Re: How to setup Write-through proxying (aka Replication on-the-fly) in VisualSVN server?
Hello, > On 17 January 2015 at 00:47, STF SVN wrote: >> >> I know this mailing-list has nothing to do with VisualSVN server, but I >> really need some help. >> >> I need to set up SVN replication on the fly, aka write-through proxying, >> using VisualSVN server. I know the new version of VisualSVN server supports >> replication, but for technical reason, I'm still using old version 2.7. You can't actually call write-through proxy as "replication on the fly". Its simple replication solution that runs `svnsync` on master server *after* each commit by post- hook scripts. Commits always go to master in write-through proxy, the "proxy" part is just about redirecting all writes to go to master server which then replicates them to slaves using `svnsync`. Another note: write-through proxy does not work with Integrated Windows Authentication (i.e. AD Single Sign-On). BTW, what are the technical reasons that require you to use VisualSVN Server 2.7 and don't allow it to be upgraded to 3.2? >> I have found some articles here and there, eg >> http://www.visualsvn.com/support/svnbook/reposadmin/maint/#svn.reposadmin.maint.replication >> and >> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.writethruproxy >> etc etc and tried to follow them but failed. Maybe because those procedures >> are for Linux-based SVN server? And how much are those articles relevant to >> VisualSVN server, ie Windows-based SVN server? > > I've read > http://www.visualsvn.com/support/svnbook/reposadmin/maint/#svn.reposadmin.maint.replication > several times, but I have a doubt. Does it apply totally? Can I consider > VisualSVN Server like a *generic* Apache HTTP server? Or VisualSVN Server > has some special modification to Apache such that something wouldn't work? It applies but not totally because sample hook scripts specified in SVNBook work on *nix Shell only, so they have to be adjusted to work on Windows. Here is a sample post-commit hook that will work on Windows (its a batch script (.bat)) [[ "C:\Program Files (x86)\VisualSVN Server\bin\svnsync.exe" sync https://SLAVE/svn/repo file:///C:\Repositories\MASTER exit 0 ]] and post-revprop-change hook [[ "C:\Program Files (x86)\VisualSVN Server\bin\svnsync.exe" copy-revprops https://SLAVE/svn/repo file:///C:\Repositories\MASTER exit 0 ]] > I have also found this article: > http://www.cardinalpath.com/how-to-use-svnsync-to-create-a-mirror-backup-of-your-subversion-repository/ > but it didn’t talk about putting the SVNMasterURI variable inside HTTPD > config on the slave server. And as a matter of fact, I’ve gone through this > procedure but I cannot commit to the slave server! The article is not about write-through proxy, it's about creating a backup repository that's always up-to-date. That's why this article doesn't cover the proxy part (i.e. SVNMaserURI config on slave server). -- With best regards, Pavel Lyalyakin VisualSVN Team
Fwd: Possible bug in subversion
I'm forwarding your response back to the list so that hopefully someone can help you. Remember to use Reply All so that the discussion stays on the list. Begin forwarded message: > From: Jon-Erik TYVAND > To: Ryan Schmidt > Subject: SV: Possible bug in subversion > Date: January 16, 2015 at 3:27:03 AM CST > > Hi, > > svn server version: > > svnserve --version > svnserve, version 1.8.5 (r1542147) > compiled Nov 28 2013, 01:45:51 on powerpc-ibm-aix5.3.0.0 > > svn client version: > > svn --version > svn, version 1.8.5 (r1542147) > compiled Nov 28 2013, 01:45:51 on powerpc-ibm-aix5.3.0.0 > > also tried, > > svn --version > svn, version 1.8.10 (r1615264) > compiled Dec 8 2014, 15:43:04 on powerpc-ibm-aix5.3.0.0
Re: How to setup Write-through proxying (aka Replication on-the-fly) in VisualSVN server?
