Configuring SCM-Manager-Based Repository Server under Debian
Faced with the fact that the repositories are scattered on different servers with different settings without the possibility of centralized management and monitoring. There was an idea to make one storage location with the following requirements:
Studying Google and test installations of various softwares led me to the SCM-manager, which allowed me to practically realize all of the requirements out of the box.
The implementation of the service was carried out on Debian 8.3 x64.
Under cat, the installation and configuration process:
Install Mercurial and add. packages:
We go to the directory where we will install SCM-Manager:
Download the latest version from the official website :
Unzip it:
Delete the downloaded archive:
Launch SCM-Manager:
At this stage, the service is fully functional and ready to work in its basic configuration. The web interface is available at: localhost : 8080. The default administrator username and password are scmadmin. But let's continue with the setup.
Create the file /etc/init.d/scmserver:
Enter the following into the created file:
Let's fix the rights so that the file is executable:
Add to startup:
By default, the web-based interface is accessible via http on port 8080. To change, you need to do the following steps.
Editing serrver-config.xml:
We are looking for a section:
We change to the one we need, save the file and reload the service:
Let's go to the directory with the config:
We generate a certificate for 1 year:
Edit the config:
Uncomment the lines of the SSL connector and specify the password (instead of * password *) for the key store, which we entered when creating it, the port on which it will listen to SSL ("Port"), and also indicate the location of the key store:
We look fingerprints if necessary:
In the process of configuring SSL, I encountered a problem that when pushing through ssl, the server stubbornly cursed on SSL and did not want to push, the thing was that in Python 2.7.9 and later versions turned on by default the prohibition on self-signed certificates. To disable this option, edit the file:
Change _create_default_https_context = create_default_context to _create_default_https_context = _create_unverified_context .
We overload the service to apply the changes:
This completes the configuration through the console, and then the configuration continues through the web-based interface.
We go into the localhost web-interface : 8080. Remove anonymous access and change the password to the built-in administrator. In the web-interface go to “Security” - “Users” -> delete the user “anonymous” -> change the password of the user “scmadmin”.
Installing plugins for authorization through AD, sending mail, sending push notifications. In the web interface, go to “Config” - “Plugins”:
For authorization via AD, install: “scm-auth-ldap-plugin”
To send mail, install: “scm-mail-plugin”
For push notifications, set: “scm- notify-plugin ”
Installing a plug-in for viewing activity in repositories via the web interface:
In the web interface, go to“ Config ”-“ Plugins ”
Install the plug-in:“ scm-activity-plugin ”
To complete the installation of plugins, reload the service:
The configuration of the LDAP Authentication plugin. In the web-based interface, go to “Config” - “General” - Section “LDAP Authentication”.
Profile: “Active Directory”
Base DN: let OU with users for authorization
Connection DN: user for SCM-Manager authorization in AD
Connection Password: (User password for SCM-Manager authorization in AD)
Host URL: ip and domain controller port
Enable nester ad groups: no
Use StartTLS: no (Enable / disable encryption when connecting to AD)
Enable: yes (Enable / disable plug-in)
After making the settings, click the “Save” button to save them. After making the settings, you can test the settings with the “Test Connection” button. Now any domain user from the specified OU can log in. But at the same time, by default he has no rights anywhere and he will not be able to see any repository. It is necessary for the administrator to give user access by adding it to the acces-list of the repository or to the group of which access to the necessary repositories is given.
Plugin configuration for sending mail: in the web-based interface, go to “Config” - “General” - Section “Mail configuration”.
Set the following parameters:
Host: SMTP server address
Port: SMTP server port
Username: username for authorization on the SMTP server
Password:user password for authorization on the SMTP server
From: from whom the
Transport Strategy letter will come : SMTP_PLAIN (Open type password transmission)
Subject Prefix: (which will be inserted at the beginning of the message subject)
You can test the settings made using the “Test Configuration” button.
Change the location of repositories on the server: in the web interface, go to “Config” - “Repository Types”.
In sections for SVN, Mercurial, Git write your path in the lines of the "Repository directory".
Creation of repositories: in the web-interface go to “Main” - “Repositories”, click “Add”. In the “Name” field, specify the name of the repository, in the “Type” field, select the type of repository.
Configuring email push notifications for repositories: in the web interface, go to “Main” - “Repositories”, select the repository where you want to configure email push notifications, bookmarks will appear below, go to the “Notification” tab and fill in:
Notify Repository Contact: no
Use Author as From Address : no
Email per Push: no
Maximum Diff Lines: 1000 (maximum number of lines in the letter in which the changes made to the repository files will be shown)
Add the mail address to which notifications will be received by clicking on the "Add" button. Save your changes by clicking the “Ok” button.
This completes the configuration of the server for the specified conditions and the service is ready to use. SCM-Server allows you to import repositories with one restriction - it cannot import repositories from places where authorization is needed.
- user authorization through Active Directory
- push notifications email
- management and creation of repositories, as well as access control via a web-interface
- ability to host mercurial, git, svn
- ease of deployment
- SSL support
Studying Google and test installations of various softwares led me to the SCM-manager, which allowed me to practically realize all of the requirements out of the box.
The implementation of the service was carried out on Debian 8.3 x64.
Under cat, the installation and configuration process:
1. Installing Mercurial and SCM-Manager
Install Mercurial and add. packages:
sudo apt-get install mercurial ca-certificates default-jre
We go to the directory where we will install SCM-Manager:
cd ...
