Initial commit

defaults/main.yml

+svnadmin: false
+svnadmin_by_ansible: true
+svn_user: []
+svn_groups: []
+svn_repositories: []
+svnserver_master: false
+svnserver_slave: false

files/etc_init_d_svnserve

+#!/bin/bash
+# svnserve
+# Script to start|stop|restart svnserve daemon from /etc/init.d/
+
+set -e
+
+function getSvnservePID() {
+PID=`ps aux | grep 'svnserve -d' | grep -v "grep" | awk '{ print $2 }'`
+}
+
+case $1 in
+start)
+echo "Starting svnserve..."
+svnserve -d
+;;
+restart)
+echo "Restart svnserve"
+getSvnservePID
+kill -9 $PID
+svnserve -d
+;;
+stop)
+echo "Stopping svnserve"
+getSvnservePID
+kill -9 $PID
+;;
+*)
+echo "Usage: service svnserve {start|restart|stop}" >&2
+exit 1
+;;
+esac
+
+exit 0

files/post-commit

+#!/usr/bin/python
+# coding=utf-8
+__version__ = '1.0'
+__author__ = 'Jürgen Haas'
+
+import sys
+import os
+import re
+import subprocess
+import tempfile
+from youtrack.connection import Connection
+from youtrack import YouTrackException
+try:
+    # Python >=3.0
+    import configparser
+    from urllib.parse import quote as urllib_parse_quote
+except ImportError:
+    # Python <3.0
+    import ConfigParser as configparser
+    from urllib import quote as urllib_parse_quote
+if sys.version_info[0] >= 3:
+    # Python >=3.0
+    from io import StringIO
+else:
+    # Python <3.0
+    from cStringIO import StringIO
+
+repository = sys.argv[1]
+revision = sys.argv[2]
+
+config_path = os.path.join(repository, 'conf', 'dummy')
+config_fname = '/filedoesnotexist'
+while not os.path.exists(config_fname):
+    if config_path == '' or config_path == '/':
+        exit(0)
+    config_path = os.path.abspath(os.path.join(config_path, '..'))
+    config_fname = os.path.join(config_path, 'hooks.conf')
+
+cp = configparser.ConfigParser()
+cp.read(config_fname)
+
+cmd = [cp.get('Executables', 'svnlook'),
+       'log',
+       repository,
+       '-r',
+       revision]
+log = subprocess.check_output(cmd)
+issues = re.findall('([A-Za-z]+\-\d+)', log)
+if issues is None or len(issues) == 0:
+    exit(0)
+
+cmd = [cp.get('Executables', 'svnlook'),
+       'author',
+       repository,
+       '-r',
+       revision]
+author = subprocess.check_output(cmd).strip()
+
+cmd = [cp.get('Executables', 'svnlook'),
+       'diff',
+       repository,
+       '--no-diff-deleted',
+       '--no-diff-added',
+       '-r',
+       revision]
+diff = subprocess.check_output(cmd)
+if len(diff) > 100000:
+    diff = diff[0:100000]
+
+connection = Connection(
+    cp.get('YouTrack', 'url'),
+    cp.get('YouTrack', 'user'),
+    cp.get('YouTrack', 'password')
+)
+group = cp.get('YouTrack', 'group')
+
+for id in issues:
+    try:
+        issue = connection.getIssue(id)
+        if len(diff) > 4000:
+            content = StringIO(diff)
+            attachmentName = 'rev' + revision + '.patch'
+            connection.createAttachment(id, attachmentName, content, authorLogin=author, group=group)
+            comment = log.replace(id, '') + ' (see patch in attachment %s)' % attachmentName
+        else:
+            comment = log.replace(id, '') + "\n{code}" + diff + "\n{code}"
+
+        sys.stdout.write("Adding comment to issue %s ...\n" % id)
+        connection.executeCommand(id, '', comment=comment, group=group, run_as=author)
+
+    except YouTrackException:
+        sys.stderr.write("Can not add comment for issue %s,\n" % id)
+        pass
+
+exit(0)

files/pre-commit

+#!/usr/bin/python
+# coding=utf-8
+__version__ = '1.0'
+__author__ = 'Jürgen Haas'
+
+import sys
+import os
+import re
+import subprocess
+from youtrack.connection import Connection
+from youtrack import YouTrackException
+try:
+    # Python >=3.0
+    import configparser
+    from urllib.parse import quote as urllib_parse_quote
+except ImportError:
+    # Python <3.0
+    import ConfigParser as configparser
+    from urllib import quote as urllib_parse_quote
+
+repository = sys.argv[1]
+revision = sys.argv[2]
+
+config_path = os.path.join(repository, 'conf', 'dummy')
+config_fname = '/filedoesnotexist'
+while not os.path.exists(config_fname):
+    if config_path == '' or config_path == '/':
+        sys.stderr.write('Can not find hook configuration')
+        exit(21)
+    config_path = os.path.abspath(os.path.join(config_path, '..'))
+    config_fname = os.path.join(config_path, 'hooks.conf')
+
+cp = configparser.ConfigParser()
+cp.read(config_fname)
+
+cmd = [cp.get('Executables', 'svnlook'),
+       'log',
+       '-t',
+       revision,
+       repository
+]
+log = subprocess.check_output(cmd)
+issues = re.findall('([A-Za-z]+\-\d+)', log)
+if issues is None or len(issues) == 0:
+    sys.stderr.write('Please provide an issue id in your commit message')
+    exit(22)
+
+connection = Connection(
+  cp.get('YouTrack', 'url'),
+  cp.get('YouTrack', 'user'),
+  cp.get('YouTrack', 'password')
+)
+issueFound = False
+for id in issues:
+  try:
+    issue = connection.getIssue(id)
+    issueFound = True
+  except YouTrackException:
+    pass
+
+if issueFound:
+  exit(0)
+
+sys.stderr.write('No valid issue id found in your commit message')
+exit(23)

files/usr_local_bin_svnserve

+#!/bin/sh
+
+# set the umask so files are group-writable
+umask 002
+
+# call the 'real' svnserve, also passing in the default repo location
+exec /usr/bin/svnserve "$@" -r /var/svn --config-file /etc/subversion/svnserve.conf

handlers/main.yml

+---
+# file: roles/svnserver/handlers/main.yml
+
+- name: 'Subversion | Include Svnserve to Boot-List'
+  command: update-rc.d svnserve defaults
+
+- name: 'Subversion | Restart Subversion'
+  service: name=svnserve state=restarted
+
+- name: 'Subversion | Lock the main tunnel user'
+  command: usermod --lock sshsvn

