John Peacock > SVN-Notify-Mirror > SVN::Notify::Mirror::SSH

Download:
SVN-Notify-Mirror-0.040.tar.gz

Dependencies

Annotate this POD

CPAN RT

New  1
Open  1
View/Report Bugs
Module Version: 0.040   Source  

NAME ^

SVN::Notify::Mirror::SSH - Mirror a repository path via SSH

SYNOPSIS ^

Use svnnotify in post-commit:

  svnnotify --repos-path "$1" --revision "$2" \
   --handler Mirror::SSH --to "/path/to/www/htdocs" \
   [--svn-binary /full/path/to/svn] \
   [[--ssh-host remote_host] [--ssh-user remote_user] \
   [--ssh-tunnel 10.0.0.2] \
   [--ssh-identity /home/user/.ssh/id_rsa]]

or better yet, use SVN::Notify::Config for a more sophisticated setup:

  #!/usr/bin/perl -MSVN::Notify::Config=$0
  --- #YAML:1.0
  '':
    PATH: "/usr/bin:/usr/local/bin"
  'path/in/repository':
    handler: Mirror
    to: "/path/to/www/htdocs"
  'some/other/path/in/repository':
    handler: Mirror::SSH
    to: "/path/to/remote/www/htdocs"
    ssh-host: "remote_host"
    ssh-user: "remote_user"
    ssh-tunnel: "10.0.0.2"
    ssh-identity: "/home/user/.ssh/id_rsa"

DESCRIPTION ^

Keep a directory in sync with a portion of a Subversion repository. Typically used to keep a development web server in sync with the changes made to the repository. This directory can either be on the same box as the repository itself, or it can be remote (via SSH connection).

USAGE ^

Depending on whether the target is a "Local Mirror" or a "Remote Mirror", there are different options available. All options are available either as a commandline option to svnnotify or as a hash key in SVN::Notify::Config (see their respective documentation for more details).

Working Copy on Mirror

Because 'svn export' is not able to be consistently updated, the sync'd directory must be a full working copy, and if you are running Apache, you should add lines like the following to your Apache configuration file:

  # Disallow browsing of Subversion working copy
  # administrative directories.
  <DirectoryMatch "^/.*/\.svn/">
   Order deny,allow
   Deny from all
  </DirectoryMatch>

The files in the working copy must be writeable (preferrably owned) by the user identity executing the hook script (this is the user identity that is running Apache or svnserve respectively).

Local Mirror ^

Please see " SVN::Notify::Mirror " for details.

Remote Mirror

Used for directories not located on the same machine as the repository itself. Typically, this might be a production web server located in a DMZ, so special consideration must be paid to security concerns. In particular, the remote mirror server may not be able to directly access the repository box.

NOTE: be sure and consult "Remote Mirror Pre-requisites" before configuring your post-commit hook.

Remote Mirror Pre-requisites

Before you can configure a remote mirror, you need to produce an SSH identity file to use:

1. Log in as repository user

Give the user identity being used to execute the hook scripts (the user running Apache or svnserve) a shell and log in as that user, e.g. su - svn;

2. Create SSH identity files on repository machine

Run ssh-keygen and create an identity file (without a password).

3. Log in as remote user

Perform the same steps as #1, but this time on the remote machine. This username doesn't have to be the same as in step #1, but it must be a user with full write access to the mirror working copy.

4. Create SSH identity files on remote machine

It is usually more efficient to go ahead and use ssh-keygen to create the .ssh folder in the home directory of the remote user.

5. Copy the public key from local to remote

Copy the .ssh/id_dsa.pub (or id_rsa.pub if you created an RSA key) to the remote server and add it to the .ssh/authorized_keys for the remote user. See the SSH documentation for instructions on how to configure

6. Confirm configuration

As the repository user, confirm that you can sucessfully connect to the remote account, e.g.:

  # su - local_user
  $ ssh -i .ssh/id_rsa remote_user@remote_host

This is actually a good time to either check out the working copy or to confirm that the remote account has rights to update the working copy mirror. If the remote server does not have direct network access to the repository server, you can use the tunnel facility of SSH (see ssh-tunnel above) to provide access (e.g. through a firewall).

Once you have set up the various accounts, you are ready to set your options.

AUTHOR ^

John Peacock <jpeacock@cpan.org>

COPYRIGHT ^

Copyright (c) 2005-2008 John Peacock

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The full text of the license can be found in the LICENSE file included with this module.

SEE ALSO ^

SVN::Notify, SVN::Notify::Config, SVN::Notify::Mirror

syntax highlighting: