This is a step-by-step guide for dummies on how to configure SVN from scratch.
Use YUM (or your distribution package manager, if any) to make sure that Subversion (SVN) is installed on your system. If not, install it.
SVN is a network service, so it needs to be accessed from network. Bearing this in mind, you should make sure that your system firewall is allowing traffic before you start any service configurations.
You should set up your network first. If you don't, you might have the correct SVN service configuration, and you'll be trying to find where it's failing not realizing it's a network configuration problem.
First, test if both machines (SVN repository server and SVN client) can reach each other.
Ping the SVN server IP from the SVN client (ping aaa.bbb.ccc.ddd), and ping the SVN client from the SVN server.
Open the following ports at the firewall on both machines (outbound at the SVN client, and inbound at the SVN server):
PROTOCOL
TCP
PORT
3690
PURPOSE
SVN
This is what's mostly used. But IANA has listed a somewhat different set of ports:
svn 3690/tcp Subversion
svn 3690/udp Subversion
Source: http://www.iana.org/assignments/port-numbers
A system account is needed, to run the SVN Server and protect files.
Therefore, an user and group must be created for SVN, if they don't exist already.
Check if you have a SVN user at /etc/passwd and a group at /etc/group.
Otherwise, create where missing.
Suggested values:
User
Username: svn
Full Name: SVN Owner
Login Shell: /sbin/nologin (system user not for login)
Home: /home/svn
ID: 56
Group
Group Name: svn
RED: The user name that you choose here will influence the next configurations.
Now, if we want SVN to be up and ready automatically after an eventual reboot, we need to set up SVN as a service.
To do this, we must add SVN to XINETD.
Go to /etc/xinetd.d and check if you have already a file named svn, otherwise we must create one.
The file content should be something like:
# Begin /etc/xinetd.d/svn
service svn
{
disable = no
port = 3690
socket_type = stream
protocol = tcp
wait = no
user = svn
server = /usr/bin/svnserve
server_args = -i -r /var/svn/repos
}
# End /etc/xinetd.d/svn
See attached file below.
RED: Remember the user name created before. That user name must match the one after user=. Also be warned that the repository location chosen at server_args will influence next configurations.
Check if xinetd service is running, and if svn is selected to run. If not, select it and restart xinetd.
Now that the SVN Server (svnserve) is up and running, we need a repository to connect to.
Let's set up one...
Create a repository named garbage, where you can grasp the ways of SVN.
To create this repository execute the following command:
svnadmin create /var/svn/repos/garbage
RED: Remember that you specified repositories location at /var/svn/repos at the previous configuration.
All files created by the command executed at the previous step will have owner, group and permissions set to the user used to execute the command.
For security purpose, all repository files should be accessible only to the SVN Server (svnserve) which is running as svn user. So all repository files must be owned by svn, with group svn and with read and write permissions to svn user, and to svn group as needed.
To achieve this, execute the following commands:
find /var/svn -exec chown svn '{}' \;
find /var/svn -exec chgrp svn '{}' \;
find /var/svn -exec chmod u+rw '{}' \;
find /var/svn -exec chmod go= '{}' \;
Or:
find /var/svn -exec chown svn '{}' \;
find /var/svn -exec chgrp svn '{}' \;
find /var/svn -exec chmod ug+rw '{}' \;
find /var/svn -exec chmod o= '{}' \;
Or whatever permissions you need.
RED: Remember that those values depend on previous configurations.
You can also create a shell script, a batch of some sort, that you can execute every time you create a new repository.
Something like:
#!/bin/bash
find /var/svn -exec chown svn '{}' \;
find /var/svn -exec chgrp svn '{}' \;
find /var/svn -exec chmod u+rw '{}' \;
find /var/svn -exec chmod go= '{}' \;
Or, if you'd like to run this only for a specific repository (repository name as an argument on script call):
#!/bin/bash
if [ "$1" = "" ]
then
echo "Usage: $0 repository_name"
else
find /var/svn/repos/$1 -exec chown svn '{}' \;
find /var/svn/repos/$1 -exec chgrp svn '{}' \;
find /var/svn/repos/$1 -exec chmod ug+rwX '{}' \;
find /var/svn/repos/$1 -exec chmod o= '{}' \;
fi
A sample file is attached below.