meta/main.yml

+---
+
+dependencies:
+  - { role: common }

tasks/main.yml

+---
+# file: roles/svnserver/tasks/main.yml
+#
+# see: http://zeroset.mnim.org/2012/08/14/svn-over-ssh-with-multiple-svn-users-and-a-single-unix-account-without-shell-access/
+
+- name: 'Subversion | Install packages'
+  apt: pkg={{item}} state=installed update_cache=yes
+  tags: UpdateSVN
+  with_items:
+    - subversion
+
+- name: 'Subversion | Create main tunnel user'
+  user: name=sshsvn
+        group=root
+        home=/home/sshsvn
+        shell=/bin/bash
+        generate_ssh_key=yes
+        ssh_key_bits=2048
+  tags: UpdateSVN
+  notify:
+    - 'Subversion | Lock the main tunnel user'
+
+- name: 'Subversion | Create directory'
+  file: dest={{item}}
+        state=directory
+        owner=sshsvn
+        group=root
+        mode=775
+  tags: UpdateSVN
+  with_items:
+    - '/var/svn'
+    - '/etc/ansible/facts.d'
+
+- name: 'Subversion | Copy Ansible Facts Script'
+  template: src=revision_deployment_fact
+            dest=/etc/ansible/facts.d/revision_deployment.fact
+            owner=root
+            group=root
+            mode=0755
+  tags: UpdateSVN
+
+- name: 'Subversion | Copy SVN Hook Config'
+  template: src=hooks_conf
+            dest=/var/svn/hooks.conf
+            owner=root
+            group=root
+            mode=0644
+  tags: UpdateSVN
+
+- name: 'Subversion | Copy init script'
+  copy: src=etc_init_d_svnserve
+        dest=/etc/init.d/svnserve
+        owner=root
+        group=root
+        mode=755
+  tags: UpdateSVN
+  notify:
+    - 'Subversion | Include Svnserve to Boot-List'
+    - 'Subversion | Restart Subversion'
+
+- name: 'Subversion | Copy svnserve script'
+  copy: src=usr_local_bin_svnserve
+        dest=/usr/local/bin/svnserve
+        owner=root
+        group=root
+        mode=755
+  tags: UpdateSVN
+
+- name: 'Subversion | Copy Svnserve Config File'
+  template: src=svnserve_conf
+            dest=/etc/subversion/svnserve.conf
+            owner=root
+            group=root
+            mode=0644
+  tags: UpdateSVN
+
+- name: 'Subversion | Reset user authentication'
+  shell: rm /home/sshsvn/.ssh/authorized_keys
+  tags:
+    - ResetSVNUser
+  ignore_errors: yes
+
+- name: 'Subversion | Install SSH user public keys'
+  authorized_key: user=sshsvn
+                  key="{{lookup('file', inventory_dir + '/files/certs/' + item + '.svn.pub')}}"
+                  key_options='command="/usr/local/bin/svnserve -t --tunnel-user={{item}}",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
+  tags:
+    - UpdateSVN
+    - UpdateSVNUser
+    - ResetSVNUser
+  with_items: svn_user
+
+- name: 'Subversion | Read public key of svn tunnel user'
+  command: more /home/sshsvn/.ssh/id_rsa.pub
+  register: sshsvnpubkey
+  tags:
+    - ResetSVNUser
+
+- name: 'Subversion | Distribute public key of svn tunnel user'
+  authorized_key: user=sshsvn
+                  key="{{sshsvnpubkey.stdout}} {{inventory_hostname}}"
+  delegate_to: '{{item}}'
+  with_items: groups.svnserver
+  tags:
+    - ResetSVNUser
+
+- name: 'Subversion | Copy Svnserve Auth File'
+  template: src=svn_auth
+            dest=/etc/subversion/svn.auth
+            owner=root
+            group=root
+            mode=0644
+  tags:
+    - UpdateSVN
+    - UpdateSVNAuth
+  when: svnadmin_by_ansible
+
+- name: 'Subversion | Create missing repositories'
+  shell: bash -c "[ -d /var/svn/{{item.name}} ] && echo OK || svnadmin create /var/svn/{{item.name}}"
+  tags:
+    - UpdateSVN
+    - UpdateSVNRepos
+  register: svn_result
+  with_items: svn_repositories
+  changed_when: svn_result.stdout != 'OK'
+  when: svnserver_master == inventory_hostname
+
+- name: 'Subversion | Copy Hook Scripts'
+  copy: src={{item.0}}
+        dest=/var/svn/{{item.1.name}}/hooks/{{item.0}}
+        owner=root
+        group=root
+        mode=755
+  tags:
+    - UpdateSVN
+    - UpdateSVNRepos
+  with_nested:
+    - ['post-commit', 'pre-commit']
+    - svn_repositories
+  when: svnserver_master == inventory_hostname and (item.1.hooks is not defined or item.1.hooks)
+
+- name: 'Subversion | Set permissions'
+  shell: chown -R sshsvn:root /var/svn
+  tags:
+    - UpdateSVN
+    - UpdateSVNRepos
+  changed_when: false
+
+- name: 'Subversion | Set ownership'
+  shell: chmod -R g+w /var/svn
+  tags:
+    - UpdateSVN
+    - UpdateSVNRepos
+  changed_when: false
+
+- include: svnadmin.yml
+  when: svnadmin
+
+- name: 'Subversion | Install cron job to sync slave with master'
+  cron: name='Sync SVN data with {{svnserver_master}}'
+        month='*'
+        day='*'
+        hour='5,17'
+        minute='0'
+        job='rsync -av --delete --log-file=/tmp/svnsync.log {{svnserver_master}}:/var/svn/ /var/svn >/dev/null 2>&1'
+        user='sshsvn'
+  when: svnserver_slave

tasks/svnadmin.yml

+---
+# file: roles/svnserver/tasks/svnadmin.yml
+#
+# see: http://svnadmin.insanefactory.com
+
+- name: 'Subversion | Checkout SvnAdmin'
+  git: repo=https://github.com/mfreiholz/iF.SVNAdmin.git
+       dest=/var/www/svnadmin
+       version=stable-1.6.2
+
+- name: 'Subversion | Change ownership of files'
+  command: chmod -R 777 /var/www/svnadmin/data
+
+- name: 'Subversion | Copy SvnAdmin Config File'
+  template: src=svnadmin_config_ini
+            dest=/var/www/svnadmin/data/config.ini
+            owner=root
+            group=root
+            mode=0644

templates/hooks_conf

+[Executables]
+svnlook = /usr/bin/svnlook
+
+[YouTrack]
+url = {{svn_hooks.youtrack_url}}
+user = {{svn_hooks.youtrack_user}}
+password = {{svn_hooks.youtrack_password}}
+group = {{svn_hooks.youtrack_group}}

templates/revision_deployment_fact

+#!/bin/sh
+
+if [ -d '/var/svn/deployment/' ]
+  then
+    svnlook youngest /var/svn/deployment/
+  else
+    echo 0
+fi

