Subversion for Configuration Managers - CollabNet 1.pdf · Basically version control – Repository...
Transcript of Subversion for Configuration Managers - CollabNet 1.pdf · Basically version control – Repository...
1 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
ENTERPRISE CLOUD DEVELOPMENT
Subversion for Configuration Managers Essential Concepts
2 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
What is software configuration management?
What will be covered in this course?
– Repository creation – Branch creation – Tag creation – Authorization – Hooks
Outline
3 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• There are many different definitions of Software Configuration Management (SCM). Version control, Subversion in our case, forms the foundation of SCM, but it is larger than version control. Beyond version control, SCM solutions typically also include:
– Build management – Release management – Defect tracking – Configuration management and process automation
• The focus of this class is on just the aspects of software configuration management as they relate to version control alone.
What is Software Configuration Management?
4 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
Basically version control
– Repository layouts
– Branch and merge models
– Promotion models (i.e., tagging)
– Authorization
– Process automation through hooks
What will we cover in configuration management?
5 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• Repository layouts – Access rules and ease of use are critical to successful use
• Branch and merge models – Isolation must be achieved when required and avoided when not required
• Promotion models (i.e., tagging) – Process improvement and auditability require tracking this data
• Authorization – Asset security is key when the asset is your company’s “crown jewels”
• Process automation through hooks – Automation brings consistency and ease of use, but there are trade-offs to consider
Why are these important?
6 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
Operational aspects of configuration management:
• How to create repositories, branches and tags
• How to implement authorization
• How to implement hooks
What will we cover in this deck?
7 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
7 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Repository Creation
8 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• This is an administrative operation not available to general users
• It must be executed on the repository server itself
• It requires write access to the location where the repository will be created
• The default filesystem backend is a flat file system (i.e., FSFS)
• All directories except for the final one in the repository path must exist prior to executing the create command
Repository creation
svnadmin create /repos/mydept/myrepo
9 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
svnadmin is a Subversion server utility used to/for:
– Create repositories – Load & dump – Hotcopy – Remove dead transactions – Modify commit log messages – Verify repository integrity – Change repositories unique identifiers (UUID)
svnadmin overview
10 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• After you’ve: – Created your repository – Created any top level directories – Created branches, tags and trunk directories
• You may want to populate your repository with data you already have.
• Use import to copy an unversioned tree into your repository. – Note, this does not automatically convert the imported source tree into
a working copy – you still need to do a checkout or update.
• Use a migration tool (ex. cvs2svn.py) if data is coming from a legacy version control tool.
Importing data
$ svn import –m “Initial import” projectA https://repos/myrepo/trunk
11 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
11 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Branch Creation
12 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• A branch is an independent line of development, sharing a common history with other lines.
• A branch starts as a copy of another line and moves on from there, adding its own history.
• The trunk is a line of development, just like any branch.
• HEAD refers to the latest revision on the path being referenced.
What is a branch?
13 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• Use copy to create a branch.
• Good version control hygiene is to keep the branches under a top-level directory.
Create a branch
$ svn copy http://example.com/svn/calc/trunk \ http://example.com/svn/calc/branches/my-calc \ -m "Create my-calc branch."
14 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
14 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Tag Creation
15 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• A tag is a snapshot of a particular version of a tree. – Human friendly name, e.g. “release-1.0”
• Common uses cases are. milestone builds, releases
– Commonly defined to be immutable (i.e., unchangeable); this can be enforced, but isn’t inherent
– Alternative to revisions for identifying a particular snapshot, e.g. “release-1.0” instead of r14298
• Tags can be: – Checked out, switched to, branched from
– Renamed, deleted, and restored
.
What is a tag?
16 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
Use copy to tag a revision
– Simple, common case: tagging a revision
– Complex case: tagging a mixed-revision, mixed-path working copy (e.g., to save state for bug reproduction)
Create a tag
$ svn copy http://example.com/svn/calc/trunk \ http://example.com/svn/calc/tags/release-1.0 \ -m "Create release-1.0 tag."
$ svn copy . http://example.com/svn/calc/tags/release-1.0 \ -m "Create release-1.0 tag."
