Centos7.5安装SVN并配置Apache iF.SVNAdmin

SVN服务器搭建

1. 安装subversion

[root@VM_0_3_centos /]# yum install subversion

2. 查看svn版本

[root@VM_0_3_centos /]# svn --version
svn, version 1.7.14 (r1542130)
   compiled Apr 11 2018, 02:40:28

Copyright (C) 2013 The Apache Software Foundation.
This software consists of contributions made by many people; see the NOTICE
file for more information.
Subversion is open source software, see http://subversion.apache.org/

The following repository access (RA) modules are available:

* ra_neon : Module for accessing a repository via WebDAV protocol using Neon.
  - handles 'http' scheme
  - handles 'https' scheme
* ra_svn : Module for accessing a repository using the svn network protocol.
  - with Cyrus SASL authentication
  - handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
  - handles 'file' scheme

3. 创建仓库

[root@VM_0_3_centos /]# mkdir var/www/svn
[root@VM_0_3_centos /]# cd /var/www/svn
[root@VM_0_3_centos svn]# svnadmin create testworkspace
[root@VM_0_3_centos svn]# ls -rlt
total 16
drwxr-xr-x 6 root   root   4096 Dec  2 09:34 testworkspace

仓库创建完成后，在仓库的conf目录下会自动生成3个文件svnserve.conf、passwd、authz：

[root@VM_0_3_centos svn]# cd testworkspace/
[root@VM_0_3_centos testworkspace]# ls -rlt
total 24
drwxr-xr-x 2 root root 4096 Dec  2 09:34 locks
drwxr-xr-x 2 root root 4096 Dec  2 09:34 hooks
-rw-r--r-- 1 root root  229 Dec  2 09:34 README.txt
drwxr-xr-x 2 root root 4096 Dec  2 09:34 conf
drwxr-sr-x 6 root root 4096 Dec  2 09:34 db
-r--r--r-- 1 root root    2 Dec  2 09:34 format
[root@VM_0_3_centos testworkspace]# cd conf
[root@VM_0_3_centos conf]# ls -rlt
total 12
-rw-r--r-- 1 root root 3090 Dec  2 09:34 svnserve.conf
-rw-r--r-- 1 root root  309 Dec  2 09:34 passwd
-rw-r--r-- 1 root root 1080 Dec  2 09:34 authz

svnserve.conf：svn服务配置文件
passwd：用户名口令文件
authz：权限配置文件

4. SVN配置

4.1 svnserve.conf文件：
该文件由一个[general]配置段组成。格式：<配置项>=<值>

配置项分为以下5项：

1.anon-access 控制非鉴权用户访问版本库的权限。取值范围为"write"、“read"和"none”。即"write"为可读可写，"read"为只读，“none"表示无访问权限。缺省值：read
2.auth-access 控制鉴权用户访问版本库的权限。取值范围为"write”、“read"和"none”。即"write"为可读可写，"read"为只读，"none"表示无访问权限。缺省值：write
3.password-db 指定用户名口令文件名。除非指定绝对路径，否则文件位置为相对conf目录的相对路径。缺省值：passwd
4.authz-db 指定权限配置文件名，通过该文件可以实现以路径为基础的访问控制。除非指定绝对路径，否则文件位置为相对conf目录的相对路径。缺省值：authz
5.realm 指定版本库的认证域，即在登录时提示的认证域名称。若两个版本库的认证域相同，建议使用相同的用户名口令数据文件。缺省值：一个UUID(Universal Unique IDentifier，全局唯一标示)。

以下是一个详细的配置文件:

### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository.  (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.apache.org/ for more information.

[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete 
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.

### 对于授权用户与未被授权用户的访问级别控制：read，write，write
anon-access = none
auth-access = write
          
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
      
### 密码数据文件的保存位置，默认为相对路径，如果以/开头则为绝对路径
#### 如果SASL开启的话，那么就不会验证该文件 
password-db = passwd
    
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file.  If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.

