[svnbook] r3963 committed - * src/en/book/ch06-server-configuration.xml...
svnbook at googlecode.com
svnbook at googlecode.com
Mon Aug 8 12:57:06 CDT 2011
Revision: 3963
Author: cmpilato at gmail.com
Date: Mon Aug 8 10:56:02 2011
Log: * src/en/book/ch06-server-configuration.xml
Complete my read-thru edits for this chapter.
http://code.google.com/p/svnbook/source/detail?r=3963
Modified:
/trunk/src/en/book/ch06-server-configuration.xml
=======================================
--- /trunk/src/en/book/ch06-server-configuration.xml Mon Aug 8 10:41:03
2011
+++ /trunk/src/en/book/ch06-server-configuration.xml Mon Aug 8 10:56:02
2011
@@ -466,12 +466,16 @@
</listitem>
<listitem>
<para>Run <command>svnserve</command> as a Microsoft Windows
- service.</para></listitem>
+ service.</para>
+ </listitem>
<listitem>
<para>Run <command>svnserve</command> as a launchd job.</para>
</listitem>
</itemizedlist>
+ <para>The following sections will cover in detail these various
+ deployment options for <command>svnserve</command>.</para>
+
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-->
<sect3 id="svn.serverconfig.svnserve.invoking.daemon">
<title>svnserve as daemon</title>
@@ -558,10 +562,10 @@
these (if they don't already exist):</para>
<informalexample>
- <screen>
+ <programlisting>
svn 3690/tcp # Subversion
svn 3690/udp # Subversion
-</screen>
+</programlisting>
</informalexample>
<para>If your system is using a classic Unix-like
@@ -569,9 +573,9 @@
<filename>/etc/inetd.conf</filename>:</para>
<informalexample>
- <screen>
+ <programlisting>
svn stream tcp nowait svnowner /usr/bin/svnserve svnserve -i
-</screen>
+</programlisting>
</informalexample>
<para>Make sure <quote>svnowner</quote> is a user that has
@@ -621,7 +625,7 @@
<title>svnserve as a Windows service</title>
<para>If your Windows system is a descendant of Windows NT
- (2000, 2003, XP, or Vista), you can
+ (Windows 2000 or newer), you can
run <command>svnserve</command> as a standard Windows
service. This is typically a much nicer experience than
running it as a standalone daemon with
@@ -857,31 +861,35 @@
process, the following things happen:</para>
<itemizedlist>
- <listitem><para>The client selects a specific
- repository.</para></listitem>
-
- <listitem><para>The server processes the repository's
- <filename>conf/svnserve.conf</filename> file and begins to
- enforce any authentication and authorization policies it
- describes.</para></listitem>
-
- <listitem><para>Depending on the defined policies, one of the
- following may occur:</para>
-
+ <listitem>
+ <para>The client selects a specific repository.</para>
+ </listitem>
+ <listitem>
+ <para>The server processes the repository's
+ <filename>conf/svnserve.conf</filename> file and begins to
+ enforce any authentication and authorization policies it
+ describes.</para>
+ </listitem>
+ <listitem>
+ <para>Depending on the defined policies, one of the
+ following may occur:</para>
<itemizedlist>
- <listitem><para>The client may be allowed to make requests
- anonymously, without ever receiving an authentication
- challenge.</para></listitem>
-
- <listitem><para>The client may be challenged for
- authentication at any time.</para></listitem>
-
- <listitem><para>If operating in tunnel mode, the client
- will declare itself to be already externally
- authenticated (typically by SSH).</para></listitem>
+ <listitem>
+ <para>The client may be allowed to make requests
+ anonymously, without ever receiving an authentication
+ challenge.</para>
+ </listitem>
+ <listitem>
+ <para>The client may be challenged for authentication at
+ any time.</para>
+ </listitem>
+ <listitem>
+ <para>If operating in tunnel mode, the client will
+ declare itself to be already externally authenticated
+ (typically by SSH).</para>
+ </listitem>
</itemizedlist>
</listitem>
-
</itemizedlist>
<para>The <command>svnserve</command> server, by default, knows
@@ -1450,9 +1458,9 @@
form:</para>
<informalexample>
- <screen>
+ <programlisting>
ssh-dsa AAAABtce9euch… user at example.com
-</screen>
+</programlisting>
</informalexample>
<para>The first field describes the type of key, the second
@@ -1462,9 +1470,9 @@
field:</para>
<informalexample>
- <screen>
+ <programlisting>
command="program" ssh-dsa AAAABtce9euch… user at example.com
-</screen>
+</programlisting>
</informalexample>
<para>When the <literal>command</literal> field is set, the
@@ -1475,9 +1483,9 @@
abbreviate the lines of the file as:</para>
<informalexample>
- <screen>
+ <programlisting>
command="program" TYPE KEY COMMENT
-</screen>
+</programlisting>
</informalexample>
</sect3>
@@ -1491,9 +1499,9 @@
binary to run and to pass it extra arguments:</para>
<informalexample>
- <screen>
+ <programlisting>
command="/path/to/svnserve -t -r /virtual/root" TYPE KEY COMMENT
-</screen>
+</programlisting>
</informalexample>
<para>In this example, <filename>/path/to/svnserve</filename>
@@ -1517,10 +1525,10 @@
option:</para>
<informalexample>
- <screen>
+ <programlisting>
command="svnserve -t --tunnel-user=harry" TYPE1 KEY1 harry at example.com
command="svnserve -t --tunnel-user=sally" TYPE2 KEY2 sally at example.com
