##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: fixed config files path for editing settings...
super-admin -
r5354:68e33808 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,31 +1,31 b''
1 1 .. _lab-settings:
2 2
3 3 Lab Settings
4 4 ============
5 5
6 6 |RCE| Lab Settings is for delivering features which may require an additional
7 7 level of support to optimize for production scenarios. To enable lab settings,
8 8 use the following instructions:
9 9
10 10 1. Open the |RCE| configuration file,
11 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
11 :file:`config/_shared/rhodecode.ini`
12 12
13 13 2. Add the following configuration option in the ``[app:main]`` section.
14 14
15 15 .. code-block:: bash
16 16
17 17 [app:main]
18 18
19 19 ## Display extended labs settings
20 20 labs_settings_active = true
21 21
22 22 3. Restart your |RCE| instance
23 23
24 24 .. code-block:: bash
25 25
26 26 $ rccontrol restart enterprise-1
27 27
28 28 4. You will see the labs setting on the
29 29 :menuselection:`Admin --> Settings --> labs` page.
30 30
31 31 .. image:: ../images/lab-setting.png
Show file before | Show file after | Hide comments
@@ -1,57 +1,57 b''
1 1 .. _x-frame:
2 2
3 3 Securing HTTPS Connections
4 4 --------------------------
5 5
6 6 * To secure your |RCE| instance against `Cross Frame Scripting`_ exploits, you
7 7 should configure your webserver ``x-frame-options`` setting.
8 8
9 9 * To configure your instance for `HTTP Strict Transport Security`_, you need to
10 10 configure the ``Strict-Transport-Security`` setting.
11 11
12 12 Nginx
13 13 ^^^^^
14 14
15 15 In your nginx configuration, add the following lines in the correct files. For
16 16 more detailed information see the :ref:`nginx-ws-ref` section.
17 17
18 18 .. code-block:: nginx
19 19
20 20 # Add this line to the nginx.conf file
21 21 add_header X-Frame-Options SAMEORIGIN;
22 22
23 23 # This line needs to be added inside your virtual hosts block/file
24 24 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
25 25
26 26 Apache
27 27 ^^^^^^
28 28
29 29 In your :file:`apache2.conf` file, add the following line. For more detailed
30 30 information see the :ref:`apache-ws-ref` section.
31 31
32 32 .. code-block:: apache
33 33
34 34 # Add this to your virtual hosts file
35 35 Header always append X-Frame-Options SAMEORIGIN
36 36
37 37 # Add this line in your virtual hosts file
38 38 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
39 39
40 40 |RCE| Configuration
41 41 ^^^^^^^^^^^^^^^^^^^
42 42
43 43 |RCE| can also be configured to force strict *https* connections and Strict
44 44 Transport Security. To set this, configure the following options to ``true``
45 in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
45 in the :file:`config/_shared/rhodecode.ini` file.
46 46
47 47 .. code-block:: ini
48 48
49 49 ## force https in RhodeCode, fixes https redirects, assumes it's always https
50 50 force_https = false
51 51
52 52 ## use Strict-Transport-Security headers
53 53 use_htsts = false
54 54
55 55
56 56 .. _Cross Frame Scripting: https://www.owasp.org/index.php/Cross_Frame_Scripting
57 57 .. _HTTP Strict Transport Security: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,179 +1,179 b''
1 1 .. _sec-your-server:
2 2
3 3 Securing Your Server
4 4 --------------------
5 5
6 6 |RCE| runs on your hardware, and while it is developed with security in mind
7 7 it is also important that you ensure your servers are well secured. In this
8 8 section we will cover some basic security practices that are best to
9 9 configure when setting up your |RCE| instances.
10 10
11 11 SSH Keys
12 12 ^^^^^^^^
13 13
14 14 Using SSH keys to access your server provides more security than using the
15 15 standard username and password combination. To set up your SSH Keys, use the
16 16 following steps:
17 17
18 18 1. On your local machine create the public/private key combination. The
19 19 private key you will keep, and the matching public key is copied to the
20 20 server. Setting a passphrase here is optional, if you set one you will
21 21 always be prompted for it when logging in.
22 22
23 23 .. code-block:: bash
24 24
25 25 # Generate SSH Keys
26 26 user@ubuntu:~$ ssh-keygen -t rsa
27 27
28 28 .. code-block:: bash
29 29
30 30 Generating public/private rsa key pair.
31 31 Enter file in which to save the key (/home/user/.ssh/id_rsa):
32 32 Created directory '/home/user/.ssh'.
33 33 Enter passphrase (empty for no passphrase):
34 34 Enter same passphrase again:
35 35 Your identification has been saved in /home/user/.ssh/id_rsa.
36 36 Your public key has been saved in /home/user/.ssh/id_rsa.pub.
37 37 The key fingerprint is:
38 38 02:82:38:95:e5:30:d2:ad:17:60:15:7f:94:17:9f:30 user@ubuntu
39 39 The key\'s randomart image is:
40 40 +--[ RSA 2048]----+
41 41
42 42 2. SFTP to your server, and copy the public key to the ``~/.ssh`` folder.
43 43
44 44 .. code-block:: bash
45 45
46 46 # SFTP to your server
47 47 $ sftp user@hostname
48 48
49 49 # copy your public key
50 50 sftp> mput /home/user/.ssh/id_rsa.pub /home/user/.ssh
51 51 Uploading /home/user/.ssh/id_rsa.pub to /home/user/.ssh/id_rsa.pub
52 52 /home/user/.ssh/id_rsa.pub 100% 394 0.4KB/s 00:00
53 53
54 54 3. On your server, add the public key to the :file:`~/.ssh/authorized_keys`
55 55 file.
56 56
57 57 .. code-block:: bash
58 58
59 59 $ cat /home/user/.ssh/id_rsa.pub > /home/user/.ssh/authorized_keys
60 60
61 61 You should now be able to log into your server using your SSH
62 62 Keys. If you've added a passphrase you'll be asked for it. For more
63 63 information about using SSH keys with |RCE| |repos|, see the
64 64 :ref:`ssh-connection` section.
65 65
66 66 VPN Whitelist
67 67 ^^^^^^^^^^^^^
68 68
69 69 Most company networks will have a VPN. If you need to set one up, there are
70 70 many tutorials online for how to do that. Getting it right requires good
71 71 knowledge and attention to detail. Once set up, you can configure your
72 72 |RCE| instances to only allow user access from the VPN, to do this see the
73 73 :ref:`settip-ip-white` section.
74 74
75 75 Public Key Infrastructure and SSL/TLS Encryption
76 76 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
77 77
78 78 Public key infrastructure (PKI) is a system that creates, manages, and
79 79 validates certificates for identifying nodes on a network and encrypting
80 80 communication between them. SSL or TLS certificates can be used to
81 81 authenticate different entities with one another. To read more about PKIs,
82 82 see the `OpenSSL PKI tutorial`_ site, or this `Cloudflare PKI post`_.
83 83
84 84 If the network you are running is SSL/TLS encrypted, you can configure |RCE|
85 85 to always use secure connections using the ``force_https`` and ``use_htsts``
86 options in the :file:`/home/user/.rccontrol/instance-id/rhodecode.ini` file.
86 options in the :file:`config/_shared/rhodecode.ini` file.
87 87 For more details, see the :ref:`x-frame` section.
88 88
89 89 FireWalls and Ports
90 90 ^^^^^^^^^^^^^^^^^^^
91 91
92 92 Setting up a network firewall for your internal traffic is a good way
93 93 of keeping it secure by blocking off any ports that should not be used.
94 94 Additionally, you can set non-default ports for certain functions which adds
95 95 an extra layer of security to your setup.
96 96
97 97 A well configured firewall will restrict access to everything except the
98 98 services you need to remain open. By exposing fewer services you reduce the
99 99 number of potential vulnerabilities.
100 100
101 101 There are a number of different firewall solutions, but for most Linux systems
102 102 using the built in `IpTables`_ firewall should suffice. On BSD systems you
103 103 can use `IPFILTER`_ or `IPFW`_. Use the following examples, and the IpTables
104 104 documentation to configure your IP Tables on Ubuntu.
105 105
106 106 Changing the default SSH port.
107 107
108 108 .. code-block:: bash
109 109
110 110 # Open SSH config file and change to port 10022
111 111 vi /etc/ssh/sshd_config
112 112
113 113 # What ports, IPs and protocols we listen for
114 114 Port 10022
115 115
116 116 Setting IP Table rules for SSH traffic. It is important to note that the
117 117 default policy of your IpTables can differ and it is worth checking how each
118 118 is configured. The options are *ACCEPT*, *REJECT*, *DROP*, or *LOG*. The
119 119 usual practice is to block access on all ports and then enable access only on
120 120 the ports you with to expose.
121 121
122 122 .. code-block:: bash
123 123
124 124 # Check iptables policy
125 125 $ sudo iptables -L
126 126
127 127 Chain INPUT (policy ACCEPT)
128 128 target prot opt source destination
129 129
130 130 Chain FORWARD (policy ACCEPT)
131 131 target prot opt source destination
132 132
133 133 Chain OUTPUT (policy ACCEPT)
134 134 target prot opt source destination
135 135
136 136 # Close all ports by default
137 137 $ sudo iptables -P INPUT DROP
138 138
139 139 $ sudo iptables -L
140 140 Chain INPUT (policy DROP)
141 141 target prot opt source destination
142 142 DROP all -- anywhere anywhere
143 143
144 144 Chain FORWARD (policy ACCEPT)
145 145 target prot opt source destination
146 146
147 147 Chain OUTPUT (policy ACCEPT)
148 148 target prot opt source destination
149 149
150 150 .. code-block:: bash
151 151
152 152 # Deny outbound SSH traffic
153 153 sudo iptables -A OUTPUT -p tcp --dport 10022 -j DROP
154 154
155 155 # Allow incoming SSH traffic on port 10022
156 156 sudo iptables -A INPUT -p tcp --dport 10022 -j ACCEPT
157 157
158 158 # Allow incoming HTML traffic on port 80 and 443
159 159 iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
160 160 iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
161 161
162 162 Saving your IP Table rules, and restoring them from file.
163 163
164 164 .. code-block:: bash
165 165
166 166 # Save you IP Table Rules
167 167 iptables-save
168 168
169 169 # Save your IP Table Rules to a file
170 170 sudo sh -c "iptables-save > /etc/iptables.rules"
171 171
172 172 # Restore your IP Table rules from file
173 173 iptables-restore < /etc/iptables.rules
174 174
175 175 .. _OpenSSL PKI tutorial: https://pki-tutorial.readthedocs.org/en/latest/#
176 176 .. _Cloudflare PKI post: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
177 177 .. _IpTables: https://help.ubuntu.com/community/IptablesHowTo
178 178 .. _IPFW: https://www.freebsd.org/doc/handbook/firewalls-ipfw.html
179 179 .. _IPFILTER: https://www.freebsd.org/doc/handbook/firewalls-ipf.html
Show file before | Show file after | Hide comments
@@ -1,172 +1,172 b''
1 1 .. _system-overview-ref:
2 2
3 3 System Overview
4 4 ===============
5 5
6 6 Latest Version
7 7 --------------
8 8
9 9 * |release| on Unix and Windows systems.
10 10
11 11 System Architecture
12 12 -------------------
13 13
14 14 The following diagram shows a typical production architecture.
15 15
16 16 .. image:: ../images/architecture-diagram.png
17 17 :align: center
18 18
19 19 Supported Operating Systems
20 20 ---------------------------
21 21
22 22 Linux
23 23 ^^^^^
24 24
25 25 * Ubuntu 14.04+
26 26 * CentOS 6.2, 7 and 8
27 27 * RHEL 6.2, 7 and 8
28 28 * Debian 7.8
29 29 * RedHat Fedora
30 30 * Arch Linux
31 31 * SUSE Linux
32 32
33 33 Windows
34 34 ^^^^^^^
35 35
36 36 * Windows Vista Ultimate 64bit
37 37 * Windows 7 Ultimate 64bit
38 38 * Windows 8 Professional 64bit
39 39 * Windows 8.1 Enterprise 64bit
40 40 * Windows Server 2008 64bit
41 41 * Windows Server 2008-R2 64bit
42 42 * Windows Server 2012 64bit
43 43
44 44 Supported Databases
45 45 -------------------
46 46
47 47 * SQLite
48 48 * MySQL
49 49 * MariaDB
50 50 * PostgreSQL
51 51
52 52 Supported Browsers
53 53 ------------------
54 54
55 55 * Chrome
56 56 * Safari
57 57 * Firefox
58 58 * Internet Explorer 10 & 11
59 59
60 60 System Requirements
61 61 -------------------
62 62
63 63 |RCE| performs best on machines with ultra-fast hard disks. Generally disk
64 64 performance is more important than CPU performance. In a corporate production
65 65 environment handling 1000s of users and |repos| you should deploy on a 12+
66 66 core 64GB RAM server. In short, the more RAM the better.
