WANdisco
 Navigation:  v1.4.1 Build 0630 | Release Notes | Install | Upgrade | Administration | Reference | API | Glossary | Archive

Installation Guide

This guide describes everything you need to deploy Git MultiSite:

1. Before you deploy

Before installing SVN MultiSite Plus, make sure that you have sufficient hardware and that all required software is configured appropriately.

1.1 Skills requirements

This section details the knowledge and technical requirements for deployment and operation of SVN MultiSite Plus. You should ensure that each of these requirements is satisfied before you begin the deployment.

Technical skill requirements
System administration
  • Unix operating system installation
  • Disk management
  • Memory monitoring and management
  • Command line administration and manually editing configuration files
  • Service (init.d) configuration and management
Apache administration (if applicable)
  • Familiarity with Apache web server architecture
  • Management of httpd.conf / Apache2 configuration file management settings
  • WebDAV protocol
  • User authentication options
  • Log setup and viewing
Networking
  • IP Address assignation
  • TCP/IP ports and Firewall setup

SVN and MultiSite Plus

If you're not confident about handling any of these tasks, you can request a supported installation from WANdisco.

A single administrator can manage all the systems running MultiSite Plus, although it's a good idea to have someone at each site who is familiar with the MultiSite Plus Basics.

1.2 Deployment overview

As with any software implementation you should deploy SVN MultiSite Plus following a well defined plan. We recommend that any deployment plan includes the following steps:

  1. Pre-deployment Planning: Identifying the requirements, people and skills needed for deployment and operation. Also covers agreeing schedule and milestones, highlighting any assumptions, constraints, dependencies and risks to a successful deployment.
  2. Deployment Preparation: Preparation and identification of server specifications, locations, node configuration, repository set-up, replication architecture, server and software configurations.
  3. Testing Phase: Activities related to an initial installation and testing in a non production environment, executing test cases, and verifying deployment readiness.
  4. Production Deployment: Activities related to the installation, configuration, testing, and deployment in the production environment.
  5. Post-deployment Operations and Maintenance: Post-deployment activities including environment monitoring, system maintenance, training and technical support.

1.3 System requirements

This section describes everything you need to know if you are preparing existing servers for replication. You should view this information as a set of guidelines, not as a fixed set of requirements, and run your own performance tests during an evaluation period.

1.3.1 Hardware recommendations

Hardware sizing guidelines
Size #Users Repository Size (Gigabytes) CPU speed (Gigahertz) #CPU #Cores RAM (Gigabytes) HDD (Gigabytes)
Small 100 25 2 1 2-4 8-16 100
Medium 500 100 2 2 4 16-32 250
Large 1000 500 2.66 4 4 32-64 750
Very Large 5000 1000 2.66 4 4-6 128 1500
GB or GiB
We should clarify how we refer to measures of memory and data. SVN MultiSite Plus has now adopted the binary prefixes as provided by the International Electrotechnical Commission. We therefore use Mebibyte (1,048,576 bytes) instead of Megabytes (1,000,000 bytes) within our products. However, we'll still refer to Megabytes and Gigabytes where these are more commonly understood - such as in the above table.

If you're not familiar with the difference between the binary prefixs and the SI prefixes then we recommend that you give the following Wikipedia article a read - http://en.wikipedia.org/wiki/Mebibyte

1.3.2 Storage tips

1.3.3 Running in virtualization

1.3.4 Processor tips

1.4 Setup requirements

1.4.1 MultiSite Plus servers

This is a summary of the requirements, you'll need to run through the more detailed Installation Checklist.

1.4.2 SVN installations:

We recommend that you install SVN during the installation of SVN MultiSite Plus. You can choose between version 1.7 or 1.8, both have the necessary WANdisco-modified FSFS libraries already included. Regardless of the version of SVN that you use, it must include:

Requirement
If you run an existing installation of SVN instead of installing it during the setup of SVN MultiSite Plus, you need to make sure that it contains WANdisco's modified FSFS libraries.

You must run SVN and SVN MultiSite Plus on the same server.

2. Installation checklist

Though you may have referred to the Installation Checklist prior to an evaluation of SVN MultiSite Plus we strongly recommend that you revisit the checklist and confirm that your system still meets all requirements.

System setup
Operating systems
We've tested the following operating systems:
  • Red Hat Linux Enterprise Server (64 bit): versions 5.x and 6.x

    High Level of confidence
    We've limited our testing to RHEL/CentOS so that we can provide a high level of confidence about operability, which would not be possible if we spread our testing across a larger number of distributions.

    Maximum confidence
    If you want the highest possible level of confidence you should match the version of RHEL used on your nodes with one of those that we use in our testing. These currently include 5.9, 6.1, 6.2, 6.3, 6.4 and 6.5.
  • CentOS: versions 5.x and 6.x
  • Debian: versions 6.x and 7.x
  • SUSE Linux Enterprise Server: version 11.
  • Go 64-bit
    We don't support SVN MultiSite Plus on 32-bit architecture, this would impose serious limits on scalability. You are required to deploy on a 64-bit Operating System.

 SVN server

Recommended version:
Installing the version of SVN that is bundled with SVN MultiSite Plus is the best option as this takes care of the requirement for running with WANdisco's customized FSFSWD libraries, it is also offers the benefit of being a version of SVN that have been extensively tested with MultiSite.

Option Component Packages
SVN MultiSite Plus installation checks for the presense of a number of option SVN components. These components, if found, are upgraded from a collection of packages that are bundled with SVN MultiSite Plus. However, if they are not already installed they will not be touched by the installer, if you need any of them you will need to install them manually.
All SVN packages, including the optional packages, are located here:
        /opt/wandisco/svn-multisite-plus/resources/svn
        -rwxr-xr-x 1 root root    78400 Jun 17 16:20 mod_dav_svn-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root    44276 Jun 17 16:20 serf-1.3.4-1.x86_64.rpm
        -rwxr-xr-x 1 root root  2267700 Jun 17 16:20 subversion-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root 11352880 Jun 17 16:20 subversion-debuginfo-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root  3715880 Jun 17 16:20 subversion-devel-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root    24124 Jun 17 16:20 subversion-fsfswd-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root   259648 Jun 17 16:20 subversion-javahl-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root   968424 Jun 17 16:20 subversion-perl-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root   690808 Jun 17 16:20 subversion-python-1.8.8-1.x86_64.rpm
        -rwxr-xr-x 1 root root    71288 Jun 17 16:20 subversion-tools-1.8.8-1.x86_64.rpm
      

Repository Creation:
If you are running with repositories that use the old Berkeley DB, make sure that all the repositories you intend to replicate are created or recreated as follows:
      	svnadmin create Repo --fs-type fsfswd
      	Then edit Repository_name/db/fsfs.conf (view an example fsfs.conf file)

      	uncomment the line:
      	#rep_port = 7777
      
Write access for system user
The replicator user must have write permission for all repositories - as the replicator writes directly to the SVN repository.
Manage repository file ownership if using SVN+SSH:// or file://
Accessing SVN repositories via Apache2+WEBDAV is simplified by the fact that all user access is handled via the same daemon user. SVN+SSH or file:// access is a little more tricky, there
Run with the same system account
When using SVN over SSH both processes should be run using the same system account as SVN MultiSite Plus. This account's .ssh/authorized_keys entry must provide the necessary access and specificy the appropriate account. However, when unifying control in this way you must lock down wider system access or SVN access will equate to full root access. Read more about controlling the invoked command.

Tips:
  • Simplify user management by putting SSH users into a single group, you can then ensure that the group has read-write permissions for the repositories.
  • Make repositories wholly owned by the group.
  • Ensure that the prevailing umask is set to provide suitable permissions (002 instead of the default 022).
  • Use wrapper scripts for commands such as svn, svnadmin , svnserve etc. Note that with svn+ssh, an svnserve instance running as the user is spawned, so the wrapper will get called there too).

Certified SVN binaries
are now available from WANdisco. Providing the latest builds, without the risks associated with Open Source distribution.

Same location
All replicas must be in the same location (same absolute path) and in exactly the same state before replication can start.

Same UUID
If you start with new repositories, don't create them individually at each site. This is because even though they may share the same repository data, each will have its own universally unique identifier (UUID) - unless the repositories have the same UUID they're not replicas. For more help, read the section about Setting up Repositories for Replication.
Conversely, two different repositories must not share the same UUID - See UUID Warning.

svnadmin pack support
It's not currently possible to run the svnadmin pack command when running SVN MultiSite Plus. Support for this command is currently being added to FSFSWD and should be available in the near future.

Linux Standard Base (LSB) LSB provides developers with a degree of confidence about their applications being able to run on a range of distributions. The package is widely included by default, but not always.

Run the following command to verify the version of LSB yours server is running:

[root@redhat6 wandisco]# lsb_release -a
          LSB Version:    :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:
          graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
          Distributor ID: RedHatEnterpriseServer
          Description:    Red Hat Enterprise Linux Server release 6.4 (Santiago)
          Release:        6.4
          Codename:       Santiago
        

SVN MultiSite Plus's init.d scripts are dependent the the LSB package. Running the installer script, if the package isn't present it should be downloaded before the installation continues.

SVN client

Any that are compatible with local SVN servers.

Hooks

Hook scripts no longer need to be replicated on all repository replicas: see details.

System memory

Minimum recommended: 8 Gigabytes RAM; 16 Gigabytes swapping container
Memory requirements of DConE2 replication
Each state machine, or replicated object (repository/replication groupe, etc) needs about 1MB of system memory to run. So for small to moderate deployments the memory requirement of the replication system itself is quite modest. For very larger deployments where you are replicating hundreds or more repositories then you may need to consider the specific memory requirements of the DConE2 replication engine.

Disk space
SVN: Match to projects and repositories.
MultiSite Plus Transaction Journal: Equivalent of seven days of changes.

Estimating your disk requirements can be very difficult and there's no perfect system for making an accurate estimation. Some organizations monitor their repository growth over a period of time and use an extraopolation as a guide. This method works best if your organization is unlikely to see the addition of large new projects that instantly introduce large amounts of extra repository data.
you need to quantify some elements of your deployment:
  • overall size of all of your SVN repositories.
  • frequency of commits in your environment.
  • types of files being modified - text,binaries (SVN clients only send deltas for text).
  • number and size of files being changed.
  • rate that new files are being added to the repository.
Talk to those who know
There is absolutely nothing like having a solid communications path between those managing the SVN system resources and those who manage the development project. Actually talking to the people who are planning upcoming SCM efforts is better than trusting an abstract system for measuring requirements.
Maximum User Processes and Open Files limits

Maximum User Processes and Open Files limits are low by default on some systems. It is possible to check their value with the ulimit or limit command:
      ulimit -u && ulimit -n
      

-u The maximum number of processes available to a single user.
-n The maximum number of open file descriptors.