### 用户数据文件的保存位置，默认为相对路径，如果以/开头则为绝对路径
#### 如果未指定路径，则无访问控制
authz-db = authz

### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.

### 指定验证的范围，如果两个repo的realm属性一样，那么它们就应该使用同一个password数据库，反之亦然
#### 默认的realm就是repo的唯一标示符
realm = /var/www/svn/testworkspace

### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above.  Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none

[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'

### 是否开启SASL验证，默认是false的
#### 此选项会默认svn服务器支持Cyrus，检查的方法是，运行'svnserve --version'命令，查看输出是否有'Cyrus SASL authentication is available.'
# use-sasl = true

### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.


### 下面两个选项用来指定加密强度的
# min-encryption = 0
# max-encryption = 256

将svnserve.conf修改成如下内容:

#匿名访问的权限，可以是read,write,none,默认为read
anon-access=none
#使授权用户有写权限 
auth-access=write
#密码数据库的路径 
password-db=passwd
#访问控制文件 
authz-db=authz
#认证命名空间，subversion会在认证提示里显示，并且作为凭证缓存的关键字 
realm = /var/www/svn/testworkspace

说明：设定非鉴权用户无权限访问该版本库；鉴权用户可对版本库进行读写；用户名口令文件为conf目录下的passwd，权限配置文件为版本库conf目录下的authz，版本库的认证域为：/var/www/svn/testworkspace

4.2 passwd文件
该文件由一个[users]配置段组成，格式：<用户名>=<口令> 注：口令为未经过任何处理的明文。
修改成如下:

[users]  
admin = admin  
test = test

4.3 authz文件
该文件由[groups]配置段和若干版本库路径权限段组成
[groups]配置段格式：<用户组>=<用户列表>
用户列表由若干个用户组或用户名构成，用户组或用户名之间用逗号",“分隔，引用用户组时要使用前缀”@"

版本库路径权限段格式：

 [<版本库名>:<路径>]如版本库abc路径/tmp的版本库路径权限段的段名为"[abc:/tmp]"。

 可省略段名中的版本库名。若省略版本库名，则该版本库路径权限段对所有版本库中相同路径的访问控制都有效。如：[/tmp]

版本库路径权限段中配置行格式有如下三种：
<用户名> = <权限>
<用户组> = <权限>
* = <权限>
其中，"*"表示任何用户；权限的取值范围为’’、‘r’和’rw’，’'表示对该版本库路径无任何权限，'r’表示具有只读权限，'rw’表示有读写权限。

注意：每行配置只能配置单个用户或用户组。

### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the '$authenticated' token,
###  - only anonymous users, using the '$anonymous' token,
###  - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe

# [/foo/bar]
# harry = rw
# &joe = r
# * =

# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r

每一个section都命名了一个版本库（repository）和其对应的路径（path），option name是已认证的用户名（即在passwd文件中定义的用户），而option value是用户对仓库指定路径的访问级别，分为r(read-only)只读和rw(read/write)读写这两种。注意下，特别强调每一部分配置的名称可以是[repos-name:path]或[path]这两种格式。
搞清楚了这些概念后，修改配置文件如下：

####在最后面增加如下内容，[/] 是相对svn库src目录下的访问路径，可根据路径分配目录访问权限：
[/]
admin = rw
* =
 
####如下是配置test用户只有对svn/fendo的目录，具有可读写权限
[/fendo]
test = rw
* =

总结：
SVN管理员可以通过这3个配置文件设置svnserve服务的用户名口令，以及对版本库路径的访问权限。这些配置文件保存后就立即生效，不需要重启svnserve服务。

5. 启动SVN

[root@VM_0_3_centos conf]# systemctl start svnserve

6. 设置开机自启动

systemctl start svnserve.service

7. 查看SVN进程

[root@VM_0_3_centos conf]# ps -ef|grep svn|grep -v grep
root      3205     1  0 10:26 ?        00:00:00 /usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /var/www/svn
root     30129 20774  0 09:47 pts/1    00:00:00 vim svnserve.conf
root     30405 27672  0 09:49 pts/2    00:00:00 vim svnserve.conf

