HowTo to handle SVN repositories creation and access control with Redmine (part 2) » History » Version 3
Jean-Philippe Lang, 2007-10-21 20:17
1 | 1 | Nicolas Chuche | h1. HowTo to handle SVN repositories creation and access control with Redmine (part 2) |
---|---|---|---|
2 | |||
3 | {{>TOC}} |
||
4 | |||
5 | 2 | Jean-Philippe Lang | If you haven't configured Redmine and Subversion integration, begin with the first part: [[HowTo to handle SVN repositories creation and access control with Redmine]] |
6 | 1 | Nicolas Chuche | |
7 | 3 | Jean-Philippe Lang | Be careful, the following recipes only work with a fairly recent redmine/reposman.rb (you need r860 or later). They won't work with the perl version of reposman. |
8 | 1 | Nicolas Chuche | |
9 | 2 | Jean-Philippe Lang | h2. How to automatically update the url of your new repositories in Redmine with reposman ? |
10 | 1 | Nicolas Chuche | |
11 | You can do that by using the @--url@ argument. |
||
12 | |||
13 | <pre> |
||
14 | ruby ./reposman.rb --redmine-host localhost:3000 --svn-dir /var/svn \ |
||
15 | --url file:///var/svn/ |
||
16 | </pre> |
||
17 | |||
18 | 2 | Jean-Philippe Lang | reposman will send back to Redmine the url of your repository. |
19 | 1 | Nicolas Chuche | |
20 | 2 | Jean-Philippe Lang | Next time you create a project, reposman will informe Redmine that the repository was created and Redmine will save the repository url. |
21 | This way, the administrator won't have to enter the repositories urls manually in Redmine. |
||
22 | 1 | Nicolas Chuche | |
23 | 2 | Jean-Philippe Lang | h2. What if you want to allow Redmine to browse private repository ? |
24 | 1 | Nicolas Chuche | |
25 | 2 | Jean-Philippe Lang | The previous recipes allow you to create repository on the fly and anonymous browsing. But, if your project is private or if the project isn't on the same server, you won't be able to browse it in Redmine. |
26 | 1 | Nicolas Chuche | |
27 | 2 | Jean-Philippe Lang | h3. Redmine and svn are on the same server |
28 | 1 | Nicolas Chuche | |
29 | 2 | Jean-Philippe Lang | In this case, you just need to use the @--url@ option like in the previous item to register the repository and the @--owner@ argument to set the repository owner to the mongrel/apache user so that it can access the repositories. |
30 | 1 | Nicolas Chuche | |
31 | <pre> |
||
32 | ruby ./reposman.rb --redmine-host localhost:3000 --svn-dir /var/svn \ |
||
33 | --url file:///var/svn/ --owner MONGREL_USER |
||
34 | </pre> |
||
35 | |||
36 | 2 | Jean-Philippe Lang | BUT, you won't be able to separate svn and Redmine hosts in the future (in fact you will be able to but you would have to manually update the repositories urls in the database and that's bad). A better way to do this, if you think you will need to separate those two servers one day, is to do like you already have two servers. To do this, read the next recipe. |
37 | 1 | Nicolas Chuche | |
38 | 2 | Jean-Philippe Lang | h3. Redmine and svn aren't on the same server |
39 | 1 | Nicolas Chuche | |
40 | 2 | Jean-Philippe Lang | There's more than one way to do this, one could be to use a specific user to browse the repository with svnserve or svn+ssh but I don't like this way (don't ask why). Another way is to add a third access way (we already have svn+ssh for registered users and svnserve for anonymous users). |
41 | 1 | Nicolas Chuche | |
42 | 2 | Jean-Philippe Lang | In the following, the Redmine server is known as redmine.my.domain and the svn as svn.my.domain. You need to have apache/apache2 and mod_dav_svn on the svn server. |
43 | 1 | Nicolas Chuche | |
44 | 2 | Jean-Philippe Lang | 1. configure your apache to serve the svn repository just for the Redmine server |
45 | 1 | Nicolas Chuche | |
46 | 2 | Jean-Philippe Lang | Just add something like that in your @apache.conf@ or in a file in the directory @/etc/apache/conf.d@: |
47 | 1 | Nicolas Chuche | |
48 | <pre> |
||
49 | LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so |
||
50 | <Location /svn> |
||
51 | DAV svn |
||
52 | # this must be the path you give to reposman with -s,--svn-dir argument |
||
53 | SVNParentPath "/var/svn" |
||
54 | Order allow,deny |
||
55 | Allow from ip.of.my.redmine.server |
||
56 | </Location> |
||
57 | </pre> |
||
58 | |||
59 | 2 | Jean-Philippe Lang | Verify you can access it from your Redmine server. |
60 | 1 | Nicolas Chuche | |
61 | 2. change your reposman cron by adding the @--owner@ argument with the apache user : |
||
62 | |||
63 | <pre> |
||
64 | ruby ./reposman.rb --redmine-host http://redmine.my.domain/ --svn-dir /var/svn |
||
65 | --url http://svn.my.domain/svn/ --owner APACHE_USER |
||
66 | </pre> |
||
67 | |||
68 | h2. Web Service and Security |
||
69 | |||
70 | 2 | Jean-Philippe Lang | For the moment, the WS is open to everybody once actived and you surely don't want that someone register project for you. You can block access to the WS with apache/mongrel (if you don't use apache, I let you do your homework...) with the Location apache directive like this : |
71 | 1 | Nicolas Chuche | |
72 | <pre> |
||
73 | <VirtualHost *:80> |
||
74 | ServerName redmine.my.domain |
||
75 | ServerAdmin webmaster@localhost |
||
76 | |||
77 | <Location /sys> |
||
78 | Order allow,deny |
||
79 | Allow from ip.of.my.svn.server |
||
80 | </Location> |
||
81 | |||
82 | ProxyPass / http://localhost:3000/ |
||
83 | ProxyPassReverse / http://localhost:3000/ |
||
84 | </VirtualHost> |
||
85 | </pre> |