Hi, A replicating setup with write-through proxies is possible with VisualSVN Server standard and standard tools, I had this in production for years. Set up the replicating hooks. On slaves, adjust the custom httpd config to load the required modules (proxy, http) and add a receiving location for the sync. Andreas Am 17.01.2015 um 00:55 schrieb STF SVN : > I forgot some important questions: > > On 17 January 2015 at 00:47, STF SVN wrote: >> I know this mailing-list has nothing to do with VisualSVN server, but I >> really need some help. >> >> I need to set up SVN replication on the fly, aka write-through proxying, >> using VisualSVN server. I know the new version of VisualSVN server supports >> replication, but for technical reason, I'm still using old version 2.7. >> >> I have found some articles here and there, eg >> http://www.visualsvn.com/support/svnbook/reposadmin/maint/#svn.reposadmin.maint.replication >> and >> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.writethruproxy >> etc etc and tried to follow them but failed. Maybe because those >> procedures are for Linux-based SVN server? And how much are those articles >> relevant to VisualSVN server, ie Windows-based SVN server? > > I've read > http://www.visualsvn.com/support/svnbook/reposadmin/maint/#svn.reposadmin.maint.replication > several times, but I have a doubt. Does it apply totally? Can I consider > VisualSVN Server like a *generic* Apache HTTP server? Or VisualSVN Server > has some special modification to Apache such that something wouldn't work? > > I have also found this article: > http://www.cardinalpath.com/how-to-use-svnsync-to-create-a-mirror-backup-of-your-subversion-repository/ > but it didn’t talk about putting the SVNMasterURI variable inside HTTPD > config on the slave server. And as a matter of fact, I’ve gone through this > procedure but I cannot commit to the slave server! > >> Has anyone managed to do this (ie Write-through proxying with VisualSVN >> Server)? >> >> I could restart the whole setting from zero. Could someone point me out the >> correct procedure to configure VisualSVN Server, ie in Windows, to support >> write-through proxying, please? >> >> Thanks a lot >
Re: How to setup Write-through proxying (aka Replication on-the-fly) in VisualSVN server?
I forgot some important questions: On 17 January 2015 at 00:47, STF SVN wrote: > I know this mailing-list has nothing to do with VisualSVN server, but I > really need some help. > > I need to set up SVN replication on the fly, aka write-through proxying, > using VisualSVN server. I know the new version of VisualSVN server > supports replication, but for technical reason, I'm still using old version > 2.7. > > I have found some articles here and there, eg > http://www.visualsvn.com/support/svnbook/reposadmin/maint/#svn.reposadmin.maint.replication > and > http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.writethruproxy > etc etc and tried to follow them but failed. Maybe because those > procedures are for Linux-based SVN server? And how much are those articles > relevant to VisualSVN server, ie Windows-based SVN server? > I've read http://www.visualsvn.com/support/svnbook/reposadmin/maint/#svn.reposadmin.maint.replication several times, but I have a doubt. Does it apply totally? Can I consider VisualSVN Server like a *generic* Apache HTTP server? Or VisualSVN Server has some special modification to Apache such that something wouldn't work? I have also found this article: http://www.cardinalpath.com/how-to-use-svnsync-to-create-a-mirror-backup-of-your-subversion-repository/ but it didn’t talk about putting the SVNMasterURI variable inside HTTPD config on the slave server. And as a matter of fact, I’ve gone through this procedure but I cannot commit to the slave server! > Has anyone managed to do this (ie Write-through proxying with VisualSVN > Server)? > > I could restart the whole setting from zero. Could someone point me out > the correct procedure to configure VisualSVN Server, ie in Windows, to > support write-through proxying, please? > > Thanks a lot >
How to setup Write-through proxying (aka Replication on-the-fly) in VisualSVN server?
I know this mailing-list has nothing to do with VisualSVN server, but I really need some help. I need to set up SVN replication on the fly, aka write-through proxying, using VisualSVN server. I know the new version of VisualSVN server supports replication, but for technical reason, I'm still using old version 2.7. I have found some articles here and there, eg http://www.visualsvn.com/support/svnbook/reposadmin/maint/#svn.reposadmin.maint.replication and http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.writethruproxy etc etc and tried to follow them but failed. Maybe because those procedures are for Linux-based SVN server? And how much are those articles relevant to VisualSVN server, ie Windows-based SVN server? Has anyone managed to do this? I could restart the whole setting from zero. Could someone point me out the correct procedure to configure VisualSVN Server, ie in Windows, to support write-through proxying, please? Thanks a lot
Re: SVNSYNC
"Somashekarappa, Anup (CWM-NR)" writes: > So I tried to change the url to ne url in Repository/db/revprops/0/0 > (in the unix server ) You should use svn to change the r0 revision properties, typically with a file:/// URL to the destination repository: svn proplist -v --revprop -r0 file:///... svn propset --revprop -r0 svn:sync-from-url NEW_SRC_URL file:///... but those will not work now as you have corrupted the r0 revprop file. > but got the below error.Should I initialze the > repositoy in slave with new url and start the sync process from > starting OR any other way to continue? > > > svnsync: E175002: DAV request failed; it's possible that the repository's > pre-revprop-change hook either failed or is non-existent > svnsync: E175008: At least one property change failed; repository is unchanged > svnsync: E175002: Error setting property 'sync-lock': > Serialized hash malformed You have corrupted the r0 revprop file. Revert the edit and then you can use propset to set the new URL. Create/initialise a new repository and use it's revprop file as a template. -- Philip Martin | Subversion Committer WANdisco // *Non-Stop Data*
Re: Add $authenticated to group definition
