![od[force] - The worlds greatest Houdini resource](/images/system/odforce_logo.png){kind=logo}
CVSandCGIProduction install
From Odwiki
Back to the CVS and CGI Production
Contents |
CVS installation procedures and implementation considerations
Installing CVS is a fairly straight forward process, however planning and experimenting with the actual way you use CVS is completely up to the users and administrators. Many things need to be taken into consideration to provide an easy and reliable version control system, here a few notes:
Number of users and concurrent development
Considerations must be made to how many users will be accessing the CVS repository and the way in which files will (or will not be) shared. This will not only determine how the CVS repository will be configured, including permissions, modules, and wrappers, but also determine "rules of use" amongst the various individuals and groups using the version control system. The notify file (used to notify users of watches) and the users file (to map a CVS user to an email address) needs to be edited to enable watches feature in CVS.
The CVS repository and access methods
CVS Repository location and type of access, i.e. NFS, password server, RSH, SSH
The location of the repository is an important consideration for the successful use of CVS and should fit into the workflow of the users as much as possible. This may mean configuring CVS to fit to preexisting structures and/or possibly impose structure and discipline upon an unorganized and sometimes chaotic production environment.
Types of files, permissions, groups, users
The types of files that are to be maintained in the repository needs determination and possibly special wrappers via the cvswrappers file, and/or the cvsignore feature be used. All ASCII text files may be checked in and out with no problems; all diff, merge and update commands will work properly. Some binary files on the other hand, (executables, data files, dso's, etc.) may not make sense to have in the repository. Also, filename conventions must be taken into account, .i.e. Houdini's automatic incremental filename numbering system, so as to not conflict or confuse CVS or it's users.
TODO: Examples of /etc/group file and NIS map(s) for group permissions in the CVS repository.
Environment variables
CVS can have a number of environment variables set, such as $CVSROOT which points to the location of the CVS repository to be used for subsequent CVS commands. This environment variable can be reset at will to point to other CVS repositories (perhaps with command aliases or scripts). A common use of this idea might be to "switch" from a production repository to one's own private repository. Other variables may need to be set depending on the configuration of your network and hosts.
Commonly used CVS environment variables:
$CVSROOT - Specifies the path to the CVS repository. Can be overridden with the -d global option. The path to the repository can be preceded by an access method, username, and host as follows:
[[:method:][[username]@host]:]/repository_path
For a local mounted CVS repository, $CVSROOT may be set as follows:
setenv CVSROOT /usr/local/cvsroot
For an NFS mounted CVS repository, $CVSROOT may be set as follows:
setenv CVSROOT /hosts/venus/usr/local/cvsroot
For a password server accessed CVS repository, use the -d command option to specify the CVSROOT:
cvs -d :pserver:mstory@venus:/usr/local/cvsroot
A convenient alias for cvs password server commands:
alias cvs_pw 'cvs -d :pserver:mstory@venus:/usr/local/cvsroot'
$CVS_RSH - For rsh or ssh access, use the "ext" method in the command line and set the $CVS_RSH environment variable to the appropriate program. For rsh access, either the user must have a .rhosts file in their home directory on the CVS server, or there must be an entry in the hosts.equiv file on the CVS server for the machine the user is issuing the cvs commands; in other words, there needs to be a "trusted host" scenario on the network in question. This is *not* recommended for networks having a direct connection to the Internet and should be carefully considered and configured for networks behind firewalls and proxy servers. If your network is physically isolated from the Internet, your only security concerns are internal.
For ssh connections, which is recommended for any network connections on vulnerable networks, one needs to create a set of keys for the CVS server to identify you and the host from which you'll be issuing the CVS commands. Please refer to ssh documentation on the proper procedures.
Below are some suggestions for setting the $CVS_RSH environment variable:
For "BSD" rsh (remote shell) access:
setenv CVS_RSH /usr/bsd/rsh
For "SSH" (secure shell) access:
setenv CVS_RSH /usr/local/bin/ssh
Then issuing the following command will be executed with the program set in $CVS_RSH.
cvs -d :ext:mstory@venus:/usr/local/cvsroot
A convenient alias for rsh and ssh cvs commands:
alias cvs_rsh 'setenv CVS_RSH /usr/bsd/rsh; cvs -d :ext:mstory@venus:/usr/local/cvsroot' alias cvs_ssh 'setenv CVS_RSH /usr/local/bin/ssh; cvs -d :ext:mstory@venus:/usr/local/cvsroot'
$CVSEDITOR - The program used to edit messages for commits. It will override the $EDITOR or $VISUAL environment variables.
$CVSIGNORE - A list of names and wild card patterns that CVS should ignore, i.e. TIFF files.
$CVSWRAPPERS - A list of file names, wild cards and arguments that CVS should use as wrappers, i.e. for Houdini .hip files.
Network considerations
You will need to edit the inetd.conf, services, ssh and other network files to fit your particular network configuration and desired level of security. Refer to specific documentation for inetd, ssh and other network services for detailed information.
/etc/inetd.conf file modifications:
# CVS "password server" authentication
cvs stream tcp nowait root /usr/local/bin/cvs cvs \
--allow-root=/usr/local/cvsroot pserver
# CVS wrapped with tcpwrappers then passed to the CVS "password server"
cvs stream tcp nowait root /usr/freeware/bin/tcpd /usr/local/bin/cvs cvs \
--allow-root=/usr/local/src/cvsroot pserver
<pre>
/etc/services files additions/modications:
<pre>
cvs 2401/tcp # CVS port
FWTK netperm-table configuration:
# Using CVS with fwtk's plug through a firewall to an external and internal CVS server # CVS plug-in cvs-gw: timeout 3600 # for a cvs server outside of the firewall cvs-gw: port 2401 host-pattern 192.168.1.* -plug-to my_host.external.net # for a cvs server on the internal trusted network cvs-gw: port 2401 host-pattern 192.168.1.* -plug-to 192.168.1.2
RSH configuration
Needs to use .rhosts and/or hosts.equiv files. (not recommended for vulnerable networks)
TODO:
SSH configuration
Configure ssh2 "trusted host/user" key pair first, then users can execute cvs commands securely (recommended for vulnerable networks)
TODO:
Windows and Macintosh client(s) installation
TODO:
