HowTo to handle SVN repositories creation and access control with Redmine » History » Version 4
Jean-Philippe Lang, 2007-10-14 18:39
1 | 1 | Jean-Philippe Lang | h1. HowTo to handle SVN repositories creation and access control with Redmine |
---|---|---|---|
2 | 1 | Jean-Philippe Lang | |
3 | 2 | Jean-Philippe Lang | {{>TOC}} |
4 | 2 | Jean-Philippe Lang | |
5 | 1 | Jean-Philippe Lang | h2. Overview |
6 | 1 | Jean-Philippe Lang | |
7 | 1 | Jean-Philippe Lang | *This setup is not required if you just need to browse your repositories and changesets from Redmine.* |
8 | 1 | Jean-Philippe Lang | |
9 | 1 | Jean-Philippe Lang | As of version 0.5.0, Redmine is able to handle Subversion repositories creation and access control. |
10 | 1 | Jean-Philippe Lang | |
11 | 1 | Jean-Philippe Lang | Once you’ve done this extra setup, Redmine will create the repository for each of your projects. Users will be allowed to access the repositories using ssh+svn, according to their permissions defined in Redmine : |
12 | 1 | Jean-Philippe Lang | |
13 | 1 | Jean-Philippe Lang | * for public projects : read access to the repository for any user, write access for project members only, |
14 | 1 | Jean-Philippe Lang | * for private projects : read/write access allowed to project members only. |
15 | 1 | Jean-Philippe Lang | |
16 | 1 | Jean-Philippe Lang | User authentication is done with the same login/password as for Redmine access. |
17 | 1 | Jean-Philippe Lang | |
18 | 1 | Jean-Philippe Lang | h2. Requirements |
19 | 1 | Jean-Philippe Lang | |
20 | 1 | Jean-Philippe Lang | h3. Software |
21 | 1 | Jean-Philippe Lang | |
22 | 1 | Jean-Philippe Lang | You need Redmine 0.5.0 or higher, running with MySQL[1]. |
23 | 1 | Jean-Philippe Lang | |
24 | 1 | Jean-Philippe Lang | Your SVN repositories must be hosted on a *nix system. They don’t have to be on the same host you installed Redmine on. |
25 | 1 | Jean-Philippe Lang | Is required on your SVN host : |
26 | 1 | Jean-Philippe Lang | |
27 | 1 | Jean-Philippe Lang | * nss_mysql |
28 | 1 | Jean-Philippe Lang | * pam_mysql 0.7pre2 or higher, compiled with SHA1 support[2] |
29 | 1 | Jean-Philippe Lang | * perl with SOAP::Lite package |
30 | 1 | Jean-Philippe Lang | |
31 | 1 | Jean-Philippe Lang | Scripts used in this HowTo can be found in the /extra/svn directory of Redmine. |
32 | 1 | Jean-Philippe Lang | |
33 | 1 | Jean-Philippe Lang | h3. Network considerations |
34 | 1 | Jean-Philippe Lang | |
35 | 1 | Jean-Philippe Lang | The SVN host must be able to access both the redMine database and HTTP server(s). In many cases, they will all be located on the same host. |
36 | 1 | Jean-Philippe Lang | |
37 | 1 | Jean-Philippe Lang | h2. Setup |
38 | 1 | Jean-Philippe Lang | |
39 | 1 | Jean-Philippe Lang | h3. Preparing the Redmine database |
40 | 1 | Jean-Philippe Lang | |
41 | 1 | Jean-Philippe Lang | Some views need to be added to the Redmine database. These views are used to authenticate users and retrieve their permissions. |
42 | 1 | Jean-Philippe Lang | |
43 | 3 | Jean-Philippe Lang | 1. Create the different views in your Redmine database : |
44 | 1 | Jean-Philippe Lang | |
45 | 3 | Jean-Philippe Lang | mysql --user=redmine_user redmine_database -p < create_views.sql |
46 | 1 | Jean-Philippe Lang | |
47 | 3 | Jean-Philippe Lang | 2. Grant privileges on these views: |
48 | 1 | Jean-Philippe Lang | |
49 | 1 | Jean-Philippe Lang | <pre> |
50 | 1 | Jean-Philippe Lang | mysql --user=root |
51 | 1 | Jean-Philippe Lang | mysql> create user redmine_nss@localhost identified by 'averylongpassword'; |
52 | 1 | Jean-Philippe Lang | mysql> grant SELECT on redmine.nss_groups to redmine_nss@localhost; |
53 | 1 | Jean-Philippe Lang | mysql> grant SELECT on redmine.nss_users to redmine_nss@localhost; |
54 | 1 | Jean-Philippe Lang | mysql> grant SELECT on redmine.nss_grouplist to redmine_nss@localhost; |
55 | 4 | Jean-Philippe Lang | mysql> create user redmine_pam@localhost identified by 'averylongpassword'; |
56 | 4 | Jean-Philippe Lang | mysql> grant SELECT on redmine.ssh_users to redmine_pam@localhost; |
57 | 1 | Jean-Philippe Lang | </pre> |
58 | 1 | Jean-Philippe Lang | |
59 | 1 | Jean-Philippe Lang | h3. Configuring nss-mysql on your SVN server |
60 | 1 | Jean-Philippe Lang | |
61 | 1 | Jean-Philippe Lang | 3. Create the /etc/nss-mysql.conf as follows: |
62 | 1 | Jean-Philippe Lang | |
63 | 1 | Jean-Philippe Lang | <pre> |
64 | 1 | Jean-Philippe Lang | conf.version = 2; |
65 | 1 | Jean-Philippe Lang | users.host = inet:localhost:3306; |
66 | 1 | Jean-Philippe Lang | users.database = redmine; |
67 | 1 | Jean-Philippe Lang | users.db_user = redmine_nss; |
68 | 4 | Jean-Philippe Lang | users.db_password = averylongpassword; |
69 | 1 | Jean-Philippe Lang | users.backup_database = nss_mysql_backup; |
70 | 1 | Jean-Philippe Lang | users.table = nss_users; |
71 | 1 | Jean-Philippe Lang | users.user_column = nss_users.username; |
72 | 1 | Jean-Philippe Lang | users.userid_column = nss_users.uid; |
73 | 1 | Jean-Philippe Lang | users.uid_column = nss_users.uid; |
74 | 1 | Jean-Philippe Lang | users.gid_column = 100; |
75 | 1 | Jean-Philippe Lang | users.realname_column = nss_users.realname; |
76 | 1 | Jean-Philippe Lang | users.homedir_column = "/false/path"; |
77 | 1 | Jean-Philippe Lang | users.shell_column = "/usr/local/bin/svnserve.wrapper"; |
78 | 1 | Jean-Philippe Lang | groups.group_info_table = nss_groups; |
79 | 1 | Jean-Philippe Lang | groups.group_name_column = nss_groups.name; |
80 | 1 | Jean-Philippe Lang | groups.groupid_column = nss_groups.gid; |
81 | 1 | Jean-Philippe Lang | groups.gid_column = nss_groups.gid; |
82 | 1 | Jean-Philippe Lang | groups.password_column = "x"; |
83 | 1 | Jean-Philippe Lang | groups.members_table = nss_grouplist; |
84 | 1 | Jean-Philippe Lang | groups.member_userid_column = nss_grouplist.username; |
85 | 1 | Jean-Philippe Lang | groups.member_groupid_column = nss_grouplist.gid; |
86 | 1 | Jean-Philippe Lang | </pre> |
87 | 1 | Jean-Philippe Lang | |
88 | 1 | Jean-Philippe Lang | 4. Install the svnserve wrapper |
89 | 1 | Jean-Philippe Lang | |
90 | 1 | Jean-Philippe Lang | sudo install svnserve.wrapper /usr/local/bin |
91 | 1 | Jean-Philippe Lang | |
92 | 1 | Jean-Philippe Lang | 5. Change /etc/nsswitch.conf |
93 | 1 | Jean-Philippe Lang | |
94 | 4 | Jean-Philippe Lang | Add “mysql” at the end of the two lines passwd and group like that : |
95 | 1 | Jean-Philippe Lang | |
96 | 1 | Jean-Philippe Lang | <pre> |
97 | 1 | Jean-Philippe Lang | passwd: compat mysql |
98 | 1 | Jean-Philippe Lang | group: compat mysql |
99 | 1 | Jean-Philippe Lang | </pre> |
100 | 1 | Jean-Philippe Lang | |
101 | 1 | Jean-Philippe Lang | 6. Test that all this stuff works : |
102 | 1 | Jean-Philippe Lang | |
103 | 1 | Jean-Philippe Lang | You must have users in some project to verify. |
104 | 1 | Jean-Philippe Lang | |
105 | 1 | Jean-Philippe Lang | <pre> |
106 | 1 | Jean-Philippe Lang | % getent passwd |
107 | 1 | Jean-Philippe Lang | [...] |
108 | 1 | Jean-Philippe Lang | user1:x:5002:100:user1 user1:/false/path:/usr/local/bin/svnserve.wrapper |
109 | 1 | Jean-Philippe Lang | user2:x:5003:100:user2 user2:/false/path:/usr/local/bin/svnserve.wrapper |
110 | 1 | Jean-Philippe Lang | |
111 | 1 | Jean-Philippe Lang | % getent group |
112 | 1 | Jean-Philippe Lang | [...] |
113 | 1 | Jean-Philippe Lang | projet redmine 1:x:5001: |
114 | 1 | Jean-Philippe Lang | projet redmine 2:x:5002: |
115 | 1 | Jean-Philippe Lang | </pre> |
116 | 1 | Jean-Philippe Lang | |
117 | 1 | Jean-Philippe Lang | h3. Authorize ssh pam to use mysql |
118 | 1 | Jean-Philippe Lang | |
119 | 4 | Jean-Philippe Lang | 7. Add these lines in @/etc/pam.d/ssh@ : |
120 | 1 | Jean-Philippe Lang | |
121 | 4 | Jean-Philippe Lang | <pre> |
122 | 4 | Jean-Philippe Lang | auth sufficient pam_mysql.so \ |
123 | 4 | Jean-Philippe Lang | verbose=1 \ |
124 | 4 | Jean-Philippe Lang | user=redmine_pam \ |
125 | 4 | Jean-Philippe Lang | passwd=averylongpassword \ |
126 | 4 | Jean-Philippe Lang | host=localhost \ |
127 | 4 | Jean-Philippe Lang | db=redmine \ |
128 | 4 | Jean-Philippe Lang | table=ssh_users \ |
129 | 4 | Jean-Philippe Lang | usercolumn=username \ |
130 | 4 | Jean-Philippe Lang | passwdcolumn=password crypt=4 |
131 | 1 | Jean-Philippe Lang | |
132 | 4 | Jean-Philippe Lang | account sufficient pam_mysql.so \ |
133 | 4 | Jean-Philippe Lang | verbose=1 \ |
134 | 4 | Jean-Philippe Lang | user=redmine_pam \ |
135 | 4 | Jean-Philippe Lang | passwd=averylongpassword \ |
136 | 4 | Jean-Philippe Lang | host=localhost \ |
137 | 4 | Jean-Philippe Lang | db=redmine \ |
138 | 4 | Jean-Philippe Lang | table=ssh_users \ |
139 | 4 | Jean-Philippe Lang | usercolumn=username \ |
140 | 4 | Jean-Philippe Lang | passwdcolumn=password crypt=4 |
141 | 4 | Jean-Philippe Lang | |
142 | 4 | Jean-Philippe Lang | password sufficient pam_mysql.so \ |
143 | 4 | Jean-Philippe Lang | verbose=1 \ |
144 | 4 | Jean-Philippe Lang | user=redmine_pam \ |
145 | 4 | Jean-Philippe Lang | passwd=averylongpassword \ |
146 | 4 | Jean-Philippe Lang | host=localhost \ |
147 | 4 | Jean-Philippe Lang | db=redmine \ |
148 | 4 | Jean-Philippe Lang | table=ssh_users \ |
149 | 4 | Jean-Philippe Lang | usercolumn=username \ |
150 | 4 | Jean-Philippe Lang | passwdcolumn=password crypt=4 |
151 | 4 | Jean-Philippe Lang | </pre> |
152 | 4 | Jean-Philippe Lang | |
153 | 1 | Jean-Philippe Lang | Juste before |
154 | 1 | Jean-Philippe Lang | |
155 | 1 | Jean-Philippe Lang | @include common-auth |
156 | 1 | Jean-Philippe Lang | |
157 | 1 | Jean-Philippe Lang | 8. Test this against an existing Redmine user |
158 | 1 | Jean-Philippe Lang | |
159 | 1 | Jean-Philippe Lang | Try to connect to the SVN host using your Redmine username and password: |
160 | 1 | Jean-Philippe Lang | |
161 | 1 | Jean-Philippe Lang | ssh redmine_username@svn_host |
162 | 1 | Jean-Philippe Lang | |
163 | 1 | Jean-Philippe Lang | h3. Automating repository creation |
164 | 1 | Jean-Philippe Lang | |
165 | 1 | Jean-Philippe Lang | Repository creation can be automated by running periodically the reposman.pl script. |
166 | 1 | Jean-Philippe Lang | |
167 | 1 | Jean-Philippe Lang | It takes 2 arguments : |
168 | 1 | Jean-Philippe Lang | |
169 | 1 | Jean-Philippe Lang | * svn-dir : path to the directory where your svn repositories are located |
170 | 1 | Jean-Philippe Lang | * redmine-host : host name of your Redmine install |
171 | 1 | Jean-Philippe Lang | |
172 | 1 | Jean-Philippe Lang | Example: |
173 | 1 | Jean-Philippe Lang | |
174 | 1 | Jean-Philippe Lang | <pre> |
175 | 4 | Jean-Philippe Lang | $ sudo ./reposman.pl --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo |
176 | 1 | Jean-Philippe Lang | repository /var/svn/project2 created |
177 | 1 | Jean-Philippe Lang | repository /var/svn/project1 created |
178 | 1 | Jean-Philippe Lang | mode change on /var/svn/project3 |
179 | 1 | Jean-Philippe Lang | </pre> |
180 | 1 | Jean-Philippe Lang | |
181 | 1 | Jean-Philippe Lang | Projects are retrieved from Redmine using a SOAP web service. This web service is disabled by default in Redmine. |
182 | 1 | Jean-Philippe Lang | To enable it, go to “Administration -> Settings” and check “Enable WS for repository management”. |
183 | 1 | Jean-Philippe Lang | |
184 | 1 | Jean-Philippe Lang | fn2. You must use "./configure --with-openssl" in order to add SHA1 support to pam_mysql |
185 | 1 | Jean-Philippe Lang | |
186 | 1 | Jean-Philippe Lang | fn1. Other databases can’t be used because of various problems: no pam module, no sha1 handling, ... |