8. 检测SVN端口

[root@VM_0_3_centos conf]# netstat -ln |grep 3690
tcp        0      0 0.0.0.0:3690            0.0.0.0:*               LISTEN

9. 停止SVN

[root@VM_0_3_centos conf]# killall svnserve

10. 客户端测试SVN

svn://ip/testworkspace

配置Apache支持HTTP访问

1. 安装httpd,mod_dav_svn

[root@VM_0_3_centos conf]# yum install -y httpd mod_dav_svn

2. 检查Apache,mod_dav_svn是否安装成功

[root@VM_0_3_centos svn]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Aug  8 2019 11:41:18
[root@VM_0_3_centos svn]# find / -name mod_*_svn.so
/usr/lib64/httpd/modules/mod_authz_svn.so
/usr/lib64/httpd/modules/mod_dav_svn.so

3. 下载iF.SVNAdmin

地址：http://svnadmin.insanefactory.com/
下载完成解压缩到目录：/var/www/html

[root@VM_0_3_centos html]# pwd
/var/www/html
[root@VM_0_3_centos html]# ls -rlt
total 4
drwxr-xr-x 9 apache apache 4096 Nov 29 11:00 svnadmin

4. 修改配置文件/etc/httpd/conf.d/subversion.conf(没有则新建),內容为：

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn>
    DAV svn
    SVNPath /var/www/svn
    SVNListParentPath on
        AuthType Basic
        AuthName "Authorization SVN"
        AuthUserFile /var/www/svn/passwd
        AuthzSVNAccessFile /var/www/svn/authz
        Require valid-user
</Location>

5. 修改配置文件

通过查看文件/usr/lib/systemd/system/svnserve.service, 了解到svnserver的配置文件是/etc/sysconfig/svnserve，修改/etc/sysconfig/svnserve
/etc/sysconfig/svnserve修改成：

# OPTIONS is used to pass command-line arguments to svnserve.
# 
# Specify the repository location in -r parameter:
OPTIONS="-r /var/www/svn"

6. 创建用户文件passwd

[root@VM_0_3_centos svn]# touch /var/www/svn/passwd  #创建用户文件
[root@VM_0_3_centos svn]# htpasswd /var/www/svn/passwd admin  #创建用户admin
New password:
Re-type new password:
Adding password for user admin
[root@VM_0_3_centos svn]# cat /home/data/svn/passwd     #查看用户名密码
admin:$apr1$menX5Hf/$swrwk0/HsrNsS1KHdi29k.

7. 创建权限文件authz

[root@VM_0_3_centos svn]# cp /var/www/svn/testworkspace/conf/authz /var/www/svn/authz

8. 配置apache对SVN目录权限

[root@VM_0_3_centos svn]# chown -R apache:apache /var/www/svn/testworkspace
[root@VM_0_3_centos svn]# ls -rlt
total 16
-rwxrwxrwx 1 apache apache   44 Nov 29 23:20 passwd
-rwxrwxrwx 1 apache apache   24 Nov 29 23:20 authz
drwxr-xr-x 6 apache apache 4096 Dec  2 09:34 testworkspace

9. 配置httpd

修改/etc/httpd/conf/httpd.conf，增加：

<Location /svn>
    DAV svn
    SVNPath /var/www/svn/
    Options Indexes MultiViews
</Location>

10. 启动Apache

启动httpd服务：

systemctl start httpd.service

开机自启动httpd服务：

systemctl enable httpd.service

Apache常用命令如下:

httpd -v	      #查看已经安装的httpd的版本
rpm -qa | grep httpd  #查看是否已经安装了httpd
ps -ef | grep httpd   #查看httpd的进程
service httpd status  #查看httpd的运行状态
service httpd stop    #可以停止httpd
service httpd start   #可以启动httpd

11. 使用http访问

访问地址：http://ip:port/svnadmin