HowTo to handle SVN repositories creation and access control with Redmine » History » Version 1

Jean-Philippe Lang, 2007-10-01 17:32

1 1 Jean-Philippe Lang
h1. HowTo to handle SVN repositories creation and access control with Redmine
2 1 Jean-Philippe Lang
3 1 Jean-Philippe Lang
h2. Overview
4 1 Jean-Philippe Lang
5 1 Jean-Philippe Lang
*This setup is not required if you just need to browse your repositories and changesets from Redmine.*
6 1 Jean-Philippe Lang
7 1 Jean-Philippe Lang
As of version 0.5.0, Redmine is able to handle Subversion repositories creation and access control.
8 1 Jean-Philippe Lang
9 1 Jean-Philippe Lang
Once you’ve done this extra setup, Redmine will create the repository for each of your projects. Users will be allowed to access the repositories using ssh+svn, according to their permissions defined in Redmine :
10 1 Jean-Philippe Lang
11 1 Jean-Philippe Lang
* for public projects : read access to the repository for any user, write access for project members only,
12 1 Jean-Philippe Lang
* for private projects : read/write access allowed to project members only.
13 1 Jean-Philippe Lang
14 1 Jean-Philippe Lang
User authentication is done with the same login/password as for Redmine access.
15 1 Jean-Philippe Lang
16 1 Jean-Philippe Lang
h2. Requirements
17 1 Jean-Philippe Lang
18 1 Jean-Philippe Lang
h3. Software
19 1 Jean-Philippe Lang
20 1 Jean-Philippe Lang
You need Redmine 0.5.0 or higher, running with MySQL[1].
21 1 Jean-Philippe Lang
22 1 Jean-Philippe Lang
Your SVN repositories must be hosted on a *nix system. They don’t have to be on the same host you installed Redmine on.
23 1 Jean-Philippe Lang
Is required on your SVN host :
24 1 Jean-Philippe Lang
25 1 Jean-Philippe Lang
    * nss_mysql
26 1 Jean-Philippe Lang
    * pam_mysql 0.7pre2 or higher, compiled with SHA1 support[2]
27 1 Jean-Philippe Lang
    * perl with SOAP::Lite package
28 1 Jean-Philippe Lang
29 1 Jean-Philippe Lang
Scripts used in this HowTo can be found in the /extra/svn directory of Redmine.
30 1 Jean-Philippe Lang
31 1 Jean-Philippe Lang
h3. Network considerations
32 1 Jean-Philippe Lang
33 1 Jean-Philippe Lang
The SVN host must be able to access both the redMine database and HTTP server(s). In many cases, they will all be located on the same host.
34 1 Jean-Philippe Lang
35 1 Jean-Philippe Lang
h2. Setup
36 1 Jean-Philippe Lang
37 1 Jean-Philippe Lang
h3. Preparing the Redmine database
38 1 Jean-Philippe Lang
39 1 Jean-Philippe Lang
Some views need to be added to the Redmine database. These views are used to authenticate users and retrieve their permissions.
40 1 Jean-Philippe Lang
41 1 Jean-Philippe Lang
1. Create the different views in your redMine database :
42 1 Jean-Philippe Lang
43 1 Jean-Philippe Lang
  mysql --user=redmine_user redmine_database -p < db_views.sql
44 1 Jean-Philippe Lang
45 1 Jean-Philippe Lang
2. Grant privileges :
46 1 Jean-Philippe Lang
47 1 Jean-Philippe Lang
<pre>
48 1 Jean-Philippe Lang
mysql --user=root
49 1 Jean-Philippe Lang
mysql> create user redmine_nss@localhost identified by 'averylongpassword';
50 1 Jean-Philippe Lang
mysql> grant SELECT on redmine.nss_groups to redmine_nss@localhost;
51 1 Jean-Philippe Lang
Query OK, 0 rows affected (0.03 sec)
52 1 Jean-Philippe Lang
mysql> grant SELECT on redmine.nss_users to redmine_nss@localhost;
53 1 Jean-Philippe Lang
Query OK, 0 rows affected (0.00 sec)
54 1 Jean-Philippe Lang
mysql> grant SELECT on redmine.nss_grouplist to redmine_nss@localhost;
55 1 Jean-Philippe Lang
Query OK, 0 rows affected (0.00 sec)
56 1 Jean-Philippe Lang
create user redmine_pam@localhost identified by 'averylongpassword';
57 1 Jean-Philippe Lang
grant SELECT on redmine.ssh_users to redmine_pam@localhost;
58 1 Jean-Philippe Lang
</pre>
59 1 Jean-Philippe Lang
60 1 Jean-Philippe Lang
h3. Configuring nss-mysql on your SVN server
61 1 Jean-Philippe Lang
62 1 Jean-Philippe Lang
3. Create the /etc/nss-mysql.conf as follows:
63 1 Jean-Philippe Lang
64 1 Jean-Philippe Lang
<pre>
65 1 Jean-Philippe Lang
conf.version = 2;
66 1 Jean-Philippe Lang
users.host = inet:localhost:3306;
67 1 Jean-Philippe Lang
users.database = redmine;
68 1 Jean-Philippe Lang
users.db_user = redmine_nss;
69 1 Jean-Philippe Lang
users.db_password = averygoodpassword;
70 1 Jean-Philippe Lang
users.backup_database = nss_mysql_backup;
71 1 Jean-Philippe Lang
users.table = nss_users;
72 1 Jean-Philippe Lang
users.user_column = nss_users.username;
73 1 Jean-Philippe Lang
users.userid_column = nss_users.uid;
74 1 Jean-Philippe Lang
users.uid_column = nss_users.uid;
