Thursday, 5 December 2013

Step by Step Installation of SVN (Subversion) Server


Subversion is free open source version control system to manage the files/directories and the changes of them made all time. The open source community has been using Subversion (SVN) widely of many collaborative development projects.
SVN supports several protocols for network access: SVN, SVN+SSH, HTTP, HTTPS. If you are behind a firewall, HTTP-based Subversion is advantageous since SVN traffic will go through the firewall without any additional firewall rule setting. In this tutorial, I will describe how to set up an HTTP-based Subversion server on Cent OS 5.8.

1.       Installation of Apache Server.

[root@svnserver ~]# yum install httpd*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: centos.mirror.net.in
 * base: mirror.vietoss.com
 * centosplus: mirrors.fibo.vn
 * contrib: mirrors.digipower.vn
 * extras: centos-hn.viettelidc.com.vn
 * updates: mirrors.digipower.vn
Setting up Install Process
Package httpd-2.2.3-83.el5.centos.x86_64 already installed and latest version

[root@svnserver ~]# /etc/init.d/httpd status
httpd is stopped
[root@svnserver ~]# chkconfig httpd on
[root@svnserver ~]# service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for svnserver
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]

[root@svnserver ~]# vi /etc/httpd/conf/httpd.conf
ServerName svnserver.example.com

[root@svnserver ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

2.       Installation of subversion server.
[root@svnserver ~]# yum install mod_dav_svn subversion

3.       Configure Subversion.

Open the subversion config file ‘/etc/httpd/conf.d/subversion.conf’ and edit as follows:

[root@svnserver conf.d]# vi /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

#
# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, "/var/www/svn".  Each repository
# must be readable and writable by the 'apache' user.  Note that if
# SELinux is enabled, the repositories must be labelled with a context
# which httpd can write to; this will happen by default for
# directories created in /var/www.  Use "restorecon -R /var/www/svn"
# to label the repositories if upgrading from a previous release.
#

#
# To create a new repository "http://localhost/repos/stuff" using
# this configuration, run as root:
#
#   # cd /var/www/svn
#   # svnadmin create stuff
#   # chown -R apache.apache stuff
#

<Location /svn>
   DAV svn
   SVNParentPath /var/www/svn

   # Limit write permission to list of valid users.
      # Require SSL connection for password protection.
      # SSLRequireSSL
      AuthType Basic
      AuthName "Authorization Realm"
      AuthUserFile /etc/svn-auth-users
     Require valid-user
   </Location>

4.       Create a new user for Subversion called “jitendra” for instance.

[root@svnserver ~]# htpasswd -cm /etc/svn-auth-users jitendra
New password:
Re-type new password:
Adding password for user Jitendra

5.       Create and configure subversion Repository.

Create a directory for subversion repository under “/var/www/svn” directory.

[root@svnserver ~]# mkdir /var/www/svn
[root@svnserver ~]# cd /var/www/svn
[root@svnserver svn]# svnadmin create repos
[root@svnserver svn]# ls
repos
 [root@svnserver svn]# chown apache.apache -R repos
[root@svnserver svn]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

6.       Disable Anonymous Users.

If you want to disable the anonymous user to access the repository, just edit the following line in‘repos/conf/svnserver.conf’ file.

[root@svnserver conf.d]# vi /var/www/svn/repos/conf/svnserve.conf

anon-access = none
authz-db = authz

7.       SELINUX Settings.

 If you enabled SELinux, run the following commands to change the SELinux context security.

[root@svnserver ~]# chcon -R -t httpd_sys_content_t var/www/svn/repos/
[root@svnserver ~]# chcon -R -t httpd_sys_rw_content_t /var/www/svn/repos/

8.       IPTABLES Settings.

Make sure that you have opened the apache default port ’80 through iptables.
[root@svnserver ~]# vi /etc/sysconfig/iptables
-A INPUT -p udp -m state --state NEW --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT

9.       Testing Subversion.

We can test the subversion by typing http://10.226.10.10/svn/repos in web browser.






10.   Create additional links(directories) under Subversion Repository.

Create some sample directories in any place and import them to your Subversion repository.

[root@svnserver ~]# mkdir subversion-templates
[root@svnserver ~]# cd subversion-templates/
[root@svnserver subversion-templates]#mkdir  jitendra

Now import the sub directories using the command ‘svn import’.
[root@svnserver ~]# svn import -m 'Initial import' subversion-templates/ http://10.226.10.10/svn/repos/
Authentication realm: <http://10.226.10.10:80> Subversion repositories
Username: jitendra
Password for 'jitendra':
Adding         /subversion-templates/jitendra

-----------------------------------------------------------------------
ATTENTION!  Your password for authentication realm:

   <http://10.226.10.10:80> Subversion repositories
can only be stored to disk unencrypted!  You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible.  See the documentation for details.

You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/root/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? no

Committed revision 1.


SVN Backup Script & Restore dump

I am using SVN Server and several repositories have been created under “/home/repositories/” directory. I will use below script to take all SVN repositories backup on local system under “/SVN_Backup” path.

Please find below the script for SVN repositories backup.

[root@svn02 ~]# cat /scripts/svn_backup


#!/bin/bash

# Record today’s day of week and Hour
# ---------------------------------------
bakdate=$(date +%A_%H)
echo "--------------------------------"
echo "Running SVN backup $bakdate"
echo "--------------------------------\n"

# From where to backup repos?
# ---------------------------------------

svnrepos="/home/repositories/"
echo "\nGoing to backup all SVN repos located at: $svnrepos \n"

# Where to save the dump?
# -----------------------------------------
bakdest="/SVN_Backup"


# _________NO-COFIG-REQUIRED-BELOW-THIS-LINE___________

# First go to SVN repo folder

cd $svnrepos


# Just make sure we have write access to backup-folder

if [ -d "$bakdest" ] && [ -w "$bakdest" ] ; then
  # Now $repo has folder names = project names
  for repo in *
     do
    # do svn dump for each project
    echo "Taking backup/svndump for: $repo"
    echo "Executing : svnadmin dump $repo > $bakdest/$repo-$bakdate.svn.dump \n"
    # Now finally execute the backup

    /usr/bin/svnadmin dump $repo > $bakdest/$repo-$bakdate.svn.dump
    # You can go an extra mile by applying tar-gz compression to svn-dumps
    gzip $bakdest/$repo-$bakdate.svn.dump

  done
else
  echo "Unable to continue SVN backup process."
  echo "$bakdest is *NOT* a directory or you do not have write permission."
fi

# End of backup script
echo "\n\n================================="

echo " - Backup Complete, THANK YOU :-]"



We can schedule the backup script once a day in cron job.

[root@svn02 ~]# crontab -e
00 02 * * * /scripts/svn_backup




2. Restore DUMP of subversion (SVN) Repository.

svnadmin create /path/to/repo_name

svnadmin load /path/to/repo_name < path/to/repo_name.dmp

Tuesday, 26 November 2013

How to add bunch of Subscriber And Moderator to mailing list in qmail vpopmail(EZMLM)


I have an old qmail vpopmail system at my office and here is how to installed it you can refer to http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php. Okay the problem is that I want to create many subscriber to the qmailadmin. You can manually create a subscriber by go to your qmailadmin -> Mailing Lists -> Show Subscribers. How about if we want to add many subscriber let’s say 500 or 1000 email address? Here is the step. I want to start the step how to create mailing list on qmailadmin.
1. Go to your qmail admin, it usually http://localhost/cgi-bin/qmailadmin/ and click New Mailing List

2. Enter the Mailing List Name , List owner email address and set the other option on the below. And after you finish click Add button


3. Your Mailing list suppose to be added successfully, and if you want to add an subscriber you must add them by clicking Add Subscriber button and add them one by one.



4. Waste of time and energy if you added them one by one right? How about if we have to add 100/ 200 email ? :(. Here is how to add many subscriber on the qmail vpopmail (ezmlm).
Go to your mailing list name
# cd /home/vpopmail/domains/example.net/sample-list/
in my case i am going to /home/vpopmail/domains/test.org/test
# cd /home/vpopmail/domains/test.org/test
I have create the mailing list on list.txt and i create then under /home/vpopmail/domains/test.org/test
# vi list.txt
test@test.com
test@another.com
testing@gmail.com
Now we need to run ezmlm-sub command just run
# /path/to/ezmlm-sub `pwd` < /path/to/file/full/of/addresses
in my case
# /usr/local/bin/ezmlm/ezmlm-sub `pwd`< /home/vpopmail/domains/test.org/test/list.txt
then, confirm the subscription:
# /path/to/ezmlm-list `pwd`
in my case

# /usr/local/bin/ezmlm/ezmlm-list `pwd`
testing@gmail.com
test@another.com
test@test.com
by the way, the default ezmlm path is /usr/local/bin/ezmlm
5. You should see the email on the subscriber
now how to add a bunch of moderator to the ezmlm mailing list?
Same as adding subscriber we need to go to your mailing list name
# cd /home/vpopmail/domains/example.net/sample-list/
in my case i am going to /home/vpopmail/domains/test.org/test
# cd /home/vpopmail/domains/test.org/test
And you ned to go to your moderator subdirectory
# cd /home/vpopmail/domains/example.net/sample-list/mod
in my case i am going to /home/vpopmail/domains/test.org/test/mod
# cd /home/vpopmail/domains/test.org/test/mod
I have create the moderator email on modlist.txt and i create then under /home/vpopmail/domains/test.org/test/mod
# vi modlist.txt
moderatortest@test.com
moderator2@another.com
moderator3@gmail.com
Please remember that the modlist.txt files has root permission you need to change it into vpopmail :vchkpw, if did not changes the ownership you cannot delete the moderator email address from your qmailadmin
# chown vpopmail.vchkpw modlist.txt
Now we need to run ezmlm-sub command on /home/vpopmail/domains/test.org/test/mod  just run
# /path/to/ezmlm-sub `pwd` < /path/to/file/full/of/addresses
in my case
# /usr/local/bin/ezmlm/ezmlm-sub `pwd`< /home/vpopmail/domains/test.org/test/mod/modlist.txt
then, confirm the subscription:
# /path/to/ezmlm-list `pwd`
in my case

# /usr/local/bin/ezmlm/ezmlm-list `pwd`
moderator3@gmail.com
moderator2@another.com
moderatortest@test.com
now you can see it on your qmailadmin -> Mailing Lists  -> Your mailing list name -> Show Moderators
Jan 09

What log files are available?
A qmail system is made up of several different programs, all running at the same time and doing their own little part of the overall "mail server" job. Each of these programs generally has its own log file, although if you are using syslog, the logs may be combined together. By understanding what each program does, you can easily tell which log file to look at when you need to check something.
The qmail-send program (which normally runs as a daemontools service called "qmail-send", or maybe just "qmail") manages the queue, and starts all delivery processes. The delivery programs run as children of qmail-queue, and therefore their output is contained with the qmail-queue output. If you have a problem with messages being "stuck" in the queue, this log file should be the place to look.
The qmail-smtpd program handles incoming SMTP traffic. If you have a problem with messages not being properly accepted or rejected from other machines, this log file should be the first place to look. Note that if you have multiple SMTP services on the machine (for example, a standard SMTP service on port 25, an SSL-enabled service on port 465, and an AUTH-only service on port 587) each service will have its own log file (again, unless they are being combined by the syslog mechanism.)
If you are using qmail-scanner as a way to have your incoming mail scanned for viruses and/or spam content, the qmail-scanner program also generates a log file of its own, which is totally separate from the qmail-smtpd log. You will find this file in your qmail-scanner directory, with the name qmail-queue.log. This will have a line-by-line description of everything the qmail-scanner program does.
If you are using simscan as a way to have your incoming mail scanned for viruses and/or spam content, you will normally find simscan’s logs in the qmail-smtpd service log.
If you are using clamav, the "clamd" program keeps its own log file. The /etc/clamd.conf file should have a "LogFile" line which tells you where the log is being written.
If you are using spamassassin, its "spamd" program also generates logs. By default it sends the logs to the syslog with the "mail" facility code, but by adding a "-s" option to spamd’s command line it is possible to send the log output to a file, or to the "standard error" channel (which makes it easy to run spamd under daemontools.) You should examine the command line for spamd in order to figure out where its log file will be found.
Any POP3 or IMAP servers will also be generating their own log entries. If you or your users are having a problem with POP3 or IMAP, those would be the place to look.

Installation of Apache-Tomcat with SSL


1.   Introduction : -

Tomcat is a Java Servlet container and web server from the Jakarta project of the Apache software foundation. A web server dishes out web pages in response to requests from a user sitting at a web browser. But web servers are not limited to serving up static HTML pages; they can also run programs in response to user requests and return the dynamic results to the users’ browser.  Tomcat is very good at this because it provides both Java servlet and JavaServerPages (JSP) technologies (in addition to traditional static pages and external CGI programming). The result is that Tomcat is good choice for use as a web server for many applications; also if you want a free servlet and JSP engine. It can be used standalone or used behind traditional web servers such as Apache httpd, with the traditional server serving static pages and Tomcat serving dynamic servlet and JSP requests.



2.   Required Packages:-

The packages which are being used in <My Company> for configuration are defined below. The package version of these may vary with coming updated version.

i)              apache-tomcat-6.0.33
ii)             jdk1.6.0_22
iii)            Red Hat Enterprise Linux 5.5


3.   Installation:-

i)              Install the RHEL 5.5 operating system on Hardware as defined by <My Company>  OS installation guide.
ii)             Create a tomcat user on Linux server for ownership of tomcat server. For security reasons we will be working in low privilege user mode instead of root user.

