A Bit About Subversion
|Figure 1. Subversion: Subversion is a revision control system that lets you easily track and compare changes to files.|
Subversion (see Figure 1
) is a revision control system that lets you easily track and compare changes to files. Typically, people use Subversion to track changes to source code. When a developer "checks out" a folder containing code files, Subversion ensures that nobody else can make changes to the code in that folder. As developers finish making changes to the source, they "commit" their changes to the source, which updates the "master copy" of the folder, but maintains a list of the changes that occurred.
But you don't have to limit Subversion's use to source code files; in this context, you can use it to track changes to your router configurations easily. The same basic theory applies to saving changes for Cisco configurations; however, you essentially have only a single source for changes. You can't check out a single file in Subversion. Instead, you check out the entire folder containing the file you want to. Because of this behavior, you need to do a little work-around at the end. Don't worry, though, because Subversion is only going to update the configurations that have actually changed. For example, if you're updating weekly, and your routers haven't had any configuration changes in the past week, then Subversion won't update anything. You'll need to make one change to your Cisco configurations if you plan on using these stored configurations for disaster recovery purposes. If you drop a working configuration onto a router, IOS automatically puts all interfaces into the "shut" state. Therefore, you must make sure to modify the configurations to be put into a "no shut" state when doing disaster recovery.
Configuring Subversion and Apache
You need to create the configuration repository in Subversion. First, create the following directory tree:
gonzo:~ # mkdir /opt
gonzo:~ # mkdir /opt/svn
gonzo:~ # mkdir /opt/svn/user_access
Then, create the initial configuration repository.
gonzo:~ # svnadmin create /opt/svn/depot
Next, set the permissions on the new configuration repository. Here's where you need the user and group that Apache is configured to use that you found above:
chown --R <apache user>:<apache group> /opt/svn/depot
Finally, create some users. Use the following command and then press Enter.
<span class="pf">htpasswd -cm /opt/svn/user_access/passwd <username></span>
Then, type in the password for that user.
gonzo:/opt # htpasswd -cm /opt/svn/user_access/passwd someuser
Re-type new password:
Adding password for user someuser
Now that you've created the basic repository, you need to enable mod_dav
and Subversion in your Apache configuration. Check your httpd.conf
file for the following lines and add them if they're not there:
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule dav_fs_module modules/mod_dav_fs.so
You need to add the Subversion information to httpd.conf
as well, as shown below.
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require SSL connection for password protection.
AuthName "Authorization Realm"
After making these modifications, run the command apachectl configtest
to check the Apache configuration for errors. You should see the following on your screen:
gonzo:/etc/apache2/conf.d # apache2ctl configtest
If the configuration test doesn't return Syntax OK
, it'll return errors instead, and you'll need to fix these before you can continue. Assuming that your configuration is OK, restart Apache using the command apachectl restart
Now, open your favorite Web browser, and go to the Apache site we just created. In the location bar, enter http:///depot
. The Web page should look something like:
Revision 0: /
Powered by Subversion version 1.0.5 (dev build).
As you can see, the repository is emptywhich is to be expected because you haven't imported any configurations yet. You're going to create a basic structure to store configurations now. First, you need to "check out" the existing repository. Create a "tmp" directory inside your home directory.
conrad@gonzo:~> cd tmp
conrad@gonzo:~/tmp> svn co http://localhost/depot
Checked out revision 4.
|Author's Note: Your revision number will probably be different from mine throughout these examples.