HowTo to handle SVN repositories creation and access control with Redmine (part 2) » History » Revision 2
Revision 1 (Nicolas Chuche, 2007-10-21 19:20) → Revision 2/3 (Jean-Philippe Lang, 2007-10-21 20:15)
h1. HowTo to handle SVN repositories creation and access control with Redmine (part 2) {{>TOC}} If you haven't configured Redmine configure redMine and Subversion subversion integration, begin with the first part: part : [[HowTo to handle SVN repositories creation and access control with Redmine]] Be careful, the following recipes only work with a fairly recent redmine/reposman.rb (r860 (Rev. 860 and later). They won't work with the perl version of reposman. h2. How to automatically update the url of your new repositories in Redmine redMine with reposman ? You can do that by using the @--url@ argument. <pre> ruby ./reposman.rb --redmine-host localhost:3000 --svn-dir /var/svn \ --url file:///var/svn/ </pre> reposman will send back return to Redmine redMine the url of your repository. repository (the url argument plus the idendified) Next time you create a project, project with a repository, reposman will informe Redmine that the repository was created redMine that's done and Redmine redMine will save the new repository url. This way, the administrator won't have to enter the repositories urls manually in Redmine. information returned by reposman. h2. What if you want to allow Redmine redMine to browse private repository ? The previous recipes allow you to create repository on the fly and anonymous browsing. But, if your project is private or if the project isn't on the same server, you won't be able to browse it in Redmine. redMine. h3. Redmine redMine and svn are on the same server In this case, If your reposities and redmine are on the same server, you just need to use the @--url@ option like in the previous item to register the repository and the @--owner@ argument to set the repository owner to the mongrel/apache user so that it can access the repositories. parse files. <pre> ruby ./reposman.rb --redmine-host localhost:3000 --svn-dir /var/svn \ --url file:///var/svn/ --owner MONGREL_USER </pre> BUT, you won't be able to separate svn repositories and Redmine hosts redMine in the future (in fact you will be able to but you would have need to manually update change the repositories urls in the database manually and that's bad). A better way to do this, if you think you will need to separate those two servers one day, is to do like you already have two servers. To do this, read the next recipe. h3. Redmine redMine and svn aren't on the same server There's more than one way to do this, one could be to use a specific user to browse the repository with svnserve or svn+ssh but I don't like this way (don't ask why). Another way is to add a third access way (we already have svn+ssh for registered users and svnserve for anonymous users). In the following, the Redmine redmine server is known as redmine.my.domain and the svn as svn.my.domain. You need to have apache/apache2 and mod_dav_svn on the svn server. 1. configure your apache to serve the svn repository just for the Redmine redmine server Just add something like that in your @apache.conf@ apache.conf or in a file in the directory @/etc/apache/conf.d@: /etc/apache/conf.d : <pre> LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so <Location /svn> DAV svn # this must be the path you give to reposman with -s,--svn-dir argument SVNParentPath "/var/svn" Order allow,deny Allow from ip.of.my.redmine.server </Location> </pre> Verify you can access it from your Redmine redMine server. 2. change your reposman cron by adding the @--owner@ argument with the apache user : <pre> ruby ./reposman.rb --redmine-host http://redmine.my.domain/ --svn-dir /var/svn --url http://svn.my.domain/svn/ --owner APACHE_USER </pre> h2. Web Service and Security For the moment, the WS is open to everybody once actived and you surely don't want that someone register project for you. You can block access to the WS with apache/mongrel (if you don't use apache, I let you do your homework...) with the Location apache directive like this : <pre> <VirtualHost *:80> ServerName redmine.my.domain ServerAdmin webmaster@localhost <Location /sys> Order allow,deny Allow from ip.of.my.svn.server </Location> ProxyPass / http://localhost:3000/ ProxyPassReverse / http://localhost:3000/ </VirtualHost> </pre>