install software

you, obviously, have to have dapper installed and also subversion and an ssh server. on our network, you can just network boot and then type “server” at the ubuntu prompt which should install the os. make sure that you either disable network booting or if in the dmz, configure an ip in the dhcp server for that specific mac address in order to not network boot anymore. after everything’s up:

sudo apt-get install subversion openssh-server

you now should be ready to go.

setup the basic subversion area

1. create a subversion (svn) user:
   

   sudo adduser –disabled-password –home /var/lib/svn svn

2. create a directory for the repositories and backups.
   

   sudo mkdir -m 2770 -p /var/lib/svn/repos /var/lib/svn/repos-backup

3. make sure the owners are correct:
   

   sudo chown -R svn:svn /var/lib/svn

setup a new repository

1. create a group for permissions for the new repository. i would make the group name the same as the name of the repository to reduce confusion.
   

   sudo addgroup [repo-group]

2. create a directory where the repository will be located with the correct permissions. setting these permissions will make sure that all of the directories and files that are created when the repository is created will have the proper group set.
   

   mkdir -m 2770 -p /var/lib/svn/repos/[repo-group]

3. set the owner and group for the new repository:
   

   sudo chown svn:[repo-group] /var/lib/svn/repos/[repo-name]

4. create the repository:
   

   svnadmin create –fs-type fsfs /var/lib/svn/repos/[repo-name]

5. make sure the user and group is create on the files.
6. add users to the group who need access to this repository:
   

   sudo adduser [user] [repo-group]

i think that’s basically it. it seems best to create a separate repository for each project. that way it’s easy to keep permissions separated by project group. it’s also appears to not be a requirement with subversion to keep everything in one repository to be able to include them in other projects using modules as in cvs. i haven’t tested this functionality yet though. see external definitions for more information.

repository backups

once you have your repositories setup, clearly you’re going to want to be backing up your precious data. at the current time, i’m taking the fairly simple approach of just backing up the entire repository every night using svnadmin hotcopy.

simple subversion backup script

i just run this script for each repository every night using cron as the svn user. might should be looping through all repositories in the repos directory, but currently i’m just individually adding each to the crontab. the script doesn’t do any pruning of the backups. that’s the responsibility of the backup machine. what needs to be done is to setup a cronjob on the backup server under the target backup user that uses find to remove old backup files. each new backup has a timestamp in the name.
the script just tars up the hotcopy directory and the pipes it to ssh and stores it on a machine we use for backups. to add a user to the backup machine:

sudo adduser –disabled-password –home /home/backups/$USER $USER

after creating the user, you should create a directory in the new user’s home directory that is the hostname from which you will be backing up. this way you could have backups from multiple machines going to the same user. alternatively, i guess you could create a user for each machine. then do backups as the root user on that machine (necessary for certain directories). this still needs to be worked out a bit.

then you have to generate an ssh key on the subversion machine to use for the backups and put the key on the backup machine under the user you just created. this command (all on one line) would be run as the svn user (or whatever user your doing backups for in the general case).

ssh-keygen -b 4096 -t rsa -C $USER-backup@$HOSTNAME -f $HOME/.ssh/$USER-backup

adding new users

this isn’t really specific to subversion, but is generally how servers should be configured. the only way to log into the server is using ssh with public keys. you can disabled root and password authentication in the /etc/ssh/sshd_config file. the best thing to do seems to be to add a default .ssh/authorized_keys file when the machine is first installed that includes the known ssh keys for admins. then, when a new user is added, these keys will be there by default. it’s then fairly easy for an admin to copy in the real user key and remove any admin keys if desired.

the passwords for all non-admin users are disabled. admins need there password in order to be able to run sudo. therefore, all admin users have to also be in the admin group (sudo adduser [user] admin). the same command for generating an ssh key as mentioned above can be used for generating keys.

this information should probably more flushed out in a different post. oh well. that should do for now.

reference

• subversion ubuntu community documentation