CentOS 5,CentOS6 下yum安装Subversion,及其配置指南:
基本步骤:
1、安装必需的subversion、登录subversion的认证数据库mysql、发布subversion的服务httpd及其相关mod文件、生成https证书的openssl;
2、配置subversion的资料库文件以及访问权限管理文件authz;
3、配置mysql里的认证数据库,便于访问svn;
4、配置httpd关于subersion和mysql的模块文件;
5、配置https证书,通过openssl;
6、注意事项以及常见问题。
完全运行如下:
1)
[simonsun@magic ~]$ sudo yum install subversion httpd openssl mod_ssl mod_dav_svn mod_auth_mysql mysql mysql-server mysql-devel
[simonsun@magic ~]$ sudo mkdir /home/subversion
[simonsun@magic ~]$ sudo svnadmin create /home/subversion/test
[simonsun@magic ~]$ sudo cp /home/subversion/test/conf/authz /home/subversion/
[simonsun@magic ~]$ sudo chown apache.apache /home/subversion/ -Rf
[simonsun@magic ~]$ sudo chmod ug+rwx /home/subversion/ -Rf
[simonsun@magic ~]$ sudo vim /home/subversion/authz
在最后添加如下内容(i)
[test:/]
testuser = rw
* =
即:给刚才通过svnadmin创建的资料库test添加访问用户testuser,其资料库权限为读和写rw, *= 表示其他用户没有任何权限访问任何资料库。
2)
下面在mysql里建立登录认证数据库auth,并添加用户名为testuser的记录:
(注:centos下mysql的具体配置参照: CentOS下配置MySQL )
[simonsun@magic ~]$ mysql -u root -p
登录后运行以下建库脚本并添加一条记录,建库脚本参考了/etc/httpd/conf.d/auth_mysql.conf 里的注释内容。
create database auth;
use auth;
CREATE TABLE users ( user_name CHAR(30) NOT NULL, user_passwd CHAR(20) NOT NULL, PRIMARY KEY (user_name) );
GRANT SELECT ON auth.users TO authuser@localhost IDENTIFIED BY 'PaSswoRd2009';
INSERT INTO users VALUES ('testuser', ENCRYPT('testuser'));
3)
下面将上述2个步骤里的资料库信息和登录资料库认证信息配置到httpd里,便于通过http://localhost/svn访问资料库。
(注:centos下httpd的具体配置参照:Linux下无图形化配置万维网服务器httpd )
[simonsun@magic ~]$ sudo vim /etc/httpd/conf.d/subversion.conf
在最后添加如下内容(i),注意各个属性和前面2步一一对应。
<Location /svn>
DAV svn
SVNParentPath /home/subversion/
AuthzSVNAccessFile /home/subversion/authz
AuthName "SimonSun's Repository"
AuthType Basic
AuthMYSQLEnable on
AuthMySQLUser authuser
AuthMySQLPassword "PaSswoRd2009"
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
require valid-user
</Location>
[simonsun@magic ~]$ sudo /usr/sbin/httpd -t
Syntax OK
4)
下面通过openssl生成证书,便于通过https也能访问资料库。
[simonsun@magic ~]$ sudo vim /etc/httpd/conf/httpd.conf
找到:
#ServerName www.example.com:80
在其后添加(magic.linux为主机名):
ServerName magic.linux:80
[simonsun@magic ~]$ cd /etc/pki/tls/certs/
[simonsun@magic certs]$ sudo mv ../private/localhost.key ../private/localhost.key.bak
[simonsun@magic certs]$ sudo /usr/bin/openssl genrsa -out ../private/localhost.key 1024
Generating RSA private key, 1024 bit long modulus
................................++++++
...........++++++
e is 65537 (0x10001)
(备注:默认的ssl密钥的存放路径,在CentOS 5下 是在 /etc/pki/tls/certs/private/localhost.key,CentOS 6 下是在/etc/pki/tls/private/localhost.key,具体配置地址的是在文件/etc/httpd/conf.d/ssl.conf 里,如:
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
。)
[simonsun@magic certs]$ sudo make testcert
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:Beijing
Locality Name (eg, city) [Newbury]:Beijing
Organization Name (eg, company) [My Company Ltd]:Beijing
Organizational Unit Name (eg, section) []:Beijing
Common Name (eg, your name or your server's hostname) []:magic.linux
Email Address []:[email protected]
[simonsun@magic certs]$ ls
ca-bundle.crt localhost.crt make-dummy-cert Makefile
5)
从新启动一下httpd
[simonsun@magic certs]$ sudo /etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
现在就可以打开浏览器访问svn资料库了:
http://localhost/svn/test 或者 https://magic.linux/svn/test
用户名和密码是testuser/testuser。
注意事项是,到了最后,如果开启着SELinux(Security-Enhanced Linux)可能会提示httpd访问受限,
日志里会有像下面的记录:
[error] [client 127.0.0.1] Access denied: 'testuser' GET test:/
[error] [client 127.0.0.1] (13)Permission denied: Failed to load the AuthzSVNAccessFile: Can't open file '/home/subversion/authz': Permission denied
可以在system-config-securitylevel里禁用SELinux。
(备注:CentOS 6 没有上面这个图形化工具配置,需要用setenforce设置:
[simon_sun@gnu ~]$ getenforce
Enforcing
[simon_sun@gnu ~]$ setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[simon_sun@gnu ~]$ sudo setenforce 0
[simon_sun@gnu ~]$ getenforce
Permissive
如果要永久变更系统 SELinux 运行环境,可以更改配置文件 /etc/sysconfig/selinux 实现。注意当从 Disabled 切换到 Permissive 或者 Enforcing 模式后需要重启计算机并为整个文件系统重新创建安全标签(touch /.autorelabel && reboot。 --参考:http://blog.csdn.net/wxy8402/article/details/6902871
)
如果出现其他错误,可以通过查看错误日志来找出问题所在:
[simonsun@magic certs]$ sudo vim /var/log/httpd/error_log
访问subversion资料库的各种日志包含在httpd的日志里,
[simonsun@magic certs]$ sudo ls /var/log/httpd/
access_log access_log.3 error_log.1 error_log.4 ssl_access_log ssl_error_log.2 ssl_request_log
access_log.1 access_log.4 error_log.2 nss_access_log ssl_error_log ssl_error_log.3
access_log.2 error_log error_log.3 nss_error_log ssl_error_log.1 ssl_error_log.4
[simonsun@magic certs]$
以上均在CentOS 5系列和6系列的32位64位操作系统下测试通过。
参考链接:
http://wiki.centos.org/HowTos/Subversion
http://doc.iusesvn.com/show-12-1.html
=========================