Redmine

h1. HowTo to handle SVN repositories creation and access control with Redmine (part 2)

{{>TOC}}

If you haven't configure redMine and subversion integration, begin with the first part :

[[HowTo to handle SVN repositories creation and access control with Redmine]]

Be careful, the following recipes only work with a fairly recent

redmine/reposman.rb (Rev. 860 and later). They won't work with the

perl version of reposman.

h2. How to automatically update the url of your new repositories in

  redMine with reposman ?

You can do that by using the @--url@ argument.

<pre>

ruby ./reposman.rb --redmine-host localhost:3000 --svn-dir /var/svn \

                   --url file:///var/svn/

</pre>

reposman will return to redMine the url of your repository (the url

argument plus the idendified)

Next time you create a project with a repository, reposman will

informe redMine that's done and redMine will save the new repository

information returned by reposman.

h2. What if you want to allow redMine to browse private repository ?

The previous recipes allow you to create repository on the fly and

anonymous browsing. But, if your project is private or if the project

isn't on the same server, you won't be able to browse it in redMine.

h3. redMine and svn are on the same server

If your reposities and redmine are on the same server, you just need

to use the @--url@ option like in the previous item to register the

repository and the @--owner@ argument to set the repository owner to the

mongrel/apache user so that it can parse files.

<pre>

ruby ./reposman.rb --redmine-host localhost:3000 --svn-dir /var/svn \

                   --url file:///var/svn/ --owner MONGREL_USER

</pre>

BUT, you won't be able to separate repositories and redMine in the

future (in fact you will be but you need to change the database

manually and that's bad). A better way to do this, if you think you

will need to separate those two servers one day, is to do like you

already have two servers. To do this, read the next recipe.

h3. redMine and svn aren't on the same server

There's more than one way to do this, one could be to use a specific

user to browse the repository with svnserve or svn+ssh but I don't

like this way (don't ask why). Another way is to add a third

access way (we already have svn+ssh for registered users and svnserve

for anonymous users).

In the following, the redmine server is known as redmine.my.domain and

the svn as svn.my.domain. You need to have apache/apache2 and mod_dav_svn on

the svn server.

1. configure your apache to serve the svn repository just for the redmine server

Just add something like that in your apache.conf or in a file in the

directory /etc/apache/conf.d :

<pre>

   LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so

   <Location /svn>

   DAV svn

   # this must be the path you give to reposman with -s,--svn-dir argument

   SVNParentPath "/var/svn"

   Order allow,deny

   Allow from ip.of.my.redmine.server

   </Location>

</pre>

Verify you can access it from your redMine server.

2. change your reposman cron by adding the @--owner@ argument with the apache user :

<pre>

ruby ./reposman.rb --redmine-host http://redmine.my.domain/ --svn-dir /var/svn

                   --url http://svn.my.domain/svn/ --owner APACHE_USER

</pre>

h2. Web Service and Security

For the moment, the WS is open to everybody and you surely don't want

that someone register project for you. You can block access to the WS

with apache/mongrel (if you don't use apache, I let you do your

homework...) with the Location apache directive like this :

<pre>

<VirtualHost *:80>

   ServerName redmine.my.domain

   ServerAdmin webmaster@localhost

   <Location /sys>

      Order allow,deny

      Allow from ip.of.my.svn.server

   </Location>

   ProxyPass / http://localhost:3000/

   ProxyPassReverse / http://localhost:3000/

</VirtualHost>

</pre>