⬆️ ⬇️

Setting up a repository server based on SCM-Manager under Debian

Faced with the fact that the repositories are scattered across different servers with different settings without the possibility of centralized management and monitoring. The idea was to make one storage with the following requirements:





Studying Google and test installations of various software led me to the SCM-manager, which allowed me to practically implement all the requirements set out of the box.



The service was implemented on Debian 8.3 x64.

')

Under the cat installation process and settings:



1. Installing Mercurial and SCM-Manager



Install Mercurial and add. packages:



sudo apt-get install mercurial ca-certificates default-jre 


Go to the directory where we will install the SCM-Manager:



 cd ... 


Download the latest version from the official site :



 sudo wget https://maven.scm-manager.org/nexus/content/repositories/releases/sonia/scm//scm-server/1.46/scm-server-1.46-app.tar.gz 


Unarchive it:



 sudo tar -xvf scm-server-1.46-app.tar.gz 


Delete the downloaded archive:



 sudo rm scm-server-1.46-app.tar.gz 


Run SCM-Manager:



 sudo /opt/scm-server/bin/scm-server start 


At this stage, the service is fully functional and ready to work in its basic configuration. The web interface is available at: localhost : 8080. Default administrator login and password: scmadmin. But continue the setting.



2. We do autoload SCM-Manager



Create the /etc/init.d/scmserver file:



 sudo mcedit /etc/init.d/scmserver 


Enter the following into the created file:



 #!/bin/sh ### BEGIN INIT INFO # Provides: sscmserver # Required-Start: # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Seapine Surround SCM Server # Description: SCM Server init file ### END INIT INFO SCM_SERVER="<b><i>*path_to_install_directory*</i></b>/scm-server/bin/scm-server" start() { "$SCM_SERVER" start } stop() { "$SCM_SERVER" stop } case "$1" in start) start ;; stop) stop ;; restart) stop start ;; *) echo $"Usage: $0 {start|stop|restart}" exit 2 esac 


Let's correct the rights so that the file is executable:



 sudo chmod 755 /etc/init.d/scmserver 


Add to autoload:



 sudo update-rc.d scmserver defaults 


3. Transfer service to another port



By default, the web interface is available via http on port 8080. To change, you need to do the following steps.



Edit serrver-config.xml:



 sudo mcedit /***path_to_install_directory***/scm-server/conf/server-config.xml 


We are looking for a section:



 <set name="port"> <systemproperty name="jetty.port" default="<b>8080</b>"> </systemproperty></set> 


We change to the one we need, save the file and overload the service:



 sudo /etc/init.d/scmserver restart 


4. Add SSL



Go to the directory with the config:



 cd /***path_to_install_directory***/scm-server/conf/ 


We generate a certificate for 1 year:



 sudo keytool -genkey -alias scm -validity 365 -keyalg RSA -keystore keystore.jks 


We edit the config:



 sudo mcedit /***path_to_install_directory***/scm-server/conf/server-config.xml 


Uncomment the SSL connector lines and specify the password (instead of * password *) for the key store, which we entered when creating it, the port on which it will listen for SSL ("Port"), and also specify the location of the key store:



 <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg> <!-- Exclude SSLv3 to avoid POODLE vulnerability. See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ --> <New class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="excludeProtocols"> <Array type="java.lang.String"> <Item>SSLv2Hello</Item> <Item>SSLv3</Item> </Array> </Set> </New> </Arg> <Set name="Port"><b>443</b></Set> <Set name="maxIdleTime">30000</Set> <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set> <Set name="password">***password***</Set> <Set name="keyPassword"><b>***password***</Set> <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set> <Set name="trustPassword">***password***</Set> </New> </Arg> </Call> 


Look fingerprints if needed:



 keytool -list -keystore keystore.jks 


In the process of setting up SSL, I encountered a problem that when pushing via ssl, the server obstinately swore at SSL and didn’t want to push, it turned out that in Python 2.7.9 and later versions included a default ban on self-signed certificates. To disable this option, edit the file:



 sudo mcedit /usr/lib/python2.7/ssl.py 


Change _create_default_https_context = create_default_context to _create_default_https_context = _create_unverified_context .



Overloading the service to apply changes:



 sudo /etc/init.d/scmserver restart 


This completes the configuration via the console and the configuration will continue through the web interface.



5. Configuring SCM-Manager via web-interface



Go to the web-interface localhost : 8080. Remove anonymous access and change the password to the built-in administrator. In the web interface, go to “Security” - “Users” -> delete the user “anonymous” -> change the password of the user “scmadmin”.



Installing plugins for authorization via AD, sending mail, sending notifications about pushing. In the web-interface, go to “Config” - “Plugins”:



To authorize via AD, install: “scm-auth-ldap-plugin”

To send mail, install: “scm-mail-plugin”

For push notifications, install: “scm-notify-plugin”



Installing the plugin to view the activity in the repositories via the web interface:



In the web-interface, go to "Config" - "Plugins"

Install the plugin: “scm-activity-plugin”



To complete the installation of plugins, restart the service:



 sudo /etc/init.d/scmserver restart 


Configuration of the LDAP Authentication plugin. In the web-based interface, go to “Config” - “General” - Section “LDAP Authentication”.



Profile: "ActiveDirectory"

Base DN: let the OU with users for authorization

Connection DN: user to authorize SCM-Manager in AD

Connection Password: (User password for authorization of SCM-Manager in AD)

Host URL: ip and port of the domain controller

Enable nester ad groups: no

Use StartTLS: no (Enable / disable encryption when connecting to AD)

Enable: yes (Enable / Disable Plugin)



After making the settings, press the “Save” button to save them. After making the settings, you can test the settings with the “Test Connection” button. Now any domain user from the specified OU can login. But at the same time, it has no rights anywhere by default and it will not be able to see any repository. It is necessary for the administrator to give user access by adding him to the acces-list repository or to the group of which access is given to the necessary repositories.



Configuring the plug-in for sending mail: in the web-interface, go to "Config" - "General" - Section "Mail configuration".



Set the following parameters:



Host: SMTP server address

Port: SMTP server port

Username: username for authorization on the SMTP server

Password: user password for authorization on the SMTP server

From: who the letter will emanate from

Transport Strategy: SMTP_PLAIN (Passing an open type password)

Subject Prefix: (which will be inserted at the beginning of the subject line)



You can test the settings you have made with the "Test Configuration" button.



Change the location of repositories on the server: in the web-interface, go to “Config” - “Repository Types”.



In the sections for SVN, Mercurial, Git write your way in the lines of the “Repository directory”.



Creating repositories: in the web-interface, go to “Main” - “Repositories”, click “Add”. In the field “Name” indicate the name of the repository, in the field “Type” select the type of the repository.



Configuring email push notifications for repositories: go to “Main” - “Repositories” in the web-based interface, select the repository where you need to set up email push notifications, bookmarks will appear from below, go to the “Notification” tab and complete:



Notify Repository Contact: no

Use Author as From Address : no

Email per Push: no

Maximum Diff Lines: 1000 (maximum number of lines in the letter in which changes made to the repository files will be shown)



Add a mailing address to which notifications will come by clicking on the “Add” button. Save the changes by clicking the “Ok” button.



This completes the server configuration setting according to the specified conditions, and the service is ready for use. SCM-Server allows you to import repositories with one limitation - it does not know how to import repositories from places where authorization is needed.

Source: https://habr.com/ru/post/279505/



All Articles