For optimal performance, we recommend both hard and soft limits values to be set to 64000 or more:

      RHEL6 and later:
      A file /etc/security/limits.d/90-nproc.conf explicitly overrides the settings in security.conf, i.e.:
      # Default limit for number of user's processes to prevent
      # accidental fork bombs.
      # See rhbz #432903 for reasoning.
      * soft nproc 1024 <- Increase this limit or ulimit -u will be reset to 1024
      
Journaling file system
Replicator logs should be on a journaling file system, for example, ext3 on Linux or VXFS from Veritas.
Alert
NFS must not be used with SVN MultiSite Plus- Why you shouldn't use NFS.

ext4 can be used as your journaling file system, although it must be configured appropriately. See Using Ext4 filesystem for journaling

Java
Install JRE or JDK 7
Use Oracle Java
Our development and testing is done using Oracle JDK 7. While it may be possible to use other Java packages, we will not be able to support you unless you run with Oracle's JDK 7 or later.
  1. Install JDK/JRE 7 (from Oracle) and define the JAVA_HOME environment variable to point to the directory where the JDK/JRE is installed.
  2. Add $JAVA_HOME/bin to the path and ensure that no other java (JDK or JRE) is on the path.
              $ which java
              /usr/bin/java
              $export JAVA_HOME="/usr"
              
  3. It is possible to run with the JRE package instead of the full JDK. You can check this by running java -server -version. If it generates a not found error, repeat Steps 1 and 2.
    If you find package management problems or conflicts with the JDK version you are downloading (for example, rpm download for Linux), you may want to use the self-extracting download file instead of the rpm (on Linux) package. The self-extracting download easily installs in any directory without any dependency checks.
Python

Install version 2.3 or later.

Browser compatibility
Set up and configuration requires access through a browser, what follows is a basic (not exhaustive) guide to which browsers are known to work:
  • Internet Explorer 10
  • Firefox 24
  • Google Chrome 30
  • Safari 7

Some earlier browser versions may work. However, we will not have completed thorough testing with older versions, we recommend that you keep browsers up-to-date.

SVN MultiSite Plus is not compatible with either Internet Explorer 6 or 7
While we understand that some users are still tied to earlier versions of Internet Explorer, those earlier versions do not support modern web technologies and we are unable to support them.

Kerberos SSO
We support the implementation of Kerberos for single sign-on. By default Kerberos requires that stronger encryption algorithms be available than are currently provided by default in Java 7. This is so that Oracle can avoid the complications that arise from countries that place import restrictions on encryption technology.

The stronger encryption algorithms are available as an optional download where the user takes responsibility for compliance with the local laws.
For Java 7: JCE Unlimited Strength Jurisdiction Policy

Once downloaded, extract the contents to (and overwrite the existing contents of) the Java security library directory on all nodes.
e.g:
$JAVA_HOME/lib/security/
Network settings
Reserved ports
Several ports are reserved by MultiSite Plus. You can change these ports after completing the installation - 6. Update a node's properties. The default values suggested during the installation are the following:
Required ports:

dcone.port= An integer between 1 - 65535 (Default: 6444)
DConE port handles agreement traffic between sites

content.server.port= An integer between 1 - 65535 (Default: 4321)
The content server port is used for the replicator's payload data: repository changes etc.

delegate.port= An integer between 1 - 65535 (Default: 7777)
The delegate port is used by SVN to delegate write operations to the WANdisco Replicator (via the above content.server.port)

jetty.http.port= An integer between 1 - 65535 (Default: 8080)
The jetty port is used for the MultiSite Plus management interface.

jetty.https.port An integer between 1 - 65535 (Default: 8080)
The jetty port is used for the MultiSite Plus management interface when SSL encryption is enabled.

Make each port different
In contrast with earlier versions of SVN MultiSite, which used the same port for both the UI and replication traffic, SVN MultiSite Plus doesn't multiplex different traffic on a single port. You will need to assign a different port to each type of traffic.
Firewall or AV software
If you have a virus scanner running on the system housing your repositories and replicator you should:
  • Ensure that you make frequent backups of your repository data
  • If possible, configure your AV system to "Notify Only". Otherwise you should prepare for the possibility that a virus infection or for that matter a false-positive could result in potentially catastrophic corruption of either repository or system data.
While it's true that virus scanners don't normally work via port filtering, some AV In general, virus scanners don't filter ports: firewalls do that. However, some "Anti-Virus" products contain firewall-like filtering capabilities - if this is the case in your platform, you should make sure that you understand what impact it could have on your MultiSite deployment.

Full connectivity
MultiSite Plus requires full network connectivity between all nodes. Ensure that each node's server is able to communicate with all other servers that will host nodes in your MultiSite Plus installation.

VPN
Set up IPsec tunnel, and ensure WAN connectivity.
VPN persistent connections
Ensure that your VPN doesn't reset persistent connections for SVN MultiSite Plus.

Bandwidth

Put your WAN through realistic load testing before going into production. You can then identify and fix potential problems before they impact productivity.

DNS setup
Use IP addresses instead of DNS hostnames, this ensures that DNS problems won't hinder performance. If you are required to use hostnames, test your DNS servers performance and availability prior to going into production. It's possible to change these details after completing the installation - 6. Update a node's properties.

Monitoring

SVN MultiSite Plus provides a limited system for monitoring system disk space available. This monitor is intended only to provide a deployment with a last line of defence against running out of storage space. We recommend that you deploy a system-wide monitor that ensures that you quickly identify potential problems that could impact services.
Monitor Recommendation
Read our recommendations for system-wide monitoring tools

Load balancing

The use of a correctly configured load balancer can greatly benefit performance in situations where there could be large numbers of concurrent SVN users. However, SVN MultiSite Plus requires that any load balancing solution has the following features:

  • Stateless session persistence.
    Any potential SVN load-balancer needs the ability to handle stateless session persistence within its load balancing algorithm. This is because each Subversion commit needs to go to the same backend node in its entirety or the commit will fail. We achieve this by ensuring the client is bound to a particular back-end node in some way.
    • Client's IP Address: Not always an option, but this IP-based persistence is easy to manage when the network is stable with static IPs.
    • Cookie-based persistence: SVN command line clients can't read cookies so for a load balancer to use cookies for the binding they would need to be able to use sticky cookies that are not reliant on the client honoring them.