67 67
68 68
69 69 For example:
70 70
71 71 - for team of 1 - 5 active users you can run on 1GB RAM machine with 1CPU
72 72 - above 250 active users, |RCE| needs at least 8GB of memory.
73 73 Number of CPUs is less important, but recommended to have at least 2-3 CPUs
74 74
75 75
76 76 .. _config-rce-files:
77 77
78 78 Configuration Files
79 79 -------------------
80 80
81 * :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
81 * :file:`config/_shared/rhodecode.ini`
82 82 * :file:`/home/{user}/.rccontrol/{instance-id}/search_mapping.ini`
83 83 * :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`
84 84 * :file:`/home/{user}/.rccontrol/supervisor/supervisord.ini`
85 85 * :file:`/home/{user}/.rccontrol.ini`
86 86 * :file:`/home/{user}/.rhoderc`
87 87 * :file:`/home/{user}/.rccontrol/cache/MANIFEST`
88 88
89 89 For more information, see the :ref:`config-files` section.
90 90
91 91 Log Files
92 92 ---------
93 93
94 94 * :file:`/home/{user}/.rccontrol/{instance-id}/enterprise.log`
95 95 * :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.log`
96 96 * :file:`/home/{user}/.rccontrol/supervisor/supervisord.log`
97 97 * :file:`/tmp/rccontrol.log`
98 98 * :file:`/tmp/rhodecode_tools.log`
99 99
100 100 Storage Files
101 101 -------------
102 102
103 103 * :file:`/home/{user}/.rccontrol/{instance-id}/data/index/{index-file.toc}`
104 104 * :file:`/home/{user}/repos/.rc_gist_store`
105 105 * :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.db`
106 106 * :file:`/opt/rhodecode/store/{unique-hash}`
107 107
108 108 Default Repositories Location
109 109 -----------------------------
110 110
111 111 * :file:`/home/{user}/repos`
112 112
113 113 Connection Methods
114 114 ------------------
115 115
116 116 * HTTPS
117 117 * SSH
118 118 * |RCE| API
119 119
120 120 Internationalization Support
121 121 ----------------------------
122 122
123 123 Currently available in the following languages, see `Transifex`_ for the
124 124 latest details. If you want a new language added, please contact us. To
125 125 configure your language settings, see the :ref:`set-lang` section.
126 126
127 127 .. hlist::
128 128
129 129 * Belorussian
130 130 * Chinese
131 131 * French
132 132 * German
133 133 * Italian
134 134 * Japanese
135 135 * Portuguese
136 136 * Polish
137 137 * Russian
138 138 * Spanish
139 139
140 140 Licencing Information
141 141 ---------------------
142 142
143 143 * See licencing information `here`_
144 144
145 145 Peer-to-peer Failover Support
146 146 -----------------------------
147 147
148 148 * Yes
149 149
150 150 Additional Binaries
151 151 -------------------
152 152
153 153 * Yes, see :ref:`rhodecode-nix-ref` for full details.
154 154
155 155 Remote Connectivity
156 156 -------------------
157 157
158 158 * Available
159 159
160 160 Executable Files
161 161 ----------------
162 162
163 163 Windows: :file:`RhodeCode-installer-{version}.exe`
164 164
165 165 Deprecated Support
166 166 ------------------
167 167
168 168 - Internet Explorer 8 support deprecated since version 3.7.0.
169 169 - Internet Explorer 9 support deprecated since version 3.8.0.
170 170
171 171 .. _here: https://rhodecode.com/licenses/
172 172 .. _Transifex: https://explore.transifex.com/rhodecode/RhodeCode/
Show file before | Show file after | Hide comments
@@ -1,300 +1,300 b''
1 1 .. _admin-tricks:
2 2
3 3 One-time Admin Tasks
4 4 --------------------
5 5
6 6 * :ref:`web-analytics`
7 7 * :ref:`admin-tricks-license`
8 8 * :ref:`announcements`
9 9 * :ref:`md-rst`
10 10 * :ref:`repo-stats`
11 11 * :ref:`server-side-merge`
12 12 * :ref:`remap-rescan`
13 13 * :ref:`custom-hooks`
14 14 * :ref:`clear-repo-cache`
15 15 * :ref:`set-repo-pub`
16 16 * :ref:`ping`
17 17
18 18 .. _web-analytics:
19 19
20 20 Adding Web Analytics
21 21 ^^^^^^^^^^^^^^^^^^^^
22 22
23 23 If you wish to add a Google Analytics, or any other kind of tracker to your
24 24 |RCE| instance you can add the necessary codes to the header or footer
25 25 section of each instance using the following steps:
26 26
27 27 1. From the |RCE| interface, select
28 28 :menuselection:`Admin --> Settings --> Global`
29 29 2. To add a tracking code to you instance, enter it in the header or footer
30 30 section and select **Save**
31 31
32 32 Use the example templates in the drop-down menu to set up your configuration.
33 33
34 34 .. _admin-tricks-license:
35 35
36 36 Licence Key Management
37 37 ^^^^^^^^^^^^^^^^^^^^^^
38 38
39 39 To manage your license key, go to
40 40 :menuselection:`Admin --> Settings --> License`.
41 41 On this page you can see the license key details. If you need a new license,
42 42 or have questions about your current one, contact support@rhodecode.com
43 43
44 44 .. _announcements:
45 45
46 46 Server-wide Announcements
47 47 ^^^^^^^^^^^^^^^^^^^^^^^^^
48 48
49 49 If you need to make a server-wide announcement to all users,
50 50 you can add a message to be displayed using the following steps:
51 51
52 52 1. From the |RCE| interface, select
53 53 :menuselection:`Admin --> Settings --> Global`
54 54 2. To add a message that will be displayed to all users,
55 55 select :guilabel:`Server Announcement` from the drop-down menu and
56 56 change the ``var message = "TYPE YOUR MESSAGE HERE";`` example line.
57 57 3. Select :guilabel:`Save`, and you will see the message once your page
58 58 refreshes.
59 59
60 60 .. image:: ../../images/server-wide-announcement.png
61 61 :alt: Server Wide Announcement
62 62
63 63 .. _md-rst:
64 64
65 65
66 66 Suppress license warnings or errors
67 67 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
68 68
69 69 In case you're running on maximum allowed users, RhodeCode will display a
70 70 warning message on pages that you're close to the license limits.
71 71 It's often not desired to show that all the time. Here's how you can suppress
72 72 the license messages.
73 73
74 74 1. From the |RCE| interface, select
75 75 :menuselection:`Admin --> Settings --> Global`
76 76 2. Select :guilabel:`Flash message filtering` from the drop-down menu.
77 77 3. Select :guilabel:`Save`, and you will no longer see the license message
78 78 once your page refreshes.
79 79
80 80 .. _admin-tricks-suppress-license-messages:
81 81
82 82
83 83 Markdown or RST Rendering
84 84 ^^^^^^^^^^^^^^^^^^^^^^^^^
85 85
86 86 |RCE| can use `Markdown`_ or `reStructured Text`_ in commit message,
87 87 code review messages, and inline comments. To set the default to either,
88 88 select your preference from the drop-down menu on the
89 89 :menuselection:`Admin --> Settings --> Visual` page and select
90 90 :guilabel:`Save settings`.
91 91
92 92 .. _repo-stats:
93 93
94 94 Enabling Repository Statistics
95 95 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
96 96
97 97 To enable |repo| statistics, use the following steps:
98 98
99 99 1. From the |RCE| interface, open
100 100 :menuselection:`Admin --> Repositories` and select
101 101 :guilabel:`Edit` beside the |repo| for which you wish to enable statistics.
102 102 2. Check the :guilabel:`Enable statistics` box, and select :guilabel:`Save`
103 103
104 104 .. _server-side-merge:
105 105
106 106 Enabling Server-side Merging
107 107 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
108 108
109 109 To enable server-side merging, use the following steps:
110 110
111 111 1. From the |RCE| interface, open :menuselection:`Admin --> Settings --> VCS`
112 112 2. Check the :guilabel:`Server-side merge` box, and select
113 113 :guilabel:`Save Settings`
114 114
115 115 If you encounter slow performance with server-side merging enabled, check the
116 116 speed at which your server is performing actions. When server-side merging is
117 117 enabled, the following actions occurs on the server.
118 118
119 119 * A |pr| is created in the database.
120 120 * A shadow |repo| is created as a working environment for the |pr|.
121 121 * On display, |RCE| checks if the |pr| can be merged.
122 122
123 123 To check how fast the shadow |repo| creation is occurring on your server, use
124 124 the following steps:
125 125
126 126 1. Log into your server and create a directory in your |repos| folder.
127 127 2. Clone a |repo| that is showing slow performance and time the action.
128 128
129 129 .. code-block:: bash
130 130
131 131 # One option is to use the time command
132 132 $ time hg clone SOURCE_REPO TARGET
133 133
134 134 .. _remap-rescan:
135 135
136 136 Remap and Rescan Repositories
137 137 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
138 138
139 139 You may want to Remap and rescan the |repos| that |RCE| is managing to ensure
140 140 the system is always up-to-date. This is useful after importing, deleting,
141 141 or carrying out general cleaning up operations. To do this use the
142 142 following steps:
143 143
144 144 1. From the |RCE|, open
145 145 :menuselection:`Admin --> Settings --> Remap and rescan`
146 146 2. Click :guilabel:`Rescan Repositories`
147 147
148 148 Check the additional options if needed:
149 149
150 150 * :guilabel:`Destroy old data`: Useful for purging deleted repository
151 151 information from the database.
152 152 * :guilabel:`Invalidate cache for all repositories`: Use this to completely
153 153 remap all |repos|. Useful when importing or migrating |repos| to ensure all
154 154 new information is picked up.
155 155
156 156 .. _custom-hooks:
157 157
158 158 Adding Custom Hooks
159 159 ^^^^^^^^^^^^^^^^^^^
160 160
161 161 To add custom hooks to your instance, use the following steps:
162 162
163 163 1. Open :menuselection:`Admin --> Settings --> Hooks`
164 164 2. Add your custom hook details, you can use a file path to specify custom
165 165 hook scripts, for example:
166 166 ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
167 167 3. Select :guilabel:`Save`
168 168
169 169 Also, see the RhodeCode Extensions section of the :ref:`rc-tools` guide. RhodeCode
170 170 Extensions can be used to add additional hooks to your instance and comes
171 171 with a number of pre-built plugins if you chose to install them.
172 172
173 173 .. _clear-repo-cache:
174 174
175 175 Clearing |repo| cache
176 176 ^^^^^^^^^^^^^^^^^^^^^
177 177
178 178 If you need to clear the cache for a particular |repo|, use the following steps:
179 179
180 180 1. Open :menuselection:`Admin --> Repositories` and select :guilabel:`Edit`
181 181 beside the |repo| whose cache you wish to clear.
182 182 2. On the |repo| settings page, go to the :guilabel:`Caches` tab and select
183 183 :guilabel:`Invalidate repository cache`.
184 184
185 185 .. _set-lang:
186 186
187 187 Changing Default Language
188 188 ^^^^^^^^^^^^^^^^^^^^^^^^^
189 189
190 190 To change the default language of a |RCE| instance, change the language code
191 in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. To
191 in the :file:`config/_shared/rhodecode.ini` file. To
192 192 do this, use the following steps.
193 193
194 194 1. Open the :file:`rhodecode.ini` file and set the required language code.
195 195
196 196 .. code-block:: ini
197 197
198 198 ## Optional Languages
199 199 ## en(default), de, fr, it, ja, pl, pt, ru, zh
200 200 lang = de
201 201
202 202 2. Restart the |RCE| instance and check that the language has been updated.
203 203
204 204 .. code-block:: bash
205 205
206 206 $ rccontrol restart enterprise-2
207 207 Instance "enterprise-2" successfully stopped.
208 208 Instance "enterprise-2" successfully started.
209 209
210 210 .. image:: ../../images/language.png
211 211
212 212 .. _set-repo-pub:
213 213
214 214 Setting Repositories to Publish
215 215 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
216 216
217 217 To automatically promote your local |repos| to public after pushing to |RCE|,
218 218 enable the :guilabel:`Set repositories as publishing` option on the
219 219 :menuselection:`Admin --> Settings --> VCS` page.
220 220
221 221 .. note::
222 222
223 223 This option is enabled by default on most |RCE| versions, but if upgrading
224 224 from a 1.7.x version it could be disabled on upgrade due to inheriting
225 225 older default settings.
226 226
227 227 .. _ping:
228 228
229 229 Pinging the |RCE| Server
230 230 ^^^^^^^^^^^^^^^^^^^^^^^^
231 231
232 232 You can check the IP Address of your |RCE| instance using the
233 233 following URL: ``{instance-URL}/_admin/ping``.
234 234
235 235 .. code-block:: bash
236 236
237 237 $ curl https://your.rhodecode.url/_admin/ping
238 238 pong[rce-7880] => 203.0.113.23
239 239
240 240 .. _Markdown: http://daringfireball.net/projects/markdown/
241 241 .. _reStructured Text: http://docutils.sourceforge.io/docs/index.html
242 242
243 243
244 244 Unarchiving a repository
245 245 ^^^^^^^^^^^^^^^^^^^^^^^^^
246 246
247 247 Archive operation for the repository is similar as delete. Archive keeps the data for future references
248 248 but makes the repository read-only. After archiving the repository it shouldn't be modified in any way.
249 249 This is why repository settings are disabled for an archived repository.
250 250
251 251 If there's a need for unarchiving a repository for some reasons, the interactive
252 252 ishell interface should be used.
253 253
254 254 .. code-block:: bash
255 255
256 256 # Open iShell from the terminal
257 257 $ rccontrol ishell enterprise-1/community-1
258 258
259 259 .. code-block:: python
260 260
261 261 # Set repository as un-archived
262 262 In [1]: repo = Repository.get_by_repo_name('SOME_REPO_NAME')
263 263 In [2]: repo.archived = False
264 264 In [3]: Session().add(repo);Session().commit()
265 265
266 266
267 267
268 268
269 269 Bulk change repository owner
270 270 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
271 271
272 272 Here's how one can change an owner of repository for an user who has been de activated.
273 273 Settings a new owner can be done via ishell for all repositories that past owner had.
274 274
275 275 do run this script the interactive ishell interface should be used.
276 276
277 277 .. code-block:: bash
278 278
279 279 # Open iShell from the terminal
280 280 $ rccontrol ishell enterprise-1/community-1
281 281
282 282
283 283 .. code-block:: python
284 284
285 285 from rhodecode.model.db import User, Repository, Session
286 286 from rhodecode.model.permission import PermissionModel
287 287
288 288 # replace old-owner and new-owner with your exact users
289 289 old_owner = User.get_by_username('old-owner')
290 290 new_owner = User.get_by_username('new-owner')
291 291
292 292 # list of users we need to "flush" permissions
293 293 affected_user_ids = [new_owner.user_id, old_owner.user_id]
294 294
295 295 for repo in Repository.get_all_repos(user_id=old_owner.user_id):
296 296 repo.user = new_owner
297 297 Session().add(repo)
298 298 Session().commit()
299 299
300 300 PermissionModel().trigger_permission_flush(affected_user_ids)
Show file before | Show file after | Hide comments
@@ -1,74 +1,74 b''
1 1 .. _config-files:
2 2
3 3 Configuration Files Overview
4 4 ============================
5 5
6 6 |RCE| and |RCC| have a number of different configuration files. The following
7 7 is a brief explanation of each, and links to their associated configuration
8 8 sections.
9 9
10 10 .. rst-class:: dl-horizontal
11 11
12 12 \- **rhodecode.ini**
13 13 Default location:
14 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
14 :file:`config/_shared/rhodecode.ini`
15 15
16 16 This is the main |RCE| configuration file and controls much of its
17 17 default behaviour. It is also used to configure certain customer
18 18 settings. Here are some of the most common reasons to make changes to
19 19 this file.
20 20
21 21 * :ref:`config-database`
22 22 * :ref:`set-up-mail`
23 23 * :ref:`increase-gunicorn`
24 24 * :ref:`x-frame`
25 25
26 26 \- **search_mapping.ini**
27 27 Default location:
28 28 :file:`/home/{user}/.rccontrol/{instance-id}/search_mapping.ini`
29 29
30 30 This file is used to control the |RCE| indexer. It comes configured
31 31 to index your instance. To change the default configuration, see
32 32 :ref:`advanced-indexing`.
33 33
34 34 \- **vcsserver.ini**
35 35 Default location:
36 36 :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`
37 37
38 38 The VCS Server handles the connection between your |repos| and |RCE|.
39 39 See the :ref:`vcs-server` section for configuration options and more
40 40 detailed information.
41 41
42 42 \- **supervisord.ini**
43 43 Default location:
44 44 :file:`/home/{user}/.rccontrol/supervisor/supervisord.ini`
45 45
46 46 |RCC| uses Supervisor to monitor and manage installed instances of
47 47 |RCE| and the VCS Server. |RCC| will manage this file completely,
48 48 unless you install |RCE| in self-managed mode. For more information,
49 49 see the :ref:`Supervisor Setup<control:supervisor-setup>` section.
50 50
51 51 \- **.rccontrol.ini**
52 52 Default location: :file:`/home/{user}/.rccontrol.ini`
53 53
54 54 This file contains the instances that |RCC| starts at boot, which is all
55 55 by default, but for more information, see
56 56 the :ref:`Manually Start At Boot <control:set-start-boot>` section.
57 57
58 58 \- **.rhoderc**
59 59 Default location: :file:`/home/{user}/.rhoderc`
60 60
61 61 This file is used by the |RCE| API when accessing an instance from a
62 62 remote machine. The API checks this file for connection and
63 63 authentication details. For more details, see the :ref:`config-rhoderc`
64 64 section.
65 65
66 66 \- **MANIFEST**
67 67 Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
68 68
69 69 |RCC| uses this file to source the latest available builds from the
70 70 secure RhodeCode download channels. The only reason to mess with this file
71 71 is if you need to do an offline installation,
72 72 see the :ref:`Offline Installation<control:offline-installer-ref>`
73 73 instructions, otherwise |RCC| will completely manage this file.
74 74
Show file before | Show file after | Hide comments
@@ -1,148 +1,148 b''
1 1 .. _debug-mode:
2 2
3 3 Enabling Debug Mode
4 4 -------------------
5 5
6 6 Debug Mode will enable debug logging, and request tracking middleware. Debug Mode
7 7 enabled DEBUG log-level which allows tracking various information about authentication
8 8 failures, LDAP connection, email etc.
9 9
10 10 The request tracking will add a special
11 11 unique ID: `| req_id:00000000-0000-0000-0000-000000000000` at the end of each log line.
12 12 The req_id is the same for each individual requests, it means that if you want to
13 13 track particular user logs only, and exclude other concurrent ones
14 14 simply grep by `req_id` uuid which you'll have to find for the individual request.
15 15
16 16 To enable debug mode on a |RCE| instance you need to set the debug property
17 in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. To
17 in the :file:`config/_shared/rhodecode.ini` file. To
18 18 do this, use the following steps
19 19
20 20 1. Open the file and set the ``debug`` line to ``true``
21 21 2. Restart you instance using the ``rccontrol restart`` command,
22 22 see the following example:
23 23
24 24 .. code-block:: ini
25 25
26 26 [DEFAULT]
27 27 debug = true
28 28
29 29 .. code-block:: bash
30 30
31 31 # Restart your instance
32 32 $ rccontrol restart enterprise-1
33 33 Instance "enterprise-1" successfully stopped.
34 34 Instance "enterprise-1" successfully started.
35 35
36 36
37 37 Debug and Logging Configuration
38 38 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
39 39
40 40 Further debugging and logging settings can also be set in the
41 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
41 :file:`config/_shared/rhodecode.ini` file.
42 42
43 43 In the logging section, the various packages that run with |RCE| can have
44 44 different debug levels set. If you want to increase the logging level change
45 45 ``level = DEBUG`` line to one of the valid options.
46 46
47 47 You also need to change the log level for handlers. See the example
48 48 ``##handler`` section below. The ``handler`` level takes the same options as
49 49 the ``debug`` level.
50 50
51 51 .. code-block:: ini
52 52
53 53 ################################
54 54 ### LOGGING CONFIGURATION ####
55 55 ################################
56 56 [loggers]
57 57 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
58 58
59 59 [handlers]
60 60 keys = console, console_sql, file, file_rotating
61 61
62 62 [formatters]
63 63 keys = generic, color_formatter, color_formatter_sql
64 64
65 65 #############
66 66 ## LOGGERS ##
67 67 #############
68 68 [logger_root]
69 69 level = NOTSET
70 70 handlers = console
71 71
72 72 [logger_sqlalchemy]
73 73 level = INFO
74 74 handlers = console_sql
75 75 qualname = sqlalchemy.engine
76 76 propagate = 0
77 77
78 78 [logger_beaker]
79 79 level = DEBUG
80 80 handlers =
81 81 qualname = beaker.container
82 82 propagate = 1
83 83
84 84 [logger_rhodecode]
85 85 level = DEBUG
86 86 handlers =
87 87 qualname = rhodecode
88 88 propagate = 1
89 89
90 90 [logger_ssh_wrapper]
91 91 level = DEBUG
92 92 handlers =
93 93 qualname = ssh_wrapper
94 94 propagate = 1
95 95
96 96 [logger_celery]
97 97 level = DEBUG
98 98 handlers =
99 99 qualname = celery
100 100
101 101 ##############
102 102 ## HANDLERS ##
103 103 ##############
104 104
105 105 [handler_console]
106 106 class = StreamHandler
107 107 args = (sys.stderr, )
108 108 level = DEBUG
109 109 formatter = generic
110 110
111 111 [handler_console_sql]
112 112 class = StreamHandler
113 113 args = (sys.stderr, )
114 114 level = INFO
115 115 formatter = generic
116 116
117 117 [handler_file]
118 118 class = FileHandler
119 119 args = ('rhodecode_debug.log', 'a',)
120 120 level = INFO
121 121 formatter = generic
122 122
123 123 [handler_file_rotating]
124 124 class = logging.handlers.TimedRotatingFileHandler
125 125 # 'D', 5 - rotate every 5days
126 126 # you can set 'h', 'midnight'
127 127 args = ('rhodecode_debug_rotated.log', 'D', 5, 10,)
128 128 level = INFO
129 129 formatter = generic
130 130
131 131 ################
132 132 ## FORMATTERS ##
133 133 ################
134 134
135 135 [formatter_generic]
136 136 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
137 137 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
138 138 datefmt = %Y-%m-%d %H:%M:%S
139 139
140 140 [formatter_color_formatter]
141 141 class = rhodecode.lib.logging_formatter.ColorFormatter
142 142 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
143 143 datefmt = %Y-%m-%d %H:%M:%S
144 144
145 145 [formatter_color_formatter_sql]
146 146 class = rhodecode.lib.logging_formatter.ColorFormatterSql
147 147 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
148 148 datefmt = %Y-%m-%d %H:%M:%S No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,208 +1,208 b''
1 1 .. _svn-http:
2 2
3 3 |svn| With Write Over HTTP
4 4 ^^^^^^^^^^^^^^^^^^^^^^^^^^
5 5
6 6 To use |svn| with read/write support over the |svn| HTTP protocol, you have to
7 7 configure the HTTP |svn| backend.
8 8
9 9 Prerequisites
10 10 =============
11 11
12 12 - Enable HTTP support inside the admin VCS settings on your |RCE| instance
13 13 - You need to install the following tools on the machine that is running an
14 14 instance of |RCE|:
15 15 ``Apache HTTP Server`` and ``mod_dav_svn``.
