Show More
@@ -0,0 +1,105 b'' | |||
|
1 | .. _config-saml-duosecurity-ref: | |
|
2 | ||
|
3 | ||
|
4 | SAML 2.0 with Duo Security | |
|
5 | -------------------------- | |
|
6 | ||
|
7 | **This plugin is available only in EE Edition.** | |
|
8 | ||
|
9 | |RCE| supports SAML 2.0 Authentication with Duo Security provider. This allows | |
|
10 | users to log-in to RhodeCode via SSO mechanism of external identity provider | |
|
11 | such as Duo. The login can be triggered either by the external IDP, or internally | |
|
12 | by clicking specific authentication button on the log-in page. | |
|
13 | ||
|
14 | ||
|
15 | Configuration steps | |
|
16 | ^^^^^^^^^^^^^^^^^^^ | |
|
17 | ||
|
18 | To configure Duo Security SAML authentication, use the following steps: | |
|
19 | ||
|
20 | 1. From the |RCE| interface, select | |
|
21 | :menuselection:`Admin --> Authentication` | |
|
22 | 2. Activate the `Duo Security` plugin and select :guilabel:`Save` | |
|
23 | 3. Go to newly available menu option called `Duo Security` on the left side. | |
|
24 | 4. Check the `enabled` check box in the plugin configuration section, | |
|
25 | and fill in the required SAML information and :guilabel:`Save`, for more details, | |
|
26 | see :ref:`config-saml-duosecurity` | |
|
27 | ||
|
28 | ||
|
29 | .. _config-saml-duosecurity: | |
|
30 | ||
|
31 | ||
|
32 | Example SAML Duo Security configuration | |
|
33 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
|
34 | ||
|
35 | Example configuration for SAML 2.0 with Duo Security provider:: | |
|
36 | ||
|
37 | *option*: `enabled` => `True` | |
|
38 | # Enable or disable this authentication plugin. | |
|
39 | ||
|
40 | *option*: `cache_ttl` => `0` | |
|
41 | # Amount of seconds to cache the authentication and permissions check response call for this plugin. | |
|
42 | # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled). | |
|
43 | ||
|
44 | *option*: `debug` => `True` | |
|
45 | # Enable or disable debug mode that shows SAML errors in the RhodeCode logs. | |
|
46 | ||
|
47 | *option*: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php` | |
|
48 | # Identity Provider entity/metadata URI. | |
|
49 | # E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php | |
|
50 | ||
|
51 | *option*: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata` | |
|
52 | # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login | |
|
53 | # E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id> | |
|
54 | ||
|
55 | *option*: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php` | |
|
56 | # SLO (SingleLogout) endpoint URL of the IdP. | |
|
57 | # E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint | |
|
58 | ||
|
59 | *option*: `x509cert` => `<CERTIFICATE_STRING>` | |
|
60 | # Identity provider public x509 certificate. It will be converted to single-line format without headers | |
|
61 | ||
|
62 | *option*: `name_id_format` => `sha-1` | |
|
63 | # The format that specifies how the NameID is sent to the service provider. | |
|
64 | ||
|
65 | *option*: `signature_algo` => `sha-256` | |
|
66 | # Type of Algorithm to use for verification of SAML signature on Identity provider side | |
|
67 | ||
|
68 | *option*: `digest_algo` => `sha-256` | |
|
69 | # Type of Algorithm to use for verification of SAML digest on Identity provider side | |
|
70 | ||
|
71 | *option*: `cert_dir` => `/etc/saml/` | |
|
72 | # Optional directory to store service provider certificate and private keys. | |
|
73 | # Expected certs for the SP should be stored in this folder as: | |
|
74 | # * sp.key Private Key | |
|
75 | # * sp.crt Public cert | |
|
76 | # * sp_new.crt Future Public cert | |
|
77 | # | |
|
78 | # Also you can use other cert to sign the metadata of the SP using the: | |
|
79 | # * metadata.key | |
|
80 | # * metadata.crt | |
|
81 | ||
|
82 | *option*: `user_id_attribute` => `PersonImmutableID` | |
|
83 | # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id. | |
|
84 | # Ensure this is returned from DuoSecurity for example via duo_username | |
|
85 | ||
|
86 | *option*: `username_attribute` => `User.username` | |
|
87 | # Username Attribute name. This defines which attribute in SAML response will map to an username. | |
|
88 | ||
|
89 | *option*: `email_attribute` => `User.email` | |
|
90 | # Email Attribute name. This defines which attribute in SAML response will map to an email address. | |
|
91 | ||
|
92 | ||
|
93 | Below is example setup from DUO Administration page that can be used with above config. | |
|
94 | ||
|
95 | .. image:: ../images/saml-duosecurity-service-provider-example.png | |
|
96 | :alt: DUO Security SAML setup example | |
|
97 | :scale: 50 % | |
|
98 | ||
|
99 | ||
|
100 | Below is an example attribute mapping set for IDP provider required by the above config. | |
|
101 | ||
|
102 | ||
|
103 | .. image:: ../images/saml-duosecurity-attributes-example.png | |
|
104 | :alt: DUO Security SAML setup example | |
|
105 | :scale: 50 % No newline at end of file |
@@ -0,0 +1,18 b'' | |||
|
1 | .. _config-saml-generic-ref: | |
|
2 | ||
|
3 | ||
|
4 | SAML 2.0 Authentication | |
|
5 | ----------------------- | |
|
6 | ||
|
7 | ||
|
8 | **This plugin is available only in EE Edition.** | |
|
9 | ||
|
10 | RhodeCode Supports standard SAML 2.0 SSO for the web-application part. | |
|
11 | ||
|
12 | Please check for reference two example providers: | |
|
13 | ||
|
14 | .. toctree:: | |
|
15 | ||
|
16 | auth-saml-duosecurity | |
|
17 | auth-saml-onelogin | |
|
18 |
@@ -0,0 +1,106 b'' | |||
|
1 | .. _config-saml-onelogin-ref: | |
|
2 | ||
|
3 | ||
|
4 | SAML 2.0 with One Login | |
|
5 | ----------------------- | |
|
6 | ||
|
7 | **This plugin is available only in EE Edition.** | |
|
8 | ||
|
9 | |RCE| supports SAML 2.0 Authentication with OneLogin provider. This allows | |
|
10 | users to log-in to RhodeCode via SSO mechanism of external identity provider | |
|
11 | such as OneLogin. The login can be triggered either by the external IDP, or internally | |
|
12 | by clicking specific authentication button on the log-in page. | |
|
13 | ||
|
14 | ||
|
15 | Configuration steps | |
|
16 | ^^^^^^^^^^^^^^^^^^^ | |
|
17 | ||
|
18 | To configure OneLogin SAML authentication, use the following steps: | |
|
19 | ||
|
20 | 1. From the |RCE| interface, select | |
|
21 | :menuselection:`Admin --> Authentication` | |
|
22 | 2. Activate the `OneLogin` plugin and select :guilabel:`Save` | |
|
23 | 3. Go to newly available menu option called `OneLogin` on the left side. | |
|
24 | 4. Check the `enabled` check box in the plugin configuration section, | |
|
25 | and fill in the required SAML information and :guilabel:`Save`, for more details, | |
|
26 | see :ref:`config-saml-onelogin` | |
|
27 | ||
|
28 | ||
|
29 | .. _config-saml-onelogin: | |
|
30 | ||
|
31 | ||
|
32 | Example SAML OneLogin configuration | |
|
33 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
|
34 | ||
|
35 | Example configuration for SAML 2.0 with OneLogin provider:: | |
|
36 | ||
|
37 | *option*: `enabled` => `True` | |
|
38 | # Enable or disable this authentication plugin. | |
|
39 | ||
|
40 | *option*: `cache_ttl` => `0` | |
|
41 | # Amount of seconds to cache the authentication and permissions check response call for this plugin. | |
|
42 | # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled). | |
|
43 | ||
|
44 | *option*: `debug` => `True` | |
|
45 | # Enable or disable debug mode that shows SAML errors in the RhodeCode logs. | |
|
46 | ||
|
47 | *option*: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | |
|
48 | # Identity Provider entity/metadata URI. | |
|
49 | # E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id> | |
|
50 | ||
|
51 | *option*: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx` | |
|
52 | # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login | |
|
53 | # E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id> | |
|
54 | ||
|
55 | *option*: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx` | |
|
56 | # SLO (SingleLogout) endpoint URL of the IdP. | |
|
57 | # E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id> | |
|
58 | ||
|
59 | *option*: `x509cert` => `<CERTIFICATE_STRING>` | |
|
60 | # Identity provider public x509 certificate. It will be converted to single-line format without headers | |
|
61 | ||
|
62 | *option*: `name_id_format` => `sha-1` | |
|
63 | # The format that specifies how the NameID is sent to the service provider. | |
|
64 | ||
|