  • Node health-checking
    Another vital requirement is the support for a health check mechanism - whereby the load-balancer makes periodic checks on the connected nodes to make sure that it isn't passing traffic to an off-line or overloaded server. Any prospective load-balancer should support HTTP status code (application-layer) checks.
  • The load-balancer sends HTTP GET or HEAD requests to back-end nodes. Watching for 'unhealthy' response codes offers greater reliability and flexibilty than doing your checks belofe the network layer.
MultiSite Plus setup
Replication Configuration
Read our Replication Setup Guide for information on how to optimise your replication - Replication Setup.

Voters follow the sun
To ensure best performance, make sure that SVN MultiSite Plus can deliver the content of a commit to another local node. SVN MultiSite Plus normally requires that content reach at least one other node for data integrity purposes. As the content normally represents the bulk of the data in a commit, having a second local node available will improve performance. Furthermore, you may wish to use our scheduling system to modify the voter roles so a proposal may be accepted by local voter nodes during regular working hours. If you need more help with setting up the most efficient deployment please get in touch with our support team.

Disk space for recovery journal

Provision enough disk space for /opt/wandisco/multisite-plus/replicator/database to cover the expected number of commits for four hours of peak usage.
License model

SVN MultiSite Plus is supplied through a licensing model based on the number of nodes and users. WANdisco generates a license file matched to your agreed usage model.

Evaluation license
To simplify the process of pre-deployment testing SVN MultiSite Plus is supplied with an evaluation license. This type of license imposes no restrictions on use but is time-limited to an agreed period.


Production license Customers entering production need a production license file for each node. These license files are tied to the node's IP address. In the event that a node needs to be moved to a new server with a different IP address customers should contact WANdisco's support team and request that a new license be generated. Production licenses can be set to expire or they can be perpetual.


Special node types

SVN MultiSite Plus offers additional node types to provide limited sets of functionality:


Passive Nodes (Learner only): A passive node operates like a slave in a master-slave model of distribution. Changes to its repository replicas only occur through inbound proposals, it never generates any proposals itself.


Voter-only nodes (Acceptor only): A voter-only node does not contain repositories. It casts votes based only on the basis of replication history without knowing the actual contents of the proposal data.


These limited-function nodes are licensed differently from active nodes. In short the IP addresses will be a fixed list but the node count and special node count may move between sets of nodes, as long as the number of each type of node is within the limit specified in the license. Speak to WANdisco's sales team for more details.

2.1 Migrating from SVN MultiSite 4.x

SVN MultiSite Plus uses a new version of WANdisco's DConE replication engine and has a different architecture compared with earlier versions of MultiSite. As a result there are some special considerations when migrating from SVN MultiSite 4.x

2.1.1 Byte-for-byte replicas

Repository replicas must be byte-for-byte mirrors of each other. This stringent requirement did not apply to SVN MultiSite 4.x - the previous tests for whether replicas are identical are not sufficient for FSFSWD replication (see 4.2 vs Plus, below). As a result you will need to recreate your replica repositories using a nominated master repository.

The exact process of copying repositories may need to be carefully thought out in order to be practical and achievable. Many production repositories will take a long time to checksum. If you are in any doubt about handling the process, talk to your WANdisco account manager.


4.2 vs Plus
SVN MultiSite 4.2 replication is done using a proxy that sits between SVN and clients that replays commit operations from the users on the repository via Apache and so constructs a new transaction at every node. In contrast, SVN MultiSite Plus applies the same FSFS db/transactions at each node. This transaction is constructed based on the contents of the rev files - so with FSFSWD the repositories need to be identical at the revision (and revprop) file level.

2.1.2 Authentication and Apache

SVN MultiSite Plus opens up more options because MultiSite is no longer running as proxy and options that were previously not compatible with MultiSite now are compatible.

Other factors to consider include:

2.2 Configuring Apache

This section gives an example Apache configuration. In Apache's config file, httpd.conf:

  1. Set the listen port. There's more information about the Listen directive in the Binding chapter of the Apache documentation.
  2. Change the Apache KeepAlive settings to allow long-lived HTTP connections.
  3. Make sure that the SVN DAV settings in Apache's configuration files are exactly the same at all nodes. The top-level location URI prefix should be the same.
        # Needed to do Subversion Apache server.
        LoadModule dav_svn_module modules/mod_dav_svn.so
    
        # Only needed if you decide to do "per-directory" access control.
        LoadModule authz_svn_module modules/mod_authz_svn.so
    
    
        Listen 80
        MaxKeepAliveRequests 0
        KeepAlive On
        KeepAliveTimeout 30000
        Timeout 7200
    
          <Location /svn>
              DAV svn
              SVNParentPath /opt/Subversion
              AuthType Basic
              AuthName "SVN Repo"
              AuthUserFile /opt/Subversion/svn.passwd
              #AuthzSVNAccessFile /home/user/svnauthfiles/authz.authz
              Require valid-user
          </Location>
        
  4. Make sure that the Apache usernames and passwords match at all nodes.
    Note:
    SVN MultiSite must have a valid username inside the HTTP authorization header to be passed for all DAV commands.

3. Installation

The installation guide runs through setting up SVN MultiSite Plus for the first time. If you are upgrading from an earlier version of SVN MultiSite Plus you should also follow this procedure - SVN MultiSite Plus is a completely new class of product so it's not possible to follow a shortcut upgrade procedure.

3.1 Installation overview

This is an overview of the process:

  1. Double-check the Installation checklist. Take time to make sure that you have everything set up and ready. This avoids problems during installation. In particular, check:
    • SVN authentication: SVN installed, and using authentication. If you require a SVN access control solution see our Access Control product.

    • JDK7: You need to have Oracle's Java JDK 7 installed.
      Important: use Oracle JAVA JDK 7
      All our development and testing is done using JDK 7. You will need to use JDK 7 to ensure compatibility with SVN MultiSite Plus. It may be possible to run SVN MultiSite Plus with other versions of Java, although, in future, we won't support it.

