Sunday, April 15, 2007

Quick-and-dirty Subversion on a Virtual Machine

(In progress.)

I've gotten busy and my series about Subversion on a LinkStation is going to have to be put on hold. But I really need a Subversion server in the mean time.

In a previous post I'd set up VMWare Server on a spare laptop. I'm going to use that to create a virtual machine (VM) that'll run Subversion.

How quick is this?

All right, it's not that quick. If I were really in a hurry, I'd do one of these things instead:
  • Get the free(!) Subversion Virtual Machine from Young Technologies.
  • Go to wush.net and sign up for one of their US$15/month "Professional" packages (1 SVN Repository and 2 GB disk space).

But setting up a VM-based Subversion server fits into my long-term plans to place Subversion on a LinkStation, especially if I make the VM very similar to a LinkStation running FreeLink.

How dirty is this?

A little dirty. When we're done with this quick-and-dirty setup there will be some some significant shortcomings. (I'll be addressing these shortcomings in my LinkStation project.)
  • We won't have a backup and recover plan in place.
  • We won't have an uninterruptible power supply, so a loss of power could mess everything up.
  • We'll be using the default HTTPS port of 443. We really ought to change that to some other port so that attackers can't easily find the port.
  • We'll use apt-get to install things via packages. To allow ourselves to quickly integrate any future security fixes we really should download the source code into a branched repository and build from our own customized branch of that source code.
  • Since we'll just plug it into our network the server will have access to the Internet. This will be handy when we were setting up the machine and we need stuff from, say, http://security.debian.org/debian-security/ . But we really don't want a server to have blanket Internet access, in case a bad guy manages to log in and wants to send or receive stuff. We really want to put the server on its own subnet and not bridge that subnet onto the Internet.
  • We run Samba on the machine so other machines on the network can find it. Don't even get me started on what a bad idea this is, security-wise.

Assumptions
  • You've got a VMWare Server on your network. (If you haven't, see my post "Quick-and-dirty VMWare Server".)
  • You want to run Subversion in its most flexible security mode; that is, using WebDAV.

Planning sheet.
Following along with your own setup? For any option where your setup varies from mine fill in the yellow section.
For...J.R. used...But I'll use...
Operating systemDebian "etch" 4.0 release 
Machine nameqad-svn 
Domain namehomelan 
Size of the first virtual hard drive (hda)8.0 GB 
Size of the second virtual hard drive (hdb)350 GB 
Base directory for Subversion settings and repositories/srv/svn 
root password(He's not telling.) 
Other user accountsvnadmin 
Other user account's password(He's not telling.) 


Download the ISO for installing Debian.
  • Find a Debian install ISO. (I want my virtual machine to match as closely as possible the FreeLink installation, which uses a variant of the Debian "Sarge" 3.1 release. At first I tried to install Sarge, but that proved to be difficult because [I think] the installer doesn't like the fact that the online portion of the install points to files that work for the latest release, Debian "Etch" 4.0. So I went with Etch instead and chose debian-40r0-i386-netinst.iso .) Find your CD-ROM image at http://www.debian.org/CD/

Create a virtual machine

It might take you a while to download that ISO, so you may as well create the virtual machine while you're waiting.
  1. We're going to do some tricks with virtual disks that can't be done via a remote VMWare Server Console session. So you're going to have to do one of these two things:
    1. Sit down at the server and log in without benefit of Remote Desktop, or
    2. Connect to the server with a Remote Desktop client using the -console option.
  2. On the server, run VMware Server Console and connect to localhost.
  3. File | New | Virtual Machine...
  4. Use these options:
    • Configuration type: Custom
    • Guest operating system: Linux
    • Version: Other Linux
    • Virtual machine name:qad-svn
    • Location: C:\Virtual Machines\qad-svn
    • Make this virtual machine private: Checked
    • Virtual machine account: Local system account
    • On host startup: Power on virtual machine
    • On host shutdown:Power off virtual machine
    • Number of processors: One
    • Memory: 128MB
    • Network connection: Use bridged networking
    • SCSI Adapters: BusLogic
    • Disk: Create a new virtual disk
    • Virtual Disk Type: IDE
    • Disk size (GB): 8.0
    • Allocate all disk space now: Unchecked
    • Disk file: hda.vmdk

Configure the virtual machine

Now we're going to need that ISO, so make sure it's been downloaded before continuing.
  1. Edit virtual machine settings
  2. Connect the CD-ROM to our Debian install ISO. (Use ISO Image: C:\Virtual Machines\ISOs\Debian\etch\debian-40r0-i386-netinst.iso .)
  3. Create a second hard disk that will store our Subversion settings and repositories.
    1. Click Add...
    2. Hardware type: Hard Disk
    3. Disk: Create a new virtual disk
    4. Virtual Disk type: IDE
    5. Disk size (GB): 350.0 GB. Yes, that's a lot, but we're going to use only as much space as the data needs and grow the virtual drive as it needs more. Be really sure you set the next option correctly!
    6. Allocate all disk space noew: Unchecked. That's the option that you wanted to set correctly.
    7. Disk file: hdb.vmdk
  4. We might need to copy things to a USB device some day so we may as well add a USB controller now.
    1. Click Add...
    2. Hardware type: USB Controller
  5. At this point your Virtual Machine Settings should look something like this:

Snapshot

Now would be a good time to take a snapshot of the VM. Remember, VMWare Server only allows for one snapshot at time, so a future snapshot will replace this one.

