In our deployment with mirrors, the access file is generated from information stored in Subversion.
The act of mirroring the repository with the access information in it triggers the post-commit hook which updates the permissions locally. Eric. On Thu, Sep 24, 2015 at 12:34 PM, Aaron Friesen <afrie...@spirae.com> wrote: > All, > > I have been tasked with setting up a mirror of several repositories with > write-through back to the master. > > We have path based authorization on the master. > > The svn book simply states to: > > ... configure each of your "slave" servers in the exact same way, > but add the special SVNMasterURI directive to the <Location> block. > > That works, but seems to require synchronization of the authz information > on all servers. > > What methods have people used to keep them synchronized? > > Here is the relavent <Location> configuration: > > ============== > <Location /sync/> > DAV svn > SVNParentPath "E:/csvn/data/repositories" > SVNReposName "CollabNet Subversion Repository" > > <IfModule deflate_module> > SetOutputFilter DEFLATE > </IfModule> > > <RequireAll> > Require user sync > </RequireAll> > AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file" > SVNPathAuthz short_circuit > AuthzForceUsernameCase Lower > </Location> > > # Work around authz and SVNListParentPath issue > RedirectMatch ^(/svn)$ $1/ > <Location /svn/> > DAV svn > SVNParentPath "E:/csvn/data/repositories" > SVNReposName "CollabNet Subversion Repository" > > <IfModule deflate_module> > SetOutputFilter DEFLATE > </IfModule> > AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file" > SVNPathAuthz short_circuit > SVNListParentPath On > AuthzForceUsernameCase Lower > SVNMasterURI http://192.168.15.18:8080/svn > </Location> > ============== > > By restricting access on <Location /sync/> to just the user "sync", and > the SVNMasterURI in <Location /svn/>, is there any major reason not to > simply remove all path based restrictions on the mirror and let the master > perform that function so that the authz on the mirror doesn't have to > change? > > Thanks, > > Aaron >