    • Java memory settings: The Java process on which SVN MultiSite Plus runs is assigned a minimum and maximum amount of system memory. By default it gets 128MB at startup and 4GB maximum.

    • System resources: Ensure that your system meets the hardware recommendations.

  2. Ensure that your repositories are copied into place on all nodes.

  3. Download and copy the MultiSite Plus files into place.

  4. Run the setup (as root user), then complete the installation from a web browser.
  5. Setting the LOG_FILE environmental variable
    If you need to capture a complete record of installer messages, warnings, errors, then you need to set the LOG_FILE environment variable before running the installer. Run:
     export LOG_FILE="opt/wandiscoscp/log/file.file"
    This file's permissions must allow being appended to by the installer. Ideally, the file should not already exist (or it should exist and be empty) and its directory should enable the account running the installer to create the file.

    3.2 Before you start

    • Check through the Installation checklist
    • Back up Apache Config> Because the installation could modify your Apache configuration, we recommend that if you have existing config, you back it up before the installation and do a reconcillation once the installation has completed to check any changes are not going to adversely affect your operation.

    3.3 Starting the installation

    This procedure requires the entry of various settings into the terminal session during the installation. You can run the installation in a non-interactive mode which doesn't require user input (until then post-installation browser-based set up). To use the Non-interactive mode, see Non-interactive Installation

    Run SVN MultiSite Plus installer as root
    The installation will require full system access so you must run the installer as root or a user with equivalent permissions.
    1. Extract the setup file.
    2. Save the svn-multisite-plus.sh installer file to your Installation site.
    3. Make the script executable, e.g. enter the command:
      chmod a+x svn-multisite-plus.sh
    4. Run the setup script.
      Running with Apache?
      Run both SVN MultiSite Plus and Apache with the same user.

      Back up any existing Apache configuration files
      When the installation is complete, perform a verification to check that any changes will not impact your operation.
          [root@redhat6 wandisco]# chmod a+x multisite-plus.sh
          [root@redhat6 wandisco]# ./svn-multisite-plus.sh
          Verifying archive integrity... All good.
          Uncompressing WANdisco SVN MultiSite Plus....................
              ::   ::  ::     #     #   ##    ####  ######   #   #####   #####   #####
             :::: :::: :::    #     #  #  #  ##  ## #     #  #  #     # #     # #     #
            ::::::::::: :::   #  #  # #    # #    # #     #  #  #       #       #     #
           ::::::::::::: :::  # # # # #    # #    # #     #  #   #####  #       #     #
            ::::::::::: :::   # # # # #    # #    # #     #  #        # #       #     #
             :::: :::: :::    ##   ##  #  ## #    # #     #  #  #     # #     # #     #
              ::   ::  ::     #     #   ## # #    # ######   #   #####   #####   #####
      
          Welcome to the WANdisco SVN MultiSite Plus installation
      
          Checking prerequisites:
      
          Checking for perl: OK
          Checking for svn: SVN MultiSite Plus requires a compatible version of SVN to be installed.
      
          Install SVN? [Y] > Y
          Installing SVN 1.8.3-1
          
    5. On a clean system you need to enter "Y" to install a compatible version of SVN onto your server. If you already have a suitable SVN installation in place you could select "N".
          Install mod_dav_svn? (Y/n) Y
      
          Stopping httpd: [  OK  ]
          Starting httpd: [  OK  ]
          OK
      
          
      Select "Y".
    6. The next test looks at the Java heap settings. It lists the maximum and minimum allocations for both the replicator component of SVN MultiSite Plus as well as the admin console UI:
          INFO: Using the following Memory settings:
      
          INFO: UI:         -Xms128m -Xmx1024m
          INFO: Replicator: -Xms1024m -Xmx4096m
      
          Do you want to use these settings for the installation? (Y/n) Y
          
      Enter "Y" if these heap settings will suit the needs of your deployment, then enter your preferred values. If you have any doubts, discuss the heap requirements with WANdisco's support team before going into production.
    7. You'll now be asked to enter a TCP port number for accessing the browser part of the installation process.
          Which port should the MultiSite UI listen on? [8080]:
          
      We use port 8080 in our documentation. If that port is okay, press Enter. Check with your network administrator about which ports are available. You can change the port during the next part of the installation.
    8. The installer now checks to see which system user and system group should be used to run SVN MultiSite Plus.
      Run SVN MultiSite Plus with the same user that runs Apache
      When deploying SVN MultiSite Plus with Apache, ensure that they are both run by the same system user. Their operations are so entwined that attempting to run the services with separate users will introduce the risk of permission problems that would halt replication.
          We strongly advise against running SVN MultiSite Plus as the root user.
      
          Which user should SVN MultiSite Plus run as? wandisco
          Do you want to continue? (Y/n)Y
      
          Which group should SVN MultiSite Plus run as? wandisco
          
      In this example we have system user and group set up for 'wandisco'. Also, take note of the above warning about not running SVN MultiSite Plus with a different user account.
    9. The installer now asks you to set the umask value for SVN MultiSite Plus:
      What umask should SVN MultiSite Plus use? [022]:
      You can with the default of 022, this will result in permissions set at 755, if the owner permission is set less than 7 the replicator won't have sufficient permission to start up. Group/Other permissions are not so critical.
      Testing your umask setting
      To check what umask value is being applied, create a repository via the Admin UI then check the new repositories permissions on the file system to ensure they match your umask value.
    10. The installer provides you with a summary of the settings you've so far provided:
          MultiSite user:    wandisco
          MultiSite group:   wandisco
          MultiSite UI Port: 8080
          MultiSite UI Minimum memory: 128
          MultiSite UI Maximum memory: 1024
          MultiSite Replicator Minimum memory: 1024
          MultiSite Replicator Maximum memory: 4096
      
          Do you want to continue with the installation? (Y/n) y
          
      Enter "Y" unless you want to make changes to any of these choices.
    11. Open a browser and go to the provided URL. If your server's DNS isn't running you can go to the next step at the following address:
          Starting ui:[  OK  ]
          ..........
      