templates/svn_auth

+[groups]
+{% for group in svn_groups %}
+{{group.name}} = {{group.member}}
+{% endfor %}
+{% for repo in svn_repositories %}
+
+{% for path in repo.paths %}
+[{{repo.name}}:{{path.name}}]
+{% for user in path.user %}
+{{user.name}} = {{user.permission}}
+{% endfor %}
+{% for group in path.groups %}
+@{{group.name}} = {{group.permission}}
+{% endfor %}
+{% endfor %}
+{% endfor %}

templates/svnadmin_config_ini

+[Common]
+FirstStart=0
+BackupFolder=./data/backup/
+
+[Translation]
+Directory=./translations/
+
+[Engine:Providers]
+AuthenticationStatus=basic
+UserViewProviderType=passwd
+UserEditProviderType=passwd
+GroupViewProviderType=svnauthfile
+GroupEditProviderType=svnauthfile
+AccessPathViewProviderType=svnauthfile
+AccessPathEditProviderType=svnauthfile
+RepositoryViewProviderType=svnclient
+RepositoryEditProviderType=svnclient
+
+[ACLManager]
+UserRoleAssignmentFile=./data/userroleassignments.ini
+
+[Subversion]
+SVNAuthFile=/var/www/svnadmin/data/svn.auth
+
+[Repositories:svnclient]
+SVNParentPath=/var/svn
+SvnExecutable=/usr/bin/svn
+SvnAdminExecutable=/usr/bin/svnadmin
+Description=Internal Repository
+
+[Users:passwd]
+SVNUserFile=/var/www/svnadmin/data/user.passwd
+
+[Users:digest]
+SVNUserDigestFile=D:\Development\Data\ifsvnadmin (testdata)\dav svn.digest.passwd
+SVNDigestRealm=SVN Privat
+
+[Ldap]
+CacheEnabled=false
+CacheFile=./data/ldap.cache.json
+HostAddress=
+ProtocolVersion=
+BindDN=
+BindPassword=
+
+[Users:ldap]
+BaseDN=DC=insanefactory,DC=com
+SearchFilter=(&(objectClass=person)(objectClass=user))
+Attributes=sAMAccountName
+
+[Groups:ldap]
+BaseDN=DC=insanefactory,DC=com
+SearchFilter=(objectClass=group)
+Attributes=sAMAccountName
+GroupsToUserAttribute=member
+GroupsToUserAttributeValue=distinguishedName
+
+[Update:ldap]
+AutoRemoveUsers=true
+AutoRemoveGroups=true
+
+[GUI]
+RepositoryDeleteEnabled=false
+RepositoryDumpEnabled=false
+AllowUpdateByGui=true

templates/svnserve_conf

+### This file controls the configuration of the svnserve daemon, if you
+### use it to allow access to this repository.  (If you only allow
+### access through http: and/or file: URLs, then this file is
+### irrelevant.)
+
+### Visit http://subversion.apache.org/ for more information.
+
+[general]
+### These options control access to the repository for unauthenticated
+### and authenticated users.  Valid values are "write", "read",
+### and "none".  The sample settings below are the defaults.
+# anon-access = read
+# auth-access = write
+### The password-db option controls the location of the password
+### database file.  Unless you specify a path starting with a /,
+### the file's location is relative to the directory containing
+### this configuration file.
+### If SASL is enabled (see below), this file will NOT be used.
+### Uncomment the line below to use the default password file.
+# password-db = /etc/subversion/user.passwd
+### The authz-db option controls the location of the authorization
+### rules for path-based access control.  Unless you specify a path
+### starting with a /, the file's location is relative to the the
+### directory containing this file.  If you don't specify an
+### authz-db, no path-based access control is done.
+### Uncomment the line below to use the default authorization file.
+authz-db = /etc/subversion/svn.auth
+### This option specifies the authentication realm of the repository.
+### If two repositories have the same authentication realm, they should
+### have the same password database, and vice versa.  The default realm
+### is repository's uuid.
+# realm = My First Repository
+
+[sasl]
+### This option specifies whether you want to use the Cyrus SASL
+### library for authentication. Default is false.
+### This section will be ignored if svnserve is not built with Cyrus
+### SASL support; to check, run 'svnserve --version' and look for a line
+### reading 'Cyrus SASL authentication is available.'
+# use-sasl = true
+### These options specify the desired strength of the security layer
+### that you want SASL to provide. 0 means no encryption, 1 means
+### integrity-checking only, values larger than 1 are correlated
+### to the effective key length for encryption (e.g. 128 means 128-bit
+### encryption). The values below are the defaults.
+# min-encryption = 0
+# max-encryption = 256