Install Debian
  1. Start the VM.
  2. Hit Enter when prompted. Debian installation will begin.
  3. Choose language options.
    • Hostname: Use your planning sheet. (J.R. used "qad-svn".)
    • Domain name: Use your planning sheet. (J.R. used "homelan".)
  4. Partioning disks
    • hda
      • Erase entire disk: IDE1 master (hda)
      • Partitioning scheme: All files in one partition
    • hdb
      • We're going to mount all of hdb as /srv/svn
      • On the "This is an overview of your currently..." screen, select IDE1 slave (hdb)
      • Create new empty partition table on this device? Yes
      • On the "This is an overview of your currently..." screen, select the FREE SPACE item just below IDE1 slave (hdb)
      • How to use this free space: Create a new partition
      • New partition size: max
      • Type for the new partition: Primary
      • Change the mount point from /home to /srv/svn
      • Done setting up the partition
    • Finish partitioning
      • Your partitions should look something like this:
      • Finish partitioning and write changes to disk
      • (Partitioning the disks and installing the packages took a long time. I walked the dog.)
  5. Set your time zone.
  6. Installation continues.
    • Enter the root password.
    • Create the user account. Use your planning sheet. (J.R. used "svnadmin".)
    • (Installing the base system also takes a while. Another dog walk.)
    • Use a network mirror? Yes.
    • At the "Choose software to install" screen uncheck all options. We just want to install a minimal system.
    • Install the GRUB boot loader to the master boot record? Yes
    • At the "Installation complete" dialog...


      ...hit Enter and wait out the reboot.

Snapshot

Happy with your setup so far? If you're unhappy, restore that previous snapshot and try again. Aren't VMs wonderful?

Otherwise, here's another good time to take a snapshot of the VM. Although Virtual Server supports snapshots of live systems, I like to cleanly shut down the VM before I take a snapshot. (To do this, log in as root and enter shutdown -h now ). This snapshot will replace the previous one.

After the reboot

  1. Log in as root.
  2. Update the apt package list. Enter:
    apt-get update
  3. Upgrade all currently installed programs. Enter:
    apt-get upgrade
    (I didn't have anything installed, but this is a good practice if you do and it doesn't do any harm.)

Install Samba

  1. How do the Windows machines on your resolve the machine name (in my case, "qad-svn") to an IP address? One quick-and-dirty way is to enable Samba on the machine. Enter:
    apt-get install samba
    Now test it by pinging from another machine:
    ping qad-svn

Install Apache2

  1. Enter:
    apt-get install apache2
  2. Test the installation by browsing to the machine's http server (http://qad-svn) from another machine.

Install Subversion

  1. Use apt-get to install Subversion:
    apt-get install subversion
  2. Install libapache2-svn:
    apt-get install libapache2-svn
  3. Restart apache:
    /etc/init.d/apache2 restart

Configure Apache2 and Subversion

  1. Create the repository structure:
    mkdir /srv/svn/repositories
    mkdir /srv/svn/apache2
  2. Allow the apache user to access these directories:
    chown www-data:www-data -R /srv/svn
    chmod 770 -R /srv/svn
  3. Edit /etc/apache2/mods-available/dav_svn.conf to look like this:
    ...
    <Location /svn>
    ...
    SVNParentPath /srv/svn/repositories
    ...
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /srv/svn/apache2/dav_svn.passwd
    Require valid-user
    ...
    </Location>
  4. Create a user:
    htpasswd2 -c /srv/svn/apache2/dav_svn.passwd tester
  5. Create an test project:
    su www-data
    mkdir empty
    mkdir empty/trunk
    mkdir empty/tags
    mkdir empty/branches
    svnadmin create /srv/svn/repositories/test_repository
    svn import empty file:///srv/svn/repositories/test_repository/test_project -m "initial import"
    rmdir empty/trunk
    rmdir empty/tags
    emptyrmdir empty/branches
    rmdir empty
    exit
  6. From another machine, make sure you can view the repository in a browser (http://qad-svn/svn/test_repository/)



In progress. Sources include:

No comments: