03/03: Linux, Apache, PostgreSQL and Subversion
Category: General | Posted by: JohnHaselden
Another update that's slightly off the 'Seam' topic, but it's useful information anyway. This post is going to take you through installing Subversion (SVN) onto Linux (Ubuntu 8.10 server) and use a database running under PostgreSQL 8.3 for authentication.
First up, install Ubuntu. I'll leave that one up to you to figure out, but I did not install the LAMP server option, just the PostgreSQL option as I don't need MySQL on this server.
From this point, we need to update our repositories for apt-get.
You can just run a sudo su to just log in as root.
Once that has completed, it's time to install the SVN server, apache, libapache2-svn and the libapache2-mod-auth-pgsql modules
and give apache a nudge to restart with the modules
OK, so let's do some work with PostgreSQL. First we need a database to store the SVN access details in. This database will have two tables, svnuser and svngroups. The first table will store the details of the user; login name, password, first name, surname and an email address along with an ID.
Let's create the database and the user for that database. Using psql as the postgres user:
Now quit psql and check that the above user works.
You're probably wondering why I'm specifying the loopback IP address as the host of the target database. Well, if you have a look at your pg_hba.conf file (under /etc/postgresql/8.3/main) and scroll to the bottom of the file, you will see that there are different rules for authenticating users connecting to the database depending on where they come from. By specifiying the IP address, you force PostgreSQL to perform MD5 authentication with the password you enter when trying to login rather than expecting ident or sameuser to work. If you don't want to do this repeatedly, then change 'ident sameuser' to 'md5' and restart PostgreSQL using /etc/init.d/postgresql restart.
Now you're on the database, let's set up our two tables.
Now, we are going to have a group for the admins who will have access to every project and one group per project. Let's create a admin first.
OK, let's set up repository. I have placed the repositories under /var/svn so move to that directory after you have created it. Once there, let's set up the repository as root.
Now, I want to be able to log into this repository using the user we have just created over HTTP (using WebDAV) so let's do that.
Still as root, cd to /etc/apache2/mods-available and move dav_svn.conf and dav_svn.load to /etc/apache2/mods-enabled, then copy 000_auth_pgsql.load to /etc/apache2/mods-enabled/auth_pgsql.load. You can use the contents of dav_svn.conf to work out what's going on, but I usually clear this file and start from fresh.
Add the following to the file:
And restart apache.
Now, from a remote machine and using a browser go to:
http://<your server hostname or IP address>/test/svn
You should be prompted to enter a user name and password for authentication so enter the username and password you inserted into the svnuser record and then you will see the 0 revision of your test repository.
First up, install Ubuntu. I'll leave that one up to you to figure out, but I did not install the LAMP server option, just the PostgreSQL option as I don't need MySQL on this server.
From this point, we need to update our repositories for apt-get.
sudo apt-get update
You can just run a sudo su to just log in as root.
Once that has completed, it's time to install the SVN server, apache, libapache2-svn and the libapache2-mod-auth-pgsql modules
sudo apt-get install subversion
sudo apt-get install apache2
sudo apt-get install libapache2-svn
sudo apt-get install libapache2-mod-auth-pgsql
and give apache a nudge to restart with the modules
/etc/init.d/apache2 restart
OK, so let's do some work with PostgreSQL. First we need a database to store the SVN access details in. This database will have two tables, svnuser and svngroups. The first table will store the details of the user; login name, password, first name, surname and an email address along with an ID.
Let's create the database and the user for that database. Using psql as the postgres user:
create database svnusers;
create user svnuseradmin with password '<your password>';
grant all privileges on database svnusers to svnuseradmin;
Now quit psql and check that the above user works.
psql -U svnuseradmin -W -h 127.0.0.1 svnusers
You're probably wondering why I'm specifying the loopback IP address as the host of the target database. Well, if you have a look at your pg_hba.conf file (under /etc/postgresql/8.3/main) and scroll to the bottom of the file, you will see that there are different rules for authenticating users connecting to the database depending on where they come from. By specifiying the IP address, you force PostgreSQL to perform MD5 authentication with the password you enter when trying to login rather than expecting ident or sameuser to work. If you don't want to do this repeatedly, then change 'ident sameuser' to 'md5' and restart PostgreSQL using /etc/init.d/postgresql restart.
Now you're on the database, let's set up our two tables.
create table svnuser(
login varchar(20) primary key,
password varchar(60) not null,
firstname varchar(100) not null,
surname varchar(100) not null,
email varchar(255) not null);
create index svnuser_login_idx on svnuser (login);
create table svngroups (
login varchar(20) not null constraint svngroups_login_fk references svnuser (login),
svngroup varchar(50) not null);
create index svngroups_login_idx on svngroups(login);
alter table svngroups add constraint svngrousp_login_svngroup_unique unique (login, svngroup);
Now, we are going to have a group for the admins who will have access to every project and one group per project. Let's create a admin first.
insert into svnuser values (
'<your username>',
md5('<your password>'),
'<your first name>',
'<your surname>',
'<your email address>');
insert into svngroups values ('<your username>', 'admin');
OK, let's set up repository. I have placed the repositories under /var/svn so move to that directory after you have created it. Once there, let's set up the repository as root.
svnadmin create test
Now, I want to be able to log into this repository using the user we have just created over HTTP (using WebDAV) so let's do that.
Still as root, cd to /etc/apache2/mods-available and move dav_svn.conf and dav_svn.load to /etc/apache2/mods-enabled, then copy 000_auth_pgsql.load to /etc/apache2/mods-enabled/auth_pgsql.load. You can use the contents of dav_svn.conf to work out what's going on, but I usually clear this file and start from fresh.
Add the following to the file:
<Location /test/svn>
DAV svn
SVNPath /var/svn/test
# Turn BASIC auth off and point it at a blank file,
# or you get a whole bunch of garbage in the logs
AuthBasicAuthoritative Off
AuthType Basic
AuthName "Test SVN Repository"
AuthUserFile "/dev/null"
Auth_PG_hash_type md5
Auth_PG_host localhost
Auth_PG_port 5432
Auth_PG_user svnuseradmin
Auth_PG_pwd <your password>
Auth_PG_database svnusers
Auth_PG_pwd_table svnuser
Auth_PG_uid_field login
Auth_PG_pwd_field password
Auth_PG_grp_table svngroups
Auth_PG_cache_passwords on
Auth_PG_grp_user_field login
Auth_PG_grp_group_field svngroup
Require group test admin
</Location>
And restart apache.
Now, from a remote machine and using a browser go to:
http://<your server hostname or IP address>/test/svn
You should be prompted to enter a user name and password for authentication so enter the username and password you inserted into the svnuser record and then you will see the 0 revision of your test repository.
marta wrote: