This is a follow-up to the article on Redmine installation and the integration of svn repositories.
First you need to program Wildcard DNS record to avoid a constant editing of the DNS zone after adding a new test:
*.dev.example.com. IN A server_ip
Add the user, directories and put the necessary permissions:
# useradd -d/var/www/cool-project.dev.example.com/www -s/bin/false cool-project
# mkdir -p /var/www/cool-project.dev.example.com/{www,old_document_root,db_backup}
# chmod -R 750 /var/www/cool-project.dev.example.com/
# chgrp cool-project /var/www/cool-project.dev.example.com/
# chown -R cool-project /var/www/cool-project.dev.example.com/www
# touch /var/www/cool-project.dev.example.com/update.sh && chmod 700 /var/www/cool-project.dev.example.com/update.sh
The result should look like this:
# ls -la /var/www/cool-project.dev.example.com/ total 20 drwxr-x--- 5 root cool-project 4096 Jun 8 11:25 . drwxr-xr-x 7 root root 4096 Jun 8 11:04 .. drwxr-x--- 2 root root 4096 Jun 8 11:04 db_backup drwxr-x--- 2 root root 4096 Jun 8 11:04 old_document_root -rwx------ 1 root root 0 Jun 8 11:25 update.sh drwxr-x--- 2 cool-project root 4096 Jun 8 11:04 www
That is, we will run each site from a name of particular user, the sources of individual projects being isolated. Source backups and database will be available only for the root. Update script can run and edit only the root (we will let it through sudo only, and the cool-project user is not allowed to make any changes).
To run the scripts under different users will use the mpm-itk and we’ll need mod-auth-mysql for authentication to the test:
# aptitude install apache2-mpm-itk libapache2-mod-auth-mysql # a2enmod auth_mysql # /etc/init.d/apache2 restart
Also we need to create a particular authorization table:
CREATEVIEW users_auth_external ASSELECT u.login AS username, u.hashed_password AS passwd, GROUP_CONCAT(p.identifier)AS groups FROM`members` m INNERJOIN users u ON m.user_id = u.id INNERJOIN projects p ON m.project_id = p.id WHERE u.status =1GROUPBY username
Let's create a configuration for the virtual host:
# vi /etc/apache2/sites-available/cool-project.dev.example.com <VirtualHost *:80> ServerName cool-project.dev.example.com ServerAdmin admin@example.com DocumentRoot /var/www/cool-project.dev.example.com/www Options -Indexes <Directory /var/www/cool-project.dev.example.com/www> AuthType Basic AuthName"enter your login/password from redmine"AuthBasicAuthoritativeOffAuthUserFile /dev/null AuthMySQL On AuthMySQL_Authoritative on AuthMySQL_Host localhost AuthMySQL_DB redmine_default AuthMySQL_User redmine AuthMySQL_Password redmine_password #a password for access to Redmine DB AuthMySQL_Password_Table users_auth_external AuthMySQL_Group_Table users_auth_external AuthMySQL_Username_Field username AuthMySQL_Password_Field passwd AuthMySQL_Empty_Passwords off AuthMySQL_Group_Field groups AuthMySQL_Encryption_Types SHA1Sum Requiregroup cool-project <Limit GET POST> requiregroup cool-project </Limit> </Directory> AssignUserID cool-project cool-project </VirtualHost>
Then connect the vhost and reread Apache:
# a2ensite cool-project.dev.example.com # /etc/init.d/apache2 reload
Create the script of update:
# vi /var/www/cool-project.dev.example.com/update.sh #!/bin/sh path="/var/www/cool-project.dev.example.com"; #path to document roothost="cool-project.dev.example.com"; db_username=cool-project; #username to access dbdb_name=cool-project_stag; db_password="qwerty"; backup_dir="old_document_root"; user="cool-project"; lock_file=`ls$path|grep run.lock`; wait=yes; echo"Update $host"; while["$wait" = "yes"]doif[-z"$lock_file"]; thenecho"ok, continue"; wait=no; elseecho"another copy running now!"; sleep60; fi; lock_file=`ls$path|grep run.lock`; donetouch$path/run.lock; echo"[`date +%H:%M`] update in progress">>$path/www/public/status.txt; echo"last update at [`date +%H:%M`]">>$path/status.txt; svn info https://dev.example.com/svn-private/cool-project/|grep"Last">>$path/status.txt; svn export--force https://dev.example.com/svn-private/cool-project/trunk/$path/test_new; mv$path/status.txt $path/test_new/public/; mysqldump -u$db_username -p$db_password$db_name>$path/db_dumps/database_at_`date +%Y-%m-%d-%H-%M-%S`.sql; chown-R$user$path/test_new/; cp-a$path/www/public/upload/*$path/test_new/public/upload; mv$path/www $path/$backup_dir/test`date +%Y-%m-%d-%H-%M-%S`; mv$path/test_new $path/www; chmod-R777$path/www/tmp/; chmod-R777$path/www/public/upload/; sed-i s/production/staging/$path/www/public/.htaccess; rm$path/www/scripts/common.local.php sed-i'0,/production/s//staging/'$path/www/scripts/common.php; envAPPLICATION_ENV=staging $path/www/scripts/doctrine migrate >$path/www/migrate_log.txt; chmod750$path/www; chmod-R777$path/www/log/; rm$path/run.lock; echo"Update $host complete."
I gave the example of a typical script update for the project on Zend. You most likely will need to make changes to it as to your own data.
Now let’s add the svn hook. The script at the commit in the repository will run and update our test site:
# cd /var/svn/cool-project/hooks # cp post-commit.tmpl post-commit && chown www-data post-commit # vi post-commit sudo /var/www/cool-project.dev.example.com/update.sh 2>&1 > /dev/null &
Hooks are executed under the www-data and, we will have to use sudo to change the owner of the directory.
# visudo www-data ALL=NOPASSWD:/var/www/cool-project.dev.example.com/update.sh
Starting with the version 1.2.0 Redmine began to add salt to the password hashes. And if you want to use the authorization to test — you need to patch auth_mysql. Patch: mod_auth_mysql.patch
Deb packages for Debian squeeze:
libapache2-mod-auth-mysql_4.3.9-13_amd64.deb
and Ubuntu 10.04:
libapache2-mod-auth-mysql_4.3.9-12ubuntu1_amd64.deb
References:
Authenticate Apache against Redmine with AuthMySQL
Redmine guideManual for assembly and back porting of deb packages