65 | *option*: `signature_algo` => `sha-256` | |
|
66 | # Type of Algorithm to use for verification of SAML signature on Identity provider side | |
|
67 | ||
|
68 | *option*: `digest_algo` => `sha-256` | |
|
69 | # Type of Algorithm to use for verification of SAML digest on Identity provider side | |
|
70 | ||
|
71 | *option*: `cert_dir` => `/etc/saml/` | |
|
72 | # Optional directory to store service provider certificate and private keys. | |
|
73 | # Expected certs for the SP should be stored in this folder as: | |
|
74 | # * sp.key Private Key | |
|
75 | # * sp.crt Public cert | |
|
76 | # * sp_new.crt Future Public cert | |
|
77 | # | |
|
78 | # Also you can use other cert to sign the metadata of the SP using the: | |
|
79 | # * metadata.key | |
|
80 | # * metadata.crt | |
|
81 | ||
|
82 | *option*: `user_id_attribute` => `PersonImmutableID` | |
|
83 | # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id. | |
|
84 | # Ensure this is returned from OneLogin for example via Internal ID | |
|
85 | ||
|
86 | *option*: `username_attribute` => `User.username` | |
|
87 | # Username Attribute name. This defines which attribute in SAML response will map to an username. | |
|
88 | ||
|
89 | *option*: `email_attribute` => `User.email` | |
|
90 | # Email Attribute name. This defines which attribute in SAML response will map to an email address. | |
|
91 | ||
|
92 | ||
|
93 | ||
|
94 | Below is example setup that can be used with OneLogin SAML authentication that can be used with above config.. | |
|
95 | ||
|
96 | .. image:: ../images/saml-onelogin-config-example.png | |
|
97 | :alt: OneLogin SAML setup example | |
|
98 | :scale: 50 % | |
|
99 | ||
|
100 | ||
|
101 | Below is an example attribute mapping set for IDP provider required by the above config. | |
|
102 | ||
|
103 | ||
|
104 | .. image:: ../images/saml-onelogin-attributes-example.png | |
|
105 | :alt: OneLogin SAML setup example | |
|
106 | :scale: 50 % No newline at end of file |
|
1 | NO CONTENT: new file 100644, binary diff hidden |
|
1 | NO CONTENT: new file 100644, binary diff hidden |
|
1 | NO CONTENT: new file 100644, binary diff hidden |
|
1 | NO CONTENT: new file 100644, binary diff hidden |
@@ -3,19 +3,19 b'' | |||
|
3 | 3 | Anonymous Users |
|
4 | 4 | --------------- |
|
5 | 5 | |
|
6 |
By default, |RC |
|
|
6 | By default, |RCE| provides |repo| access for registered users only. It can be | |
|
7 | 7 | configured to be **world-open** in terms of read and write permissions. This |
|
8 |
configuration is called "Anonymous Access" and allows |RC |
|
|
8 | configuration is called "Anonymous Access" and allows |RCE| to be used as a | |
|
9 | 9 | public hub where unregistered users have access to your |repos|. |
|
10 | 10 | |
|
11 | 11 | Anonymous access is useful for open source projects, universities, |
|
12 | 12 | or if running inside a restricted internal corporate network to serve |
|
13 | 13 | documents to all employees. Anonymous users get the default user permission |
|
14 |
settings that are applied across the whole |RC |
|
|
14 | settings that are applied across the whole |RCE| system. | |
|
15 | 15 | |
|
16 | 16 | To enable anonymous access to your |repos|, use the following steps: |
|
17 | 17 | |
|
18 |
1. From the |RC |
|
|
18 | 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`. | |
|
19 | 19 | 2. On the Application tab, check the :guilabel:`Allow anonymous access` box. |
|
20 | 20 | 3. Select :guilabel:`Save`. |
|
21 | 21 | 4. To set the anonymous user access permissions, which are based on the |
@@ -166,7 +166,7 b' 2. Add your custom hook details, you can' | |||
|
166 | 166 | ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name`` |
|
167 | 167 | 3. Select :guilabel:`Save` |
|
168 | 168 | |
|
169 |
Also, see the |
|
|
169 | Also, see the RhodeCode Extensions section of the :ref:`rc-tools` guide. RhodeCode | |
|
170 | 170 | Extensions can be used to add additional hooks to your instance and comes |
|
171 | 171 | with a number of pre-built plugins if you chose to install them. |
|
172 | 172 |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | Apache WSGI Configuration |
|
4 | 4 | ^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
5 | 5 | |
|
6 |
|RC |
|
|
6 | |RCE| can also be set up with Apache under ``mod_wsgi``. To configure this | |
|
7 | 7 | use the following steps. |
|
8 | 8 | |
|
9 | 9 | 1. Install ``mod_wsgi`` using the following command: |
@@ -50,6 +50,6 b' The following is an example ``wsgi`` dis' | |||
|
50 | 50 | .. note:: |
|
51 | 51 | |
|
52 | 52 | When using `mod_wsgi` the same version of |hg| must be running in your |
|
53 |
system's |PY| environment and on |RC |
|
|
53 | system's |PY| environment and on |RCE|. To check the |RCE| version, | |
|
54 | 54 | on the interface go to |
|
55 | 55 | :menuselection:`Admin --> Settings --> System Info` |
@@ -67,7 +67,7 b' sections.' | |||
|
67 | 67 | Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST` |
|
68 | 68 | |
|
69 | 69 | |RCC| uses this file to source the latest available builds from the |
|
70 |
secure |
|
|
70 | secure RhodeCode download channels. The only reason to mess with this file | |
|
71 | 71 | is if you need to do an offline installation, |
|
72 | 72 | see the :ref:`Offline Installation<control:offline-installer-ref>` |
|
73 | 73 | instructions, otherwise |RCC| will completely manage this file. |
@@ -33,7 +33,7 b' Glossary' | |||
|
33 | 33 | Adding more machines or workers into your pool of resources. |
|
34 | 34 | |
|
35 | 35 | Instance |
|
36 |
A single installed version of one of the |
|
|
36 | A single installed version of one of the RhodeCode products. It could | |
|
37 | 37 | refer to |RCE| or the VCS server depending on the context. |
|
38 | 38 | |
|
39 | 39 | Plugin |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | Full-text Search |
|
4 | 4 | ---------------- |
|
5 | 5 | |
|
6 |
By default |
|
|
6 | By default RhodeCode is configured to use `Whoosh`_ to index |repos| and | |
|
7 | 7 | provide full-text search. |
|
8 | 8 | |
|
9 | 9 | |RCE| also provides support for `Elasticsearch`_ as a backend for scalable |
@@ -46,7 +46,7 b' Configure the ``.rhoderc`` File' | |||
|
46 | 46 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
47 | 47 | |
|
48 | 48 | |RCT| uses the :file:`/home/{user}/.rhoderc` file for connection details |
|
49 |
to |RC |
|
|
49 | to |RCE| instances. If this file is not automatically created, | |
|
50 | 50 | you can configure it using the following example. You need to configure the |
|
51 | 51 | details for each instance you want to index. |
|
52 | 52 | |
@@ -62,7 +62,7 b' details for each instance you want to in' | |||
|
62 | 62 | - VERSION: 1.5.0 |
|
63 | 63 | - URL: http://127.0.0.1:10000 |
|
64 | 64 | |
|
65 |
To get your API Token, on the |RC |
|
|
65 | To get your API Token, on the |RCE| interface go to | |
|
66 | 66 | :menuselection:`username --> My Account --> Auth tokens` |
|
67 | 67 | |
|
68 | 68 | .. code-block:: ini |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | Public Access |
|
4 | 4 | ------------- |
|
5 | 5 | |
|
6 |
By default |RC |
|
|
6 | By default |RCE| allows users to read all **public** |repos|. User | |
|
7 | 7 | permissions and |repo| access can be configured explicitly, |
|
8 | 8 | and those permissions will override any default settings. The default |
|
9 | 9 | settings can be found under the following section: |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | Setting Default Permissions |
|
4 | 4 | --------------------------- |
|
5 | 5 | |
|
6 |
Default permissions allow you to configure |RC |
|
|
6 | Default permissions allow you to configure |RCE| so that when a new |repo|, user group, | |
|
7 | 7 | or user is created their permissions are already defined. To set default permissions you need administrator |
|
8 | 8 | privileges. See the following sections for setting up your permissions system: |
|
9 | 9 | |
@@ -19,7 +19,7 b' Setting User defaults' | |||
|
19 | 19 | |
|
20 | 20 | To set default user permissions, use the following steps. |
|
21 | 21 | |
|
22 |
1. From the |RC |
|
|
22 | 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions` | |
|
23 | 23 | 2. Select the :guilabel:`Global` tab from the left-hand menu. The permissions |
|
24 | 24 | set on this screen apply to users and user-groups across the whole instance. |
|
25 | 25 | 3. Save your changes |
@@ -31,7 +31,7 b' Setting User Group defaults' | |||
|
31 | 31 | |
|
32 | 32 | To set default user group permissions, use the following steps. |
