在几个长待的地方编写Web项目,于是就找了些教程,尝试搭建,但是每个教程都不太一样,也都没讲清楚svn的目录逻辑关系,所以通过自己的尝试来给大家解释下。

首先,svn服务器并不是一个目录,而是一种存储你文件的DB。之所以说它不是一个目录,因为你的文件上传到svn服务器后,你在Linux服务器中是找不到你上传的文件的。之所以说它是一种DB,就是说你可以把svn安装在服务器的任何一个地方,并不是说安装在Web目录中,也不是说将上传的文件设置在Web目录下。至于commit就能看到修改效果的原因,是因为svn服务有相关配置,可以使你commit后,svn服务器自动更新到Web目录,那就是hooks(钩子),下节讲。

接下来就说下安装流程:

yum install -y subversion          //yum安装svn (完成)

svnserve –version          //安装完,查看svn版本 (svnserve,版本 1.6.11)

mkdir /usr/local/svn          //创建存放svn版本库的目录[也可以是其他地方]

svnadmin create /usr/local/svn/web1    //将web1的svn版本库及配置创建在上一步的目录中

以上就是svn的安装流程,然后就是svn的配置,此时/usr/local/svn/web1目录下会有这几个文件或文件夹

conf   db   format   hooks   locks   README.txt

我们主要配置的就是conf里的三个文件

authz   passwd   svnserve.conf          //分别是:权限控制、用户密码、svn服务配置

1、打开passwd文件,添加用户和密码

### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
username1 = username1pwd
username2 = username2pwd
username3 = username3pwd
editor1 = editor1pwd
editor2 = editor2pwd

创建账户及其密码。(这里我随便创建了5个做测试)

2.打开authz文件,设置用户权限

### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### – a single user,
### – a group of users defined in a special [groups] section,
### – an alias defined in a special [aliases] section,
### – all authenticated users, using the ‘$authenticated’ token,
### – only anonymous users, using the ‘$anonymous’ token,
### – anyone, using the ‘*’ wildcard.
###
### A match can be inverted by prefixing the rule with ‘~’. Rules can
### grant read (‘r’) access, read-write (‘rw’) access, or no access
### (”).
### (”).

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
admin = username1
developer = username2
developer = username3
editor = editor1
editor = editor2

[web1:/]
@admin = rw

[web1:/develop/]
@developer = rw

[web1:/doc/]
@editor = r

admin组(包括username1)可以读(r)写(w)根目录下的所有文件。
developer组(username2、username3)仅仅可以读(r)写(w)根目录下/develop目录里的文件。
editor组(editor1、editor2)里仅仅只读(r)根目录下/doc目录里的文件,不可写。
其中的develop目录和doc目录是admin组里的用户优先创建,只有目录存在时,才可以对目录进行权限控制。

3. 打开svnserve.conf文件,配置svn服务器

### This file controls the configuration of the svnserve daemon, if you

### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.tigris.org/ for more information.

[general]
### These options control access to the repository for unauthenticated
### and authenticated users. Valid values are “write”, “read”,
### and “none”. The sample settings below are the defaults.
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file’s location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file’s location is relative to the the
### directory containing this file. If you don’t specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.
authz-db = authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository’s uuid.
# realm = My First Repository

[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run ‘svnserve –version’ and look for a line
### reading ‘Cyrus SASL authentication is available.’
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256

只需要设置这几项就可以了。
anon-access = none //设置不允许非法匿名操作。
auth-access = write //设置通过账户来控制。
password-db = passwd //指定用户名和口令文件(当前目录)  。
authz-db = authz //指定权限配置文件(当前目录)。
以上就全部配置完了web1的svn,接下来启动svn,通过客户端进行验证测试。
启动命令:

svnserve -d -r /usr/local/svn

如果svn已经在运行了,那么就可以换个端口
svnserve -d -r /usr/local/svn –listen-port 3691
这里的目录,可以是/usr/local/svn,也可以是/usr/local/svn/web1,只不过是你在客户端连的时候,加不加/web1,如果是/usr/local/svn,那么客户端连web1接是:svn://服务器ip地址/web1,如果是/usr/local/svn/web1,那么客户端连web1的地址则是:svn://服务器ip地址/

查看启动情况:

ps -ef|grep svn
root 8145 1 0 Feb19 ? 00:00:00 svnserve -d -r /usr/local/svn
root 21841 21733 0 18:19 pts/0 00:00:00 grep svn

ok,snv已启动,pid为8145。
然后通过客户端,进行svn连接测试。
(默认端口3690)地址为:svn://服务器ip地址
(自定义端口3691)地址为:svn://服务器ip地址:3691
这里就不再去写客户端测试流程了。下一篇讲hooks(钩子)时再测试。

另外,如果服务器开了防火墙,需要把3390端口或者其他自定义的端口打开,命令:

iptables -I INPUT -i eth0 -p tcp –dport 3690 -j ACCEPT
iptables -I OUTPUT -o eth0 -p tcp –sport 3690 -j ACCEPT
etc/rc.d/init.d/iptables save

最后可以设置一下开机自启动

touch创建脚本svnstart.sh(/root路径下)然后编辑svnstart.sh,添加:

#!/bin/bash 
su svn -c”svnserve -r -d /usr/local/svn”  

添加可执行权限

chmod ug+x /root/svnstart.sh

接下来添加开机运行,编辑系统里的 /etc/rc.d/init.d/rc.local 文件,在最后添加:

/root/svnstart.sh

最后wq保存并退出,到此,svn服务器的搭建和配置到此结束,下一篇介绍如果使用(hooks)钩子让svn把数据自动向Web目录更新。

评论回复

5 + 7 =

回到顶部