16 16
17 17
18 18 .. tip::
19 19
20 20 We recommend using Wandisco repositories which provide latest SVN versions
21 21 for most platforms. If you skip this version you'll have to ensure the Client version
22 22 is compatible with installed SVN version which might differ depending on the operating system.
23 23 Here is an example how to add the Wandisco repositories for Ubuntu.
24 24
25 25 .. code-block:: bash
26 26
27 27 $ sudo sh -c 'echo "deb http://opensource.wandisco.com/ubuntu `lsb_release -cs` svn110" >> /etc/apt/sources.list.d/subversion110.list'
28 28 $ sudo wget -q http://opensource.wandisco.com/wandisco-debian-new.gpg -O- | sudo apt-key add -
29 29 $ sudo apt-get update
30 30
31 31 Here is an example how to add the Wandisco repositories for Centos/Redhat. Using
32 32 a yum config
33 33
34 34 .. code-block:: bash
35 35
36 36 [wandisco-Git]
37 37 name=CentOS-6 - Wandisco Git
38 38 baseurl=http://opensource.wandisco.com/centos/6/git/$basearch/
39 39 enabled=1
40 40 gpgcheck=1
41 41 gpgkey=http://opensource.wandisco.com/RPM-GPG-KEY-WANdisco
42 42
43 43
44 44
45 45 Example installation of required components for Ubuntu platform:
46 46
47 47 .. code-block:: bash
48 48
49 49 $ sudo apt-get install apache2
50 50 $ sudo apt-get install libapache2-svn
51 51
52 52 Once installed you need to enable ``dav_svn`` on Ubuntu:
53 53
54 54 .. code-block:: bash
55 55
56 56 $ sudo a2enmod dav_svn
57 57 $ sudo a2enmod headers
58 58 $ sudo a2enmod authn_anon
59 59
60 60
61 61 Example installation of required components for RedHat/CentOS platform:
62 62
63 63 .. code-block:: bash
64 64
65 65 $ sudo yum install httpd
66 66 $ sudo yum install subversion mod_dav_svn
67 67
68 68
69 69 Once installed you need to enable ``dav_svn`` on RedHat/CentOS:
70 70
71 71 .. code-block:: bash
72 72
73 73 sudo vi /etc/httpd/conf.modules.d/10-subversion.conf
74 74 ## The file should read:
75 75
76 76 LoadModule dav_svn_module modules/mod_dav_svn.so
77 77 LoadModule headers_module modules/mod_headers.so
78 78 LoadModule authn_anon_module modules/mod_authn_anon.so
79 79
80 80 .. tip::
81 81
82 82 To check the installed mod_dav_svn module version, you can use such command.
83 83
84 84 `strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by'`
85 85
86 86
87 87 Configuring Apache Setup
88 88 ========================
89 89
90 90 .. tip::
91 91
92 92 It is recommended to run Apache on a port other than 80, due to possible
93 93 conflicts with other HTTP servers like nginx. To do this, set the
94 94 ``Listen`` parameter in the ``/etc/apache2/ports.conf`` file, for example
95 95 ``Listen 8090``.
96 96
97 97
98 98 .. warning::
99 99
100 100 Make sure your Apache instance which runs the mod_dav_svn module is
101 101 only accessible by |RCE|. Otherwise everyone is able to browse
102 102 the repositories or run subversion operations (checkout/commit/etc.).
103 103
104 104 It is also recommended to run apache as the same user as |RCE|, otherwise
105 105 permission issues could occur. To do this edit the ``/etc/apache2/envvars``
106 106
107 107 .. code-block:: apache
108 108
109 109 export APACHE_RUN_USER=rhodecode
110 110 export APACHE_RUN_GROUP=rhodecode
111 111
112 112 1. To configure Apache, create and edit a virtual hosts file, for example
113 113 :file:`/etc/apache2/sites-enabled/default.conf`. Below is an example
114 114 how to use one with auto-generated config ```mod_dav_svn.conf```
115 115 from configured |RCE| instance.
116 116
117 117 .. code-block:: apache
118 118
119 119 <VirtualHost *:8090>
120 120 ServerAdmin rhodecode-admin@localhost
121 121 DocumentRoot /var/www/html
122 122 ErrorLog ${'${APACHE_LOG_DIR}'}/error.log
123 123 CustomLog ${'${APACHE_LOG_DIR}'}/access.log combined
124 124 LogLevel info
125 125 # allows custom host names, prevents 400 errors on checkout
126 126 HttpProtocolOptions Unsafe
127 127 # Most likely this will be: /home/user/.rccontrol/enterprise-1/mod_dav_svn.conf
128 128 Include /home/user/.rccontrol/enterprise-1/mod_dav_svn.conf
129 129 </VirtualHost>
130 130
131 131
132 132 2. Go to the :menuselection:`Admin --> Settings --> VCS` page, and
133 133 enable :guilabel:`Proxy Subversion HTTP requests`, and specify the
134 134 :guilabel:`Subversion HTTP Server URL`.
135 135
136 136 3. Open the |RCE| configuration file,
137 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
137 :file:`config/_shared/rhodecode.ini`
138 138
139 139 4. Add the following configuration option in the ``[app:main]``
140 140 section if you don't have it yet.
141 141
142 142 This enables mapping of the created |RCE| repo groups into special
143 143 |svn| paths. Each time a new repository group is created, the system will
144 144 update the template file and create new mapping. Apache web server needs to
145 145 be reloaded to pick up the changes on this file.
146 146 To do this, simply configure `svn.proxy.reload_cmd` inside the .ini file.
147 147 Example configuration:
148 148
149 149
150 150 .. code-block:: ini
151 151
152 152 ############################################################
153 153 ### Subversion proxy support (mod_dav_svn) ###
154 154 ### Maps RhodeCode repo groups into SVN paths for Apache ###
155 155 ############################################################
156 156 ## Enable or disable the config file generation.
157 157 svn.proxy.generate_config = true
158 158 ## Generate config file with `SVNListParentPath` set to `On`.
159 159 svn.proxy.list_parent_path = true
160 160 ## Set location and file name of generated config file.
161 161 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
162 162 ## Used as a prefix to the <Location> block in the generated config file.
163 163 ## In most cases it should be set to `/`.
164 164 svn.proxy.location_root = /
165 165 ## Command to reload the mod dav svn configuration on change.
166 166 ## Example: `/etc/init.d/apache2 reload`
167 167 svn.proxy.reload_cmd = /etc/init.d/apache2 reload
168 168 ## If the timeout expires before the reload command finishes, the command will
169 169 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
170 170 #svn.proxy.reload_timeout = 10
171 171
172 172
173 173 This would create a special template file called ```mod_dav_svn.conf```. We
174 174 used that file path in the apache config above inside the Include statement.
175 175 It's also possible to manually generate the config from the
176 176 :menuselection:`Admin --> Settings --> VCS` page by clicking a
177 177 `Generate Apache Config` button.
178 178
179 179 5. Now only things left is to enable svn support, and generate the initial
180 180 configuration.
181 181
182 182 - Select `Proxy subversion HTTP requests` checkbox
183 183 - Enter http://localhost:8090 into `Subversion HTTP Server URL`
184 184 - Click the `Generate Apache Config` button.
185 185
186 186 This config will be automatically re-generated once an user-groups is added
187 187 to properly map the additional paths generated.
188 188
189 189
190 190
191 191 Using |svn|
192 192 ===========
193 193
194 194 Once |svn| has been enabled on your instance, you can use it with the
195 195 following examples. For more |svn| information, see the `Subversion Red Book`_
196 196
197 197 .. code-block:: bash
198 198
199 199 # To clone a repository
200 200 svn checkout http://my-svn-server.example.com/my-svn-repo
201 201
202 202 # svn commit
203 203 svn commit
204 204
205 205
206 206 .. _Subversion Red Book: http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.ref.svn
207 207
208 208 .. _Ask Ubuntu: http://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,22 +1,22 b''
1 1 .. _change-encoding:
2 2
3 3 Change Default Encoding
4 4 -----------------------
5 5
6 6 |RCE| uses ``utf8`` encoding by default. You can change the default encoding
7 in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. To
7 in the :file:`config/_shared/rhodecode.ini` file. To
8 8 change the default encoding used by |RCE|, set a new value for the
9 9 ``default_encoding``.
10 10
11 11 .. code-block:: ini
12 12
13 13 # default encoding used to convert from and to unicode
14 14 # can be also a comma separated list of encoding in case of mixed
15 15 # encodings
16 16 default_encoding = utf8
17 17
18 18 .. note::
19 19
20 20 Changing the default encoding will affect many parts of your |RCE|
21 21 installation, including committers names,
22 22 file names, and the encoding of commit messages.
Show file before | Show file after | Hide comments
@@ -1,17 +1,17 b''
1 1 .. _hg-auth-loop:
2 2
3 3 |hg| Authentication Tuning
4 4 --------------------------
5 5
6 6 When using external authentication tools such as LDAP with |hg|, a
7 7 password retry loop in |hg| can result in users being locked out due to too
8 8 many failed password attempts. To prevent this from happening, add the
9 9 following setting to your
10 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file, in the
10 :file:`config/_shared/rhodecode.ini` file, in the
11 11 ``[app:main]`` section.
12 12
13 13
14 14 .. code-block:: ini
15 15
16 16 [app:main]
17 17 auth_ret_code_detection = true
Show file before | Show file after | Hide comments
@@ -1,396 +1,396 b''
1 1 .. _scale-horizontal-cluster:
2 2
3 3
4 4 Scale Horizontally / RhodeCode Cluster
5 5 --------------------------------------
6 6
7 7 |RCE| is built in a way it support horizontal scaling across multiple machines.
8 8 There are three main pre-requisites for that:
9 9
10 10 - Shared storage that each machine can access. Using NFS or other shared storage system.
11 11 - Shared DB connection across machines. Using `MySQL`/`PostgreSQL` that each node can access.
12 12 - |RCE| user sessions and caches need to use a shared storage (e.g `Redis`_/`Memcached`)
13 13
14 14
15 15 Horizontal scaling means adding more machines or workers into your pool of
16 16 resources. Horizontally scaling |RCE| gives a huge performance increase,
17 17 especially under large traffic scenarios with a high number of requests.
18 18 This is very beneficial when |RCE| is serving many users simultaneously,
19 19 or if continuous integration servers are automatically pulling and pushing code.
20 20 It also adds High-Availability to your running system.
21 21
22 22
23 23 Cluster Overview
24 24 ^^^^^^^^^^^^^^^^
25 25
26 26 Below we'll present a configuration example that will use two separate nodes to serve
27 27 |RCE| in a load-balanced environment. The 3rd node will act as a shared storage/cache
28 28 and handle load-balancing. In addition 3rd node will be used as shared database instance.
29 29
30 30 This setup can be used both in Docker based configuration or with individual
31 31 physical/virtual machines. Using the 3rd node for Storage/Redis/PostgreSQL/Nginx is
32 32 optional. All those components can be installed on one of the two nodes used for |RCE|.
33 33 We'll use following naming for our nodes:
34 34
35 35 - `rc-node-1` (NFS, DB, Cache node)
36 36 - `rc-node-2` (Worker node1)
37 37 - `rc-node-3` (Worker node2)
38 38
39 39 Our shares NFS storage in the example is located on `/home/rcdev/storage` and
40 40 it's RW accessible on **each** node.
41 41
42 42 In this example we used certain recommended components, however many
43 43 of those can be replaced by other, in case your organization already uses them, for example:
44 44
45 45 - `MySQL`/`PostgreSQL`: Aren't replaceable and are the two only supported databases.
46 46 - `Nginx`_ on `rc-node-1` can be replaced by: `Hardware Load Balancer (F5)`, `Apache`_, `HA-Proxy` etc.
47 47 - `Nginx`_ on rc-node-2/3 acts as a reverse proxy and can be replaced by other HTTP server
48 48 acting as reverse proxy such as `Apache`_.
49 49 - `Redis`_ on `rc-node-1` can be replaced by: `Memcached`
50 50
51 51
52 52 Here's an overview what components should be installed/setup on each server in our example:
53 53
54 54 - **rc-node-1**:
55 55
56 56 - main storage acting as NFS host.