Download the latest version from the official website :
sudo wget https://maven.scm-manager.org/nexus/content/repositories/releases/sonia/scm//scm-server/1.46/scm-server-1.46-app.tar.gz
Unzip it:
sudo tar -xvf scm-server-1.46-app.tar.gz
Delete the downloaded archive:
sudo rm scm-server-1.46-app.tar.gz
Launch SCM-Manager:
sudo /opt/scm-server/bin/scm-server start
At this stage, the service is fully functional and ready to work in its basic configuration. The web interface is available at: localhost : 8080. The default administrator username and password are scmadmin. But let's continue with the setup.
2. We do autoload SCM-Manager
Create the file /etc/init.d/scmserver:
sudo mcedit /etc/init.d/scmserver
Enter the following into the created file:
#!/bin/sh
### BEGIN INIT INFO
# Provides: sscmserver
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seapine Surround SCM Server
# Description: SCM Server init file
### END INIT INFO
SCM_SERVER="*path_to_install_directory*/scm-server/bin/scm-server"
start() {
"$SCM_SERVER" start
}
stop() {
"$SCM_SERVER" stop
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 2
esac
Let's fix the rights so that the file is executable:
sudo chmod 755 /etc/init.d/scmserver
Add to startup:
sudo update-rc.d scmserver defaults
3. Transferring the service to another port
By default, the web-based interface is accessible via http on port 8080. To change, you need to do the following steps.
Editing serrver-config.xml:
sudo mcedit /***path_to_install_directory***/scm-server/conf/server-config.xml
We are looking for a section:
We change to the one we need, save the file and reload the service:
sudo /etc/init.d/scmserver restart
4. Add SSL
Let's go to the directory with the config:
cd /***path_to_install_directory***/scm-server/conf/
We generate a certificate for 1 year:
sudo keytool -genkey -alias scm -validity 365 -keyalg RSA -keystore keystore.jks
Edit the config:
sudo mcedit /***path_to_install_directory***/scm-server/conf/server-config.xml
Uncomment the lines of the SSL connector and specify the password (instead of * password *) for the key store, which we entered when creating it, the port on which it will listen to SSL ("Port"), and also indicate the location of the key store:
- SSLv2Hello
- SSLv3
443 30000 /conf/keystore.jks ***password*** ***password*** /conf/keystore.jks ***password*** We look fingerprints if necessary:
keytool -list -keystore keystore.jks
In the process of configuring SSL, I encountered a problem that when pushing through ssl, the server stubbornly cursed on SSL and did not want to push, the thing was that in Python 2.7.9 and later versions turned on by default the prohibition on self-signed certificates. To disable this option, edit the file:
sudo mcedit /usr/lib/python2.7/ssl.py
Change _create_default_https_context = create_default_context to _create_default_https_context = _create_unverified_context .
We overload the service to apply the changes:
sudo /etc/init.d/scmserver restart
This completes the configuration through the console, and then the configuration continues through the web-based interface.
5. Configuring SCM-Manager via the web interface
We go into the localhost web-interface : 8080. Remove anonymous access and change the password to the built-in administrator. In the web-interface go to “Security” - “Users” -> delete the user “anonymous” -> change the password of the user “scmadmin”.
Installing plugins for authorization through AD, sending mail, sending push notifications. In the web interface, go to “Config” - “Plugins”:
For authorization via AD, install: “scm-auth-ldap-plugin”
To send mail, install: “scm-mail-plugin”
For push notifications, set: “scm- notify-plugin ”
Installing a plug-in for viewing activity in repositories via the web interface:
In the web interface, go to“ Config ”-“ Plugins ”
Install the plug-in:“ scm-activity-plugin ”
To complete the installation of plugins, reload the service:
sudo /etc/init.d/scmserver restart
The configuration of the LDAP Authentication plugin. In the web-based interface, go to “Config” - “General” - Section “LDAP Authentication”.
Profile: “Active Directory”
Base DN: let OU with users for authorization
Connection DN: user for SCM-Manager authorization in AD
Connection Password: (User password for SCM-Manager authorization in AD)
Host URL: ip and domain controller port
Enable nester ad groups: no
Use StartTLS: no (Enable / disable encryption when connecting to AD)
Enable: yes (Enable / disable plug-in)
After making the settings, click the “Save” button to save them. After making the settings, you can test the settings with the “Test Connection” button. Now any domain user from the specified OU can log in. But at the same time, by default he has no rights anywhere and he will not be able to see any repository. It is necessary for the administrator to give user access by adding it to the acces-list of the repository or to the group of which access to the necessary repositories is given.
Plugin configuration for sending mail: in the web-based interface, go to “Config” - “General” - Section “Mail configuration”.
Set the following parameters:
Host: SMTP server address
Port: SMTP server port
Username: username for authorization on the SMTP server
Password:user password for authorization on the SMTP server
From: from whom the
Transport Strategy letter will come : SMTP_PLAIN (Open type password transmission)
Subject Prefix: (which will be inserted at the beginning of the message subject)
You can test the settings made using the “Test Configuration” button.
Change the location of repositories on the server: in the web interface, go to “Config” - “Repository Types”.
In sections for SVN, Mercurial, Git write your path in the lines of the "Repository directory".
Creation of repositories: in the web-interface go to “Main” - “Repositories”, click “Add”. In the “Name” field, specify the name of the repository, in the “Type” field, select the type of repository.
Configuring email push notifications for repositories: in the web interface, go to “Main” - “Repositories”, select the repository where you want to configure email push notifications, bookmarks will appear below, go to the “Notification” tab and fill in:
Notify Repository Contact: no
Use Author as From Address : no
Email per Push: no
Maximum Diff Lines: 1000 (maximum number of lines in the letter in which the changes made to the repository files will be shown)
Add the mail address to which notifications will be received by clicking on the "Add" button. Save your changes by clicking the “Ok” button.
This completes the configuration of the server for the specified conditions and the service is ready to use. SCM-Server allows you to import repositories with one restriction - it cannot import repositories from places where authorization is needed.