On 16.01.2015 13:55, Tom Ghyselinck wrote: > Hi Brane, > > Thank you for the quick reply! > > Our point is that we would like define groups as > -- > > > I.e. For our subversion service: > vcs-r-some_group > defines that "some_group" has "read" access for the subversion > repository. > > - Some repositories allow read access to a select number of users. > - Other repositories allow read access to all "authenticated > users" (i.e. $authenticated). > > When we could add "$authenticated" to the "vcs-r-some_group", > then this can be controlled by a single group while now, we need to add > both. Or you could just keep your group definitions up to date when you give new users access to the repository. From the point of view of security, this is actually the better option because it avoids mistakes. I.e., it's easier to see that you forgot to give someone access (they'll report that) than that you unintentionally gave someone access (you have to keep checking logs for that). -- Brane
Re: Add $authenticated to group definition
Hi Brane, Thank you for the quick reply! Our point is that we would like define groups as -- I.e. For our subversion service: vcs-r-some_group defines that "some_group" has "read" access for the subversion repository. - Some repositories allow read access to a select number of users. - Other repositories allow read access to all "authenticated users" (i.e. $authenticated). When we could add "$authenticated" to the "vcs-r-some_group", then this can be controlled by a single group while now, we need to add both. We added the $authenticated = r line to the relevant paths in the affected repository's authz. With best regards, Tom. On vr, 2015-01-16 at 10:57 +0100, Branko Čibej wrote: > On 16.01.2015 08:06, Tom Ghyselinck wrote: > > Hi, > > > > We are using subversion 1.8.8 (r1568071) server on Ubuntu 14.04. > > > > I need to add "$authenticated" to the group since this is required for > > our company generic group definitions. > > I'm having a hard time understanding this requirement. Any concrete user > or group you mention in a rule will only take effect for authenticated > connections anyway. > > > We created an authz file with group definitions as follows: > > > > [groups] > > myreaders = $authenticated > > > > [/] > > * = > > > > [/path1] > > $authenticated = r > > > > [/path2] > > @myreaders = r > > > > [/path3] > > # I know, this is actually a user definition > > myreaders = r > > > > > > It looks like it is not possible or not allowed to add the > > "$authenticated" token to a group definition: > > - Using it in /path1 is fine (as documented) > > - I expect it also to work in /path2, but it's not. > > > > $ /usr/bin/svnauthz accessof --username=someuser --path=/path1 > > ~/test.authz > > r > > > > $ /usr/bin/svnauthz accessof --username=someuser --path=/path2 > > ~/test.authz > > no > > > > $ /usr/bin/svnauthz accessof --username=someuser --path=/path3 > > ~/test.authz > > no > > > > $ /usr/bin/svnauthz accessof --username=myreaders --path=/path1 > > ~/test.authz > > r > > > > $ /usr/bin/svnauthz accessof --username=myreaders --path=/path2 > > ~/test.authz > > no > > > > $ /usr/bin/svnauthz accessof --username=myreaders --path=/path3 > > ~/test.authz > > # (Here it matches the "user" myreaders) > > r > > > > > > I couldn't find any documentation whether or not it is possible and/or > > allowed. > > If you read > > http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html > > you'll find that you can define groups that contain users, aliases and > other groups. $authenticated and $anonymous are magic tokens that do not > belong to any of those categories. > > The point is that group memberships are completely defined when the > authz file is parsed, but $authenticated and $anonymous do not refer to > users but to connection states when the authorization check is being done. > > > Can someone confirm if this is expected to work or not? > > It is not expected to work. > > > If not, is there a workaround to add "$authenticated" to a group? > > You don't need a workaround. Just change your configuration like this, > for example: > > [/path2] > @myreaders = r > $authenticated = r > > But, as I said above: this is redundant. The "@myreaders=r" entry only > takes effect if the connection is authenticated; if it's an anonymous > connection, there's no user name and therefore no group membership, so > you may as well omit the "@myreaders=r" entry from the authz rule. > > -- Brane -- | tom.ghyseli...@excentis.com | | Tom Ghyselinck | Senior Engineer | Excentis N.V. | Gildestraat 8 B-9000 Ghent, Belgium | Tel: +32 9 269 22 91 - Fax: +32 9 329 31 74
Re: SVNSYNC
On Fri, Jan 16, 2015 at 5:07 AM, Somashekarappa, Anup (CWM-NR) wrote: > > > Hi, > > We do have Master- Slave set up and slave has been initialized to Master > url. > > Master Url : http://svnserver.com:8080/svn > Slave Url : http://svnSlave.com:8080/svn > > We have synced master and slave using the below command from master. > > svnsync --non-interactive sync http://svnSlave.com/svn-proxy/repo_name > --username=** --password=* > I take you are just testing and the production setup will not be passing the password on the command line like the village bicycle. > > Now we have to change the port number of both master and slave.And sync > process will fail in current setup because of wrong port number which has > been used to initialize earlier. > > So I tried to change the url to ne url in Repository/db/revprops/0/0 (in the > unix server ) but got the below error.Should I initialze the repositoy in > slave with new url and start the sync process from starting OR any other way > to continue? > > > svnsync: E175002: DAV request failed; it's possible that the repository's > pre-revprop-change hook either failed or is non-existent > svnsync: E175008: At least one property change failed; repository is > unchanged > svnsync: E175002: Error setting property 'sync-lock': > Serialized hash malformed > > Thanks & Regards, > Anup T S > Dumb question: did you verify that, say, slave is listening on the new port? > > __ > > This email is intended only for the use of the individual(s) to whom it is > addressed and may be privileged and confidential. > Unauthorised use or disclosure is prohibited. If you receive this e-mail in > error, please advise immediately > and delete the original message. This message may have been altered without > your or our knowledge > and the sender does not accept any liability for any errors or omissions in > the message. > > Emails are monitored by supervisory personnel in jurisdictions where > monitoring is permitted. > Such communications are retained and may be produced to regulatory > authorities or others with legal rights to the information.