|
33 | 33 | |
|
34 |
1. From the |RC |
|
|
34 | 1. From the |RCE| interface, select :menuselection:`Admin --> User groups` | |
|
35 | 35 | 2. Select :guilabel:`Permissions`, and configure the default user |
|
36 | 36 | permissions. All users will get these permissions unless |
|
37 | 37 | individually set. |
@@ -48,7 +48,7 b' Setting Repository defaults' | |||
|
48 | 48 | |
|
49 | 49 | To set default |repo| permissions, use the following steps. |
|
50 | 50 | |
|
51 |
1. From the |RC |
|
|
51 | 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions` | |
|
52 | 52 | 2. Select the :guilabel:`Object` tab from the left-hand menu and set the |
|
53 | 53 | |perm| permissions |
|
54 | 54 | 3. Save your changes |
@@ -60,7 +60,7 b' Setting Repository Group defaults' | |||
|
60 | 60 | |
|
61 | 61 | To set default Repository Group permissions, use the following steps. |
|
62 | 62 | |
|
63 |
1. From the |RC |
|
|
63 | 1. From the |RCE| interface, select :menuselection:`Admin --> Repository Groups` | |
|
64 | 64 | 2. Select :guilabel:`Edit` beside the |repo| group you wish to configure |
|
65 | 65 | 3. On the left-hand pane select :guilabel:`Permissions` |
|
66 | 66 | 4. Set the default permissions for all |repos| created in this group |
@@ -3,12 +3,12 b'' | |||
|
3 | 3 | Repository Administration |
|
4 | 4 | ========================= |
|
5 | 5 | |
|
6 |
Repository permissions in |RC |
|
|
6 | Repository permissions in |RCE| can be managed in a number of different ways. | |
|
7 | 7 | This overview should give you an insight into how you could adopt particular |
|
8 | 8 | settings for your needs: |
|
9 | 9 | |
|
10 | 10 | * Global |repo| permissions: This allows you to set the default permissions |
|
11 |
for each new |repo| created within |RC |
|
|
11 | for each new |repo| created within |RCE|, see :ref:`repo-default-ref`. All | |
|
12 | 12 | |repos| created will inherit these permissions unless explicitly configured. |
|
13 | 13 | * Individual |repo| permissions: To set individual |repo| permissions, |
|
14 | 14 | see :ref:`set-repo-perms`. |
@@ -59,7 +59,7 b' Supported Browsers' | |||
|
59 | 59 | System Requirements |
|
60 | 60 | ------------------- |
|
61 | 61 | |
|
62 |
|RC |
|
|
62 | |RCE| performs best on machines with ultra-fast hard disks. Generally disk | |
|
63 | 63 | performance is more important than CPU performance. In a corporate production |
|
64 | 64 | environment handling 1000s of users and |repos| you should deploy on a 12+ |
|
65 | 65 | core 64GB RAM server. In short, the more RAM the better. |
@@ -68,7 +68,7 b' core 64GB RAM server. In short, the more' | |||
|
68 | 68 | For example: |
|
69 | 69 | |
|
70 | 70 | - for team of 1 - 5 active users you can run on 1GB RAM machine with 1CPU |
|
71 |
- above 250 active users, |RC |
|
|
71 | - above 250 active users, |RCE| needs at least 8GB of memory. | |
|
72 | 72 | Number of CPUs is less important, but recommended to have at least 2-3 CPUs |
|
73 | 73 | |
|
74 | 74 | |
@@ -114,7 +114,7 b' Connection Methods' | |||
|
114 | 114 | |
|
115 | 115 | * HTTPS |
|
116 | 116 | * SSH |
|
117 |
* |RC |
|
|
117 | * |RCE| API | |
|
118 | 118 | |
|
119 | 119 | Internationalization Support |
|
120 | 120 | ---------------------------- |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | User Administration |
|
4 | 4 | =================== |
|
5 | 5 | |
|
6 |
|RC |
|
|
6 | |RCE| enables you to define permissions for the following entities within the | |
|
7 | 7 | system; **users**, **user groups**, **repositories**, **repository groups**. |
|
8 | 8 | |
|
9 | 9 | Within each one of these entities you can set default settings, |
@@ -3,13 +3,13 b'' | |||
|
3 | 3 | VCS Server Management |
|
4 | 4 | --------------------- |
|
5 | 5 | |
|
6 |
The VCS Server handles |RC |
|
|
7 |
a VCS Server to run with a |RC |
|
|
8 |
the connection between |RC |
|
|
6 | The VCS Server handles |RCE| backend functionality. You need to configure | |
|
7 | a VCS Server to run with a |RCE| instance. If you do not, you will be missing | |
|
8 | the connection between |RCE| and its |repos|. This will cause error messages | |
|
9 | 9 | on the web interface. You can run your setup in the following configurations, |
|
10 | 10 | currently the best performance is one of following: |
|
11 | 11 | |
|
12 |
* One VCS Server per |RC |
|
|
12 | * One VCS Server per |RCE| instance. | |
|
13 | 13 | * One VCS Server handling multiple instances. |
|
14 | 14 | |
|
15 | 15 | .. important:: |
@@ -49,7 +49,7 b' To configure a |RCE| instance to use a V' | |||
|
49 | 49 | |RCE| VCS Server Options |
|
50 | 50 | ^^^^^^^^^^^^^^^^^^^^^^^^ |
|
51 | 51 | |
|
52 |
The following list shows the available options on the |RC |
|
|
52 | The following list shows the available options on the |RCE| side of the | |
|
53 | 53 | connection to the VCS Server. The settings are configured per |
|
54 | 54 | instance in the |
|
55 | 55 | :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. |
@@ -75,7 +75,7 b' instance in the' | |||
|
75 | 75 | |
|
76 | 76 | \vcs.server <host:port> |
|
77 | 77 | Set the host, either hostname or IP Address, and port of the VCS server |
|
78 |
you wish to run with your |RC |
|
|
78 | you wish to run with your |RCE| instance. | |
|
79 | 79 | |
|
80 | 80 | .. code-block:: ini |
|
81 | 81 |
@@ -22,12 +22,12 b' API access can also be turned on for eac' | |||
|
22 | 22 | decorated with a `@LoginRequired` decorator. To enable API access, change |
|
23 | 23 | the standard login decorator to `@LoginRequired(api_access=True)`. |
|
24 | 24 | |
|
25 |
From |RC |
|
|
25 | From |RCE| version 1.7.0 you can configure a white list | |
|
26 | 26 | of views that have API access enabled by default. To enable these, |
|
27 |
edit the |RC |
|
|
27 | edit the |RCE| configuration ``.ini`` file. The default location is: | |
|
28 | 28 | |
|
29 |
* |RC |
|
|
30 |
* |RC |
|
|
29 | * |RCE| Pre-2.2.7 :file:`root/rhodecode/data/production.ini` | |
|
30 | * |RCE| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` | |
|
31 | 31 | |
|
32 | 32 | To configure the white list, edit this section of the file. In this |
|
33 | 33 | configuration example, API access is granted to the patch/diff raw file and |
@@ -5,8 +5,8 b' Crowd' | |||
|
5 | 5 | |
|
6 | 6 | To enable Crowd authentication, use the following steps: |
|
7 | 7 | |
|
8 |
1. From the |RC |
|
|
9 |
2. |
|
|
8 | 1. From the |RCE| interface, go to :menuselection:`Admin --> Authentication` | |
|
9 | 2. Activate the ``rhodecode.lib.auth_modules.auth_crowd`` library and select | |
|
10 | 10 | :guilabel:`Save` |
|
11 | 11 | 3. On the Crowd plugin settings section, do the following: |
|
12 | 12 |
@@ -3,25 +3,24 b'' | |||
|
3 | 3 | LDAP/AD With User Groups Sync |
|
4 | 4 | ----------------------------- |
|
5 | 5 | |
|
6 | |RCM| supports LDAP (Lightweight Directory Access Protocol) or | |
|
6 | **This plugin is available only in EE Edition.** | |
|
7 | ||
|
8 | |RCE| supports LDAP (Lightweight Directory Access Protocol) or | |
|
7 | 9 | AD (active Directory) authentication. |
|
8 | All LDAP versions are supported, with the following |RCM| plugins managing each: | |
|
9 | ||
|
10 | * For LDAP/AD with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)`` | |
|
10 | All LDAP versions are currently supported. | |
|
11 | 11 | |
|
12 | 12 | RhodeCode reads all data defined from plugin and creates corresponding |
|
13 | 13 | accounts on local database after receiving data from LDAP. This is done on |
|
14 | 14 | every user log-in including operations like pushing/pulling/checkout. |
|
15 | 15 | In addition group membership is read from LDAP and following operations are done: |
|
16 | 16 | |
|
17 |
- automatic addition of user to |RC |
|
|
18 |
- automatic removal of user from any other |RC |
|
|
17 | - automatic addition of user to |RCE| user group | |
|
18 | - automatic removal of user from any other |RCE| user groups not specified in LDAP. | |
|
19 | 19 | The removal is done *only* on groups that are marked to be synced from ldap. |
|
20 | 20 | This setting can be changed in advanced settings on user groups |
|
21 |
- automatic creation of user groups if they aren't yet existing in |RC |
|
|
21 | - automatic creation of user groups if they aren't yet existing in |RCE| | |
|
22 | 22 | - marking user as super-admins if he is a member of any admin group defined in plugin settings |
|
23 | 23 | |
|
24 | This plugin is available only in EE Edition. | |
|
25 | 24 | |
|
