Versions Compared

Old Version 4

changes.mady.by.user Greg Hudson

Saved on

compared with

New Version 5

changes.mady.by.user Greg Hudson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The server is an ops VM image running RHEL 5 with AFS and update_server installed.   The standard IPS user accounts are also installed.
  • Subversion setup:
    • Created user "svn" alongside the IPS accounts. Make sure its homedir is mode 755.
    • Grab Subversion 1.4.6 from subversion.tigris.org, put in /home/svn/src
    • No need to grab the deps tarball; RHEL 5 has adequate versions of those
    • Need to install some development packages: yum install apr-devel apr-util-devel neon-devel zlib-devel
    • Untar into /home/svn/src/subversion-1.4.6
    • Run ./autogen.sh to work around some libtool issue with 64-bit libraries
    • Do build with: ./configure --without-berkeley-db --prefix=/home/svn && make && make install

Next steps:

  • Get DCM set up from moira (by ops) and received on map-dev-svn1.  Mark Manley is working on the update_server port for receiving the DCM.
  • Get a repository created on svn.mit.edu for supporting materials
  • Identify supporting materials (exec-svnserve, DCM scripts, cron jobs, etc.) and put into repository with documentation

Pieces of the user management system on the existing svn.mit.edu:

  • svn-config setup:
    • Make a copy of a checkout of svn+ssh://svn.mit.edu/svn-config/trunk into /root
    • make && make install
  • DCM setup:
    • This is set up by ops. It is an acl.sh DCM which creates /etc/passwd.moira and /etc/group.moira based on the contents of the cvs-users and cvs-groups Moira groups.
    • /usr/local/sbin/postacldcm (already installed in the previous step) munges the results into /etc/passwd and /etc/group.
  • SSH setup (/etc/ssh/sshd_config):
    • Verify that GSSAPIAuthentication and GSSAPICleanupCredentials are set.
    • Turn on PasswordAuthentication, KerberosAuthentication, and KerberosOrLocalPasswd to allow username/password authentication
  • A DCM manages /etc/group.local to contain all of the groups in the moira list cvs-groups.
  • A DCM manages /etc/passwd.moira to contain all of the users in the moira list cvs-users.
  • /etc/athena/postacldcm combines /etc/passwd.local.head and /etc/passwd.moira with some modifications into /etc/passwd.local which is then copied into /etc/passwd.
  • /etc/athena/postacldcm modifies /etc/group.local in place and then copies it into /etc/group.
  • Some snap accounts have entries in /etc/passwd.local.head and do not exist in Moira.  Those accounts are added to specific groups in /etc/group.local by postacldcm before updating /etc/group.
  • Other snap accounts exist in Moira.  Those accounts do not need to be added to group.local by postacldcm, but do need their passwd entries modified by postacldcm.
  • Since the existing server is an Athena machine, SSH access is managed by /etc/athena/access, which contains "*inpasswd rl" to allow all users in the passwd file to log in via SSH
    • .