-</screen>
+</programlisting>
</informalexample>
<para>This example allows both Harry and Sally to connect to
@@ -1545,10 +1553,10 @@
after the <literal>command</literal>:</para>
<informalexample>
- <screen>
+ <programlisting>
command="svnserve -t
--tunnel-user=harry",no-port-forwarding,no-agent-forw
arding,no-X11-forwarding,no-pty TYPE1 KEY1 harry at example.com
-</screen>
+</programlisting>
</informalexample>
<para>Note that this all must be on one line—truly on
@@ -1611,43 +1619,13 @@
of those files for information that might reveal the source of a
problem that is not clearly noticeable otherwise.</para>
- <sidebar>
- <title>Why Apache 2?</title>
-
- <para>If you're a system administrator, it's very likely that
- you're already running the Apache web server and have some
- prior experience with it. At the time of this writing, Apache 1.3
- is the more popular version of Apache. The world has
- been somewhat slow to upgrade to the Apache 2.x series for
- various reasons: some people fear change, especially changing
- something as critical as a web server. Other people depend on
- plug-in modules that work only against the Apache 1.3 API, and
- they are waiting for a 2.x port. Whatever the reason, many
- people begin to worry when they first discover that
- Subversion's Apache module is written specifically for the
- Apache 2 API.</para>
-
- <para>The proper response to this problem is: don't worry about
- it. It's easy to run Apache 1.3 and Apache 2 side by side;
- simply install them to separate places and use Apache 2 as a
- dedicated Subversion server that runs on a port other than 80.
- Clients can access the repository by placing the port number
- into the URL:</para>
-
- <informalexample>
- <screen>
-$ svn checkout http://host.example.com:7382/repos/project
-</screen>
- </informalexample>
- </sidebar>
-
<!-- ===============================================================
-->
<sect2 id="svn.serverconfig.httpd.prereqs">
<title>Prerequisites</title>
<para>To network your repository over HTTP, you basically need
four components, available in two packages. You'll need
- Apache <command>httpd</command> 2.0, the
+ Apache <command>httpd</command> 2.0 or newer, the
<command>mod_dav</command> DAV module that comes with it,
Subversion, and the <command>mod_dav_svn</command>
filesystem provider module distributed with Subversion.
@@ -1656,7 +1634,7 @@
<itemizedlist>
<listitem>
- <para>Getting httpd 2.0 up and running with
+ <para>Getting httpd up and running with
the <command>mod_dav</command> module</para>
</listitem>
<listitem>
@@ -3142,21 +3120,23 @@
</informalexample>
<para>The only thing we've left out here is what to do about
- locks. Because locks are strictly enforced by the master
- server (the only place where commits happen), we don't
- technically need to do anything. Many teams don't use
- Subversion's locking features at all, so it may be a
- nonissue for you. However, if lock changes aren't
- replicated from master to slaves, it means that clients
- won't be able to query the status of locks
- (e.g., <userinput>svn status -u</userinput> will show no
- information about repository locks). If this bothers you,
- you can write <literal>post-lock</literal> and
- <literal>post-unlock</literal> hook scripts that run
- <command>svn lock</command> and <command>svn
- unlock</command> on each slave machine, presumably through
- a remote shell method such as SSH. That's left as an
- exercise for the reader!</para>
+ user-level locks (of the <command>svn lock</command>
+ variety). Locks are enforced by the master server during
+ commit operations; but all the information about locks is
+ distributed during read operations such as <command>svn
+ update</command> and <command>svn status</command> by the
+ slave server. As such, a fully functioning proxy setup
+ needs to perfectly replicate lock information from the
+ master server to the slave servers. Unfortunately, most
+ of the mechanisms that one might employ to accomplish this
+ replication fall short in one way or
+ another<footnote><para><ulink
+ url="http://subversion.tigris.org/issues/show_bug.cgi?id=3457"
+ /> tracks these problems.</para></footnote>. Many teams
+ don't use Subversion's locking features at all, so this
+ may be a nonissue for you. Sadly, for those teams which
+ do use locks, we have no recommendations on how to
+ gracefully work around this shortcoming.</para>
</sect4>
@@ -3199,7 +3179,8 @@
disallow write access completely. This might be useful
for creating read-only <quote>mirrors</quote> of popular
open source projects, but it's not a transparent
- proxying system.</para> </sidebar>
+ proxying system.</para>
+ </sidebar>
</sect4>
</sect3>
@@ -3981,7 +3962,8 @@
executes the real <command>svnserve</command>
binary.</para>
</listitem>
- <listitem><para>Take similar measures when using
+ <listitem>
+ <para>Take similar measures when using
<command>svnlook</command> and
<command>svnadmin</command>. Either run them with a sane
umask or wrap them as just described.</para>
More information about the svnbook-dev
mailing list