26 | 25 | .. important:: |
|
27 | 26 | |
@@ -39,11 +38,12 b' LDAP Configuration Steps' | |||
|
39 | 38 | |
|
40 | 39 | To configure |LDAP|, use the following steps: |
|
41 | 40 | |
|
42 |
1. From the |RC |
|
|
41 | 1. From the |RCE| interface, select | |
|
43 | 42 | :menuselection:`Admin --> Authentication` |
|
44 |
2. |
|
|
45 | 3. Select the :guilabel:`Enabled` check box in the plugin configuration section | |
|
46 | 4. Add the required LDAP information and :guilabel:`Save`, for more details, | |
|
43 | 2. Activate the `LDAP + User Groups` plugin and select :guilabel:`Save` | |
|
44 | 3. Go to newly available menu option called `LDAP + User Groups` on the left side. | |
|
45 | 4. Check the `enabled` check box in the plugin configuration section, | |
|
46 | and fill in the required LDAP information and :guilabel:`Save`, for more details, | |
|
47 | 47 | see :ref:`config-ldap-groups-examples` |
|
48 | 48 | |
|
49 | 49 | For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`: |
@@ -52,59 +52,107 b' For a more detailed description of LDAP ' | |||
|
52 | 52 | |
|
53 | 53 | Example LDAP configuration |
|
54 | 54 | ^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
55 | .. code-block:: bash | |
|
55 | ||
|
56 | Below is example setup that can be used with Active Directory and LDAP server with groups sync:: | |
|
57 | ||
|
58 | *option*: `enabled` => `True` | |
|
59 | # Enable or disable this authentication plugin. | |
|
60 | ||
|
61 | *option*: `cache_ttl` => `360` | |
|
62 | # Amount of seconds to cache the authentication and permissions check response call for this plugin. | |
|
63 | # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled). | |
|
64 | ||
|
65 | *option*: `host` => `192.168.245.143,192.168.1.240` | |
|
66 | # Host[s] of the LDAP Server | |
|
67 | # (e.g., 192.168.2.154, or ldap-server.domain.com. | |
|
68 | # Multiple servers can be specified using commas | |
|
69 | ||
|
70 | *option*: `port` => `389` | |
|
71 | # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL) | |
|
72 | ||
|
73 | *option*: `timeout` => `300` | |
|
74 | # Timeout for LDAP connection | |
|
75 | ||
|
76 | *option*: `dn_user` => `Administrator@rhodecode.com` | |
|
77 | # Optional user DN/account to connect to LDAP if authentication is required. | |
|
78 | # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com | |
|
79 | ||
|
80 | *option*: `dn_pass` => `SomeSecret` | |
|
81 | # Password to authenticate for given user DN. | |
|
82 | ||
|
83 | *option*: `tls_kind` => `PLAIN` | |
|
84 | # TLS Type | |
|
85 | ||
|
86 | *option*: `tls_reqcert` => `NEVER` | |
|
87 | # Require Cert over TLS?. Self-signed and custom certificates can be used when | |
|
88 | # `RhodeCode Certificate` found in admin > settings > system info page is extended. | |
|
89 | ||
|
90 | *option*: `tls_cert_file` => `` | |
|
91 | # This specifies the PEM-format file path containing certificates for use in TLS connection. | |
|
92 | # If not specified `TLS Cert dir` will be used | |
|
93 | ||
|
94 | *option*: `tls_cert_dir` => `/etc/openldap/cacerts` | |
|
95 | # This specifies the path of a directory that contains individual CA certificates in separate files. | |
|
96 | ||
|
97 | *option*: `base_dn` => `dc=rhodecode,dc=com` | |
|
98 | # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials | |
|
99 | # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com) | |
|
100 | ||
|
101 | *option*: `user_search_base` => `ou=RC-Users` | |
|
102 | # User search base will extend the Base DN | |
|
103 | # (e.g., ou=Users will result in ou=Users,dc=mydomain,dc=com root DN) | |
|
56 | 104 | |
|
57 | # Auth Cache TTL, Defines the caching for authentication to offload LDAP server. | |
|
58 | # This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access | |
|
59 | 3600 | |
|
60 | # Host, comma seperated format is optionally possible to specify more than 1 server | |
|
61 | https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/ | |
|
62 | # Default LDAP Port, use 689 for LDAPS | |
|
63 | 389 | |
|
64 | # Account, used for SimpleBind if LDAP server requires an authentication | |
|
65 | e.g admin@server.com | |
|
66 | # Password used for simple bind | |
|
67 | ldap-user-password | |
|
68 | # LDAP connection security | |
|
69 | LDAPS | |
|
70 | # Certificate checks level | |
|
71 | DEMAND | |
|
72 | # Base DN | |
|
73 | cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com | |
|
74 | # User Search Base | |
|
75 | ou=groups,ou=users | |
|
76 | # LDAP search filter to narrow the results | |
|
77 | (objectClass=person) | |
|
78 | # LDAP search scope | |
|
79 | SUBTREE | |
|
80 | # Login attribute | |
|
81 | sAMAccountName | |
|
82 | # First Name Attribute to read | |
|
83 | givenName | |
|
84 | # Last Name Attribute to read | |
|
85 | sn | |
|
86 | # Email Attribute to read email address from | |
|
87 | ||
|
88 | # group extraction method | |
|
89 | rfc2307bis | |
|
90 | # Group search base | |
|
91 | ou=RC-Groups | |
|
92 | # Group Name Attribute, field to read the group name from | |
|
93 | sAMAAccountName | |
|
94 | # User Member of Attribute, field in which groups are stored | |
|
95 | memberOf | |
|
96 | # LDAP Group Search Filter, allows narrowing the results | |
|
105 | *option*: `user_search_filter` => `` | |
|
106 | # Filter to narrow results | |
|
107 | # (e.g., (&(objectCategory=Person)(objectClass=user)), or | |
|
108 | # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com))) | |
|
109 | ||
|
110 | *option*: `search_scope` => `SUBTREE` | |
|
111 | # How deep to search LDAP. If unsure set to SUBTREE | |
|
112 | ||
|
113 | *option*: `attr_login` => `sAMAccountName` | |
|
114 | # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName) | |
|
115 | ||
|
116 | *option*: `attr_email` => `mail` | |
|
117 | # LDAP Attribute to map to email address (e.g., mail). | |
|
118 | # Emails are a crucial part of RhodeCode. | |
|
119 | # If possible add a valid email attribute to ldap users. | |
|
120 | ||
|
121 | *option*: `attr_firstname` => `givenName` | |
|
122 | # LDAP Attribute to map to first name (e.g., givenName) | |
|
123 | ||
|
124 | *option*: `attr_lastname` => `sn` | |
|
125 | # LDAP Attribute to map to last name (e.g., sn) | |
|
126 | ||
|
127 | *option*: `group_extraction_type` => `rfc2307bis` | |
|
128 | # With rfc2307, group members are listed by name in the memberUid attribute | |
|
129 | # With rfc2307bis (Microsoft AD compatible) group members are listed by DN and stored in the member attribute | |
|
97 | 130 |
|
|
98 | # Admin Groups. Comma separated list of groups. If user is member of | |
|
99 | # any of those he will be marked as super-admin in RhodeCode | |
|
100 | admins, management | |
|
131 | *option*: `group_search_base` => `ou=RC-Groups` | |
|
132 | # Group search base will extend the Base DN (e.g. ou=Groups will result in ou=Groups,dc=mydomain,dc=com) | |
|
101 | 133 | |
|
134 | *option*: `group_name_attr` => `sAMAccountName` | |
|
135 | # LDAP Attribute to map to group name (e.g., cn, or sAMAccountName) | |
|
136 | ||
|
137 | *option*: `user_member_of` => `memberOf` | |
|
138 | # Users Attribute used to fetch the group membership. | |
|
139 | # Use if users have stored group membership inside their attributes | |
|
140 | # (e.g., memberOf, or userMemberOf) | |
|
102 | 141 | |
|
103 | Below is example setup that can be used with Active Directory and ldap groups. | |
|
142 | *option*: `group_search_filter` => `` | |
|
143 | # Filter to narrow results (e.g., (&(objectCategory=Group)(objectClass=group)), etc) | |
|
144 | ||
|
145 | *option*: `group_member_of` => `memberOf` | |
|
146 | # LDAP Attribute used to resolve the parent group (e.g., memberOf) | |
|
104 | 147 |
|
|
105 | .. image:: ../images/ldap-groups-example.png | |
|
106 | :alt: LDAP/AD setup example | |
|
107 | :scale: 50 % | |
|
148 | *option*: `admin_groups` => `Admins,Management` | |
|
149 | # A comma separated list of group names that identify users as RhodeCode Administrators (e.g., admins) | |
|
150 | ||
|
151 | *option*: `admin_groups_sync` => `full` | |
|
152 | # Way to sync Admin groups. | |
|
153 | # Full means admin flag is set to on or off according to membership in administrator group defined above. | |
|
154 | # On-only means the flag is only set to on, and not turned off once user is no longer a member | |
|
155 | ||
|
108 | 156 |
|
|
109 | 157 | .. toctree:: |
|
110 | 158 |
@@ -3,11 +3,9 b'' | |||
|
3 | 3 | LDAP/AD |
|
4 | 4 | ------- |
|
5 | 5 | |
|
6 |