          Please access the Web UI with a browser at the following address -
          http://ip-10-0-100-152:8080/multisite-local
          Installation Complete
          
      e.g.
      http://10.0.100.152:8080/multisite-local/

    12. MS5 - Setup 01

      Welcome to SVN MultiSite Plus.
      You're about to run through the installation, which should only take a couple of minutes.

      If you run into difficulties on the way, check our documentation or talk to our support team through the Customer Support Website.

      Before you click Next, make sure you Read the Installation Checklist

      Click Next to begin the installation.
    13. The next (Terms & Conditions) screen contains the WANdisco Master Subscription Agreement.
      To continue the installation click the I AGREE button.
    14. MS5 - Setup 02
    15. On the next (License Upload) screen you are prompted to browse for your product license key file. Click on the + Browse button and locate your file. You will have been sent this by the WANdisco sales team, contact them if you have any problems locating or using your license file.
      MS5 - Setup 03
    16. On the Administrator Setup screen you indicate whether this is the installation of the first node or a subsequent node.
      This is the first node:
      If this is the first node you'll be prompted to enter the username plus an associated password which you will use to log in to SVN MultiSite Plus' UI.
      SVNMSP first node installation only
      Username
      The administrator's username.
      Password
      The administrator's password.
      Confirm Password
      Enter your password again to confirm that it's been typed in correctly.
      Full Name
      Enter your full name.
      Email address
      Enter the email address that you wish to associate with your SVN MultiSite Plus admin account
      This is the second or a subsequent node:
      For later installations, you will, instead, be prompted for the users.properties
      (default location: /opt/wandisco/svn-multisite-plus/replicator/properties/users.properties) file of the first node rather than risking a mismatch in admin account details between nodes - something that could prevent you from connecting the nodes together during induction.
      Can I just enter the same details?
      No, while you could enter exactly the same details for each node, encrypted password would not match. You've got to copy the users.properties file, there's no shortcut. In the event that this has been done, you can match up the neccessary details using the procedure for Matching a node's admin settings.
      Important
      If you are providing a users.properties file, take extra care to select the correct file. You won't be warned if the file is invalid and selecting the wrong file will prevent you from connecting the node to the replication network.
    17. SVNMSP all subsequent nodes use this
    18. The last screen in the setup process covers Server Settings.
      MS5 - Setup 06
      Node Name
      The default name for this node.
      Temporary limitation
      Node names can not contain spaces or ".".
      Node IP/Host
      The node's IP or hostname. If the server is multi-homed, you can select the IP to which you want SVN MultiSite Plus to be associated.
      Replication Port
      Select the port that will be used for agreement traffic between nodes.
      Content Server Port
      Select the port that will be used to transfer replicated content (repository changes). This is different from the port used by WANdisco's DConE2 agreement engine.
      Content Node Count
      This setting gives you the ability to enforce a degree of resiliance. The value represents the number of nodes within a membership that must receive the content before a proposal is submitted for agreement. If the value is greater than the total learners in the current membership, then the value is adjusted to equal the total number of learners in the current membership. The proposing node is not considered in the calculation.
      Minimum Content Nodes Required
      Ticking this checkbox will enforce the Content Node Count as a prerequisite for replication.
      REST API Port
      The port to be used for SVN MultiSite Plus's REST-based API. (Default:8082)
      REST API SSL Port
      The port to be used for SVN MultiSite Plus's REST-based API when traffic is secured using SSL encryption.
      REST API Using SSL
      Check box for enabling the use of SSL for all API traffic.
      SSL Trust Store
      The location of your trust store file. Trust stores contain CA certifcates to trust. If your server's certificate is signed by a recognized Certification Authority (CA), the default trust store that ships with the JR will already trust it (because it already trusts trustworthy CAs), so you don't need to build your own, or to add anything to the one from the JRE.
      SSL Trust Store Password
      The password for your trust store.
      SSL Key Store
      The name of the keystore file. The keystore contains a public keys. for authorized users.
      SSL Key Store Password
      The password associated with the keystore.
      A word about trust stores and key stores
      You might be familiar with the Public-key system that allows two parties to use encryption to keep their communication with each other private (incomprehensible to an intercepting third-party). The keystore is used to store the public and private keys that are used in this system. However, in isolation, the system remains susceptible to the hijacking of the public key file, where an end user may receive a fake public key and be unaware that it will enable communication with an impostor. Enter Certificate Authorities (CAs). These trusted third parties issue digital certificates that verify that a given public key matches with the expected owner. These digital certificates are kept in the trust store. An SSL implementation that uses both keystore and trust store files offers a more secure SSL solution.
    19. If you need help getting your SSL keys set up, check out our guide in the Appendix - Setting up SSL

    20. Click FINISH when you have entered everything. The installer will now complete the configuration. Once that's all done a START USING MULTISITE PLUS button will appear. Click the button to login for the first time. MS5 - Setup end
    21. Time to log in. Enter the username and password during step 12. Then click FINISHED - LET'S GO!. MS5 - Setup ended - work begins
    22. Next, you'll need to agreed to the WANdisco Subscription Agreement. Click I Agree to continue.
      Temporary duplication of license agreement
      Currently the license agreement is presented twice - once during installation and then here, when the first end user logs in. In a future release we'll phase out is end-user agreement screen to remove the apparent duplication.
      MS5 - Setup ended - work begins
    23. The first time you view the dashboard, it will contain mostly blank areas. You can view the reference section to learn what all the buttons and options mean. At this point you can set up some of your settings, such as SSL. However, we recommend holding off more advanced admin account management until you have completed induction.
      MS5 - Node Induction begins

    3.4 Non-interactive installation

    You can now install SVN MultiSite Plus non-interactively. To do so the following environment variables must be set:

    MSP_USER
    The system user that run MultiSite Plus.
    MSP_GROUP
    The system group that MultiSite Plus will run within.
    MSP_UI_PORT
    The TCP port the browser UI will initially use - you'll be able to change this during the browser-based setup.
    MSP_NO_SVN
    Should you wish to exclude the SVN installation that is incorporated into the SVN MultiSite Plus installer you should use this variable. Note that if the server doesn't already have a compatible version of SVN installed, the SVN MultiSite Plus installation will not complete.
    MSP_UMASK
    Set your required Umask settings. We validate your entry so that it must be a three digit number that begins with a zero, e.g. 077.

