Why use Subversion and why use Debian? Well, lots of people with a lot more knowledge about either or both have answered these questions, so I’ll leave the big arguments to them. Check the links below for some light reading on what some had to say. Why are we using them for CS 594? That one I have the answers to:
- As a group, we decided that Subversion (svn) is the revision control system on the rise and we want to use the latest and greatest (sorry cvs).
- Debian is the linux distribution of choice because I got stuck with the job of sys admin for the quarter and it happens to be my favorite. 15,490 packages a simple apt-get install away, automatic dependency resolution, debconf, ultra stable, blah blah blah. You get the idea.
OK, great. We are using svn and Debian stable. Now what? You might find it useful one day to set up your own repository or take Debian for a spin, so I’ll document the things I did to set up our svn server.
It goes a little like this:
- Grab the installation media
Run through the installer
Lock down the box
Install subversion
Do a little administrative stuff
Grab the installation media
Point your browser to http://www.us.debian.org/distrib/ and find the installation media that is right for you. Debian supports a lot of different architectures and provides four different distributions. For our purposes, we want to run Sarge, the current stable distribution, on i386 style equipment. Also, since we are only installing a bare minimum of packages, it is not necessary to download the full cd. Grab the netinstall image from http://www.us.debian.org/CD/netinst/ or pick one of the other low bandwidth options. Once you have the .iso downloaded, burn it to cd as a bootable image. I cheat and use Disk Utility on OS X because my G5 has more disk space than I know what to do with and, well, Disk Utility makes it brainless.
Run through the installer
Debian used to get picked on for it’s unfriendly installer. It still does, but it is not as hard as it used to be and will actually do most of the work for you. It’s not pretty like CentOS, but it does the job and let’s you get your hands dirty if that’s what you want. Really, the only part that may get sticky is partitioning the disk. Guided partitioning will give you a pretty good set up with most of the space allocated to /home, but that didn’t jibe with the plans I had for putting the repositories in /var, so manual partitioning is called for. You aren’t stuck with fdisk anymore, the curses-type interface lets you click and select what you want to do.
Anyway, answer the questions about networking, host name, etc. When you get to the final step of installing additional packages, select manual package selection, but don’t run dpkg. There is an option to install packages later, and that’s what we want. At this point, the installer is going to download a bunch of packages and install them, then give you a login prompt.
Lock down the box
From a security standpoint, it is better to do the complete install disconnected from your network, lock down the box, then connect it to the network. We didn’t do that, but we better do something before we start running any services. If you were watching the packages scroll down the screen, you noticed ssh was installed and you didn’t even have to ask for it. Better cd to /etc/hosts.deny and put an entry in like ALL: ALL. Then disable root log in for ssh in the file /etc/ssh/sshd_config. I want to know what’s going on with my system, so now is the time to download chkrootkit, tiger, Bastille, and scanlog. Pretty easy to guess what chkrootkit does. Tiger is a security auditing system, Bastille is a system hardening program, and scanlog alerts you to nasties portscanning your server. Nmap is a good idea, too, but you ought to run it locally and from another host so you can see what your local system sees and what the outside world sees.
Once you think things are OK, edit /etc/hosts.allow and add an entry for ssh access.
Install subversion
apt-get install subversion subversion-tools
Yep, really is that simple.
Do a little administrative stuff
Now that you have everything above done, people will need to use it. I’m going to create a directory called /var/local/repository and it will contain a separate repository for each project. You have some choices about how to handle this, so go read up about it in the subversion documents. One of svn’s big advantages is the ability to use Apache 2.0 as the connection and authentication mechanism, but I don’t want to run a web server just for this. We have to run ssh to administer the box, so we’ll use ssh as the connection mechanism and leave only one service open to the world. svn will tunnel through ssh, so all we need to do is create user accounts, an svn system user and group, add the users to that group, change the ownership of /var/local/repository to svn, change the mode and set GID on the repository, and then start using it.
Almost done
So what does a client do to connect to the repository? Create a local folder that will hold the local copy of the repository. Connect to the server with a command like
svn checkout svn+ssh://host.example.com/repository/project1
from within your local repository folder and you’re set.
Links
http://www.us.debian.org/ Home page for the Debian project
http://www.us.debian.org/distrib/ Debian distributions page
http://www.us.debian.org/CD/netinst/ Netinstall page
http://subversion.tigris.org/ Subversion project home page
http://svnbook.red-bean.com/en/1.1/index.html Online documentation for subversion 1.1
To Do
Need to add more examples to Almost Done, it’s really just a place holder at the moment. A page with common commands would be useful. Oooh, some pretty pictures would make this a bit more exciting, too.
No comments:
Post a Comment