[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: path based authz and write-through proxy

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Thu, 24 Sep 2015 21:34:45 -0400

On Thu, Sep 24, 2015 at 3:34 PM, Aaron Friesen <AFriesen_at_spirae.com> wrote:
> All,
>
> I have been tasked with setting up a mirror of several repositories with write-through back to the master.

What is your engineering time worth? Wandisco publishes a very nice
multi-master setup that does precisely this, at
http://www.wandisco.com/subversion/multisiteplus. It can be a real
advantage to have a responsible commercial vendor to keep your tools
up-to-date for you, rather than to do so manually and be encouraged to
integrate local confusing tuning that is unsupportable in the long
term.

Been there, done that, got paid a lot of consulting money for cleaning
up after it.

> We have path based authorization on the master.
>
> The svn book simply states to:
>
> ... configure each of your "slave" servers in the exact same way, but add the special SVNMasterURI directive to the <Location> block.
>
> That works, but seems to require synchronization of the authz information on all servers.
>
> What methods have people used to keep them synchronized?
>
> Here is the relavent <Location> configuration:
>
> ==============
> <Location /sync/>
> DAV svn
> SVNParentPath "E:/csvn/data/repositories"
> SVNReposName "CollabNet Subversion Repository"
>
> <IfModule deflate_module>
> SetOutputFilter DEFLATE
> </IfModule>
>
> <RequireAll>
> Require user sync
> </RequireAll>
> AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file"
> SVNPathAuthz short_circuit
> AuthzForceUsernameCase Lower
> </Location>
>
> # Work around authz and SVNListParentPath issue
> RedirectMatch ^(/svn)$ $1/
> <Location /svn/>
> DAV svn
> SVNParentPath "E:/csvn/data/repositories"
> SVNReposName "CollabNet Subversion Repository"
>
> <IfModule deflate_module>
> SetOutputFilter DEFLATE
> </IfModule>
> AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file"
> SVNPathAuthz short_circuit
> SVNListParentPath On
> AuthzForceUsernameCase Lower
> SVNMasterURI http://192.168.15.18:8080/svn
> </Location>
> ==============
>
> By restricting access on <Location /sync/> to just the user "sync", and the SVNMasterURI in <Location /svn/>, is there any major reason not to simply remove all path based restrictions on the mirror and let the master perform that function so that the authz on the mirror doesn't have to change?
>
> Thanks,
>
> Aaron
Received on 2015-09-25 03:35:04 CEST

This is an archived mail posted to the Subversion Users mailing list.