    Optional variables:
    MSP_UI_MEM_LOW
    The minimum amount of UI memory.
    MSP_UI_MEM_HIGH
    The maximum amount of UI memory.
    MSP_REP_MEM_LOW
    The minimum amount of Replicator memory.
    MSP_REP_MEM_HIGH
    The maximum amount of Replicator memory.

    A scripted start to the installation requires the running of the following command:

    MSP_USER=wandisco
    MSP_GROUP=wandisco
    MSP_UI_PORT=8181
    MSP_UMASK=0777
    export MSP_USER MSP_GROUP MSP_UI_PORT
    ./svn-multisite-plus.sh
    
    The installation will then run without user interaction. Once installation is completed, the browser-based UI will start. You'll then need to complete the node set up from step 10.

    4. Repeat the installation process at all sites

    Now repeat the installation process for every node that you want to share your SVN repositories.

    Note
    To ensure a successful induction, you will take the configuration files from the first node and use them during the installation of all additional nodes to ensure that all nodes are started with the same administrator account.

    You may benefit from creating an image of your initial server, with the repositories in place and using this as a starting point on your other sites. This helps ensure that your replicas are in exactly the same state.
    Same Location
    All replicas must be in the same location (same absolute path) and in exactly the same state before replication can start.
    Same UUID
    If you start with new repositories, don't create them individually at each node. This is because even though they may share the same repository data, each will have it's own universally unique identifier (UUID) - unless they have the same UUID they're not replicas.<

    Ensure that all nodes have matching configuration before completing the inductions

    • Copy configuration (e.g. admin account property file, SSL certs) to all other servers on which you intent to install SVN MultiSite Plus.
    • Run the installer on the servers nodes and continue to the the induction. Installer will let you select the copied-over admin property file instead of manually entering details for the admin account.
    • If you do not provide the admin account property file during installation, or the admin accounts use LDAP, or the admin accounts change before induction, then you have to use the regular export-import process.
    • If you have conflicts in the admin accounts then you need to delete or rename accounts on the to-be-inducted node to remove the conflicts.

    5. Node induction

    After installing SVN MultiSite Plus at all sites, you'll need to make the sites aware of each other through the node induction process. There's a particular way that you need to run through this process so get another coffee and don't skip this section.

    5.1 Membership induction

    It's important that sites are connected together in a specific sequence. Run through the following steps to ensure that your sites are all able to talk to each other:

    1. When SVN MultiSite Plus is installed on all your sites, select one node to be your Inductor. This node will accept requests for membership and share its existing membership information. It doesn't matter which node you select.
      ** Induction overview **
    2. Log in to this Inductor's admin console (http://<Inductor's IP>:8080/multisite-local/) and gather the following information, most is available from the Settings tab.
      ** Induction overview **
      All your remaining sites are now classed as Inductees.
    3. Select one of your remaining Inductee sites. Connect to its web admin console (http://<Inductee1:8080/multisite-local/) and go to the Nodes tab.
    4. Click on the CONNECT TO NODE button and enter the details that you collected from your Inductor node.
      ** Induction overview **
      Node Id *
      The name of the inductor node - you can verify this from the NODE ID entry on the Inductor node's Settings tab (see step 2, above.)
      Node Location Id *
      The reference code that is used to define the inductor node's location -you can verify this from the NODE ID entry on the Inductor node's SETTINGS tab (see step 2, above).
      Node IP Address *
      The IP address of the inductor node server.
      Node Port No *
      The DConE Port number (6444 by default), defined on the inductor node's SETTINGS tab.

      When these details are entered, click the SEND CONNECTION REQUEST button. The inductor node will accept the request and add the inductee to its membership. You will need to refresh your browser to see that this has happened..
      ** This is history **
    5. Go back to step 3 and select one of your remaining inductees. Repeat this process until all the sites that you want to be included in the current membership have been connected to the inductor.

    5.2 If induction fails

    If the induction process fails, you may be left with the inductee in a pending state:

    1. From the Nodes tab, review the state of your prospective node. During the induction process a prospect will display a Connectivity Status of "Pending Induction". The process should complete within a few seconds, providing that there isn't a network connection problem.

      If the prospect appears to be stuck in the pending state then click the Cancel Induction link. ** Stuck **
    2. A growl message confirms that the induction was cancelled successfully. Click the Reload button to clear the cancelled induction.

      ** Stuck **
    3. Repeat the induction procedure after confirming:
      • You are entering the correct details for the inductee node.
      • There isn't a network outage between nodes.
      • There isn't a network configuration problem, such as a firewall blocking the necessary ports.
      • There isn't an admin account mismatch between nodes - this occurs if you don't use the correct procedure for installing a second or subsequent node If the admin account doesn't match because nodes were not installed using the first node's user.properties file then you should follow Matching a node's admin settings.
      • There isn't a product license problem. Should the license file clash between two nodes, or be missing from a node this could cause induction to fail. License problems are noted in the Application Logs.

