Project

General

Profile

HowTo to handle SVN repositories creation and access control with Redmine » History » Version 2

Jean-Philippe Lang, 2007-10-01 17:32

1 1 Jean-Philippe Lang
h1. HowTo to handle SVN repositories creation and access control with Redmine
2
3 2 Jean-Philippe Lang
{{>TOC}}
4
5 1 Jean-Philippe Lang
h2. Overview
6
7
*This setup is not required if you just need to browse your repositories and changesets from Redmine.*
8
9
As of version 0.5.0, Redmine is able to handle Subversion repositories creation and access control.
10
11
Once you’ve done this extra setup, Redmine will create the repository for each of your projects. Users will be allowed to access the repositories using ssh+svn, according to their permissions defined in Redmine :
12
13
* for public projects : read access to the repository for any user, write access for project members only,
14
* for private projects : read/write access allowed to project members only.
15
16
User authentication is done with the same login/password as for Redmine access.
17
18
h2. Requirements
19
20
h3. Software
21
22
You need Redmine 0.5.0 or higher, running with MySQL[1].
23
24
Your SVN repositories must be hosted on a *nix system. They don’t have to be on the same host you installed Redmine on.
25
Is required on your SVN host :
26
27
    * nss_mysql
28
    * pam_mysql 0.7pre2 or higher, compiled with SHA1 support[2]
29
    * perl with SOAP::Lite package
30
31
Scripts used in this HowTo can be found in the /extra/svn directory of Redmine.
32
33
h3. Network considerations
34
35
The SVN host must be able to access both the redMine database and HTTP server(s). In many cases, they will all be located on the same host.
36
37
h2. Setup
38
39
h3. Preparing the Redmine database
40
41
Some views need to be added to the Redmine database. These views are used to authenticate users and retrieve their permissions.
42
43
1. Create the different views in your redMine database :
44
45
  mysql --user=redmine_user redmine_database -p < db_views.sql
46
47
2. Grant privileges :
48
49
<pre>
50
mysql --user=root
51
mysql> create user redmine_nss@localhost identified by 'averylongpassword';
52
mysql> grant SELECT on redmine.nss_groups to redmine_nss@localhost;
53
Query OK, 0 rows affected (0.03 sec)
54
mysql> grant SELECT on redmine.nss_users to redmine_nss@localhost;
55
Query OK, 0 rows affected (0.00 sec)
56
mysql> grant SELECT on redmine.nss_grouplist to redmine_nss@localhost;
57
Query OK, 0 rows affected (0.00 sec)
58
create user redmine_pam@localhost identified by 'averylongpassword';
59
grant SELECT on redmine.ssh_users to redmine_pam@localhost;
60
</pre>
61
62
h3. Configuring nss-mysql on your SVN server
63
64
3. Create the /etc/nss-mysql.conf as follows:
65
66
<pre>
67
conf.version = 2;
68
users.host = inet:localhost:3306;
69
users.database = redmine;
70
users.db_user = redmine_nss;
71
users.db_password = averygoodpassword;
72
users.backup_database = nss_mysql_backup;
73
users.table = nss_users;
74
users.user_column = nss_users.username;
75
users.userid_column = nss_users.uid;
76
users.uid_column = nss_users.uid;
77
users.gid_column = 100;
78
users.realname_column = nss_users.realname;
79
users.homedir_column = "/false/path";
80
users.shell_column = "/usr/local/bin/svnserve.wrapper";
81
groups.group_info_table = nss_groups;
82
groups.group_name_column = nss_groups.name;
83
groups.groupid_column = nss_groups.gid;
84
groups.gid_column = nss_groups.gid;
85
groups.password_column = "x";
86
groups.members_table = nss_grouplist;
87
groups.member_userid_column = nss_grouplist.username;
88
groups.member_groupid_column = nss_grouplist.gid;
89
</pre>
90
91
4. Install the svnserve wrapper
92
93
  sudo install svnserve.wrapper /usr/local/bin
94
95
5. Change /etc/nsswitch.conf
96
97
Add “mysql” to the two lines passwd and group like that :
98
99
<pre>
100
passwd:         compat mysql
101
group:          compat mysql
102
</pre>
103
104
6. Test that all this stuff works :
105
106
You must have users in some project to verify.
107
108
<pre>
109
% getent passwd
110
[...]
111
user1:x:5002:100:user1 user1:/false/path:/usr/local/bin/svnserve.wrapper
112
user2:x:5003:100:user2 user2:/false/path:/usr/local/bin/svnserve.wrapper
113
114
% getent group
115
[...]
116
projet redmine 1:x:5001:
117
projet redmine 2:x:5002:
118
</pre>
119
120
h3. Authorize ssh pam to use mysql
121
122
7. Add the line :
123
124
  auth sufficient pam_mysql.so user=redmine_pam passwd=averylongpassword host=localhost db=redmine table=ssh_users usercolumn=username passwdcolumn=password crypt=4
125
126
Juste before
127
128
  @include common-auth
129
130
or
131
132
  auth required pam_unix.so nullok_secure
133
134
8. Test this against an existing Redmine user
135
136
Try to connect to the SVN host using your Redmine username and password:
137
138
  ssh redmine_username@svn_host
139
140
h3. Automating repository creation
141
142
Repository creation can be automated by running periodically the reposman.pl script.
143
144
It takes 2 arguments :
145
146
    * svn-dir : path to the directory where your svn repositories are located
147
    * redmine-host : host name of your Redmine install
148
149
Example:
150
151
<pre>
152
$ sudo reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo
153
repository /var/svn/project2 created
154
repository /var/svn/project1 created
155
mode change on /var/svn/project3
156
</pre>
157
158
Projects are retrieved from Redmine using a SOAP web service. This web service is disabled by default in Redmine.
159
To enable it, go to “Administration -> Settings” and check “Enable WS for repository management”.
160
161
fn2. You must use "./configure --with-openssl" in order to add SHA1 support to pam_mysql
162
163
fn1. Other databases can’t be used because of various problems: no pam module, no sha1 handling, ...