CentOS8 on AWS EC2 for SVN, NNTP
Moving from CentOS7 on bare metal to CentOS8 on AWS EC2: Setup Notes
* t3a.nano with 8gb turned out extremely slow, unusable; note 'a' means 'amd'
* t3.nano with 20gb turned out responsive, usable; Intel SkyLake chip. Cost $55/yr in us-east-1
Securty Updates
centos-8-update-installed-packages-for-securityNNTP
NNTP is essentially a free messaging system suitable for public content such as technical support.
Reference: Compile and Install Wendzelnntpd
Documentation: PDF
After Make and Make Install, stop the old server and use 7Zip to archive everything in /var/spool/news/wendzelnntpd Use s3cmd to transfer that archive to an S3 bucket. Then use curl and download the archive to the new server, and extract all files to the same folder.
nntp source: cd /usr/lib64/WendzelNNTPd-OSE/src
nntp config: sudo vi /usr/local/etc/wendzelnntpd.conf
nntp database: /var/spool/news/wendzelnntpd
Make sure that the wendzelnntpd.conf has a listen command for the private network ip of the EC2 instance.
Open port 119 in the AWS Security Group when you want the public to see your newsgroup server.
To run the NNTP server
cd /usr/lib64/WendzelNNTPd-OSE/bin
sudo ./wendzelnntpd -d &
To stop the NNTP server
sudo pkill wendzelnntpd
7Zip
Reference: create-7z-file-from-folder-recursively-in-linux
sudo yum install p7zip
7z a myfolder.7z myfolder/sudo 7z x myfolder.7z
NB: x means extract and preserve folder structure
S3CMD syntax
sudo yum install s3cmd
sudo s3cmd --configure
s3cmd put nntparchive.7z --config=/root/.s3cfg --preserve --multipart-chunk-size=5 s3://mybucket/abc/2020/
Remember to mark the file public temporarily so you can download it.
s3cmd put /etc/httpd/conf/httpd.conf --config=/root/.s3cfg --preserve --multipart-chunk-size=5 s3://mybucket/abc/2020/
s3cmd put /etc/httpd/conf.d/subversion.conf --config=/root/.s3cfg --preserve --multipart-chunk-size=5 s3://mybucket/abc/2020/
cd /etc/httpd/conf.d
sudo s3cmd get s3://mybucket/abc/2020/subversion.conf --config=/root/.s3cfg --preserve --multipart-chunk-size=5
cd /etc/httpd/conf
sudo mv httpd.conf httpd.original.conf
sudo s3cmd get s3://mybucket/abc/2020/httpd.conf --config=/root/.s3cfg --preserve --multipart-chunk-size=5
CURL syntax
curl https://mybucket.../abc/2020/nntparchive.7z -o nntparchive.7z
Subversion "SVN" server install
Use this as your basic reference: subversion-svn-on-centos-8
This installs apache http server plus everything you need to host a subversion server.
sudo dnf install subversion mod_dav_svn
sudo vi /etc/httpd/conf.d/subversion.conf
sudo vi /etc/httpd/conf/httpd.conf
See also https://wiki.centos.org/HowTos/Subversion
svn config files are in /etc/svn-acl* and /etc/svn-auth*
In order to migrate my existing subversion files from CentOS7 to CentOS8, I used 7Zip to archive them on the original server, upload to s3 using s3cmd, then downloaded to the new server and extracted. ( same as done for nntp above ). That worked. I did not need to use svnradmin to dump and restore the subversion repositories. I just copied the files into the same directory locations and it all worked immediately. I did not need to redefine my users and passwords. They kept working.
sudo systemctl restart httpd
sudo systemctl status httpd.service
SVN over HTTPS
Reference: let-s-encrypt-on-centos-8
Follow those instructions to install and run certbot, then test.
On my system, the default self-signed certificate remained active, seemingly due to excess configuration in ssl.conf. It will be obvious if you have this problem because when you test your domain in a browser, you will have a certificate error about a self-signed root certificate being used. You can further verify using grep.
grep -r "IfModule mod_ssl" /etc/httpd
grep -r "SSLCertificateFile" /etc/httpd
grep -r "443" /etc/httpd
sudo vi /etc/httpd/conf.d/ssl.conf
Doubtless there is a way to make the LetsEncrypt conf be more important that the default (!!), but that is beyond my knowledge of apache conf.
When SVNRDUMP fails
I was unable to get svnrdump to work on my centos server. In the end, I transferred my .dump files to the target centos machine, and then used svn admin load to restore the full history from backup.
sudo svnadmin load /var/svn/restored < repos-backup
For info about pre-revprop-change, see what-is-a-pre-revprop-change-hook-in-svn-and-how-do-i-create-it
SVN Troubleshooting
After using svnadmin to load a repo, there will be additional files and those may need their ownership changed.
sudo chown -R apache.apache /var/www/svn-custom/myrepo
If you continue to have permission errors such as "Commit failed (details follow): Can't move 'var/www/svn-custom/myrepo/db/txn-protorevs/3592-2rs.rev' to '/var/www/svn-custom/myrepo/db/revs/3/3593': Permission denied" when doing svn commit, use the solution provided by this excellent reference:
sudo chcon -R -t httpd_sys_rw_content_t /var/www/svn-custom/myrepo
CentOS Firewall
The AMI did not include the standard firewall daemon. You can rely on the EC2 Security Group or install firewalld.
Reference: using-firewalld-on-centos-8
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --zone=public --add-port=119/tcp --permanent
sudo firewall-cmd --runtime-to-permanent
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --list-services
sudo firewall-cmd --zone=public --list-ports
Drawing thanks to Carol VanHook
Comments