57 57 - `nginx` acting as a load-balancer.
58 58 - `postgresql-server` used for database and sessions.
59 59 - `redis-server` used for storing shared caches.
60 60 - optionally `rabbitmq-server` or `redis` for `Celery` if used.
61 61 - optionally if `Celery` is used Enterprise/Community instance + VCSServer.
62 62 - optionally mailserver that can be shared by other instances.
63 63 - optionally channelstream server to handle live communication for all instances.
64 64
65 65
66 66 - **rc-node-2/3**:
67 67
68 68 - `nginx` acting as a reverse proxy to handle requests to |RCE|.
69 69 - 1x RhodeCode Enterprise/Community instance.
70 70 - 1x VCSServer instance.
71 71 - optionally for testing connection: postgresql-client, redis-client (redis-tools).
72 72
73 73
74 74 Before we start here are few assumptions that should be fulfilled:
75 75
76 76 - make sure each node can access each other.
77 77 - make sure `Redis`_/`MySQL`/`PostgreSQL`/`RabbitMQ`_ are running on `rc-node-1`
78 78 - make sure both `rc-node-2`/`3` can access NFS storage with RW access
79 79 - make sure rc-node-2/3 can access `Redis`_/`PostgreSQL`, `MySQL` database on `rc-node-1`.
80 80 - make sure `Redis`_/Database/`RabbitMQ`_ are password protected and accessible only from rc-node-2/3.
81 81
82 82
83 83
84 84 Setup rc-node-2/3
85 85 ^^^^^^^^^^^^^^^^^
86 86
87 87 Initially before `rc-node-1` we'll configure both nodes 2 and 3 to operate as standalone
88 88 nodes with their own hostnames. Use a default installation settings, and use
89 89 the default local addresses (127.0.0.1) to configure VCSServer and Community/Enterprise instances.
90 90 All external connectivity will be handled by the reverse proxy (`Nginx`_ in our example).
91 91
92 92 This way we can ensure each individual host works,
93 93 accepts connections, or do some operations explicitly on chosen node.
94 94
95 95 In addition this would allow use to explicitly direct certain traffic to a node, e.g
96 96 CI server will only call directly `rc-node-3`. This should be done similar to normal
97 97 installation so check out `Nginx`_/`Apache`_ configuration example to configure each host.
98 98 Each one should already connect to shared database during installation.
99 99
100 100
101 101 1) Assuming our final url will be http://rc-node-1, Configure `instances_id`, `app.base_url`
102 102
103 a) On **rc-node-2** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
103 a) On **rc-node-2** find the following settings and edit :file:`config/_shared/rhodecode.ini`
104 104
105 105 .. code-block:: ini
106 106
107 107 ## required format is: *NAME-
108 108 instance_id = *rc-node-2-
109 109 app.base_url = http://rc-node-1
110 110
111 111
112 b) On **rc-node-3** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
112 b) On **rc-node-3** find the following settings and edit :file:`config/_shared/rhodecode.ini`
113 113
114 114 .. code-block:: ini
115 115
116 116 ## required format is: *NAME-
117 117 instance_id = *rc-node-3-
118 118 app.base_url = http://rc-node-1
119 119
120 120
121 121
122 122 2) Configure `User Session` to use a shared database. Example config that should be
123 123 changed on both **rc-node-2** and **rc-node-3** .
124 Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
124 Edit :file:`config/_shared/rhodecode.ini`
125 125
126 126 .. code-block:: ini
127 127
128 128 ####################################
129 129 ### BEAKER SESSION ####
130 130 ####################################
131 131
132 132 ## Disable the default `file` sessions
133 133 #beaker.session.type = file
134 134 #beaker.session.data_dir = %(here)s/data/sessions
135 135
136 136 ## use shared db based session, fast, and allows easy management over logged in users
137 137 beaker.session.type = ext:database
138 138 beaker.session.table_name = db_session
139 139 # use our rc-node-1 here
140 140 beaker.session.sa.url = postgresql://postgres:qweqwe@rc-node-1/rhodecode
141 141 beaker.session.sa.pool_recycle = 3600
142 142 beaker.session.sa.echo = false
143 143
144 144 In addition make sure both instances use the same `session.secret` so users have
145 145 persistent sessions across nodes. Please generate other one then in this example.
146 146
147 147 .. code-block:: ini
148 148
149 149 # use a unique generated long string
150 150 beaker.session.secret = 70e116cae2274656ba7265fd860aebbd
151 151
152 152 3) Configure stored cached/archive cache to our shared NFS `rc-node-1`
153 153
154 154 .. code-block:: ini
155 155
156 156 # note the `_` prefix that allows using a directory without
157 157 # remap and rescan checking for vcs inside it.
158 158 cache_dir = /home/rcdev/storage/_cache_dir/data
159 159 # note archive cache dir is disabled by default, however if you enable
160 160 # it also needs to be shared
161 161 #archive_cache_dir = /home/rcdev/storage/_tarball_cache_dir
162 162
163 163
164 164 4) Use shared exception store. Example config that should be
165 165 changed on both **rc-node-2** and **rc-node-3**, and also for VCSServer.
166 Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` and
166 Edit :file:`config/_shared/rhodecode.ini` and
167 167 :file:`/home/{user}/.rccontrol/{vcsserver-instance-id}/vcsserver.ini`
168 168 and add/change following setting.
169 169
170 170 .. code-block:: ini
171 171
172 172 exception_tracker.store_path = /home/rcdev/storage/_exception_store_data
173 173
174 174
175 175 5) Change cache backends to use `Redis`_ based caches. Below full example config
176 176 that replaces default file-based cache to shared `Redis`_ with Distributed Lock.
177 177
178 178
179 179 .. code-block:: ini
180 180
181 181 #####################################
182 182 ### DOGPILE CACHE ####
183 183 #####################################
184 184
185 185 ## `cache_perms` cache settings for permission tree, auth TTL.
186 186 #rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
187 187 #rc_cache.cache_perms.expiration_time = 300
188 188
189 189 ## alternative `cache_perms` redis backend with distributed lock
190 190 rc_cache.cache_perms.backend = dogpile.cache.rc.redis
191 191 rc_cache.cache_perms.expiration_time = 300
192 192 ## redis_expiration_time needs to be greater then expiration_time
193 193 rc_cache.cache_perms.arguments.redis_expiration_time = 7200
194 194 rc_cache.cache_perms.arguments.socket_timeout = 30
195 195 rc_cache.cache_perms.arguments.host = rc-node-1
196 196 rc_cache.cache_perms.arguments.password = qweqwe
197 197 rc_cache.cache_perms.arguments.port = 6379
198 198 rc_cache.cache_perms.arguments.db = 0
199 199 rc_cache.cache_perms.arguments.distributed_lock = true
200 200
201 201 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
202 202 #rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
203 203 #rc_cache.cache_repo.expiration_time = 2592000
204 204
205 205 ## alternative `cache_repo` redis backend with distributed lock
206 206 rc_cache.cache_repo.backend = dogpile.cache.rc.redis
207 207 rc_cache.cache_repo.expiration_time = 2592000
208 208 ## redis_expiration_time needs to be greater then expiration_time
209 209 rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
210 210 rc_cache.cache_repo.arguments.socket_timeout = 30
211 211 rc_cache.cache_repo.arguments.host = rc-node-1
212 212 rc_cache.cache_repo.arguments.password = qweqwe
213 213 rc_cache.cache_repo.arguments.port = 6379
214 214 rc_cache.cache_repo.arguments.db = 1
215 215 rc_cache.cache_repo.arguments.distributed_lock = true
216 216
217 217 ## cache settings for SQL queries, this needs to use memory type backend
218 218 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
219 219 rc_cache.sql_cache_short.expiration_time = 30
220 220
221 221 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
222 222 ## type backend as the objects kept are not pickle serializable
223 223 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
224 224 ## by default we use 96H, this is using invalidation on push anyway
225 225 rc_cache.cache_repo_longterm.expiration_time = 345600
226 226 ## max items in LRU cache, reduce this number to save memory, and expire last used
227 227 ## cached objects
228 228 rc_cache.cache_repo_longterm.max_size = 10000
229 229
230 230
231 231 6) Configure `Nginx`_ as reverse proxy on `rc-node-2/3`:
232 232 Minimal `Nginx`_ config used:
233 233
234 234
235 235 .. code-block:: nginx
236 236
237 237 ## rate limiter for certain pages to prevent brute force attacks
238 238 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s;
239 239
240 240 ## custom log format
241 241 log_format log_custom '$remote_addr - $remote_user [$time_local] '
242 242 '"$request" $status $body_bytes_sent '
243 243 '"$http_referer" "$http_user_agent" '
244 244 '$request_time $upstream_response_time $pipe';
245 245
246 246 server {
247 247 listen 80;
248 248 server_name rc-node-2;
249 249 #server_name rc-node-3;
250 250
251 251 access_log /var/log/nginx/rhodecode.access.log log_custom;
252 252 error_log /var/log/nginx/rhodecode.error.log;
253 253
254 254 # example of proxy.conf can be found in our docs.
255 255 include /etc/nginx/proxy.conf;
256 256
257 257 ## serve static files by Nginx, recommended for performance
258 258 location /_static/rhodecode {
259 259 gzip on;
260 260 gzip_min_length 500;
261 261 gzip_proxied any;
262 262 gzip_comp_level 4;
263 263 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
264 264 gzip_vary on;
265 265 gzip_disable "msie6";
266 266 expires 60d;
267 267 #alias /home/rcdev/.rccontrol/community-1/static;
268 268 alias /home/rcdev/.rccontrol/enterprise-1/static;
269 269 }
270 270
271 271
272 272 location /_admin/login {
273 273 limit_req zone=req_limit burst=10 nodelay;
274 274 try_files $uri @rhode;
275 275 }
276 276
277 277 location / {
278 278 try_files $uri @rhode;
279 279 }
280 280
281 281 location @rhode {
282 282 # Url to running RhodeCode instance.
283 283 # This is shown as `- URL: <host>` in output from rccontrol status.
284 284 proxy_pass http://127.0.0.1:10020;
285 285 }
286 286
287 287 ## custom 502 error page. Will be displayed while RhodeCode server
288 288 ## is turned off
289 289 error_page 502 /502.html;
290 290 location = /502.html {
291 291 #root /home/rcdev/.rccontrol/community-1/static;
292 292 root /home/rcdev/.rccontrol/enterprise-1/static;
293 293 }
294 294 }
295 295
296 296
297 297 7) Optional: Full text search, in case you use `Whoosh` full text search we also need a
298 298 shared storage for the index. In our example our NFS is mounted at `/home/rcdev/storage`
299 299 which represents out storage so we can use the following:
300 300
301 301 .. code-block:: ini
302 302
303 303 # note the `_` prefix that allows using a directory without
304 304 # remap and rescan checking for vcs inside it.
305 305 search.location = /home/rcdev/storage/_index_data/index
306 306
307 307
308 308 .. note::
309 309
310 310 If you use ElasticSearch it's by default shared, and simply running ES node is
311 311 by default cluster compatible.
312 312
313 313
314 314 8) Optional: If you intend to use mailing all instances need to use either a shared
315 315 mailing node, or each will use individual local mail agent. Simply put node-1/2/3
316 316 needs to use same mailing configuration.
317 317
318 318
319 319
320 320 Setup rc-node-1
321 321 ^^^^^^^^^^^^^^^
322 322
323 323
324 324 Configure `Nginx`_ as Load Balancer to rc-node-2/3.
325 325 Minimal `Nginx`_ example below:
326 326
327 327 .. code-block:: nginx
328 328
329 329 ## define rc-cluster which contains a pool of our instances to connect to
330 330 upstream rc-cluster {
331 331 # rc-node-2/3 are stored in /etc/hosts with correct IP addresses
332 332 server rc-node-2:80;
333 333 server rc-node-3:80;
334 334 }
335 335
336 336 server {
337 337 listen 80;
338 338 server_name rc-node-1;
339 339
340 340 location / {
341 341 proxy_pass http://rc-cluster;
342 342 }
343 343 }
344 344
345 345
346 346 .. note::
347 347
348 348 You should configure your load balancing accordingly. We recommend writing
349 349 load balancing rules that will separate regular user traffic from
350 350 automated process traffic like continuous servers or build bots. Sticky sessions
351 351 are not required.