|RC |
|
|
6 | |RCE| supports LDAP (Lightweight Directory Access Protocol) or | |
|
7 | 7 | AD (active Directory) authentication. |
|
8 | All LDAP versions are supported, with the following |RCM| plugins managing each: | |
|
9 | ||
|
10 | * For LDAP or Active Directory use ``LDAP (egg:rhodecode-enterprise-ce#ldap)`` | |
|
8 | All LDAP versions are currently supported. | |
|
11 | 9 | |
|
12 | 10 | RhodeCode reads all data defined from plugin and creates corresponding |
|
13 | 11 | accounts on local database after receiving data from LDAP. This is done on |
@@ -30,11 +28,12 b' LDAP Configuration Steps' | |||
|
30 | 28 | |
|
31 | 29 | To configure |LDAP|, use the following steps: |
|
32 | 30 | |
|
33 |
1. From the |RC |
|
|
31 | 1. From the |RCE| interface, select | |
|
34 | 32 | :menuselection:`Admin --> Authentication` |
|
35 |
2. |
|
|
36 | 3. Select the :guilabel:`Enabled` check box in the plugin configuration section | |
|
37 | 4. Add the required LDAP information and :guilabel:`Save`, for more details, | |
|
33 | 2. Activate the `LDAP` plugin and select :guilabel:`Save` | |
|
34 | 3. Go to newly available menu option called `LDAP` on the left side. | |
|
35 | 4. Check the `enabled` check box in the plugin configuration section, | |
|
36 | and fill in the required LDAP information and :guilabel:`Save`, for more details, | |
|
38 | 37 | see :ref:`config-ldap-examples` |
|
39 | 38 | |
|
40 | 39 | For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`: |
@@ -43,44 +42,73 b' For a more detailed description of LDAP ' | |||
|
43 | 42 | |
|
44 | 43 | Example LDAP configuration |
|
45 | 44 | ^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
46 | .. code-block:: bash | |
|
45 | ||
|
46 | Below is example setup that can be used with Active Directory/LDAP server:: | |
|
47 | ||
|
48 | *option*: `enabled` => `True` | |
|
49 | # Enable or disable this authentication plugin. | |
|
50 | ||
|
51 | *option*: `cache_ttl` => `360` | |
|
52 | # Amount of seconds to cache the authentication and permissions check response call for this plugin. | |
|
53 | # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled). | |
|
54 | ||
|
55 | *option*: `host` => `192.168.245.143,192.168.1.240` | |
|
56 | # Host[s] of the LDAP Server | |
|
57 | # (e.g., 192.168.2.154, or ldap-server.domain.com. | |
|
58 | # Multiple servers can be specified using commas | |
|
59 | ||
|
60 | *option*: `port` => `389` | |
|
61 | # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL) | |
|
62 | ||
|
63 | *option*: `timeout` => `300` | |
|
64 | # Timeout for LDAP connection | |
|
65 | ||
|
66 | *option*: `dn_user` => `Administrator@rhodecode.com` | |
|
67 | # Optional user DN/account to connect to LDAP if authentication is required. | |
|
68 | # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com | |
|
69 | ||
|
70 | *option*: `dn_pass` => `SomeSecret` | |
|
71 | # Password to authenticate for given user DN. | |
|
72 | ||
|
73 | *option*: `tls_kind` => `PLAIN` | |
|
74 | # TLS Type | |
|
47 | 75 | |
|
48 | # Auth Cache TTL, Defines the caching for authentication to offload LDAP server. | |
|
49 | # This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access | |
|
50 | 3600 | |
|
51 | # Host, comma seperated format is optionally possible to specify more than 1 server | |
|
52 | https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/ | |
|
53 | # Default LDAP Port, use 689 for LDAPS | |
|
54 | 389 | |
|
55 | # Account, used for SimpleBind if LDAP server requires an authentication | |
|
56 | e.g admin@server.com | |
|
57 | # Password used for simple bind | |
|
58 | ldap-user-password | |
|
59 | # LDAP connection security | |
|
60 | LDAPS | |
|
61 | # Certificate checks level | |
|
62 | DEMAND | |
|
63 | # Base DN | |
|
64 | cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com | |
|
65 | # LDAP search filter to narrow the results | |
|
66 | (objectClass=person) | |
|
67 | # LDAP search scope | |
|
68 | SUBTREE | |
|
69 | # Login attribute | |
|
70 | sAMAccountName | |
|
71 | # First Name Attribute to read | |
|
72 | givenName | |
|
73 | # Last Name Attribute to read | |
|
74 | sn | |
|
75 | # Email Attribute to read email address from | |
|
76 | ||
|
76 | *option*: `tls_reqcert` => `NEVER` | |
|
77 | # Require Cert over TLS?. Self-signed and custom certificates can be used when | |
|
78 | # `RhodeCode Certificate` found in admin > settings > system info page is extended. | |
|
79 | ||
|
80 | *option*: `tls_cert_file` => `` | |
|
81 | # This specifies the PEM-format file path containing certificates for use in TLS connection. | |
|
82 | # If not specified `TLS Cert dir` will be used | |
|
83 | ||
|
84 | *option*: `tls_cert_dir` => `/etc/openldap/cacerts` | |
|
85 | # This specifies the path of a directory that contains individual CA certificates in separate files. | |
|
86 | ||
|
87 | *option*: `base_dn` => `cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com` | |
|
88 | # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials | |
|
89 | # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com) | |
|
77 | 90 | |
|
91 | *option*: `filter` => `(objectClass=person)` | |
|
92 | # Filter to narrow results | |
|
93 | # (e.g., (&(objectCategory=Person)(objectClass=user)), or | |
|
94 | # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com))) | |
|
78 | 95 | |
|
79 | Below is example setup that can be used with Active Directory/LDAP server. | |
|
96 | *option*: `search_scope` => `SUBTREE` | |
|
97 | # How deep to search LDAP. If unsure set to SUBTREE | |
|
98 | ||
|
99 | *option*: `attr_login` => `sAMAccountName` | |
|
100 | # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName) | |
|
80 | 101 |
|
|
81 | .. image:: ../images/ldap-example.png | |
|
82 | :alt: LDAP/AD setup example | |
|
83 | :scale: 50 % | |
|
102 | *option*: `attr_email` => `mail` | |
|
103 | # LDAP Attribute to map to email address (e.g., mail). | |
|
104 | # Emails are a crucial part of RhodeCode. | |
|
105 | # If possible add a valid email attribute to ldap users. | |
|
106 | ||
|
107 | *option*: `attr_firstname` => `givenName` | |
|
108 | # LDAP Attribute to map to first name (e.g., givenName) | |
|
109 | ||
|
110 | *option*: `attr_lastname` => `sn` | |
|
111 | # LDAP Attribute to map to last name (e.g., sn) | |
|
84 | 112 |
|
|
85 | 113 |
|
|
86 | 114 | .. toctree:: |
@@ -5,8 +5,8 b' PAM' | |||
|
5 | 5 | |
|
6 | 6 | To enable PAM authentication, use the following steps: |
|
7 | 7 | |
|
8 |
1. From the |RC |
|
|
9 |
2. |
|
|
8 | 1. From the |RCE| interface, go to :menuselection:`Admin --> Authentication` | |
|
9 | 2. Activate the ``rhodecode.lib.auth_modules.auth_pam`` library and select save | |
|
10 | 10 | 3. On the PAM plugin settings section, do the following: |
|
11 | 11 | |
|
12 | 12 | * Check the :guilabel:`Enable` checkbox |
@@ -3,7 +3,10 b'' | |||
|
3 | 3 | Authentication Tokens |
|
4 | 4 | --------------------- |
|
5 | 5 | |
|
6 | |RCE| has 4 different kinds of authentication tokens. | |
|
6 | |RCE| has 4 different kinds of authentication tokens. `API token`, `Feed tokens` work | |
|
7 | without a need to enable any additional authentication. `VCS tokens` require dedicated | |
|
8 | authentication plugin to be activated. `Web Interface tokens` are controlled by the | |
|
9 | white_list configuration. | |
|
7 | 10 | |
|
8 | 11 | * *API tokens*: API tokens can only be used to execute |RCE| API operations. |
|
9 | 12 | You can store your API token and assign it to each instance in |
@@ -13,14 +16,6 b' Authentication Tokens' | |||
|
13 | 16 | * *Feed tokens*: The feed token can only be used to access the RSS feed. |
|
14 | 17 |
|
|
15 | 18 | |
|
16 | * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn| | |
|
17 | operations instead of a password. They are designed to be used with | |
|
18 | CI Servers or other third party tools that require |repo| access. | |
|
19 | They are also a good replacement for SSH based access. | |
|
20 | To use these tokens you need be enabled special authentication method on | |
|
21 | |RCE|, as they are disabled by default. | |
|
22 | See :ref:`enable-vcs-tokens`. | |
|
23 | ||
|
24 | 19 | * *Web Interface tokens*: These token allows users to access the web |
|
25 | 20 | interface of |RCE| without logging in. |
|
26 | 21 | |
@@ -41,7 +36,16 b' Authentication Tokens' | |||
|
41 | 36 | https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token> |
|
42 | 37 | |
|
43 | 38 | # To show commit diff without logging into Web UI |