Now we need to configure users' repository access.
Configuration files for this can be found at /var/svn/repos/garbage/conf. That is to say that user access will have to be set up for each repository. If you'd like to have a single user configuration for multiples repositories, you'll need a different set of configuration files.
RED: Path depends on previous configurations.
At this directory you'll find the following 3 text files (with examples inside):
authz
passwd
svnserve.conf
The included examples are self explanatory, but I'll add something even more explicit.
passwd
[users]
harry = harryspassword
sally = sallyspassword
greta = gretaspassword
linda = lindaspassword
This is the simplest file of the bunch. It just stores user names and associated passwords.
List here the SVN users and respective passwords.
authz
[groups]
admins = harry
analysts = harry, sally
programmers = greta, linda
users = @admins, @analysts, @programmers
[/]
* =
@users = r
@admins = rw
[/docs]
@analysts = rw
[/source]
@programmers = rw
sally = rw
This defines user's groups and their access to directories inside this (where the files are) repository.
svnserve.conf
[general]
#anon-access = read
anon-access = none
auth-access = write
password-db = passwd
authz-db = authz
realm = GarbageRealm
This configuration will not allow unidentified users to browse the repository, will allow up to write to identified users, will use the passwd and authz files at the conf directory for user and access rights database, and identifies this access configuration as GarbageRealm.
You can now test connections from your SVN Client.
You can have a common access definitions to your repositories.
To achieve this, place the passwd and authz files outside your repository directory structure. A good place to store these files is at the directory where you're storing your repositories. At the example above, should be /var/svn or /var/svn/repos directory.
The svnserve.conf should now point to the passwd and authz new locations. The realm should have the same value on all svnserve.conf that point to the same passwd and authz files, so clients are aware that stored identification pairs (user and password) should work for those repositories.
The authz can now have distinct permissions set for different repositories.
Example:
[groups]
admins = harry
analysts = harry, sally
programmers = greta, linda
users = @admins, @analysts, @programmers
[repository1:/]
* =
@users = r
@admins = rw
@analysts = rw
[repository2:/]
* =
@users = r
@admins = rw
@programmers = rw
[repository3:/docs]
@analysts = rw
[repository4:/source]
@programmers = rw
sally = rw
If you already have a directory structure and files for your project, place a trunk-branches-tags directory structure around that project structure, and import it into your repository by issuing the following command:
svn import -m "Initial import" /dir/files svn://rep.server.ip/rep_name
The following was tested only under CentOS 5.4 (Red Hat) with the svn protocol (no http):
Stop the xinetd service (responsible for the svnserve) by issuing the command:
/sbin/service xinetd stop
Uninstall (using YUM or RPM) the version of Subversion that is shipped with CentOS (or Red Hat).
Download the appropriate Subversion client and server RPM files from http://www.collab.net/downloads/subversion/redhat.html.
Install the client and server RPM's.
Edit the file /etc/xinetd.d/svn and...
Replace:
/usr/bin/svnserve
With:
/opt/CollabNet_Subversion/bin/svnserve
Upgrade the repositories by issuing the command (single line) for each repository:
/opt/CollabNet_Subversion/bin/svnadmin upgrade /var/svn/repos/repository_name
Don't forget to reset permissions, as when setting up a new repository (this upgrade might create new files and directories).
Start the xinetd service to launch the new svnserve version.
Should be up and running.
RED: Path depends on previous configurations.
If we set up two (or more) svn servers, and want repositories to be on both (or more) servers, then we want them to be synchronized.