352 352
353 353
354 354 Show which instance handles a request
355 355 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
356 356
357 357 You can easily check if load-balancing is working as expected. Visit our main node
358 358 `rc-node-1` URL which at that point should already handle incoming requests and balance
359 359 it across node-2/3.
360 360
361 361 Add a special GET param `?showrcid=1` to show current instance handling your request.
362 362
363 363 For example: visiting url `http://rc-node-1/?showrcid=1` will show, in the bottom
364 364 of the screen` cluster instance info.
365 365 e.g: `RhodeCode instance id: rc-node-3-rc-node-3-3246`
366 366 which is generated from::
367 367
368 368 <NODE_HOSTNAME>-<INSTANCE_ID>-<WORKER_PID>
369 369
370 370
371 371 Using Celery with cluster
372 372 ^^^^^^^^^^^^^^^^^^^^^^^^^
373 373
374 374
375 375 If `Celery` is used we recommend setting also an instance of Enterprise/Community+VCSserver
376 376 on the node that is running `RabbitMQ`_ or `Redis`_. Those instances will be used to
377 377 executed async tasks on the `rc-node-1`. This is the most efficient setup.
378 378 `Celery` usually handles tasks such as sending emails, forking repositories, importing
379 379 repositories from external location etc. Using workers on instance that has
380 380 the direct access to disks used by NFS as well as email server gives noticeable
381 381 performance boost. Running local workers to the NFS storage results in faster
382 382 execution of forking large repositories or sending lots of emails.
383 383
384 384 Those instances need to be configured in the same way as for other nodes.
385 385 The instance in rc-node-1 can be added to the cluster, but we don't recommend doing it.
386 386 For best results let it be isolated to only executing `Celery` tasks in the cluster setup.
387 387
388 388
389 389 .. _Gunicorn: http://gunicorn.org/
390 390 .. _Whoosh: https://pypi.python.org/pypi/Whoosh/
391 391 .. _Elasticsearch: https://www.elastic.co/..
392 392 .. _RabbitMQ: http://www.rabbitmq.com/
393 393 .. _Nginx: http://nginx.io
394 394 .. _Apache: http://nginx.io
395 395 .. _Redis: http://redis.io
396 396
Show file before | Show file after | Hide comments
@@ -1,67 +1,67 b''
1 1 .. _user-session-ref:
2 2
3 3 User Session Performance
4 4 ------------------------
5 5
6 6 The default file-based sessions are only suitable for smaller setups, or
7 7 instances that doesn't have a lot of users or traffic.
8 8 They are set as default option because it's setup-free solution.
9 9
10 10 The most common issue of file based sessions are file limit errors which occur
11 11 if there are lots of session files.
12 12
13 13 Therefore, in a large scale deployment, to give better performance,
14 14 scalability, and maintainability we recommend switching from file-based
15 15 sessions to database-based user sessions or Redis based sessions.
16 16
17 17 To switch to database-based user sessions uncomment the following section in
18 your :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
18 your :file:`config/_shared/rhodecode.ini` file.
19 19
20 20
21 21 .. code-block:: ini
22 22
23 23 ## db based session, fast, and allows easy management over logged in users
24 24 beaker.session.type = ext:database
25 25 beaker.session.table_name = db_session
26 26
27 27 # use just one of the following according to the type of database
28 28 beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
29 29 # or
30 30 beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
31 31
32 32 beaker.session.sa.pool_recycle = 3600
33 33 beaker.session.sa.echo = false
34 34
35 35
36 36 and make sure you comment out the file based sessions.
37 37
38 38 .. code-block:: ini
39 39
40 40 ## types are file, ext:memcached, ext:database, and memory (default).
41 41 #beaker.session.type = file
42 42 #beaker.session.data_dir = %(here)s/data/sessions/data
43 43
44 44
45 45 The `table_name` will be automatically created on specified database if it isn't yet existing.
46 46 Database specified in the `beaker.session.sa.url` can be the same that RhodeCode
47 47 uses, or if required it can be a different one. We recommend to use the same database.
48 48
49 49
50 50
51 51 To switch to redis-based user sessions uncomment the following section in
52 your :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
52 your :file:`config/_shared/rhodecode.ini` file.
53 53
54 54 .. code-block:: ini
55 55
56 56 ## redis sessions
57 57 beaker.session.type = ext:redis
58 58 beaker.session.url = localhost:6379
59 59
60 60
61 61 and make sure you comment out the file based sessions.
62 62
63 63 .. code-block:: ini
64 64
65 65 ## types are file, ext:memcached, ext:database, and memory (default).
66 66 #beaker.session.type = file
67 67 #beaker.session.data_dir = %(here)s/data/sessions/data No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,379 +1,379 b''
1 1 .. _vcs-server:
2 2
3 3 VCS Server Management
4 4 ---------------------
5 5
6 6 The VCS Server handles |RCE| backend functionality. You need to configure
7 7 a VCS Server to run with a |RCE| instance. If you do not, you will be missing
8 8 the connection between |RCE| and its |repos|. This will cause error messages
9 9 on the web interface. You can run your setup in the following configurations,
10 10 currently the best performance is one of following:
11 11
12 12 * One VCS Server per |RCE| instance.
13 13 * One VCS Server handling multiple instances.
14 14
15 15 .. important::
16 16
17 17 If your server locale settings are not correctly configured,
18 18 |RCE| and the VCS Server can run into issues. See this `Ask Ubuntu`_ post
19 19 which explains the problem and gives a solution.
20 20
21 21 For more information, see the following sections:
22 22
23 23 * :ref:`install-vcs`
24 24 * :ref:`config-vcs`
25 25 * :ref:`vcs-server-options`
26 26 * :ref:`vcs-server-versions`
27 27 * :ref:`vcs-server-maintain`
28 28 * :ref:`vcs-server-config-file`
29 29 * :ref:`svn-http`
30 30
31 31 .. _install-vcs:
32 32
33 33 VCS Server Installation
34 34 ^^^^^^^^^^^^^^^^^^^^^^^
35 35
36 36 To install a VCS Server, see
37 37 :ref:`Installing a VCS server <control:install-vcsserver>`.
38 38
39 39 .. _config-vcs:
40 40
41 41 Hooking |RCE| to its VCS Server
42 42 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
43 43
44 44 To configure a |RCE| instance to use a VCS server, see
45 45 :ref:`Configuring the VCS Server connection <control:manually-vcsserver-ini>`.
46 46
47 47 .. _vcs-server-options:
48 48
49 49 |RCE| VCS Server Options
50 50 ^^^^^^^^^^^^^^^^^^^^^^^^
51 51
52 52 The following list shows the available options on the |RCE| side of the
53 53 connection to the VCS Server. The settings are configured per
54 54 instance in the
55 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
55 :file:`config/_shared/rhodecode.ini` file.
56 56
57 57 .. rst-class:: dl-horizontal
58 58
59 59 \vcs.backends <available-vcs-systems>
60 60 Set a comma-separated list of the |repo| options available from the
61 61 web interface. The default is ``hg, git, svn``,
62 62 which is all |repo| types available. The order of backends is also the
63 63 order backend will try to detect requests type.
64 64
65 65 \vcs.connection_timeout <seconds>
66 66 Set the length of time in seconds that the VCS Server waits for
67 67 requests to process. After the timeout expires,
68 68 the request is closed. The default is ``3600``. Set to a higher
69 69 number if you experience network latency, or timeout issues with very
70 70 large push/pull requests.
71 71
72 72 \vcs.server.enable <boolean>
73 73 Enable or disable the VCS Server. The available options are ``true`` or
74 74 ``false``. The default is ``true``.
75 75
76 76 \vcs.server <host:port>
77 77 Set the host, either hostname or IP Address, and port of the VCS server
78 78 you wish to run with your |RCE| instance.
79 79
80 80 .. code-block:: ini
81 81
82 82 ##################
83 83 ### VCS CONFIG ###
84 84 ##################
85 85 # set this line to match your VCS Server
86 86 vcs.server = 127.0.0.1:10004
87 87 # Set to False to disable the VCS Server
88 88 vcs.server.enable = True
89 89 vcs.backends = hg, git, svn
90 90 vcs.connection_timeout = 3600
91 91
92 92
93 93 .. _vcs-server-versions:
94 94
95 95 VCS Server Versions
96 96 ^^^^^^^^^^^^^^^^^^^
97 97
98 98 An updated version of the VCS Server is released with each |RCE| version. Use
99 99 the VCS Server number that matches with the |RCE| version to pair the
100 100 appropriate ones together. For |RCE| versions pre 3.3.0,
101 101 VCS Server 1.X.Y works with |RCE| 3.X.Y, for example:
102 102
103 103 * VCS Server 1.0.0 works with |RCE| 3.0.0
104 104 * VCS Server 1.2.2 works with |RCE| 3.2.2
105 105
106 106 For |RCE| versions post 3.3.0, the VCS Server and |RCE| version numbers
107 107 match, for example:
108 108
109 109 * VCS Server |release| works with |RCE| |release|
110 110
111 111 .. _vcs-server-maintain:
112 112
113 113 VCS Server Cache Optimization
114 114 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
115 115
116 116 To optimize the VCS server to manage the cache and memory usage efficiently, it's recommended to
117 117 configure the Redis backend for VCSServer caches.
118 118 Once configured, restart the VCS Server.
119 119
120 120 Make sure Redis is installed and running.
121 121 Open :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`
122 122 file and ensure the below settings for `repo_object` type cache are set:
123 123
124 124 .. code-block:: ini
125 125
126 126 ; ensure the default file based cache is *commented out*
127 127 ##rc_cache.repo_object.backend = dogpile.cache.rc.file_namespace
128 128 ##rc_cache.repo_object.expiration_time = 2592000
129 129
130 130 ; `repo_object` cache settings for vcs methods for repositories
131 131 rc_cache.repo_object.backend = dogpile.cache.rc.redis_msgpack
132 132
133 133 ; cache auto-expires after N seconds
134 134 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
135 135 rc_cache.repo_object.expiration_time = 2592000
136 136
137 137 ; redis_expiration_time needs to be greater then expiration_time
138 138 rc_cache.repo_object.arguments.redis_expiration_time = 3592000
139 139
140 140 rc_cache.repo_object.arguments.host = localhost
141 141 rc_cache.repo_object.arguments.port = 6379
142 142 rc_cache.repo_object.arguments.db = 5
143 143 rc_cache.repo_object.arguments.socket_timeout = 30
144 144 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
145 145 rc_cache.repo_object.arguments.distributed_lock = true
146 146
147 147
148 148 To clear the cache completely, you can restart the VCS Server.
149 149
150 150 .. important::
151 151
152 152 While the VCS Server handles a restart gracefully on the web interface,
153 153 it will drop connections during push/pull requests. So it is recommended
154 154 you only perform this when there is very little traffic on the instance.
155 155
156 156 Use the following example to restart your VCS Server,
157 157 for full details see the :ref:`RhodeCode Control CLI <control:rcc-cli>`.
158 158
159 159 .. code-block:: bash
160 160
161 161 $ rccontrol status
162 162
163 163 .. code-block:: vim
164 164
165 165 - NAME: vcsserver-1
166 166 - STATUS: RUNNING
167 167 logs:/home/ubuntu/.rccontrol/vcsserver-1/vcsserver.log
168 168 - VERSION: 4.7.2 VCSServer
169 169 - URL: http://127.0.0.1:10008
170 170 - CONFIG: /home/ubuntu/.rccontrol/vcsserver-1/vcsserver.ini
171 171
172 172 $ rccontrol restart vcsserver-1
173 173 Instance "vcsserver-1" successfully stopped.
174 174 Instance "vcsserver-1" successfully started.
175 175
176 176 .. _vcs-server-config-file:
177 177
178 178 VCS Server Configuration
179 179 ^^^^^^^^^^^^^^^^^^^^^^^^
180 180
181 181 You can configure settings for multiple VCS Servers on your
182 182 system using their individual configuration files. Use the following
183 183 properties inside the configuration file to set up your system. The default
184 184 location is :file:`home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`.
185 185 For a more detailed explanation of the logger levers, see :ref:`debug-mode`.
