Dave Carabetta Blog Banner


September 6, 2006

What's Your Ideal Source Control Setup?


Recently, I've been wrestling with the task of migrating our current source control solution from Microsoft® Visual SourceSafe® over to Subversion. Now, I know there are many of you who are cringing at the mere mention of using VSS. However, until recently, it has been an extremely stable solution for our source control needs. And hey, at least we have a source control solution, right?!

Our needs are changing though, and our team is clearly outgrowing the feature set that SourceSafe provides. From directory-level branching to better binary file compression and storage to concurrent editing, Subversion clearly fulfills our needs...and it's free to boot. I keep my personal files in a Subversion repository at home, so I'm familiar with it when working on one machine. However, now I need to set it up for a couple of our departments (we got some non-IT departments into version control!) and I'm trying to figure out the best way to do it. The requirements are fairly straightforward:

  • All access will be internal. In fact, no public access will be granted to anybody. However, not all users will have an account on the repository's server.
  • Must be able to fully migrate the existing VSS repository to Subversion.
  • Must be able to support roughly 15-20 users concurrently accessing the repository. There may be more user than that overall, but that's the targeted number of actual concurrent use.
  • Must be able to lock down certain projects such that users must authenticate themselves when trying to access the files.

OK, now that the requirements have been stated, I need your help figuring out the best approach.

First and foremost, where to physically put the repository. We have a shiny new development box (running Red Hat Linux 4.0) for our team with tons and tons of free space. I was thinking about creating a partition there dedicated to housing the repository. At the same time, I'm hesitant to put the repository on the same box as where most of the development is going to be taking place (we all have our own JRun/ColdFusion instances on this box, so we're separate, but sharing the same overall resources). I just don't trust all the banging that the box will be taking to house our core file repository, even though we'll be taking proper backups on a nightly basis. Should I phsyically separate the repository from the dev box?

With regard to the network protocol, from my research, it seems like the best setup is to install Apache on the server and manage the file access and user autentication using the mod_dav_svn module. However, this feels like overkill to an extent. I have the excellent book Pragmatic Version Control using Subversion 2nd Ed. by Mike Mason (and published by Dave Thomas and Andy Hunt of Pragmatic Programmer fame), so I'm aware of the pros and cons of each of the protocol options (svnsserve, svnserve+ssh, and Apache). However, I'm looking for other real-world opinions on each, based on the stated requirements.

With regard to migrating the existing VSS repository, this is a biggie. The problem I have with a lot of the current presentations about using Subversion is that they all assume that you're starting with a clean slate. However, we have literally years worth of comments, tags, labels, etc., that are an absolute "must keep." To that end, I have been monitoring the open source project Vss2Svn with the hopes of using their solution for migrating our repository. However, it doesn't look quite ready for prime time just yet. Has anybody succesfully used it by chance? I also found a solution from Polarion called Subversion Pro that looks to be free for at least the migration aspects of the product. Has anybody used this one?

Lastly, are there any tips on the best way to set up authorization/authentication? Anything else I'm overlooking? We're currently using the amazing FogBugz project management system from Fog Creek software (it integrates with virtually all source code management systems, which is great), so we don't need things like Trac.

Thanks for any insights.

Posted By Dave on September 6, 2006 at 1:00 PM
Related Categories: Model-Glue, CSS, Frameworks, Oracle, Databases, Microsoft, ColdFusion, Flex, Technology
Comments (5) | Print | del.icio.us | Linking Blogs


Comments
Josh's Gravatar I can't answer all of your questions, but I will say this: Don't put the Subversion repository on a box where people will be doing developer-type stuff. Put it on a dedicated box that only handles the source control. If some sort of sneaky evil bug from one of your apps crashes the server, you may not be able to access your code either! Additionally, I would think that you'd want dedicated CPU and memory resources for both.
# Posted By Josh on 9/6/06 at 5:36 PM
Rob Wilkerson's Gravatar I just finished migrating my own organization off of VSS and onto Subversion. Because of widely reported problems with data corruption in VSS that was never even uncovered until the migration, we decided to simply leave the VSS environment in place for legacy access and move forward with a fresh repository that we started with the most recent code base.

I chose the Apache option. Even though our repository is internal, I wanted to be able to expose it if we ever decide that we need remote access (telecommuting, etc.). Apache and htdigest offered sufficient security and ease of setup to meet that need.

Like Josh, I recommend a dedicated source control box. What's stored there is, if your organization is anything like mine, extremely important and to share resources with a development environment just seems like an unnecessary risk.
# Posted By Rob Wilkerson on 9/7/06 at 7:41 AM
Seth Petry-Johnson's Gravatar You might want to look into a product called Vault, by a company called SourceGear. They designed Vault to be a "compelling replacement for VSS" so migrating to Vault should be easy.

Its a commercial offering, and I have no idea of price. I've not even used the software myself, I just read the blog of the company founder and he talks about Vault a great deal.

See http://www.sourcegear.com/vault/index.html
# Posted By Seth Petry-Johnson on 9/8/06 at 4:22 AM
Dave Carabetta's Gravatar Josh and Rob, I have definitely decided to go with a separate box to host the repository. Thanks for confirming my thought.

Rob, you bring up a good point with regard to planning for the future. Right now we have no need for external access, but it's definitely prudent to plan for it. I think I'm going to go with Apache at this point.

Seth, I've read about SourceGear, but it's pricing is a bit too prohibitive for us. I can't really justify paying ~$7,000 for the 25 licenses I'd need when there's a perfectly viable and enterprise-ready alternative for less...free. Thanks for the tip though.
# Posted By Dave Carabetta on 9/8/06 at 10:20 AM
Rob Wilkerson's Gravatar One other comment, Dave, since you said you'll be going with Apache: ensure that the KeepAlive directive is "On" in your httpd.conf. By default, mine was off and it caused me no end of Subversion nightmares when attempting to commit a large number of changes. I assume it has something to do with how commits are processed by Subversion. It took me days of frustration to track that down.

I also recommend joining the Subversion mailing list. It's pretty active and helpful. At least it was for me.

I guess that's two comments so apologies for the false advertising. :-)
# Posted By Rob Wilkerson on 9/8/06 at 4:32 PM

© Dave Carabetta, 2005-2010. This blog licensed under the Creative Commons License. Some rights reserved. This is a personal weblog. The opinions expressed here represent my own and not those of my employer. Blog software provided by Raymond Camden.