|
44 |
https://rhodecode.com/repo/ |
|
|
39 | https://rhodecode.com/repo/raw-diff/<sha>?auth_token=<web-api-token> | |
|
40 | ||
|
41 | * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn| | |
|
42 | operations instead of a password. They are designed to be used with | |
|
43 | CI Servers or other third party tools that require |repo| access. | |
|
44 | They are also a good replacement for SSH based access. | |
|
45 | To use these tokens you need be enabled special authentication method on | |
|
46 | |RCE|, as they are disabled by default. | |
|
47 | See :ref:`enable-vcs-tokens`. | |
|
48 | ||
|
45 | 49 | |
|
46 | 50 | .. _enable-vcs-tokens: |
|
47 | 51 | |
@@ -51,7 +55,7 b' Enabling VCS Tokens' | |||
|
51 | 55 | To enable VCS Tokens, use the following steps: |
|
52 | 56 | |
|
53 | 57 | 1. Go to :menuselection:`Admin --> Authentication`. |
|
54 |
2. |
|
|
58 | 2. Activate the ``rhodecode.lib.auth_modules.auth_token`` plugin. | |
|
55 | 59 | 3. Click :guilabel:`Save`. |
|
56 | 60 | |
|
57 | 61 | Authentication Token Tips |
@@ -67,7 +71,7 b' Creating Tokens' | |||
|
67 | 71 | |
|
68 | 72 | To create authentication tokens for an user, use the following steps: |
|
69 | 73 | |
|
70 |
1. From the |RC |
|
|
74 | 1. From the |RCE| interface go to | |
|
71 | 75 | :menuselection:`Username --> My Account --> Auth tokens`. |
|
72 | 76 | |
|
73 | 77 | 2. Label and Add the tokens you wish to use with |RCE|. |
@@ -4,29 +4,31 b' Authentication Options' | |||
|
4 | 4 | ====================== |
|
5 | 5 | |
|
6 | 6 | |RCE| provides a built in authentication against its own database. This is |
|
7 |
implemented using `` |
|
|
8 | enabled by default. | |
|
7 | implemented using ``RhodeCode Internal`` plugin. This plugin is enabled by default. | |
|
9 | 8 | Additionally, |RCE| provides a Pluggable Authentication System. This gives the |
|
10 | 9 | administrator greater control over how users authenticate with the system. |
|
11 | 10 | |
|
12 | 11 | .. important:: |
|
13 | 12 | |
|
14 |
You can disable the built in |RC |
|
|
15 |
`` |
|
|
13 | You can disable the built in |RCE| authentication plugin | |
|
14 | ``RhodeCode Internal`` and force all authentication to go | |
|
16 | 15 | through your authentication plugin of choice e.g LDAP only. |
|
17 | 16 | However, if you do this, and your external authentication tools fails, |
|
18 | you will be unable to access |RCM|. | |
|
17 | accessing |RCE| will be blocked unless a fallback plugin is | |
|
18 | enabled via :file: rhodecode.ini | |
|
19 | 19 | |
|
20 | |RCM| comes with the following user authentication management plugins: | |
|
20 | ||
|
21 | |RCE| comes with the following user authentication management plugins: | |
|
21 | 22 | |
|
22 | 23 | |
|
23 | 24 | .. toctree:: |
|
24 | 25 | |
|
26 | auth-token | |
|
25 | 27 | auth-ldap |
|
26 | 28 | auth-ldap-groups |
|
29 | auth-saml-generic | |
|
30 | auth-saml-onelogin | |
|
31 | auth-saml-duosecurity | |
|
27 | 32 | auth-crowd |
|
28 | 33 | auth-pam |
|
29 | auth-token | |
|
30 | 34 | ssh-connection |
|
31 | ||
|
32 |
@@ -3,27 +3,73 b'' | |||
|
3 | 3 | Active Directory |
|
4 | 4 | ---------------- |
|
5 | 5 | |
|
6 |
|RC |
|
|
6 | |RCE| can use Microsoft Active Directory for user authentication. This is | |
|
7 | 7 | done through an LDAP or LDAPS connection to Active Directory. Use the |
|
8 | 8 | following example LDAP configuration setting to set your Active Directory |
|
9 |
authentication |
|
|
10 | ||
|
11 | .. code-block:: ini | |
|
12 | ||
|
13 | # Set the Base DN | |
|
14 | Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local | |
|
15 | # Set the Active Directory SAM-Account-Name | |
|
16 | Login Attribute = sAMAccountName | |
|
17 | # Set the Active Directory user name | |
|
18 | First Name Attribute = usernameame | |
|
19 | # Set the Active Directory user surname | |
|
20 | Last Name Attribute = user_surname | |
|
21 | # Set the Active Directory user email | |
|
22 | E-mail Attribute = userEmail | |
|
9 | authentication:: | |
|
23 | 10 | |
|
24 | 11 | |
|
25 | Below is example setup that can be used with Active Directory and ldap groups. | |
|
12 | *option*: `enabled` => `True` | |
|
13 | # Enable or disable this authentication plugin. | |
|
14 | ||
|
15 | *option*: `cache_ttl` => `360` | |
|
16 | # Amount of seconds to cache the authentication and permissions check response call for this plugin. | |
|
17 | # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled). | |
|
18 | ||
|
19 | *option*: `host` => `192.168.245.143,192.168.1.240` | |
|
20 | # Host[s] of the LDAP Server | |
|
21 | # (e.g., 192.168.2.154, or ldap-server.domain.com. | |
|
22 | # Multiple servers can be specified using commas | |
|
23 | ||
|
24 | *option*: `port` => `389` | |
|
25 | # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL) | |
|
26 | ||
|
27 | *option*: `timeout` => `300` | |
|
28 | # Timeout for LDAP connection | |
|
29 | ||
|
30 | *option*: `dn_user` => `Administrator@rhodecode.com` | |
|
31 | # Optional user DN/account to connect to LDAP if authentication is required. | |
|
32 | # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com | |
|
33 | ||
|
34 | *option*: `dn_pass` => `SomeSecret` | |
|
35 | # Password to authenticate for given user DN. | |
|
36 | ||
|
37 | *option*: `tls_kind` => `PLAIN` | |
|
38 | # TLS Type | |
|
39 | ||
|
40 | *option*: `tls_reqcert` => `NEVER` | |
|
41 | # Require Cert over TLS?. Self-signed and custom certificates can be used when | |
|
42 | # `RhodeCode Certificate` found in admin > settings > system info page is extended. | |
|
26 | 43 | |
|
27 | .. image:: ../images/ldap-groups-example.png | |
|
28 | :alt: LDAP/AD setup example | |
|
29 | :scale: 50 % No newline at end of file | |
|
44 | *option*: `tls_cert_file` => `` | |
|
45 | # This specifies the PEM-format file path containing certificates for use in TLS connection. | |
|
46 | # If not specified `TLS Cert dir` will be used | |
|
47 | ||
|
48 | *option*: `tls_cert_dir` => `/etc/openldap/cacerts` | |
|
49 | # This specifies the path of a directory that contains individual CA certificates in separate files. | |
|
50 | ||
|
51 | *option*: `base_dn` => `OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local` | |
|
52 | # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials | |
|
53 | # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com) | |
|
54 | ||
|
55 | *option*: `filter` => `(objectClass=person)` | |
|
56 | # Filter to narrow results | |
|
57 | # (e.g., (&(objectCategory=Person)(objectClass=user)), or | |
|
58 | # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com))) | |
|
59 | ||
|
60 | *option*: `search_scope` => `SUBTREE` | |
|
61 | # How deep to search LDAP. If unsure set to SUBTREE | |
|
62 | ||
|
63 | *option*: `attr_login` => `sAMAccountName` | |
|
64 | # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName) | |
|
65 | ||
|
66 | *option*: `attr_email` => `userEmail` | |
|
67 | # LDAP Attribute to map to email address (e.g., mail). | |
|
68 | # Emails are a crucial part of RhodeCode. | |
|
69 | # If possible add a valid email attribute to ldap users. | |
|
70 | ||
|
71 | *option*: `attr_firstname` => `user_firstname` | |
|
72 | # LDAP Attribute to map to first name (e.g., givenName) | |
|
73 | ||
|
74 | *option*: `attr_lastname` => `user_surname` | |
|
75 | # LDAP Attribute to map to last name (e.g., sn) |
@@ -46,7 +46,7 b' The following LDAP attributes are requir' | |||
|
46 | 46 | * The LDAP username or account used to connect to |RCE|. This will be added |
|
47 | 47 | to the LDAP filter for locating the user object. |
|
48 | 48 | * For example, if an LDAP filter is specified as `LDAPFILTER`, |
|
49 | the login attribute is specified as `uid`, and the user connects as | |
|
49 | the login/username attribute is specified as `uid`, and the user connects as | |
|
50 | 50 | `jsmith`, then the LDAP Filter will be like the following example. |
|
51 | 51 | |
|
52 | 52 | .. code-block:: vim |
@@ -68,7 +68,7 b' The following LDAP attributes are requir' | |||
|
68 | 68 | Optional settings |
|
69 | 69 | ^^^^^^^^^^^^^^^^^ |
|
70 | 70 | |
|
71 |
The following are optional when enabling LDAP on |RC |
|
|
71 | The following are optional when enabling LDAP on |RCE| | |
|
72 | 72 | |
|
73 | 73 | * An LDAP account is only required if the LDAP server does not allow |
|
74 | 74 | anonymous browsing of records. |
@@ -104,10 +104,4 b' The following are optional when enabling' | |||
|