186 186
187 187 .. rst-class:: dl-horizontal
188 188
189 189 \host <ip-address>
190 190 Set the host on which the VCS Server will run. VCSServer is not
191 191 protected by any authentication, so we *highly* recommend running it
192 192 under localhost ip that is `127.0.0.1`
193 193
194 194 \port <int>
195 195 Set the port number on which the VCS Server will be available.
196 196
197 197
198 198 .. note::
199 199
200 200 After making changes, you need to restart your VCS Server to pick them up.
201 201
202 202 .. code-block:: ini
203 203
204 204 ; #################################
205 205 ; RHODECODE VCSSERVER CONFIGURATION
206 206 ; #################################
207 207
208 208 [server:main]
209 209 ; COMMON HOST/IP CONFIG
210 210 host = 127.0.0.1
211 211 port = 10002
212 212
213 213 ; ###########################
214 214 ; GUNICORN APPLICATION SERVER
215 215 ; ###########################
216 216
217 217 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
218 218
219 219 ; Module to use, this setting shouldn't be changed
220 220 use = egg:gunicorn#main
221 221
222 222 ; Sets the number of process workers. More workers means more concurrent connections
223 223 ; RhodeCode can handle at the same time. Each additional worker also it increases
224 224 ; memory usage as each has it's own set of caches.
225 225 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
226 226 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
227 227 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
228 228 ; when using more than 1 worker.
229 229 workers = 6
230 230
231 231 ; Gunicorn access log level
232 232 loglevel = info
233 233
234 234 ; Process name visible in process list
235 235 proc_name = rhodecode_vcsserver
236 236
237 237 ; Type of worker class, one of sync, gevent
238 238 ; currently `sync` is the only option allowed.
239 239 worker_class = sync
240 240
241 241 ; The maximum number of simultaneous clients. Valid only for gevent
242 242 worker_connections = 10
243 243
244 244 ; Max number of requests that worker will handle before being gracefully restarted.
245 245 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
246 246 max_requests = 1000
247 247 max_requests_jitter = 30
248 248
249 249 ; Amount of time a worker can spend with handling a request before it
250 250 ; gets killed and restarted. By default set to 21600 (6hrs)
251 251 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
252 252 timeout = 21600
253 253
254 254 ; The maximum size of HTTP request line in bytes.
255 255 ; 0 for unlimited
256 256 limit_request_line = 0
257 257
258 258 ; Limit the number of HTTP headers fields in a request.
259 259 ; By default this value is 100 and can't be larger than 32768.
260 260 limit_request_fields = 32768
261 261
262 262 ; Limit the allowed size of an HTTP request header field.
263 263 ; Value is a positive number or 0.
264 264 ; Setting it to 0 will allow unlimited header field sizes.
265 265 limit_request_field_size = 0
266 266
267 267 ; Timeout for graceful workers restart.
268 268 ; After receiving a restart signal, workers have this much time to finish
269 269 ; serving requests. Workers still alive after the timeout (starting from the
270 270 ; receipt of the restart signal) are force killed.
271 271 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
272 272 graceful_timeout = 3600
273 273
274 274 # The number of seconds to wait for requests on a Keep-Alive connection.
275 275 # Generally set in the 1-5 seconds range.
276 276 keepalive = 2
277 277
278 278 ; Maximum memory usage that each worker can use before it will receive a
279 279 ; graceful restart signal 0 = memory monitoring is disabled
280 280 ; Examples: 268435456 (256MB), 536870912 (512MB)
281 281 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
282 282 memory_max_usage = 1073741824
283 283
284 284 ; How often in seconds to check for memory usage for each gunicorn worker
285 285 memory_usage_check_interval = 60
286 286
287 287 ; Threshold value for which we don't recycle worker if GarbageCollection
288 288 ; frees up enough resources. Before each restart we try to run GC on worker
289 289 ; in case we get enough free memory after that, restart will not happen.
290 290 memory_usage_recovery_threshold = 0.8
291 291
292 292
293 293 [app:main]
294 294 use = egg:rhodecode-vcsserver
295 295
296 296 pyramid.default_locale_name = en
297 297 pyramid.includes =
298 298
299 299 ; default locale used by VCS systems
300 300 locale = en_US.UTF-8
301 301
302 302 ; #############
303 303 ; DOGPILE CACHE
304 304 ; #############
305 305
306 306 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
307 307 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
308 308 cache_dir = %(here)s/data
309 309
310 310 ; **********************************************************
311 311 ; `repo_object` cache with redis backend
312 312 ; recommended for larger instance, or for better performance
313 313 ; **********************************************************
314 314
315 315 ; `repo_object` cache settings for vcs methods for repositories
316 316 rc_cache.repo_object.backend = dogpile.cache.rc.redis_msgpack
317 317
318 318 ; cache auto-expires after N seconds
319 319 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
320 320 rc_cache.repo_object.expiration_time = 2592000
321 321
322 322 ; redis_expiration_time needs to be greater then expiration_time
323 323 rc_cache.repo_object.arguments.redis_expiration_time = 3592000
324 324
325 325 rc_cache.repo_object.arguments.host = localhost
326 326 rc_cache.repo_object.arguments.port = 6379
327 327 rc_cache.repo_object.arguments.db = 5
328 328 rc_cache.repo_object.arguments.socket_timeout = 30
329 329 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
330 330 rc_cache.repo_object.arguments.distributed_lock = true
331 331
332 332 ; #####################
333 333 ; LOGGING CONFIGURATION
334 334 ; #####################
335 335 [loggers]
336 336 keys = root, vcsserver
337 337
338 338 [handlers]
339 339 keys = console
340 340
341 341 [formatters]
342 342 keys = generic
343 343
344 344 ; #######
345 345 ; LOGGERS
346 346 ; #######
347 347 [logger_root]
348 348 level = NOTSET
349 349 handlers = console
350 350
351 351 [logger_vcsserver]
352 352 level = DEBUG
353 353 handlers =
354 354 qualname = vcsserver
355 355 propagate = 1
356 356
357 357
358 358 ; ########
359 359 ; HANDLERS
360 360 ; ########
361 361
362 362 [handler_console]
363 363 class = StreamHandler
364 364 args = (sys.stderr, )
365 365 level = INFO
366 366 formatter = generic
367 367
368 368 ; ##########
369 369 ; FORMATTERS
370 370 ; ##########
371 371
372 372 [formatter_generic]
373 373 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
374 374 datefmt = %Y-%m-%d %H:%M:%S
375 375
376 376
377 377 .. _Subversion Red Book: http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.ref.svn
378 378
379 379 .. _Ask Ubuntu: http://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue
Show file before | Show file after | Hide comments
@@ -1,209 +1,209 b''
1 1 .. _api:
2 2
3 3 API Documentation
4 4 =================
5 5
6 6 The |RCE| API uses a single scheme for calling all API methods. The API is
7 7 implemented with JSON protocol in both directions. To send API requests to
8 8 your instance of |RCE|, use the following URL format
9 9 ``<your_server>/_admin``
10 10
11 11 .. note::
12 12
13 13 To use the API, you should configure the :file:`~/.rhoderc` file with
14 14 access details per instance. For more information, see
15 15 :ref:`config-rhoderc`.
16 16
17 17
18 18 API ACCESS FOR WEB VIEWS
19 19 ------------------------
20 20
21 21 API access can also be turned on for each web view in |RCE| that is
22 22 decorated with a `@LoginRequired` decorator. To enable API access, change
23 23 the standard login decorator to `@LoginRequired(api_access=True)`.
24 24
25 25 From |RCE| version 1.7.0 you can configure a white list
26 26 of views that have API access enabled by default. To enable these,
27 27 edit the |RCE| configuration ``.ini`` file. The default location is:
28 28
29 29 * |RCE| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
30 * |RCE| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
30 * |RCE| 3.0 :file:`config/_shared/rhodecode.ini`
31 31
32 32 To configure the white list, edit this section of the file. In this
33 33 configuration example, API access is granted to the patch/diff raw file and
34 34 archive.
35 35
36 36 .. code-block:: ini
37 37
38 38 ## List of controllers (using glob syntax) that AUTH TOKENS could be used for access.
39 39 ## Adding ?auth_token = <token> to the url authenticates this request as if it
40 40 ## came from the the logged in user who own this authentication token.
41 41 ##
42 42 ## Syntax is <ControllerClass>:<function_pattern>.
43 43 ## The list should be "," separated and on a single line.
44 44 ##
45 45 api_access_controllers_whitelist = RepoCommitsView:repo_commit_raw,RepoCommitsView:repo_commit_patch,RepoCommitsView:repo_commit_download
46 46
47 47 After this change, a |RCE| view can be accessed without login by adding a
48 48 GET parameter ``?auth_token=<auth_token>`` to a url. For example to
49 49 access the raw diff.
50 50
51 51 .. code-block:: html
52 52
53 53 http://<server>/<repo>/changeset-diff/<sha>?auth_token=<auth_token>
54 54
55 55 By default this is only enabled on RSS/ATOM feed views. Exposing raw diffs is a
56 56 good way to integrate with 3rd party services like code review, or build farms
57 57 that could download archives.
58 58
59 59 API ACCESS
60 60 ----------
61 61
62 62 All clients are required to send JSON-RPC spec JSON data.
63 63
64 64 .. code-block:: bash
65 65
66 66 {
67 67 "id:"<id>",
68 68 "auth_token":"<auth_token>",
69 69 "method":"<method_name>",
70 70 "args":{"<arg_key>":"<arg_val>"}
71 71 }
72 72
73 73 Example call for auto pulling from remote repositories using curl:
74 74
75 75 .. code-block:: bash
76 76
77 77 curl https://server.com/_admin/api -X POST -H 'content-type:text/plain' --data-binary '{"id":1,
78 78 "auth_token":"xe7cdb2v278e4evbdf5vs04v832v0efvcbcve4a3","method":"pull", "args":{"repoid":"CPython"}}'
79 79
80 80 Provide those parameters:
81 81 - **id** A value of any type, which is used to match the response with the
82 82 request that it is replying to.
83 83 - **auth_token** for access and permission validation.
84 84 - **method** is name of method to call
85 85 - **args** is an ``key:value`` list of arguments to pass to method
86 86
87 87 .. note::
88 88
89 89 To get your |authtoken|, from the |RCE| interface,
90 90 go to:
91 91 :menuselection:`username --> My account --> Auth tokens`
92 92
93 93 For security reasons you should always create a dedicated |authtoken| for
94 94 API use only.
95 95
96 96
97 97 The |RCE| API will always return a JSON-RPC response:
98 98
99 99 .. code-block:: bash
100 100
101 101 {
102 102 "id": <id>, # matching id sent by request
103 103 "result": "<result>"|null, # JSON formatted result, null if any errors
104 104 "error": "null"|<error_message> # JSON formatted error (if any)
105 105 }
106 106
107 107 All responses from API will be with `HTTP/1.0 200 OK` status code.
108 108 If there is an error when calling the API, the *error* key will contain a
109 109 failure description and the *result* will be `null`.
110 110
111 111 API CLIENT
112 112 ----------
113 113
114 114 To install the |RCE| API, see :ref:`install-tools`. To configure the API per
115 115 instance, see the :ref:`rc-tools` section as you need to configure a
116 116 :file:`~/.rhoderc` file with your |authtokens|.
117 117
118 118 Once you have set up your instance API access, use the following examples to
119 119 get started.
120 120
121 121 .. code-block:: bash
122 122
123 123 # Getting the 'rhodecode' repository
124 124 # from a RhodeCode Enterprise instance
125 125 rhodecode-api --instance-name=enterprise-1 get_repo repoid:rhodecode
126 126
127 127 Calling method get_repo => http://127.0.0.1:5000
128 128 Server response
129 129 {
130 130 <json data>
131 131 }
132 132
133 133 # Creating a new mercurial repository called 'brand-new'
134 134 # with a description 'Repo-description'
135 135 rhodecode-api --instance-name=enterprise-1 create_repo repo_name:brand-new repo_type:hg description:Repo-description
136 136 {
137 137 "error": null,
138 138 "id": 1110,
139 139 "result": {
140 140 "msg": "Created new repository `brand-new`",
141 141 "success": true,
142 142 "task": null
143 143 }
144 144 }
145 145
146 146 A broken example, what not to do.