17 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
17 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Authorization
18 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style The Two Aspects of Security
• Authentication – confirm who you are
• Authorization – confirm what you are allowed to do
19 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• Authorization immediately and consistently follows authentication
• Authorization defines permissions or access rights on specific paths
• Logging into Subversion does not mean you have any permissions for what you want to do
Authorization = Permissions
20 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
Authorization implementation varies with the selection of the Subversion server:
• svnserve – Lightweight server custom to Subversion – Quick and easy to setup – Network protocol is stateful and noticeably faster (i.e., speed) – Password not passed over the network
• Apache – Heavyweight server in broad use for many purposes – More features (e.g., security, logging, built-in browsing, etc.) – Doesn’t require an additional port be opened – Repository can be mounted as a network drive (i.e., WebDAV)
Two choices for Subversion servers
21 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
Example to: – Allow read access for authenticated users, – No access for anonymous users, – Use a passwd database in the same directory and – Define a realm name
• repository-path/conf/svnserve.conf:
• repository-path/conf/passwd:
svnserve – Authentication and Authorization: ex. CRAM-MD5
[general] anon-access = none auth-access = read password-db = passwd realm = My First Repository authz-db = authzfile
[users] joeuser = joepassword jayrandom = randomjay
22 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• httpd.conf:
• Example: mixed authenticated & anonymous access – Configure location in httpd.conf
Apache authorization
LoadModule dav_module modules/mod_dav.so LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /repos> DAV svn SVNParentPath /usr/local/svn AuthzSVNAccessFile /path/to/access/file Satisfy Any # Try anonymous access, resort to Require valid-user # real authentication if necessary. AuthType Basic AuthName "Subversion repository" AuthUserFile /path/to/users/file
</Location>
23 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
Standard authorization approach using two files: – AuthzSVNAccessFile /path/to/access/file:
– AuthzUserFile /path/to/users/file:
Apache – path based authorization
[calc:/projects/calc] @calc-developers = rw [calc:/branches/calc/bug-142] harry = rw sally = r
[groups] calc-developers = harry, sally, joe paint-developers = frank, sally, jane everyone = @calc-developers, @paint-developers
24 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style svnserve & Apache – single file path based authorization
[groups] admin = john, kate devteam1 = john, rachel, sally devteam2 = kate, peter, mark docs = bob, jane, mike training = zak # Default access rule for ALL repositories # Everyone can read, admins can write, Dan is excluded. [/] * = r @admin = rw dan = # Allow developers complete access to their project repos [proj1:/] @devteam1 = rw [proj2:/] @devteam2 = rw [bigproj:/] @devteam1 = rw @devteam2 = rw trevor = rw # Give the doc people write access to all the docs folders [/trunk/doc] @docs = rw # Give trainees write access in the training repository only [TrainingRepos:/] @training = rw
25 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
25 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Hooks
26 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style Repository hooks - overview
What is a hook script? – Depending on the operating system, a hook can be any executable script
or program.
– It is a script or program triggered by a repository event: • Commits • Lock (and unlock) changes • Revision property changes
– Depending on the hook's output or return status, the hook program may continue the action, stop it, or suspend it in some way.
27 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style Repository hooks – overview, cont’d
How do you create a hook script? – Write a program or script and name it the same as a provided template.
– Put this program or script into the REPO_HOME/hooks.
– Make sure it is executable.
Examples: – Commit mailing list.
– Checks, e.g. code beautifier, EOL styles, MIME types, whether commit message contains defect report ID.
– Allow/disallow modifying log messages, author, date.
28 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
Hooks currently supported:
– start-commit
– pre-commit
– post-commit
– pre-revprop-change
– post-revprop-change
– pre-lock
– post-lock
– pre-unlock
– post-unlock
Supported hook scripts
29 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style Start-commit vs. pre-commit hooks
• Start-commit hook: – If the hook program exits with success, the commit process continues. – If it exits with failure (non-zero), the commit is stopped immediately
after a Subversion transaction is created and STDERR is returned to the client.
– At this point the transaction properties (not Subversion versioned or revision properties) are available to determine client system settings (e.g., the Subversion version of the client).
• Pre-commit hook: – If the hook program exits with success, the transaction may be
committed. – If it exits with failure (non-zero), the commit is stopped right before the
Subversion transaction is executed and STDERR is returned to the client.
30 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• Pre-commit hook
• Post-commit hook
Hook script templates
REPOS="$1" TXN="$2" # Make sure that the log message contains some text. SVNLOOK=/usr/local/bin/svnlook $SVNLOOK log -t "$TXN" "$REPOS" | \ grep "[a-zA-Z0-9]" > /dev/null || exit 1 # Check that the author of this commit has the rights to perform # the commit on the files and directories being modified. commit-access-control.pl "$REPOS" "$TXN" commit-access-control.cfg || exit 1 # All
REPOS="$1" REV="$2" mailer.py commit "$REPOS" "$REV" /path/to/mailer.conf
31 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style Hook considerations
• You should not attempt to modify transactions with a hook script.
– For example, trying to automatically set ‘svn: eol-style’ property using a hook script. The main problem is that there is no way to tell the originating client that it is out of date. Instead, run a pre-commit hook script to check for the property/setting and reject if needed. Better yet, use the svn:auto-props inherited property to assign the initial property and setting based on file pattern.
