centos7下SVN搭建部署全过程

1. 前言

这两天服务器系统宕机故障，重装centos7后需要重新部署SVN。

2. 详细过程

2.1 先查看是否安装过svn

[root@localhost ~]# rpm -qa |grep subversion

2.2 安装svn

yum -y install subversion

2.3 创建仓库

装好svn就可以新建仓库了。

svnadmin create /zfspool/svn/project //project是库名称

2.4 配置仓库

进入project目录，文件列表：

[root@localhost project]# ls -l
total 10
drwxr-xr-x. 2 root root   5 Jun  8 17:28 conf
drwxr-xr-x. 8 root root  18 Jun 23 17:31 db
drwxr-xr-x. 6 root root  15 Jun  8 17:33 db~
drwxr-xr-x. 6 root root  16 Jun  8 17:33 db~~
-rw-r--r--. 1 root root   2 Jun  8 17:28 format
drwxr-xr-x. 2 root root  13 Jun  8 23:30 hooks
drwxr-xr-x. 2 root root   4 Jun  8 23:00 locks
drwxr-xr-x. 2 root root   4 Jun  8 22:58 locks~
-rw-r--r--. 1 root root 229 Jun  8 17:28 README.txt

进入conf文件夹

[root@localhost conf]# ls -l
total 7
-rw-r--r--. 1 root root 1080 Jun  8 17:28 authz	//账号权限管理，
-rw-r--r--. 1 root root  309 Jun  8 17:28 passwd //用户密码
-rw-r--r--. 1 root root 3098 Jun  8 17:28 svnserve.conf

我们需要修改这三个文件。

修改authz：

这里可以采用组管理，组管理要复杂些，也可以不分组。（原文件只需要添加内容）

### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the '$authenticated' token,
###  - only anonymous users, using the '$anonymous' token,
###  - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe

g_admin=xxx,bbb	//g_admin 是组名

# [/foo/bar]
# harry = rw
# &joe = r
# * =


# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r


[project:/]	//设置目录
@g_admin=rw	//设置该目录下的组用户读写权限
*=r	//所有用户可读

修改passwd文件：

只需要在文件后面添加即可：

[root@localhost conf]# cat /root/svn_conf/passwd
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
# harry = harryssecret
# sally = sallyssecret
#soft user
xxx=123

修改svnserve.conf文件：

只需要改五行，已标出

### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository.  (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.apache.org/ for more information.

[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete 
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
anon-access = none	//不允许匿名访问
auth-access = write	//可写
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db =/root/svn_conf/passwd //用户密码文件地址
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file.  If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.
authz-db = /root/svn_conf/authz	//用户名配置文件地址
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
realm =project 	//根目录
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above.  Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none

[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256

到此，配置文件完成。

2.5 设置防火墙

一般位置为 /etc/sysconfig/,要想加入SVN端口（默认3690）,可用编辑器或vi命令加入以下行（commit上面）：

-A INPUT -i eth0 -p tcp -m tcp --dport 3690 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 3690 -j ACCEPT 

然后重启防火墙，service iptables restart
如果启用失败，输入：

service iptables save

附: 关于防火墙的几个用法

临时关闭防火墙
systemctl stop firewalld
永久防火墙开机自启动
systemctl disable firewalld
临时打开防火墙
systemctl start firewalld
防火墙开机启动
systemctl enable firewalld
查看防火墙状态
systemctl status firewalld

2.6 启动SVN

svnserve -d -r /zfspool/svn/

客户端访问仓库： 

输入：svn://ip地址/project  即可。

2.7 利用systemctl设置开机自启动

CentOS 7的服务systemctl脚本存放在：/usr/lib/systemd/，有系统（system）和用户（user）之分，需要开机不登陆就能运行的程序，存在系统服务里，即：/usr/lib/systemd/system目录下
每一个服务以.service结尾，一般会分为3部分：[Unit]、[Service]和[Install]

修改svnserve.service文件：

[Unit]
Description=Subversion protocol daemon
After=syslog.target network.target

[Service]
Type=forking
EnvironmentFile=/etc/sysconfig/svnserve	//运行命令的参数
ExecStart=/usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid $OPTIONS	//运行命令

[Install]
WantedBy=multi-user.target

其中参数所在的文件内容是：

# OPTIONS is used to pass command-line arguments to svnserve.
# 
# Specify the repository location in -r parameter:
OPTIONS="-r /zfspool/svn/"

保存后并添加权限754。

执行：

systemctl enable svnserve.service

然后，启用：

service svnserve restart

总算完成了(o゜▽゜)o☆