147 147
148 148 .. code-block:: bash
149 149
150 150 # A call missing the required arguments
151 151 # and not specifying the instance
152 152 rhodecode-api get_repo
153 153
154 154 Calling method get_repo => http://127.0.0.1:5000
155 155 Server response
156 156 "Missing non optional `repoid` arg in JSON DATA"
157 157
158 158 You can specify pure JSON using the ``--format`` parameter.
159 159
160 160 .. code-block:: bash
161 161
162 162 rhodecode-api --format=json get_repo repoid:rhodecode
163 163
164 164 In such case only output that this function shows is pure JSON, we can use that
165 165 and pipe output to some json formatter.
166 166
167 167 If output is in pure JSON format, you can pipe output to a JSON formatter.
168 168
169 169 .. code-block:: bash
170 170
171 171 rhodecode-api --instance-name=enterprise-1 --format=json get_repo repoid:rhodecode | python -m json.tool
172 172
173 173 API METHODS
174 174 -----------
175 175
176 176 Each method by default required following arguments.
177 177
178 178 .. code-block:: bash
179 179
180 180 id : "<id_for_response>"
181 181 auth_token : "<auth_token>"
182 182 method : "<method name>"
183 183 args : {}
184 184
185 185 Use each **param** from docs and put it in args, Optional parameters
186 186 are not required in args.
187 187
188 188 .. code-block:: bash
189 189
190 190 args: {"repoid": "rhodecode"}
191 191
192 192 .. Note: From this point on things are generated by the script in
193 193 `scripts/fabfile.py`. To change things below, update the docstrings in the
194 194 ApiController.
195 195
196 196 .. --- API DEFS MARKER ---
197 197 .. toctree::
198 198
199 199 methods/repo-methods
200 200 methods/store-methods
201 201 methods/license-methods
202 202 methods/deprecated-methods
203 203 methods/gist-methods
204 204 methods/pull-request-methods
205 205 methods/repo-group-methods
206 206 methods/search-methods
207 207 methods/server-methods
208 208 methods/user-methods
209 209 methods/user-group-methods
Show file before | Show file after | Hide comments
@@ -1,144 +1,144 b''
1 1 .. _ssh-connection:
2 2
3 3 SSH Connection
4 4 --------------
5 5
6 6 If you wish to connect to your |repos| using SSH protocol, use the
7 7 following instructions.
8 8
9 9 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
10 10
11 11 By default a file `authorized_keys_rhodecode` is created containing
12 12 configuration and all allowed user connection keys are stored inside.
13 13 On each change of stored keys inside |RCE| this file is updated with
14 14 proper data.
15 15
16 16 .. code-block:: bash
17 17
18 18 # Edit sshd_config file most likely at /etc/ssh/sshd_config
19 19 # add or edit the AuthorizedKeysFile, and set to use custom files
20 20
21 21 AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
22 22
23 23 This way we use a separate file for SSH access and separate one for
24 24 SSH access to |RCE| repositories.
25 25
26 26
27 27 2. Enable the SSH module on instance.
28 28
29 29 On the server where |RCE| is running executing:
30 30
31 31 .. code-block:: bash
32 32
33 33 rccontrol enable-module ssh {instance-id}
34 34
35 35 This will add the following configuration into :file:`rhodecode.ini`.
36 36 This also can be done manually:
37 37
38 38 .. code-block:: ini
39 39
40 40 ############################################################
41 41 ### SSH Support Settings ###
42 42 ############################################################
43 43
44 44 ## Defines if a custom authorized_keys file should be created and written on
45 45 ## any change user ssh keys. Setting this to false also disables posibility
46 46 ## of adding SSH keys by users from web interface. Super admins can still
47 47 ## manage SSH Keys.
48 48 ssh.generate_authorized_keyfile = true
49 49
50 50 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
51 51 # ssh.authorized_keys_ssh_opts =
52 52
53 53 ## Path to the authrozied_keys file where the generate entries are placed.
54 54 ## It is possible to have multiple key files specified in `sshd_config` e.g.
55 55 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
56 56 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
57 57
58 58 ## Command to execute the SSH wrapper. The binary is available in the
59 59 ## rhodecode installation directory.
60 60 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
61 61 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
62 62
63 63 ## Allow shell when executing the ssh-wrapper command
64 64 ssh.wrapper_cmd_allow_shell = false
65 65
66 66 ## Enables logging, and detailed output send back to the client during SSH
67 67 ## operations. Useful for debugging, shouldn't be used in production.
68 68 ssh.enable_debug_logging = false
69 69
70 70 ## Paths to binary executable, by default they are the names, but we can
71 71 ## override them if we want to use a custom one
72 72 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
73 73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75 75
76 76 ## Enables SSH key generator web interface. Disabling this still allows users
77 77 ## to add their own keys.
78 78 ssh.enable_ui_key_generator = true
79 79
80 80
81 81 3. Set base_url for instance to enable proper event handling (Optional):
82 82
83 83 If you wish to have integrations working correctly via SSH please configure
84 84 The Application base_url.
85 85
86 86 Use the ``rccontrol status`` command to view instance details.
87 87 Hostname is required for the integration to properly set the instance URL.
88 88
89 89 When your hostname is known (e.g https://code.rhodecode.com) please set it
90 inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
90 inside :file:`config/_shared/rhodecode.ini`
91 91
92 92 add into `[app:main]` section the following configuration:
93 93
94 94 .. code-block:: ini
95 95
96 96 app.base_url = https://code.rhodecode.com
97 97
98 98
99 99 4. Add the public key to your user account for testing.
100 100 First generate a new key, or use your existing one and have your public key
101 101 at hand.
102 102
103 103 Go to
104 104 :menuselection:`My Account --> SSH Keys` and add the public key with proper description.
105 105
106 106 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
107 107
108 108 Test the connection from your local machine using the following example:
109 109
110 110 .. note::
111 111
112 112 In case of connection problems please set
113 113 `ssh.enable_debug_logging = true` inside the SSH configuration of
114 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
114 :file:`config/_shared/rhodecode.ini`
115 115 Then add, remove your SSH key and try connecting again.
116 116 Debug logging will be printed to help find the problems on the server side.
117 117
118 118 Test connection using the ssh command from the local machine. Make sure
119 119 to use the use who is running the |RCE| server, and not your username from
120 120 the web interface.
121 121
122 122
123 123 For SVN:
124 124
125 125 .. code-block:: bash
126 126
127 127 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name
128 128
129 129 For GIT:
130 130
131 131 .. code-block:: bash
132 132
133 133 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name
134 134
135 135 For Mercurial:
136 136
137 137 .. code-block:: bash
138 138
139 139 Add to hgrc:
140 140
141 141 [ui]
142 142 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key
143 143
144 144 hg clone ssh://rhodecode@rc-server/repo_name
Show file before | Show file after | Hide comments
@@ -1,45 +1,45 b''
1 1 .. _set-up-mail:
2 2
3 3 Set up Email
4 4 ------------
5 5
6 6 To setup email with your |RCE| instance, open the default
7 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
7 :file:`config/_shared/rhodecode.ini`
8 8 file and uncomment and configure the email section. If it is not there,
9 9 use the below example to insert it.
10 10
11 11 Once configured you can check the settings for your |RCE| instance on the
12 12 :menuselection:`Admin --> Settings --> Email` page.
13 13
14 14 Please be aware that both section should be changed the `[DEFAULT]` for main applications
15 15 email config, and `[server:main]` for exception tracking email
16 16
17 17 .. code-block:: ini
18 18
19 19 [DEFAULT]
20 20 ; ########################################################################
21 21 ; EMAIL CONFIGURATION
22 22 ; These settings will be used by the RhodeCode mailing system
23 23 ; ########################################################################
24 24
25 25 ; prefix all emails subjects with given prefix, helps filtering out emails
26 26 #email_prefix = [RhodeCode]
27 27
28 28 ; email FROM address all mails will be sent
29 29 #app_email_from = rhodecode-noreply@localhost
30 30
31 31 #smtp_server = mail.server.com
32 32 #smtp_username =
33 33 #smtp_password =
34 34 #smtp_port =
35 35 #smtp_use_tls = false
36 36 #smtp_use_ssl = true
37 37
38 38 [server:main]
39 39 ; Send email with exception details when it happens
40 40 #exception_tracker.send_email = true
41 41
42 42 ; Comma separated list of recipients for exception emails,
43 43 ; e.g admin@rhodecode.com,devops@rhodecode.com
44 44 ; Can be left empty, then emails will be sent to ALL super-admins
45 45 #exception_tracker.send_email_recipients =
Show file before | Show file after | Hide comments
@@ -1,91 +1,91 b''
1 1 .. _multi-instance-setup:
2 2
3 3 Scaling |RCE| Using Multiple Instances
4 4 ======================================
5 5
6 6 Running multiple instances of |RCE| from a single database can be used to
7 7 scale the application for the following deployment setups:
8 8
9 9 * Using dedicated Continuous Integrations instances.
10 10 * Locating instances closer to geographically dispersed development teams.
11 11 * Running production and testing instances, or failover instances on a
12 12 different server.
13 13 * Running proxy read-only instances for pull operations.
14 14
15 15 If you wish to run multiple instances of |RCE| using a single database for
16 16 settings, use the following instructions to set this up. Before you get onto
17 17 multiple instances though, you should install |RCE|, and set
18 18 up your first instance as you see fit. You can see the full instructions here
19 19 :ref:`Installing RhodeCode Enterprise <control:rcc>`
20 20
21 21 Once you have configured your first instance, you can run additional instances
22 22 from the same database using the following steps:
23 23
24 24 1. Install a new instance of |RCE|, choosing SQLite as the database. It is
25 25 important to choose SQLite, because this will not overwrite any other
26 26 database settings you may have.
27 27
28 28 Once the new instance is installed you need to update the licence token and
29 29 database connection string in the
30 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
30 :file:`config/_shared/rhodecode.ini` file.
31 31
32 32 .. code-block:: bash
33 33
34 34 $ rccontrol install Enterprise
35 35
36 36 Agree to the licence agreement? [y/N]: y
37 37 Username [admin]: username
38 38 Password (min 6 chars):
39 39 Repeat for confirmation:
40 40 Email: user@example.com
41 41 Respositories location [/home/brian/repos]:
42 42 IP to start the Enterprise server on [127.0.0.1]:
43 43 Port for the Enterprise server to use [10000]:
44 44 Database type - [s]qlite, [m]ysql, [p]ostresql: s
45 45
46 46 2. The licence token used on each new instance needs to be the token from your
47 47 initial instance. This allows multiple instances to run the same licence key.
48 48
49 49 To get the licence token, go to the |RCE| interface of your primary
50 50 instance and select :menuselection:`admin --> setting --> license`. Then
51 51 update the licence token setting in each new instance's
52 52 :file:`rhodecode.ini` file.
53 53
54 54 .. code-block:: ini
55 55
56 56 ## generated license token, goto license page in RhodeCode settings to get
57 57 ## new token
58 58 license_token = add-token-here
59 59
60 60 3. Update the database connection string in the
61 61 :file:`rhodecode.ini` file to point to your database. For
62 62 more information, see :ref:`config-database`.
63 63
64 64 .. code-block:: ini
65 65
66 66 #########################################################
67 67 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
68 68 #########################################################
69 69
70 70 # Default SQLite config
71 71 sqlalchemy.db1.url = sqlite:////home/user/.rccontrol/enterprise-1/rhodecode.db
72 72
73 73 # Use this example for a PostgreSQL
74 74 sqlalchemy.db1.url = postgresql://username:password@localhost/rhodecode
75 75
76 76 4. Restart your updated instance. Once restarted the new instance will read
77 77 the licence key in the database and will function identically as the
78 78 original instance.
79 79
80 80 .. code-block:: bash
81 81
82 82 $ rccontrol restart enterprise-2
83 83
84 84 If you wish to add additional performance to your setup, see the
85 85 :ref:`rhodecode-tuning-ref` section.
86 86
87 87 Scaling Deployment Diagram
88 88 --------------------------
89 89
90 90 .. image:: ../images/scaling-diagrm.png
91 91 :align: center
General Comments 0
You need to be logged in to leave comments. Login now