75 1 Jean-Philippe Lang
users.gid_column = 100;
76 1 Jean-Philippe Lang
users.realname_column = nss_users.realname;
77 1 Jean-Philippe Lang
users.homedir_column = "/false/path";
78 1 Jean-Philippe Lang
users.shell_column = "/usr/local/bin/svnserve.wrapper";
79 1 Jean-Philippe Lang
groups.group_info_table = nss_groups;
80 1 Jean-Philippe Lang
groups.group_name_column = nss_groups.name;
81 1 Jean-Philippe Lang
groups.groupid_column = nss_groups.gid;
82 1 Jean-Philippe Lang
groups.gid_column = nss_groups.gid;
83 1 Jean-Philippe Lang
groups.password_column = "x";
84 1 Jean-Philippe Lang
groups.members_table = nss_grouplist;
85 1 Jean-Philippe Lang
groups.member_userid_column = nss_grouplist.username;
86 1 Jean-Philippe Lang
groups.member_groupid_column = nss_grouplist.gid;
87 1 Jean-Philippe Lang
</pre>
88 1 Jean-Philippe Lang
89 1 Jean-Philippe Lang
4. Install the svnserve wrapper
90 1 Jean-Philippe Lang
91 1 Jean-Philippe Lang
  sudo install svnserve.wrapper /usr/local/bin
92 1 Jean-Philippe Lang
93 1 Jean-Philippe Lang
5. Change /etc/nsswitch.conf
94 1 Jean-Philippe Lang
95 1 Jean-Philippe Lang
Add “mysql” to the two lines passwd and group like that :
96 1 Jean-Philippe Lang
97 1 Jean-Philippe Lang
<pre>
98 1 Jean-Philippe Lang
passwd:         compat mysql
99 1 Jean-Philippe Lang
group:          compat mysql
100 1 Jean-Philippe Lang
</pre>
101 1 Jean-Philippe Lang
102 1 Jean-Philippe Lang
6. Test that all this stuff works :
103 1 Jean-Philippe Lang
104 1 Jean-Philippe Lang
You must have users in some project to verify.
105 1 Jean-Philippe Lang
106 1 Jean-Philippe Lang
<pre>
107 1 Jean-Philippe Lang
% getent passwd
108 1 Jean-Philippe Lang
[...]
109 1 Jean-Philippe Lang
user1:x:5002:100:user1 user1:/false/path:/usr/local/bin/svnserve.wrapper
110 1 Jean-Philippe Lang
user2:x:5003:100:user2 user2:/false/path:/usr/local/bin/svnserve.wrapper
111 1 Jean-Philippe Lang
112 1 Jean-Philippe Lang
% getent group
113 1 Jean-Philippe Lang
[...]
114 1 Jean-Philippe Lang
projet redmine 1:x:5001:
115 1 Jean-Philippe Lang
projet redmine 2:x:5002:
116 1 Jean-Philippe Lang
</pre>
117 1 Jean-Philippe Lang
118 1 Jean-Philippe Lang
h3. Authorize ssh pam to use mysql
119 1 Jean-Philippe Lang
120 1 Jean-Philippe Lang
7. Add the line :
121 1 Jean-Philippe Lang
122 1 Jean-Philippe Lang
  auth sufficient pam_mysql.so user=redmine_pam passwd=averylongpassword host=localhost db=redmine table=ssh_users usercolumn=username passwdcolumn=password crypt=4
123 1 Jean-Philippe Lang
124 1 Jean-Philippe Lang
Juste before
125 1 Jean-Philippe Lang
126 1 Jean-Philippe Lang
  @include common-auth
127 1 Jean-Philippe Lang
128 1 Jean-Philippe Lang
or
129 1 Jean-Philippe Lang
130 1 Jean-Philippe Lang
  auth required pam_unix.so nullok_secure
131 1 Jean-Philippe Lang
132 1 Jean-Philippe Lang
8. Test this against an existing Redmine user
133 1 Jean-Philippe Lang
134 1 Jean-Philippe Lang
Try to connect to the SVN host using your Redmine username and password:
135 1 Jean-Philippe Lang
136 1 Jean-Philippe Lang
  ssh redmine_username@svn_host
137 1 Jean-Philippe Lang
138 1 Jean-Philippe Lang
h3. Automating repository creation
139 1 Jean-Philippe Lang
140 1 Jean-Philippe Lang
Repository creation can be automated by running periodically the reposman.pl script.
141 1 Jean-Philippe Lang
142 1 Jean-Philippe Lang
It takes 2 arguments :
143 1 Jean-Philippe Lang
144 1 Jean-Philippe Lang
    * svn-dir : path to the directory where your svn repositories are located
145 1 Jean-Philippe Lang
    * redmine-host : host name of your Redmine install
146 1 Jean-Philippe Lang
147 1 Jean-Philippe Lang
Example:
148 1 Jean-Philippe Lang
149 1 Jean-Philippe Lang
<pre>
150 1 Jean-Philippe Lang
$ sudo reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo
151 1 Jean-Philippe Lang
repository /var/svn/project2 created
152 1 Jean-Philippe Lang
repository /var/svn/project1 created
153 1 Jean-Philippe Lang
mode change on /var/svn/project3
154 1 Jean-Philippe Lang
</pre>
155 1 Jean-Philippe Lang
156 1 Jean-Philippe Lang
Projects are retrieved from Redmine using a SOAP web service. This web service is disabled by default in Redmine.
157 1 Jean-Philippe Lang
To enable it, go to “Administration -> Settings” and check “Enable WS for repository management”.
158 1 Jean-Philippe Lang
159 1 Jean-Philippe Lang
fn2. You must use "./configure --with-openssl" in order to add SHA1 support to pam_mysql
160 1 Jean-Philippe Lang
161 1 Jean-Philippe Lang
fn1. Other databases can’t be used because of various problems: no pam module, no sha1 handling, ...