Page History

...

• The server is an ops VM image running RHEL 5 with AFS and update_server installed.   The standard IPS user accounts are also installed.
• Subversion setup:
  • Created user "svn" alongside the IPS accounts. Make sure its homedir is mode 755.
  • Grab Subversion 1.4.6 from subversion.tigris.org, put in /home/svn/src
  • No need to grab the deps tarball; RHEL 5 has adequate versions of those
  • Need to install some development packages: yum install apr-devel apr-util-devel neon-devel zlib-devel
  • Untar into /home/svn/src/subversion-1.4.6
  • Run ./autogen.sh to work around some libtool issue with 64-bit libraries
  • Do build with: ./configure --without-berkeley-db --prefix=/home/svn && make && make install

Next steps:

• svn-config setup:
  • Make a copy of a checkout of svn+ssh://
• Get DCM set up from moira (by ops) and received on map-dev-svn1.  Mark Manley is working on the update_server port for receiving the DCM.
• Get a repository created on
  • svn.mit.edu
  for supporting materials
• Identify supporting materials (exec-svnserve, DCM scripts, cron jobs, etc.) and put into repository with documentation

Pieces of the user management system on the existing svn.mit.edu:

• • /svn-config/trunk into /root
  • make && make install
• Shell account setup:
  • Create passwd entries for the five shell accounts in /etc/passwd:

    stellarcvs:*:105:101:Stellar CVS Access,,,,:/var/shellacct/stellarcvs:/bin/bash
    isdasnap:*:106:101:ISDA SVN Access,,,,:/var/shellacct/isdasnap:/bin/bash
    athenasnap:*:107:101:Athena SVN Access,,,,:/var/shellacct/athenasnap:/bin/bash
    saisrelmgr:*:108:101:SAIS Autobuilder SVN Access,,,,:/var/shellacct/saisrelmgr:/home/svn/bin/svnserve
    macathenasnap:*:109:101:MacAthena SVN Access,,,,:/var/shellacct/macathenasnap:/bin/bash

  • mkdir /var/shellacct/{stellarcvs,saisrelmgr,isdasnap,athenasnap,macathenasnap}
  • chown stellarcvs:101 /var/shellacct/stellarcvs
  • chown isdasnap:101 /var/shellacct/isdasnap
  • chown athenasnap:101 /var/shellacct/athensnap
  • chown saisrelmgr:101 /var/shellacct/saisrelmgr
  • chown macathenasnap:101 /var/shellacct/macathenasnap
• DCM setup:
  • cp /etc/passwd /etc/passwd.head
  • cp /etc/group /etc/group.head
  • If any of the shell account setup is done after this, make sure to propagate it to /etc/passwd.head and /etc/group.head.
  • The actual DCM is set up on Moira. It is an acl.sh DCM which creates /etc/passwd.moira and /etc/group.moira based on the contents of the cvs-users and cvs-groups Moira groups.
  • /usr/local/sbin/postacldcm (already installed in the svn-config step) munges the results into /etc/passwd and /etc/group.
• SSH setup (/etc/ssh/sshd_config):
  • Verify that GSSAPIAuthentication and GSSAPICleanupCredentials are set.
  • Turn on PasswordAuthentication, KerberosAuthentication, and KerberosOrLocalPasswd to allow username/password authentication
• A DCM manages /etc/group.local to contain all of the groups in the moira list cvs-groups.
• A DCM manages /etc/passwd.moira to contain all of the users in the moira list cvs-users.
• /etc/athena/postacldcm combines /etc/passwd.local.head and /etc/passwd.moira with some modifications into /etc/passwd.local which is then copied into /etc/passwd.
• /etc/athena/postacldcm modifies /etc/group.local in place and then copies it into /etc/group.
• Some snap accounts have entries in /etc/passwd.local.head and do not exist in Moira.  Those accounts are added to specific groups in /etc/group.local by postacldcm before updating /etc/group.
• Other snap accounts exist in Moira.  Those accounts do not need to be added to group.local by postacldcm, but do need their passwd entries modified by postacldcm.
• Since the existing server is an Athena machine, SSH access is managed by /etc/athena/access, which contains "*inpasswd rl" to allow all users in the passwd file to log in via SSH
  • .