104 | 104 | following directory: `/etc/openldap/cacerts` |
|
105 | 105 | |
|
106 | 106 | |
|
107 | Below is example setup that can be used with Active Directory and ldap groups. | |
|
108 | ||
|
109 | .. image:: ../images/ldap-groups-example.png | |
|
110 | :alt: LDAP/AD setup example | |
|
111 | :scale: 50 % | |
|
112 | ||
|
113 | 107 | .. _RFC 2254: http://www.rfc-base.org/rfc-2254.html No newline at end of file |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | Code Review |
|
4 | 4 | =========== |
|
5 | 5 | |
|
6 |
|RC |
|
|
6 | |RCE| provides two ways in which you can review code. You can review |prs| or | |
|
7 | 7 | commits. To better understand |prs|, see the :ref:`pull-requests-ref` |
|
8 | 8 | and :ref:`collaborate-ref` sections. For more information about why |
|
9 | 9 | code review matters, see these posts on the topic: |
@@ -16,7 +16,7 b' review purposes.' | |||
|
16 | 16 | Reviewing Changes |
|
17 | 17 | ----------------- |
|
18 | 18 | |
|
19 |
|RC |
|
|
19 | |RCE| displays all code changes made with each commit. Removed content is | |
|
20 | 20 | marked in red and new content in green. |
|
21 | 21 | |
|
22 | 22 | .. image:: ../images/plain-diff.png |
@@ -10,7 +10,7 b' 3. Leave a commit message that outlines ' | |||
|
10 | 10 | 4. Set the review status to :guilabel:`Approved` |
|
11 | 11 | 5. Select :guilabel:`Comment` |
|
12 | 12 | |
|
13 |
If you approve the |pr|, you will be able to merge automatically if |RC |
|
|
13 | If you approve the |pr|, you will be able to merge automatically if |RCE| | |
|
14 | 14 | detects that it can do so safely. You will see this message: |
|
15 | 15 | |
|
16 | 16 | :guilabel:`This pull request can be automatically merged.` |
@@ -7,7 +7,7 b' Collaboration' | |||
|
7 | 7 | |
|
8 | 8 | Forking and branching does not work with |svn| |repos|. |
|
9 | 9 | |
|
10 |
Collaboration in |RC |
|
|
10 | Collaboration in |RCE| is accomplished through a combination of the following | |
|
11 | 11 | functions: |
|
12 | 12 | |
|
13 | 13 | .. only:: latex |
@@ -55,7 +55,7 b' on the web interface. To branch a |git| ' | |||
|
55 | 55 | $ git commit -a -m "ghost script: initial file" |
|
56 | 56 | $ git push |
|
57 | 57 | |
|
58 |
Once it is pushed to the |RC |
|
|
58 | Once it is pushed to the |RCE| server, you can switch to the newly created | |
|
59 | 59 | branch using the following steps: |
|
60 | 60 | |
|
61 | 61 | 1. Select :menuselection:`Admin --> Repositories`. |
@@ -4,7 +4,7 b' Using Notifications' | |||
|
4 | 4 | ------------------- |
|
5 | 5 | |
|
6 | 6 | To notify users of items that require their attention you can use the mention |
|
7 |
function. The mention function allows you to use ``@username`` within |RC |
|
|
7 | function. The mention function allows you to use ``@username`` within |RCE|. | |
|
8 | 8 | The notification function can be used within the following |
|
9 | 9 | items to highlight their need for attention: |
|
10 | 10 |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | Merge a |pr| |
|
4 | 4 | ------------ |
|
5 | 5 | |
|
6 |
|RC |
|
|
6 | |RCE| can detect if it can automatically merge the changes in a |pr|. If it | |
|
7 | 7 | can, you will see the following message: |
|
8 | 8 | :guilabel:`This pull request can be automatically merged.` To merge, |
|
9 | 9 | click the big blue button! To enable this feature, see :ref:`server-side-merge`. |
@@ -21,7 +21,7 b' messages:' | |||
|
21 | 21 | Manual Merge a |PR| |
|
22 | 22 | ^^^^^^^^^^^^^^^^^^^ |
|
23 | 23 | |
|
24 |
If |RC |
|
|
24 | If |RCE| cannot safely merge the changes in a |pr|, | |
|
25 | 25 | usually due to conflicts, you need to manually merge the changes on the |
|
26 | 26 | command line. You can see more information for each |repo| type at the |
|
27 | 27 | following links: |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | Notifications Overview |
|
2 | 2 | ---------------------- |
|
3 | 3 | |
|
4 |
|RC |
|
|
4 | |RCE| has an integrated notification system which alerts users to requests | |
|
5 | 5 | that they have received. Notifications can occur for the following reasons: |
|
6 | 6 | |
|
7 | 7 | * Pull request reviews |
@@ -3,7 +3,7 b' Pull request management' | |||
|
3 | 3 | |
|
4 | 4 | .. only:: html |
|
5 | 5 | |
|
6 |
There are two ways of tracking |prs| within |RC |
|
|
6 | There are two ways of tracking |prs| within |RCE|. | |
|
7 | 7 | |
|
8 | 8 | 1. :ref:`prs-your-review` |
|
9 | 9 | 2. :ref:`prs-per-repo` |
@@ -15,7 +15,7 b' Pull requests for your review' | |||
|
15 | 15 | |
|
16 | 16 | To view pull requests for your review, use the following steps: |
|
17 | 17 | |
|
18 |
1. From the |RC |
|
|
18 | 1. From the |RCE| interface, Select | |
|
19 | 19 | :menuselection:`username --> Notifications` |
|
20 | 20 | 2. Select :guilabel:`Pull Requests` |
|
21 | 21 |
@@ -20,7 +20,7 b' 3. Set the review status from one of the' | |||
|
20 | 20 | 4. Select Comment |
|
21 | 21 | |
|
22 | 22 | When the |pr| is approved by all reviewers you will be able to merge |
|
23 |
automatically if |RC |
|
|
23 | automatically if |RCE| detects that it can do so safely. You will see this | |
|
24 | 24 | message: `This pull request can be automatically merged.` |
|
25 | 25 | |
|
26 | 26 | If rejected, you can fix the issues raised during review and then update the |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | Supported Workflows |
|
2 | 2 | ------------------- |
|
3 | 3 | |
|
4 |
|RC |
|
|
4 | |RCE| can be used to develop using a variety of different workflows. | |
|
5 | 5 | |
|
6 | 6 | * Centralized, using |svn|, |git|, or |hg| |repos| |
|
7 | 7 | * Feature-Branch, using |git| or |hg| |repos| |
@@ -20,10 +20,7 b" rst_epilog = '''" | |||
|
20 | 20 | .. |psf| replace:: Python Software Foundation |
|
21 | 21 | .. |repo| replace:: repository |
|
22 | 22 | .. |repos| replace:: repositories |
|
23 | .. |RCI| replace:: RhodeCode Control | |
|
24 | 23 | .. |RCC| replace:: RhodeCode Control |
|
25 | .. |RCV| replace:: RhodeCode Enterprise | |
|
26 | .. |RCM| replace:: RhodeCode Enterprise | |
|
27 | 24 | .. |RCE| replace:: RhodeCode Enterprise |
|
28 | 25 | .. |RCCE| replace:: RhodeCode Community |
|
29 | 26 | .. |RCEE| replace:: RhodeCode Enterprise |
@@ -31,6 +28,5 b" rst_epilog = '''" | |||
|
31 | 28 | .. |RCT| replace:: RhodeCode Tools |
|
32 | 29 | .. |RCEBOLD| replace:: **RhodeCode Enterprise** |
|
33 | 30 | .. |RCEITALICS| replace:: `RhodeCode Enterprise` |
|
34 | .. |RC| replace:: RhodeCode | |
|
35 | 31 | .. |RNS| replace:: Release Notes |
|
36 | 32 | ''' |
@@ -18,7 +18,7 b' so to clarify what is meant each time, r' | |||
|
18 | 18 | Hooks |
|
19 | 19 | ----- |
|
20 | 20 | |
|
21 |
Within |RC |
|
|
21 | Within |RCE| there are two types of supported hooks. | |
|
22 | 22 | |
|
23 | 23 | * **Internal built-in hooks**: The internal |hg|, |git| or |svn| hooks are |
|
24 | 24 | triggered by different VCS operations, like push, pull, |
@@ -1,13 +1,13 b'' | |||
|
1 |
|RC |
|
|
1 | |RCE| | |
|
2 | 2 | ===== |
|
3 | 3 | |
|
4 |
|RC |
|
|
4 | |RCE| is a high-performance source code management and collaboration system. | |
|
5 | 5 | It enables you to develop projects securely behind the firewall while |
|
6 | 6 | providing collaboration tools that work with |git|, |hg|, |
|
7 | 7 | and |svn| |repos|. The user interface allows you to create, edit, |
|
8 | 8 | and commit files and |repos| while managing their security permissions. |
|
9 | 9 | |
|
10 |
|RC |
|
|
10 | |RCE| provides the following features: | |
|
11 | 11 | |
|
12 | 12 | * Source code management. |
|
13 | 13 | * Extended permissions management. |
@@ -18,7 +18,7 b' and commit files and |repos| while manag' | |||
|
18 | 18 | * Web-based hook management. |
|
19 | 19 | * Native |svn| support. |
|
20 | 20 | * Migration from existing databases. |
|
21 |
* |RC |
|
|
21 | * |RCE| SDK. | |
|
22 | 22 | * Built-in analytics |
|
23 | 23 | * Built in integrations including: Slack, Webhooks (used for Jenkins/TeamCity and other CIs), Jira, Redmine, Hipchat |
|
24 | 24 | * Pluggable authentication system. |
@@ -5,8 +5,24 b' Supported Databases' | |||
|
5 | 5 | |
|
6 | 6 | .. important:: |
|
7 | 7 | |
|
8 |
We do not recommend using SQLite in a production environment |
|
|
9 | supported by |RCE| for evaluation purposes. | |
|
8 | We do not recommend using SQLite in a production environment of more than 5 people. | |
|
9 | It is not suited for higher usage and mayb cause problems. | |
|
10 | ||
|
11 | ||
|
12 | |RCE| supports the following databases. The recommended encoding is UTF-8. | |
