> On Apr 17, 2008, at 8:06 AM, James CE Johnson wrote:
>> I have a Subversion repository that is protected by mod_auth_ldap:
>>
>> <Location /svn>
>> DAV svn
>> SVNParentPath /usr/local/svn/repositories
>> SVNListParentPath on
>> SVNAutoVersioning on
>> AuthName "Enterprise Shared SCM Repository"
>> AuthType Basic
>> Require valid-user
>> AuthLDAPUrl ldap://primaryLdapHost...
>> AuthLDAPBindDN ...
>> AuthLDAPBindPassword ...
>> </Location>
>>
>> This works perfectly and we've been very happy with the results.
>>
>> However...
>>
>> I now have a different set of users who exist in a different LDAP
>> repository. They will ultimately (in 6-9 months) join everyone else
>> but,
>> in the meantime, they need SVN access.
>>
>> So, the question is, will it be safe to create (in the same
>> httpd.conf) a
>> second <Location/> pointed to the same SVNParentPath?
>>
>> <Location /svnForOthers>
>> DAV svn
>> SVNParentPath /usr/local/svn/repositories
>> SVNListParentPath on
>> SVNAutoVersioning on
>> AuthName "Enterprise Shared SCM Repository"
>> AuthType Basic
>> Require valid-user
>> AuthLDAPUrl ldap://alternateLdapHost...
>> AuthLDAPBindDN ...
>> AuthLDAPBindPassword ...
>> </Location>
>
> I would guess that would be safe but wouldn't bet my own repository
> on it at this point.
OK. That brings me to the alternative implementation: Multiple (two in
this case) Apache instances on the same host pointed at the same
repository (which is on the local filesystem).
>> If nobody has a definite answer, can anyone recommend test
>> scenarios to
>> prove or disprove that this will or will not result in repository
>> corruption?
>
> I'm not sure how you would test it.
>
>> Related to this, and I will post it as a second query later, is it
>> safe to
>> have multiple Apache instances pointed to the same SVNParentPath
>> (e.g. --
>> clustering)?
>
> It these multiple Apache instances are on multiple computers and
> accessing a common repository on a storage-area network, then it will
> be safe if the storage-area network uses a cluster filesystem. One
> filesystem that has this is whatever Apple's Xsan uses.
Initially they would be on the same host and the repository would be on
the local filesystem. In the future they would be on different hosts and
the repository would be mounted via NFS, most likely from a NetApp but
possibly from our corporate SAN.
The clustering is more for load balancing and traditional clustering
reasons, not so much for the LDAP issue. I expect our LDAP to be
consolidated before load balancing becomes a requirement.
> An alternative to this would be to have just a single read/write
> master repository, and then an arbitrary number read-only slaves
> which use svnsync to synchronize with the master. You can even proxy
> through the write requests so that someone can check out a working
> copy from the read-only slave and when they commit the request will
> be sent to the master. It's not entirely straightforward to set this
> up, however.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-04-18 02:20:57 CEST