[svnbook] r3963 committed - * src/en/book/ch06-server-configuration.xml...

svnbook at googlecode.com svnbook at googlecode.com
Mon Aug 8 12:57:06 CDT 2011


Revision: 3963
Author:   cmpilato at gmail.com
Date:     Mon Aug  8 10:56:02 2011
Log:      * src/en/book/ch06-server-configuration.xml
   Complete my read-thru edits for this chapter.

http://code.google.com/p/svnbook/source/detail?r=3963

Modified:
  /trunk/src/en/book/ch06-server-configuration.xml

=======================================
--- /trunk/src/en/book/ch06-server-configuration.xml	Mon Aug  8 10:41:03  
2011
+++ /trunk/src/en/book/ch06-server-configuration.xml	Mon Aug  8 10:56:02  
2011
@@ -466,12 +466,16 @@
          </listitem>
          <listitem>
            <para>Run <command>svnserve</command> as a Microsoft Windows
-            service.</para></listitem>
+            service.</para>
+        </listitem>
          <listitem>
            <para>Run <command>svnserve</command> as a launchd job.</para>
          </listitem>
        </itemizedlist>

+      <para>The following sections will cover in detail these various
+        deployment options for <command>svnserve</command>.</para>
+
        <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
-->
        <sect3 id="svn.serverconfig.svnserve.invoking.daemon">
          <title>svnserve as daemon</title>
@@ -558,10 +562,10 @@
            these (if they don't already exist):</para>

          <informalexample>
-          <screen>
+          <programlisting>
  svn           3690/tcp   # Subversion
  svn           3690/udp   # Subversion
-</screen>
+</programlisting>
          </informalexample>

          <para>If your system is using a classic Unix-like
@@ -569,9 +573,9 @@
            <filename>/etc/inetd.conf</filename>:</para>

          <informalexample>
-          <screen>
+          <programlisting>
  svn stream tcp nowait svnowner /usr/bin/svnserve svnserve -i
-</screen>
+</programlisting>
          </informalexample>

          <para>Make sure <quote>svnowner</quote> is a user that has
@@ -621,7 +625,7 @@
          <title>svnserve as a Windows service</title>

          <para>If your Windows system is a descendant of Windows NT
-          (2000, 2003, XP, or Vista), you can
+          (Windows 2000 or newer), you can
            run <command>svnserve</command> as a standard Windows
            service.  This is typically a much nicer experience than
            running it as a standalone daemon with
@@ -857,31 +861,35 @@
          process, the following things happen:</para>

        <itemizedlist>
-        <listitem><para>The client selects a specific
-        repository.</para></listitem>
-
-        <listitem><para>The server processes the repository's
-        <filename>conf/svnserve.conf</filename> file and begins to
-        enforce any authentication and authorization policies it
-        describes.</para></listitem>
-
-        <listitem><para>Depending on the defined policies, one of the
-        following may occur:</para>
-
+        <listitem>
+          <para>The client selects a specific repository.</para>
+        </listitem>
+        <listitem>
+          <para>The server processes the repository's
+            <filename>conf/svnserve.conf</filename> file and begins to
+            enforce any authentication and authorization policies it
+            describes.</para>
+        </listitem>
+        <listitem>
+          <para>Depending on the defined policies, one of the
+            following may occur:</para>
            <itemizedlist>
-            <listitem><para>The client may be allowed to make requests
-              anonymously, without ever receiving an authentication
-              challenge.</para></listitem>
-
-            <listitem><para>The client may be challenged for
-              authentication at any time.</para></listitem>
-
-            <listitem><para>If operating in tunnel mode, the client
-              will declare itself to be already externally
-              authenticated (typically by SSH).</para></listitem>
+            <listitem>
+              <para>The client may be allowed to make requests
+                anonymously, without ever receiving an authentication
+                challenge.</para>
+            </listitem>
+            <listitem>
+              <para>The client may be challenged for authentication at
+                any time.</para>
+            </listitem>
+            <listitem>
+              <para>If operating in tunnel mode, the client will
+                declare itself to be already externally authenticated
+                (typically by SSH).</para>
+            </listitem>
            </itemizedlist>
          </listitem>
-
        </itemizedlist>

        <para>The <command>svnserve</command> server, by default, knows
@@ -1450,9 +1458,9 @@
            form:</para>

          <informalexample>
-          <screen>
+          <programlisting>
    ssh-dsa AAAABtce9euch… user at example.com
-</screen>
+</programlisting>
          </informalexample>

          <para>The first field describes the type of key, the second
@@ -1462,9 +1470,9 @@
            field:</para>

          <informalexample>
-          <screen>
+          <programlisting>
    command="program" ssh-dsa AAAABtce9euch… user at example.com
-</screen>
+</programlisting>
          </informalexample>

          <para>When the <literal>command</literal> field is set, the
@@ -1475,9 +1483,9 @@
            abbreviate the lines of the file as:</para>

          <informalexample>
-          <screen>
+          <programlisting>
    command="program" TYPE KEY COMMENT
-</screen>
+</programlisting>
          </informalexample>

        </sect3>
@@ -1491,9 +1499,9 @@
            binary to run and to pass it extra arguments:</para>

          <informalexample>
-          <screen>
+          <programlisting>
    command="/path/to/svnserve -t -r /virtual/root" TYPE KEY COMMENT
-</screen>
+</programlisting>
          </informalexample>

          <para>In this example, <filename>/path/to/svnserve</filename>
@@ -1517,10 +1525,10 @@
            option:</para>

          <informalexample>
-          <screen>
+          <programlisting>
    command="svnserve -t --tunnel-user=harry" TYPE1 KEY1 harry at example.com
    command="svnserve -t --tunnel-user=sally" TYPE2 KEY2 sally at example.com
-</screen>
+</programlisting>
          </informalexample>

          <para>This example allows both Harry and Sally to connect to
@@ -1545,10 +1553,10 @@
            after the <literal>command</literal>:</para>

          <informalexample>
-          <screen>
+          <programlisting>
    command="svnserve -t  
--tunnel-user=harry",no-port-forwarding,no-agent-forw
  arding,no-X11-forwarding,no-pty TYPE1 KEY1 harry at example.com
-</screen>
+</programlisting>
          </informalexample>

          <para>Note that this all must be on one line—truly on
@@ -1611,43 +1619,13 @@
        of those files for information that might reveal the source of a
        problem that is not clearly noticeable otherwise.</para>

-    <sidebar>
-      <title>Why Apache 2?</title>
-
-      <para>If you're a system administrator, it's very likely that
-        you're already running the Apache web server and have some
-        prior experience with it.  At the time of this writing, Apache 1.3
-        is the more popular version of Apache.  The world has
-        been somewhat slow to upgrade to the Apache 2.x series for
-        various reasons: some people fear change, especially changing
-        something as critical as a web server.  Other people depend on
-        plug-in modules that work only against the Apache 1.3 API, and
-        they are waiting for a 2.x port.  Whatever the reason, many
-        people begin to worry when they first discover that
-        Subversion's Apache module is written specifically for the
-        Apache 2 API.</para>
-
-      <para>The proper response to this problem is: don't worry about
-        it.  It's easy to run Apache 1.3 and Apache 2 side by side;
-        simply install them to separate places and use Apache 2 as a
-        dedicated Subversion server that runs on a port other than 80.
-        Clients can access the repository by placing the port number
-        into the URL:</para>
-
-      <informalexample>
-        <screen>
-$ svn checkout http://host.example.com:7382/repos/project
-</screen>
-      </informalexample>
-    </sidebar>
-
      <!-- ===============================================================  
-->
      <sect2 id="svn.serverconfig.httpd.prereqs">
        <title>Prerequisites</title>

        <para>To network your repository over HTTP, you basically need
          four components, available in two packages.  You'll need
-        Apache <command>httpd</command> 2.0, the
+        Apache <command>httpd</command> 2.0 or newer, the
          <command>mod_dav</command> DAV module that comes with it,
          Subversion, and the <command>mod_dav_svn</command>
          filesystem provider module distributed with Subversion.
@@ -1656,7 +1634,7 @@

        <itemizedlist>
          <listitem>
-          <para>Getting httpd 2.0 up and running with
+          <para>Getting httpd up and running with
              the <command>mod_dav</command> module</para>
          </listitem>
          <listitem>
@@ -3142,21 +3120,23 @@
            </informalexample>

            <para>The only thing we've left out here is what to do about
-            locks.  Because locks are strictly enforced by the master
-            server (the only place where commits happen), we don't
-            technically need to do anything.  Many teams don't use
-            Subversion's locking features at all, so it may be a
-            nonissue for you.  However, if lock changes aren't
-            replicated from master to slaves, it means that clients
-            won't be able to query the status of locks
-            (e.g., <userinput>svn status -u</userinput> will show no
-            information about repository locks).  If this bothers you,
-            you can write <literal>post-lock</literal> and
-            <literal>post-unlock</literal> hook scripts that run
-            <command>svn lock</command> and <command>svn
-            unlock</command> on each slave machine, presumably through
-            a remote shell method such as SSH.  That's left as an
-            exercise for the reader!</para>
+            user-level locks (of the <command>svn lock</command>
+            variety).  Locks are enforced by the master server during
+            commit operations; but all the information about locks is
+            distributed during read operations such as <command>svn
+            update</command> and <command>svn status</command> by the
+            slave server.  As such, a fully functioning proxy setup
+            needs to perfectly replicate lock information from the
+            master server to the slave servers.  Unfortunately, most
+            of the mechanisms that one might employ to accomplish this
+            replication fall short in one way or
+            another<footnote><para><ulink
+            url="http://subversion.tigris.org/issues/show_bug.cgi?id=3457"
+            /> tracks these problems.</para></footnote>.  Many teams
+            don't use Subversion's locking features at all, so this
+            may be a nonissue for you.  Sadly, for those teams which
+            do use locks, we have no recommendations on how to
+            gracefully work around this shortcoming.</para>

          </sect4>

@@ -3199,7 +3179,8 @@
                disallow write access completely.  This might be useful
                for creating read-only <quote>mirrors</quote> of popular
                open source projects, but it's not a transparent
-              proxying system.</para> </sidebar>
+              proxying system.</para>
+          </sidebar>

          </sect4>
        </sect3>
@@ -3981,7 +3962,8 @@
              executes the real <command>svnserve</command>
              binary.</para>
          </listitem>
-        <listitem><para>Take similar measures when using
+        <listitem>
+          <para>Take similar measures when using
              <command>svnlook</command> and
              <command>svnadmin</command>.  Either run them with a sane
              umask or wrap them as just described.</para>




More information about the svnbook-dev mailing list