Version Control at the Institute

Concept
Available Services
- WebDAV (SVN)
- WebDAV with Kerberos authentication
Repositories
- Create a new folder
- Import projects
Access permissions
Backup

Concept

The version control realized centrally server-based via Subversion. The Subversion server is accessible as a pure web service under the name svnserv.cbs.mpg.de. Find links to all repositories there. All data is stored locally and is regularly mirrored to AFS for backup purposes. The server is a VM under KVM.

Available Services

WebDAV (SVN)

Subversion clients access the repositories via WebDAV with the link https://svnserv.cbs.mpg.de/svn/[Repository]

WebDAV with Kerberos authentication

This service works similar to the WebDAV service with two exceptions:

The authentication is required and handled exclusively via Kerberos. More information can be found at Kerberos.
External users cannot use this service.

https://svnserv.cbs.mpg.de/svnk/[Repository]

The command line SVN client should support this immediately. You can test this by doing this, for example:

user@host > svn ls https://svnserv.cbs.mpg.de/svnk/edv/EDV

If you get a list of directories or the error "403 Forbidden", then it works.

Repositories

Each user group in the institute automatically receives its own repository, to which all members automatically have full access. The user group is synchronized regularly. The IT department creates additional repositories as required, e.g. for cooperation or special projects.

Create a new folder

=user@host > = svn mkdir https://svnserv.cbs.mpg.de/svnk/edv/EDV/hdcheck -m "Created dumb directory"

Import projects

Only source code should be versioned with SVN. This is why you should separate an existing project from all other files, like compiled code etc."

=user@host > = rm bin/main

=user@host > = svn import /scr/hesse1/hdcheckmod.sh https://svnserv.cbs.mpg.de/svnk/edv/EDV/hdcheck/* -m 'Initial import'

Access permissions

The SVN server communicates with the LDAP server. All users with an account in the institute can access the LDAP server, but may then be restricted by the authorization settings of the SVN (access.svn).

It is also possible to create external users, e.g. for collaborations. The LDAP branch ou=svnextern,ou=Users,dc=cbs,dc=mpg,dc=de exists for this purpose. These users only have access to the SVN - again restricted by SVN authorization.

The file /etc/apache2/access.svn is updated once a night. The groups that are statically defined there are adjusted. The group block between the lines

# #LDAP-Groups#[additional groups]#

and

# #LDAP-End#

is overwritten - own group definitions must therefore be made outside of this block. All groups starting with gr_ will be taken from the LDAP.

The value [additional groups] contains a (potentially empty) comma-separated list of groups that should additionally be synchronized.

Backup

The SVN server is backed up via the AFS. The following things are saved uncompressed here /afs/cbs.mpg.de/backup/databases/svn

All SVN repositories
The entire /etc/apache2 directory (and thus all SVN-related configuration information of the server)

The actual backup is done with Bacula. However, the organization of the SVN fsfs backend must primarily protect against disk failure, which means that the AFS backup should be sufficient for recovery in practically every case.

This topic: EDV/FuerUser > WebHome > RevisionControl
Topic revision: 05 Aug 2024, wherbst

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback