Project

General

Profile

HowTo to handle SVN repositories creation and access control with Redmine » History » Version 4

Jean-Philippe Lang, 2007-10-14 18:39

1 1 Jean-Philippe Lang
h1. HowTo to handle SVN repositories creation and access control with Redmine
2
3 2 Jean-Philippe Lang
{{>TOC}}
4
5 1 Jean-Philippe Lang
h2. Overview
6
7
*This setup is not required if you just need to browse your repositories and changesets from Redmine.*
8
9
As of version 0.5.0, Redmine is able to handle Subversion repositories creation and access control.
10
11
Once you’ve done this extra setup, Redmine will create the repository for each of your projects. Users will be allowed to access the repositories using ssh+svn, according to their permissions defined in Redmine :
12
13
* for public projects : read access to the repository for any user, write access for project members only,
14
* for private projects : read/write access allowed to project members only.
15
16
User authentication is done with the same login/password as for Redmine access.
17
18
h2. Requirements
19
20
h3. Software
21
22
You need Redmine 0.5.0 or higher, running with MySQL[1].
23
24
Your SVN repositories must be hosted on a *nix system. They don’t have to be on the same host you installed Redmine on.
25
Is required on your SVN host :
26
27
    * nss_mysql
28
    * pam_mysql 0.7pre2 or higher, compiled with SHA1 support[2]
29
    * perl with SOAP::Lite package
30
31
Scripts used in this HowTo can be found in the /extra/svn directory of Redmine.
32
33
h3. Network considerations
34
35
The SVN host must be able to access both the redMine database and HTTP server(s). In many cases, they will all be located on the same host.
36
37
h2. Setup
38
39
h3. Preparing the Redmine database
40
41
Some views need to be added to the Redmine database. These views are used to authenticate users and retrieve their permissions.
42
43 3 Jean-Philippe Lang
1. Create the different views in your Redmine database :
44 1 Jean-Philippe Lang
45 3 Jean-Philippe Lang
  mysql --user=redmine_user redmine_database -p < create_views.sql
46 1 Jean-Philippe Lang
47 3 Jean-Philippe Lang
2. Grant privileges on these views:
48 1 Jean-Philippe Lang
49
<pre>
50
mysql --user=root
51
mysql> create user redmine_nss@localhost identified by 'averylongpassword';
52
mysql> grant SELECT on redmine.nss_groups to redmine_nss@localhost;
53
mysql> grant SELECT on redmine.nss_users to redmine_nss@localhost;
54
mysql> grant SELECT on redmine.nss_grouplist to redmine_nss@localhost;
55 4 Jean-Philippe Lang
mysql> create user redmine_pam@localhost identified by 'averylongpassword';
56
mysql> grant SELECT on redmine.ssh_users to redmine_pam@localhost;
57 1 Jean-Philippe Lang
</pre>
58
59
h3. Configuring nss-mysql on your SVN server
60
61
3. Create the /etc/nss-mysql.conf as follows:
62
63
<pre>
64
conf.version = 2;
65
users.host = inet:localhost:3306;
66
users.database = redmine;
67
users.db_user = redmine_nss;
68 4 Jean-Philippe Lang
users.db_password = averylongpassword;
69 1 Jean-Philippe Lang
users.backup_database = nss_mysql_backup;
70
users.table = nss_users;
71
users.user_column = nss_users.username;
72
users.userid_column = nss_users.uid;
73
users.uid_column = nss_users.uid;
74
users.gid_column = 100;
75
users.realname_column = nss_users.realname;
76
users.homedir_column = "/false/path";
77
users.shell_column = "/usr/local/bin/svnserve.wrapper";
78
groups.group_info_table = nss_groups;
79
groups.group_name_column = nss_groups.name;
80
groups.groupid_column = nss_groups.gid;
81
groups.gid_column = nss_groups.gid;
82
groups.password_column = "x";
83
groups.members_table = nss_grouplist;
84
groups.member_userid_column = nss_grouplist.username;
85
groups.member_groupid_column = nss_grouplist.gid;
86
</pre>
87
88
4. Install the svnserve wrapper
89
90
  sudo install svnserve.wrapper /usr/local/bin
91
92
5. Change /etc/nsswitch.conf
93
94 4 Jean-Philippe Lang
Add “mysql” at the end of the two lines passwd and group like that :
95 1 Jean-Philippe Lang
96
<pre>
97
passwd:         compat mysql
98
group:          compat mysql
99
</pre>
100
101
6. Test that all this stuff works :
102
103
You must have users in some project to verify.
104
105
<pre>
106
% getent passwd
107
[...]
108
user1:x:5002:100:user1 user1:/false/path:/usr/local/bin/svnserve.wrapper
109
user2:x:5003:100:user2 user2:/false/path:/usr/local/bin/svnserve.wrapper
110
111
% getent group
112
[...]
113
projet redmine 1:x:5001:
114
projet redmine 2:x:5002:
115
</pre>
116
117
h3. Authorize ssh pam to use mysql
118
119 4 Jean-Philippe Lang
7. Add these lines in @/etc/pam.d/ssh@ :
120 1 Jean-Philippe Lang
121 4 Jean-Philippe Lang
<pre>
122
auth sufficient pam_mysql.so \
123
verbose=1 \
124
user=redmine_pam \
125
passwd=averylongpassword \
126
host=localhost \
127
db=redmine \
128
table=ssh_users \
129
usercolumn=username \
130
passwdcolumn=password crypt=4
131 1 Jean-Philippe Lang
132 4 Jean-Philippe Lang
account sufficient pam_mysql.so \
133
verbose=1 \
134
user=redmine_pam \
135
passwd=averylongpassword \
136
host=localhost \
137
db=redmine \
138
table=ssh_users \
139
usercolumn=username \
140
passwdcolumn=password crypt=4
141
142
password sufficient pam_mysql.so \
143
verbose=1 \
144
user=redmine_pam \
145
passwd=averylongpassword \
146
host=localhost \
147
db=redmine \
148
table=ssh_users \
149
usercolumn=username \
150
passwdcolumn=password crypt=4
151
</pre>
152
153 1 Jean-Philippe Lang
Juste before
154
155
  @include common-auth
156
157
8. Test this against an existing Redmine user
158
159
Try to connect to the SVN host using your Redmine username and password:
160
161
  ssh redmine_username@svn_host
162
163
h3. Automating repository creation
164
165
Repository creation can be automated by running periodically the reposman.pl script.
166
167
It takes 2 arguments :
168
169
    * svn-dir : path to the directory where your svn repositories are located
170
    * redmine-host : host name of your Redmine install
171
172
Example:
173
174
<pre>
175 4 Jean-Philippe Lang
$ sudo ./reposman.pl --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo
176 1 Jean-Philippe Lang
repository /var/svn/project2 created
177
repository /var/svn/project1 created
178
mode change on /var/svn/project3
179
</pre>
180
181
Projects are retrieved from Redmine using a SOAP web service. This web service is disabled by default in Redmine.
182
To enable it, go to “Administration -> Settings” and check “Enable WS for repository management”.
183
184
fn2. You must use "./configure --with-openssl" in order to add SHA1 support to pam_mysql
185
186
fn1. Other databases can’t be used because of various problems: no pam module, no sha1 handling, ...