Run:

useradd –c  “Tomcat Web Server Account”  -m –d /home/tomcat –s /bin/bash tomcat

iv)           Download apache-tomcat-6.0.33 & jdk1.6.0_22 packages from Internet .


Move these packages into /home/tomcat directory and change ownership to tomcat user.

Run:-

$ cd /home/tomcat
$ chown –R tomcat.tomcat  /home/tomcat/apache-tomcat-6.0.33
$ chown  -R tomcat.tomcat /home/tomcat/jdk1.6.0_22
$ chmod -R u+x /home/tomcat/jdk1.6.0_22/bin



4.   Tomcat  Server Configuration:-

Set the ENVIROMENTAL VARIABLES in /home/tomcat/.bashrc file as defined below.

$ vi /home/tomcat/.bashrc
EDIT:-

#### JAVA & TOMCAT ENVIROMENT VARIABLE DEFINITIONS ####

JAVA_HOME=/home/tomcat/jdk1.6.0_22
CATALINA_HOME=/home/tomcat/apache-tomcat-6.0.33
CATALINA_BASE=/home/tomcat/apache-tomcat-6.0.33
PATH=$JAVA_HOME/bin:$CATALINA_HOME/bin:$PATH
export JAVA_HOME CATALINA_HOME PATH








5.    SSL Configuration:-

i)              Generate keystore file with self-signed Certificate

Tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores. The JKS format is Java's standard "Java KeyStore" format, and is the format created by the keytool command-line utility.
To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line:

               $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
                -keystore /home/tomcat/.keystore


After executing this command, you will first be prompted for the keystore password. The default password used by Tomcat is "changeit" (all lower case), although you can specify a custom password if you like. You will also need to specify the custom password in the server.xml configuration file, as described later.

Next, you will be prompted for general information about this Certificate, such as company, contact name, and so on. This information will be displayed to users who attempt to access a secure page in your application, so make sure that the information provided here matches what they will expect.
Finally, you will be prompted for the key password, which is the password specifically for this Certificate (as opposed to any other Certificates stored in the same keystore file). You MUST use the same password here as was used for the keystore password itself. This is a restriction of the Tomcat implementation. (Currently, the keytool prompt will tell you that pressing the ENTER key does this for you automatically.)
If everything was successful, you now have a keystore file with a Certificate that can be used by your server.

ii)             Edit the tomcat configuration file
$ vi $CATALINA_BASE/conf/server.xml
Uncomment the following lines and add keystore file path and define keystore certificate password for SSL configuration for tomcat server. 


<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                               maxThreads="150" scheme="https" secure="true"
                               keystoreFile="/home/tomcat/.keystore" keystorePass="changeit"
                               clientAuth="false" sslProtocol="TLS" />


Comment out the following entries in server.xml file to disable the tomcat web server to run on http protocol.

              
            <! --
                   <Connector port="8080" protocol="HTTP/1.1"
                                    connectionTimeout="20000"
                                     redirectPort="8443" />
-- >



6.   Start and stop tomcat service to activate the configuration.


Stop tomcat service:

 $CATALINA_HOME/bin/shutdown.sh

Start tomcat service:

 $CATALINA_HOME/bin/startup.sh


7.   Enable Logging:-

Edit the server.xml file to enable logging for tomcat server.

$ vi $CATALINA_HOME/conf/server.xml

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"   prefix="localhost_access_log." suffix=".txt" pattern="combined" resolveHosts="false"/>

The Logs are generated in $CATALINA_HOME/logs directory which can be analyzed for troubleshooting of tomcat server.







8.   Configure Heap Size in Tomcat 6.0:-

Stop Tomcat server, set environment variable CATALINA_OPTS, and then restart Tomcat. Look at the file tomcat-install/bin/catalina.sh or catalina.bat for how this variable is used. For example,
 Edit $CATALINA_HOME/bin/catalina.sh
export CATALINA_OPTS="-Xms1024m -Xmx1024m -XX:PermSize=256m XX:MaxPermSize=1024m"

9.   Finalization:-


After completing these configuration changes, you must restart Tomcat as you normally do, and you should be in business. You should be able to access any web application supported by Tomcat via SSL. For example, try:

http://tomcat.apache.org/tomcat-6.0-doc/images/void.gif
http://tomcat.apache.org/tomcat-6.0-doc/images/void.gif
http://tomcat.apache.org/tomcat-6.0-doc/images/void.gif
http://tomcat.apache.org/tomcat-6.0-doc/images/void.gif
https://localhost:8443
http://tomcat.apache.org/tomcat-6.0-doc/images/void.gif