A few easy steps, at the destination server, can accomplish this:
Create a new svn repository:
svnadmin create /var/svn/repos/repository_name
Allow properties changes to occur:
echo "#!/bin/bash" > /var/svn/repos/repository_name/hooks/pre-revprop-change
Allow file execution:
chmod u+x /var/svn/repos/repository_name/hooks/pre-revprop-change
Change file owner, group and permissions so the svnserve can access:
find /var/svn/repos/repository_name -exec chown svn '{}' \;
find /var/svn/repos/repository_name -exec chgrp svn '{}' \;
find /var/svn/repos/repository_name -exec chmod ug+rwX '{}' \;
find /var/svn/repos/repository_name -exec chmod o= '{}' \;
Initialize the repository for synchronization:
svnsync init svn://127.0.0.1/repository_name svn://source.machine.ip/repository_name \
--non-interactive \
--no-auth-cache \
--trust-server-cert \
--source-username user_for_sync_on_source_machine \
--source-password pass_for_sync_user \
--sync-username user_for_sync_on_destination \
--sync-password pass_for_sync_user \
--config-dir /var/svn
Synchronize:
svnsync sync svn://127.0.0.1/repository_name \
--non-interactive \
--no-auth-cache \
--trust-server-cert \
--source-username user_for_sync_on_source_machine \
--source-password pass_for_sync_user \
--sync-username user_for_sync_on_destination \
--sync-password pass_for_sync_user \
--config-dir /var/svn
Should be up and running...
See also examples below, and attached files.
Setting permissions:
#!/bin/bash
if [ "$1" = "" ]
then
echo "Usage: $0 repository_name"
else
yes | cp /var/svn/svnserve.conf /var/svn/repos/$1/conf
find /var/svn/repos/$1 -exec chown svn '{}' \;
find /var/svn/repos/$1 -exec chgrp svn '{}' \;
find /var/svn/repos/$1 -exec chmod ug+rwX '{}' \;
find /var/svn/repos/$1 -exec chmod o= '{}' \;
fi
Creating a repository:
#!/bin/bash
SVNDIR=/opt/CollabNet_Subversion/bin
if [ "$1" = "" ]
then
echo "Usage: $0 repository_name"
else
$SVNDIR/svnadmin create /var/svn/repos/$1
/var/svn/r.access.sh $1
fi
Initializing for synchronization:
#!/bin/bash
SVNDIR=/opt/CollabNet_Subversion/bin
if [ "$1" = "" ]
then
echo "Usage: $0 repository_name"
else
/var/svn/r.create.sh $1
echo "#!/bin/bash" > /var/svn/repos/$1/hooks/pre-revprop-change
chmod u+x /var/svn/repos/$1/hooks/pre-revprop-change
/var/svn/r.access.sh $1
$SVNDIR/svnsync init svn://127.0.0.1/$1 svn://source.machine.ip/$1 \
--non-interactive \
--no-auth-cache \
--trust-server-cert \
--source-username user_for_sync_on_source_machine \
--source-password pass_for_sync_user \
--sync-username user_for_sync_on_destination \
--sync-password pass_for_sync_user \
--config-dir /var/svn
fi
Synchronizing:
#!/bin/bash
SVNDIR=/opt/CollabNet_Subversion/bin
if [ "$1" = "" ]
then
echo "Usage: $0 repository_name"
else
$SVNDIR/svnsync sync svn://127.0.0.1/$1 \
--non-interactive \
--no-auth-cache \
--trust-server-cert \
--source-username user_for_sync_on_source_machine \
--source-password pass_for_sync_user \
--sync-username user_for_sync_on_destination \
--sync-password pass_for_sync_user \
--config-dir /var/svn
fi
Checking out:
#!/bin/bash
SVNDIR=/opt/CollabNet_Subversion/bin
if [ "$1" = "" ]
then
echo "Usage: $0 repository_name"
else
$SVNDIR/svn checkout svn://127.0.0.1/$1 /company/projects/folder/$1 \
--username user_for_sync \
--password pass_for_sync_user \
--no-auth-cache \
--non-interactive \
--trust-server-cert
fi
See attached files below.
Remember, contents depend on your configuration.