    5.3 Matching a node's admin settings

    Ensure that all nodes start with a common admin account by importing the admin settings from the first installed node during the installation of all subsequent nodes. If a node is accidently installed without this match you can use the following procedure to resync them. You'll need to follow this if you wish to induct the mismatched node into a replication network that includes the other nodes.

    1. Log in to your first node, click on the Security and click Export Security Settings to perform a security (user) settings export.
      ** export settings **
    2. Access the same node using a terminal window. Copy the exported settings file (/opt/wandisco/svn-multisite-plus/replicator/export/security-export.xml) to a location on the node that you fixing. e.g.
      /opt/wandisco/svn-multisite-plus/replicator/import/security-export.xml
    3. Log in to the admin UI of the node that you're fixing. Click on the Security tab then click the Import Secure Settings button.
      ** export settings **
    4. Enter the path to the copied across security-export.xml file then click Check. You'll be presented with a Diff report that shows you what differences exist between the current user settings and those in the exported file. ** export settings ** Click Import to overwrite the existing admin user settings with the correct user settings that will match those used in the other nodes.

    5. Now that the admin user account details are matching again you'll be able to complete an induction of the corrected node into a replication network.

    6. Create a replication group

    SVN MultiSite Plus lets you share specific repositories between selected sites. This is done by creating Replication Groups that contain a list of sites and the specific repositories they will share.

    Create Replication Groups

    This illustration shows a collection of four sites that are running two replication groups. Replication Group one replicates Repo1 across all four sites, whilst Replication Group 2 replicates repo2 across a subset of sites.

    Follow this procedure to create a Replication Group. You can create as many replication groups as you like. However, each repository can only be part of one active replication group at a time.


    1. When you have sites defined, click on the REPLICATION GROUPS tab. Then click on the CREATE REPLICATION GROUP button.
      Replication Group Validation
      The admin UI won't let you create a replication group that doesn't meet the requirement set by DConE, for example, the proposed replication group must not have an even number of "acceptor" nodes (without also having a tie-breaker. When the selected member nodes don't make a valid replication group, the "Create Replication Group" button will be disabled (greyed out).
      ** Replication Group Creation 1 **

      Create Replication Group

      Local node automatically made the first member
      You cannot create a replication group remotely - the node on which you are creating the group must itself be an member. For this reason, when creating a replication group, the first node is added automatically.
    2. Enter a name for your Replication Group in the Replication Group Name field. Then enter an existing Node name in the Add Sites field - any existing sites that match your entry will appear and can be selected with a click. Instead of typing in a name you can click on the drop-down button and choose from a list of existing sites (that are not already members of the new group).
      You can select any number of available Sites. Those sites that you select will appear as clickable buttons in the Add Node field.
      Create Replication Groups

      Enter a name and add some nodes.

    3. New sites are added as Active Voters (denoted with "AV"). You can change the type of a node by clicking on its label. For an explanation of what each node type does, view the Reference Section - Node Types
      Create Replication Groups

      Change node type

      When you have added all sites and configured their type, click CREATE REPLICATION GROUP to see a groups details.
    4. Replication Groups that you create will be listed on the REPLICATION GROUPS tab.
      Create Replication Groups*

      Groups boxes, click QUICK VIEW view your options.

    5. Important: Don't cancel replication group creation tasks
      If you create a new replication group, then find that the task is stuck in pending because one of your nodes is down, do not use the Cancel Tasks option on the Dashboard's Pending Tasks table. not with a missing node
      If, when all nodes are up and running, the replication group creation tasks are still not progressing, please contact the WANdisco support team for assistance.

      7. Add repositories

      When you have added at least one replication group you can add repositories to your node:

      Warning A repository UUID is integral to the way SVN Multisite Plus tracks repositories. You must not introduce repositories that have duplicate UUIDs.
      This means:
      • You cannot add two existing repositories with the same UUID.
      • You cannot use "svnadmin load --force-uuid" if the load will use a UUID that already exists on an SVN MultiSite Plus replicated repository.
      • You cannot use "svnadmin setuuid" on a repository, and use a UUID that already exists on an SVN MultiSite Plus replicated repository.
      1. Click on the REPOSITORIES tab. Click on the ADD button.
        Add repository 1

        Repositories > ADD

      2. Enter the Repository's name, the file system path (full path to the repository) and use the drop-down to select the replication group. You can set the repository to be Read-only by ticking the Global Read-Only option. This option, if selected, means that the repository will not accept write activity from any node until the setting is cleared. You may find it useful to set this to verify successful replication activity before allowing end user access to the repository. You can deselect this later. Click ADD REPO.
        Add repository 2

        Repositories > Enter details then click ADD REPO

      3. When added, a repository will appear in a list on the REPOSITORIES tab. The list provides the following details.
        Add repository 3*

        Repositories listed

        Repo Name
        The name you assign to the repository - this can be the same name that you give to the repository's folder on the file system, or it could be something else. There are no obvious limitations when naming a repository, although we recommend that you use a conservative naming scheme that avoids spaces and special characters etc.
        FS Path
        The file system path to the Repository.
        Replication Group
        The Replication Group in which the repository will be replicated.
        Size
        The file size of the repository. We use the binary prefix (KiB, MiB, GiB, etc) to denote that data is measured in blocks of 1024 bytes.
        Youngest Rev
        The youngest (latest) revision in the repository. Comparing the youngest revisions between replicas is a quick test that a repository is in the same state on all sites.
        Transactions
        The number of pending transactions associated with each repositorty.
        Last Modified
        The timestamp for the last revision, which provides a quick indicator for the last time a SVN user made a change.
        Global RO
        Checkbox that indicates whether the repository is globally Read-only, that is Read-only at all sites.
        Local RO
        Checkbox that indicates whether the repository is locally Read-only, that is Read-only to users at this node. The repository receives updates from the replicas on other sites, but never instigates changes itself.
        Status
        Indicates the replication status of each repository. Normally a repository status will be "Replicating".