Project

General

Profile

HowTo to handle SVN repositories creation and access control with Redmine » History » Version 5

Jean-Philippe Lang, 2007-10-14 18:59

1 1 Jean-Philippe Lang
h1. HowTo to handle SVN repositories creation and access control with Redmine
2
3 2 Jean-Philippe Lang
{{>TOC}}
4
5 1 Jean-Philippe Lang
h2. Overview
6
7
*This setup is not required if you just need to browse your repositories and changesets from Redmine.*
8
9
As of version 0.5.0, Redmine is able to handle Subversion repositories creation and access control.
10
11
Once you’ve done this extra setup, Redmine will create the repository for each of your projects. Users will be allowed to access the repositories using ssh+svn, according to their permissions defined in Redmine :
12
13
* for public projects : read access to the repository for any user, write access for project members only,
14
* for private projects : read/write access allowed to project members only.
15
16
User authentication is done with the same login/password as for Redmine access.
17
18
h2. Requirements
19
20
h3. Software
21
22
You need Redmine 0.5.0 or higher, running with MySQL[1].
23
24 5 Jean-Philippe Lang
Your SVN repositories must be hosted on a *nix system with the following packages:
25
* nss_mysql
26
* pam_mysql 0.7pre2 or higher, compiled with SHA1 support
27 1 Jean-Philippe Lang
28
Scripts used in this HowTo can be found in the /extra/svn directory of Redmine.
29
30 5 Jean-Philippe Lang
In this HowTo, we assume that:
31
* the redmine database is called @redmine@ and hosted on @localhost@
32
* the Subversion repositories are located in @/var/svn@
33
34 1 Jean-Philippe Lang
h3. Network considerations
35
36 5 Jean-Philippe Lang
The SVN host must be able to access both the Redmine database and HTTP server(s). In many cases, they will all be located on the same host.
37 1 Jean-Philippe Lang
38
h2. Setup
39
40 5 Jean-Philippe Lang
h3. Installing requires packages
41
42
Get nss_mysql and other necessary packages:
43
44
  apt-get install build-essential libnss-mysql libpam0g-dev libssl-dev
45
46
Get and build @pam_mysql@:
47
48
<pre>
49
$ cd /usr/src
50
$ wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
51
$ tar xzf pam_mysql-0.7RC1.tar.gz
52
$ cd pam_mysql-0.7RC1
53
$ ./configure --with-openssl
54
$ make && make install
55
</pre>
56
57 1 Jean-Philippe Lang
h3. Preparing the Redmine database
58
59
Some views need to be added to the Redmine database. These views are used to authenticate users and retrieve their permissions.
60
61 3 Jean-Philippe Lang
1. Create the different views in your Redmine database :
62 1 Jean-Philippe Lang
63 3 Jean-Philippe Lang
  mysql --user=redmine_user redmine_database -p < create_views.sql
64 1 Jean-Philippe Lang
65 3 Jean-Philippe Lang
2. Grant privileges on these views:
66 1 Jean-Philippe Lang
67
<pre>
68
mysql --user=root
69
mysql> create user redmine_nss@localhost identified by 'averylongpassword';
70
mysql> grant SELECT on redmine.nss_groups to redmine_nss@localhost;
71
mysql> grant SELECT on redmine.nss_users to redmine_nss@localhost;
72
mysql> grant SELECT on redmine.nss_grouplist to redmine_nss@localhost;
73 4 Jean-Philippe Lang
mysql> create user redmine_pam@localhost identified by 'averylongpassword';
74
mysql> grant SELECT on redmine.ssh_users to redmine_pam@localhost;
75 1 Jean-Philippe Lang
</pre>
76
77
h3. Configuring nss-mysql on your SVN server
78
79
3. Create the /etc/nss-mysql.conf as follows:
80
81
<pre>
82
conf.version = 2;
83
users.host = inet:localhost:3306;
84
users.database = redmine;
85
users.db_user = redmine_nss;
86 4 Jean-Philippe Lang
users.db_password = averylongpassword;
87 1 Jean-Philippe Lang
users.backup_database = nss_mysql_backup;
88
users.table = nss_users;
89
users.user_column = nss_users.username;
90
users.userid_column = nss_users.uid;
91
users.uid_column = nss_users.uid;
92
users.gid_column = 100;
93
users.realname_column = nss_users.realname;
94
users.homedir_column = "/false/path";
95
users.shell_column = "/usr/local/bin/svnserve.wrapper";
96
groups.group_info_table = nss_groups;
97
groups.group_name_column = nss_groups.name;
98
groups.groupid_column = nss_groups.gid;
99
groups.gid_column = nss_groups.gid;
100
groups.password_column = "x";
101
groups.members_table = nss_grouplist;
102
groups.member_userid_column = nss_grouplist.username;
103
groups.member_groupid_column = nss_grouplist.gid;
104
</pre>
105
106
4. Install the svnserve wrapper
107
108
  sudo install svnserve.wrapper /usr/local/bin
109
110 4 Jean-Philippe Lang
5. Change /etc/nsswitch.conf
111 1 Jean-Philippe Lang
112
Add “mysql” at the end of the two lines passwd and group like that :
113
114
<pre>
115
passwd:         compat mysql
116
group:          compat mysql
117
</pre>
118
119
6. Test that all this stuff works :
120
121
You must have users in some project to verify.
122
123
<pre>
124
% getent passwd
125
[...]
126
user1:x:5002:100:user1 user1:/false/path:/usr/local/bin/svnserve.wrapper
127
user2:x:5003:100:user2 user2:/false/path:/usr/local/bin/svnserve.wrapper
128
129
% getent group
130
[...]
131 5 Jean-Philippe Lang
project1:x:5001:
132
project2:x:5002:
133 1 Jean-Philippe Lang
</pre>
134
135
h3. Authorize ssh pam to use mysql
136
137 4 Jean-Philippe Lang
7. Add these lines in @/etc/pam.d/ssh@ :
138 1 Jean-Philippe Lang
139 4 Jean-Philippe Lang
<pre>
140
auth sufficient pam_mysql.so \
141
verbose=1 \
142
user=redmine_pam \
143
passwd=averylongpassword \
144
host=localhost \
145
db=redmine \
146
table=ssh_users \
147
usercolumn=username \
148
passwdcolumn=password crypt=4
149 1 Jean-Philippe Lang
150 4 Jean-Philippe Lang
account sufficient pam_mysql.so \
151
verbose=1 \
152
user=redmine_pam \
153
passwd=averylongpassword \
154
host=localhost \
155
db=redmine \
156
table=ssh_users \
157
usercolumn=username \
158
passwdcolumn=password crypt=4
159
160
password sufficient pam_mysql.so \
161
verbose=1 \
162
user=redmine_pam \
163
passwd=averylongpassword \
164
host=localhost \
165
db=redmine \
166
table=ssh_users \
167 1 Jean-Philippe Lang
usercolumn=username \
168
passwdcolumn=password crypt=4
169
</pre>
170
171
Juste before
172
173
  @include common-auth
174
175
8. Test this against an existing Redmine user
176
177
Try to connect to the SVN host using your Redmine username and password:
178
179
  ssh redmine_username@svn_host
180
181
h3. Automating repository creation
182
183
Repository creation can be automated by running periodically the reposman.pl script.
184
185 5 Jean-Philippe Lang
It takes 2 arguments:
186 1 Jean-Philippe Lang
187 5 Jean-Philippe Lang
    * @svn-dir@: path to the directory where your svn repositories are located
188
    * @redmine-host@: host name of your Redmine install
189 1 Jean-Philippe Lang
190
Example:
191
192
<pre>
193 5 Jean-Philippe Lang
$ sudo ./reposman.pl --svn-dir=/var/svn --redmine-host=localhost
194 1 Jean-Philippe Lang
repository /var/svn/project2 created
195
repository /var/svn/project1 created
196
mode change on /var/svn/project3
197
</pre>
198
199
Projects are retrieved from Redmine using a SOAP web service. This web service is disabled by default in Redmine.
200 4 Jean-Philippe Lang
To enable it, go to “Administration -> Settings” and check “Enable WS for repository management”.
201 1 Jean-Philippe Lang
202 5 Jean-Philippe Lang
Make sure this option is checked if you get this error when running reposman:
203
@Service description 'http://localhost/sys/service.wsdl' can't be loaded: 404 Not Found@
204 1 Jean-Philippe Lang
205 5 Jean-Philippe Lang
h3. Accessing the repositories
206
207
Members of project1 are now able to access the repository using this url:
208
209
  svn+ssh://svnhost/project1
210
211
212
fn1. Other databases can’t be used because of various problems: no pam module, no sha1 handling,...