• The Subversion users do NOT have any visibility on hooks being executed.
• Errors generated in a hook are not logged in the typical Subversion or Apache logs.
• One needs to consider redirecting hook output to an existing log file or a special hook log file.
• A hook should check status each time a logic block is processed within a hook.
32 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style Hook considerations, cont’d
• Consider using a start-commit hook to validate system functionality.
• Consider using dos to Unix scrubbers to remove any \m or unwanted control characters.
• Consider emailing the user when an error occurs in a hook, to aid in trouble-shooting.
• Consider standardizing all hooks if using multiple repositories.
• Use svnlook in conjunction with hooks to evaluate logic blocks.
33 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
svnlook
– Examines revisions and transactions.
– Read-only, does not modify the repository.
– Typically used:
• By hooks to report what is about to be committed or just committed.
• By administrators for diagnostics.
svnlook overview
34 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style • Synopsis
– svnlook SUBCOMMAND REPOS_PATH [ARGS & OPTIONS ...]
• Subcommands: – Author – Cat – Changed – Date – Diff – dirs-changed – History – Info – Lock – Log – propget (pget, pg) – proplist (plist, pl) – Tree – Uuid – youngest:
svnlook command
$ svnlook youngest /var/svn/repos/calc 19
35 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• Integrate svnlook into hooks to evaluate Subversion logic blocks
• Example from the pre-lock hook:
Hook scripts – integrate svnlook
SVNLOOK=/usr/local/bin/svnlook GREP=/bin/grep SED=/bin/sed LOCK_OWNER=`$SVNLOOK lock "$REPOS" "$PATH" | $GREP '^Owner: ' | $SED 's/Owner: //'` # If we get no result from svnlook, there's no lock, allow the lock to # happen: if [ "$LOCK_OWNER" = "" ]; then exit 0 fi # If the person locking matches the lock's owner, allow the lock to # happen: if [ "$LOCK_OWNER" = "$USER" ]; then exit 0 fi # Otherwise, we've got an owner mismatch, so return failure: echo "Error: $PATH already locked by ${LOCK_OWNER}." 1>&2 exit 1
36 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• The following are locations where you can find some prewritten hook scripts: – http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ – http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/
• In your hooks directory you will find a .tmpl file with each of the event names, if you want to enable one of the hooks, copy the template file (without the .tmpl extension) and make it executable.
• On Windows you need to rename the .tmpl file with an extension that is executable by windows such as an exe or bat file.
Hook scripts – hook tips
37 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
• For security reasons, the Subversion executes hook programs with an empty environment, that is, no environment variables are set at all, not even $PATH.
– If hooks will use a common environment, Subversion allows for a server-side configuration file to define the common variables with options to allow mod_dav_svn and svnserve to point to that file.
– If a hook has unique environment needs, be sure to explicitly set any necessary environment variables in your hook program and/or use absolute paths to programs.
• If you are on Windows, you may have limited permissions and none of the network drives mapped for your script’s user.
• Hooks don't execute from the hooks folder.
Hook scripts – hook tips, Cont’d
38 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
38 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Thank You
39 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
39 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
About CollabNet CollabNet is a leading provider of Enterprise Cloud Development and Agile ALM products and services for software-driven organizations. With more than 10,000 global customers, the company provides a suite of platforms and services to address three major trends disrupting the software industry: Agile, DevOps and hybrid cloud development. Its CloudForge™ development-Platform-as-a-Service (dPaaS) enables cloud development through a flexible platform that is team friendly, enterprise ready and integrated to support leading third party tools. The CollabNet TeamForge® ALM, ScrumWorks® Pro project management and SubversionEdge source code management platforms can be deployed separately or together, in the cloud or on-premise. CollabNet complements its technical offerings with industry leading consulting and training services for Agile and cloud development transformations. Many CollabNet customers improve productivity by as much as 70 percent, while reducing costs by 80 percent.
For more information, please visit www.collab.net.
40 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
Click to edit Master title style
40 Copyright ©2014 CollabNet, Inc. All Rights Reserved.
© 2014 CollabNet, Inc., All rights reserved. CollabNet is a trademark or registered trademark of CollabNet Inc., in the US and other countries. All other trademarks, brand names, or product names belong to their respective holders.
CollabNet, Inc. 4000 Shoreline Court Suite 300 South San Francisco, CA 94080 USA www.collab.net +1-650-228-2500 +1-888-778-9793 blogs.collab.net twitter.com/collabnet www.facebook.com/collabnet www.linkedin.com/company/collabnet-inc