SVNSYNC
Hi, We do have Master- Slave set up and slave has been initialized to Master url. Master Url : http://svnserver.com:8080/svn Slave Url : http://svnSlave.com:8080/svn We have synced master and slave using the below command from master. svnsync --non-interactive sync http://svnSlave.com/svn-proxy/repo_name --username=** --password=* Now we have to change the port number of both master and slave.And sync process will fail in current setup because of wrong port number which has been used to initialize earlier. So I tried to change the url to ne url in Repository/db/revprops/0/0 (in the unix server ) but got the below error.Should I initialze the repositoy in slave with new url and start the sync process from starting OR any other way to continue? svnsync: E175002: DAV request failed; it's possible that the repository's pre-revprop-change hook either failed or is non-existent svnsync: E175008: At least one property change failed; repository is unchanged svnsync: E175002: Error setting property 'sync-lock': Serialized hash malformed Thanks & Regards, Anup T S __ This email is intended only for the use of the individual(s) to whom it is addressed and may be privileged and confidential. Unauthorised use or disclosure is prohibited. If you receive this e-mail in error, please advise immediately and delete the original message. This message may have been altered without your or our knowledge and the sender does not accept any liability for any errors or omissions in the message. Emails are monitored by supervisory personnel in jurisdictions where monitoring is permitted. Such communications are retained and may be produced to regulatory authorities or others with legal rights to the information.
Re: Add $authenticated to group definition
On 16.01.2015 08:06, Tom Ghyselinck wrote: > Hi, > > We are using subversion 1.8.8 (r1568071) server on Ubuntu 14.04. > > I need to add "$authenticated" to the group since this is required for > our company generic group definitions. I'm having a hard time understanding this requirement. Any concrete user or group you mention in a rule will only take effect for authenticated connections anyway. > We created an authz file with group definitions as follows: > > [groups] > myreaders = $authenticated > > [/] > * = > > [/path1] > $authenticated = r > > [/path2] > @myreaders = r > > [/path3] > # I know, this is actually a user definition > myreaders = r > > > It looks like it is not possible or not allowed to add the > "$authenticated" token to a group definition: > - Using it in /path1 is fine (as documented) > - I expect it also to work in /path2, but it's not. > > $ /usr/bin/svnauthz accessof --username=someuser --path=/path1 > ~/test.authz > r > > $ /usr/bin/svnauthz accessof --username=someuser --path=/path2 > ~/test.authz > no > > $ /usr/bin/svnauthz accessof --username=someuser --path=/path3 > ~/test.authz > no > > $ /usr/bin/svnauthz accessof --username=myreaders --path=/path1 > ~/test.authz > r > > $ /usr/bin/svnauthz accessof --username=myreaders --path=/path2 > ~/test.authz > no > > $ /usr/bin/svnauthz accessof --username=myreaders --path=/path3 > ~/test.authz > # (Here it matches the "user" myreaders) > r > > > I couldn't find any documentation whether or not it is possible and/or > allowed. If you read http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html you'll find that you can define groups that contain users, aliases and other groups. $authenticated and $anonymous are magic tokens that do not belong to any of those categories. The point is that group memberships are completely defined when the authz file is parsed, but $authenticated and $anonymous do not refer to users but to connection states when the authorization check is being done. > Can someone confirm if this is expected to work or not? It is not expected to work. > If not, is there a workaround to add "$authenticated" to a group? You don't need a workaround. Just change your configuration like this, for example: [/path2] @myreaders = r $authenticated = r But, as I said above: this is redundant. The "@myreaders=r" entry only takes effect if the connection is authenticated; if it's an anonymous connection, there's no user name and therefore no group membership, so you may as well omit the "@myreaders=r" entry from the authz rule. -- Brane