|
13 | ||
|
14 | .. only:: latex | |
|
15 | ||
|
16 | * :ref:`install-sqlite-database` | |
|
17 | * :ref:`install-mysql-database` | |
|
18 | * :ref:`install-postgresql-database` | |
|
19 | ||
|
20 | .. toctree:: | |
|
21 | ||
|
22 | using-mysql | |
|
23 | using-postgresql | |
|
24 | using-sqllite | |
|
25 | ||
|
10 | 26 | |
|
11 | 27 | Database Overview |
|
12 | 28 | ----------------- |
@@ -48,21 +64,3 b' following example to configure the corre' | |||
|
48 | 64 | # for the RCE instance you are installing |
|
49 | 65 | Database name: example-db-name-for-2xx # The 2xx version database |
|
50 | 66 | Database name: example-db-name-for-3xx # The 3xx version database |
|
51 | ||
|
52 | Supported Databases | |
|
53 | ------------------- | |
|
54 | ||
|
55 | |RCM| supports the following databases. The recommended encoding is Unicode | |
|
56 | UTF-8. | |
|
57 | ||
|
58 | .. only:: latex | |
|
59 | ||
|
60 | * :ref:`install-sqlite-database` | |
|
61 | * :ref:`install-mysql-database` | |
|
62 | * :ref:`install-postgresql-database` | |
|
63 | ||
|
64 | .. toctree:: | |
|
65 | ||
|
66 | using-mysql | |
|
67 | using-postgresql | |
|
68 | using-sqllite |
@@ -4,7 +4,7 b' Post Installation Tasks' | |||
|
4 | 4 | ======================= |
|
5 | 5 | |
|
6 | 6 | The following tasks are the most common post installation requirements. Use |
|
7 |
the information in these sections to configure your instance of |RC |
|
|
7 | the information in these sections to configure your instance of |RCE|. | |
|
8 | 8 | |
|
9 | 9 | .. toctree:: |
|
10 | 10 |
@@ -3,21 +3,21 b'' | |||
|
3 | 3 | Migrating |repos| |
|
4 | 4 | ----------------- |
|
5 | 5 | |
|
6 |
If you have installed |RC |
|
|
6 | If you have installed |RCE| and have |repos| that you wish to migrate into | |
|
7 | 7 | the system, use the following instructions. |
|
8 | 8 | |
|
9 |
1. On the |RC |
|
|
9 | 1. On the |RCE| interface, check your |repo| storage location under | |
|
10 | 10 | :menuselection:`Admin --> Settings --> System Info`. For example, |
|
11 | 11 | Storage location: /home/{username}/repos. |
|
12 | 12 | |
|
13 |
2. Copy the |repos| that you want |RC |
|
|
13 | 2. Copy the |repos| that you want |RCE| to manage to this location. | |
|
14 | 14 | 3. Remap and rescan the |repos|, see :ref:`remap-rescan` |
|
15 | 15 | |
|
16 | 16 | .. important:: |
|
17 | 17 | |
|
18 |
Directories create |repo| groups inside |RC |
|
|
18 | Directories create |repo| groups inside |RCE|. | |
|
19 | 19 | |
|
20 |
Importing adds |RC |
|
|
20 | Importing adds |RCE| git hooks to your |repos|. | |
|
21 | 21 | |
|
22 | 22 | You should verify if custom ``.hg`` or ``.hgrc`` files inside |
|
23 |
repositories should be adjusted since |RC |
|
|
23 | repositories should be adjusted since |RCE| reads the content of them. |
@@ -27,9 +27,12 b' 2. Run the |RCC| installer and accept th' | |||
|
27 | 27 | |
|
28 | 28 | .. code-block:: bash |
|
29 | 29 | |
|
30 |
$ chmod |
|
|
30 | $ chmod +x RhodeCode-installer-linux-* | |
|
31 | 31 | $ ./RhodeCode-installer-linux-* |
|
32 | 32 | |
|
33 | Do you accept the RhodeCode Control license? | |
|
34 | Press [Y] to accept license and [V] to view license text: y | |
|
35 | ||
|
33 | 36 | 3. Install a VCS Server, and configure it to start at boot. |
|
34 | 37 | |
|
35 | 38 | .. code-block:: bash |
@@ -3,12 +3,12 b'' | |||
|
3 | 3 | Set up Email |
|
4 | 4 | ------------ |
|
5 | 5 | |
|
6 |
To setup email with your |RC |
|
|
6 | To setup email with your |RCE| instance, open the default | |
|
7 | 7 | :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` |
|
8 | 8 | file and uncomment and configure the email section. If it is not there, |
|
9 | 9 | use the below example to insert it. |
|
10 | 10 | |
|
11 |
Once configured you can check the settings for your |RC |
|
|
11 | Once configured you can check the settings for your |RCE| instance on the | |
|
12 | 12 | :menuselection:`Admin --> Settings --> Email` page. |
|
13 | 13 | |
|
14 | 14 | .. code-block:: ini |
@@ -4,15 +4,15 b' MySQL or MariaDB' | |||
|
4 | 4 | ---------------- |
|
5 | 5 | |
|
6 | 6 | To use a MySQL or MariaDB database you should install and configure the |
|
7 |
database before installing |RC |
|
|
7 | database before installing |RCE|. This is because during |RCE| installation | |
|
8 | 8 | you will setup a connection to your MySQL or MariaDB database. To work with |
|
9 | 9 | either, use the following steps: |
|
10 | 10 | |
|
11 | 11 | 1. Depending on your |os|, install a MySQL or MariaDB database following the |
|
12 | 12 | appropriate instructions from the `MySQL website`_ or `MariaDB website`_. |
|
13 | 13 | 2. Configure the database with a username and password which you will use |
|
14 |
with |RC |
|
|
15 |
3. Install |RC |
|
|
14 | with |RCE|. | |
|
15 | 3. Install |RCE|, and during installation select MySQL as your database. | |
|
16 | 16 | 4. Enter the following information during the database setup: |
|
17 | 17 | |
|
18 | 18 | * Your network IP Address |
@@ -4,15 +4,15 b' PostgreSQL' | |||
|
4 | 4 | ---------- |
|
5 | 5 | |
|
6 | 6 | To use a PostgreSQL database, you should install and configure the database |
|
7 |
before installing |RC |
|
|
7 | before installing |RCE|. This is because during |RCE| installation you will | |
|
8 | 8 | setup the connection to your PostgreSQL database. To work with PostgreSQL, |
|
9 | 9 | use the following steps: |
|
10 | 10 | |
|
11 | 11 | 1. Depending on your |os|, install a PostgreSQL database following the |
|
12 | 12 | appropriate instructions from the `PostgreSQL website`_. |
|
13 | 13 | 2. Configure the database with a username and password, which you will use |
|
14 |
with |RC |
|
|
15 |
3. Install |RC |
|
|
14 | with |RCE|. | |
|
15 | 3. Install |RCE|, and during installation select PostgreSQL as your database. | |
|
16 | 16 | 4. Enter the following information during the database setup: |
|
17 | 17 | |
|
18 | 18 | * Your network IP Address |
@@ -9,15 +9,15 b' SQLite' | |||
|
9 | 9 | as it has an internal locking mechanism which can become a performance |
|
10 | 10 | bottleneck when there are more than 5 concurrent users. |
|
11 | 11 | |
|
12 |
|RC |
|
|
12 | |RCE| installs SQLite as the default database if you do not specify another | |
|
13 | 13 | during installation. SQLite is suitable for small teams, |
|
14 | 14 | projects with a low load, and evaluation purposes since it is built into |
|
15 |
|RC |
|
|
15 | |RCE| and does not require any additional database server. | |
|
16 | 16 | |
|
17 | 17 | Using MySQL or PostgreSQL in an large setup gives you much greater |
|
18 | 18 | performance, and while migration tools exist to move from one database type |
|
19 | 19 | to another, it is better to get it right first time and to immediately use |
|
20 |
MySQL or PostgreSQL when you deploy |RC |
|
|
20 | MySQL or PostgreSQL when you deploy |RCE| in a production environment. | |
|
21 | 21 | |
|
22 | 22 | Migrating From SQLite to PostgreSQL |
|
23 | 23 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
@@ -11,9 +11,9 b' different Slack channels, for example.' | |||
|
11 | 11 | Supported integrations |
|
12 | 12 | ^^^^^^^^^^^^^^^^^^^^^^ |
|
13 | 13 | |
|
14 | ================================ ============ ======================================== | |
|
15 |
Type/Name |
|
|
16 | ================================ ============ ======================================== | |
|
14 | ================================ ================== ======================================== | |
|
15 | Type/Name RhodeCode Edition Description | |
|
16 | ================================ ================== ======================================== | |
|
17 | 17 | :ref:`integrations-webhook` |RCCEshort| Trigger events as `json` to a custom url |
|
18 | 18 | :ref:`integrations-slack` |RCCEshort| Integrate with https://slack.com/ |
|
19 | 19 | :ref:`integrations-hipchat` |RCCEshort| Integrate with https://www.hipchat.com/ |
@@ -24,7 +24,7 b' Type/Name |RC|' | |||
|
24 | 24 | :ref:`integrations-jenkins` |RCEEshort| Trigger Builds for Jenkins CI System |
|
25 | 25 | :ref:`integrations-redmine` |RCEEshort| Close/Resolve/Reference Redmine issues |
|
26 | 26 | :ref:`integrations-jira` |RCEEshort| Close/Resolve/Reference JIRA issues |
|
27 | ================================ ============ ======================================== | |
|
27 | ================================ ================== ======================================== | |
|
28 | 28 | |
|
29 | 29 | .. _creating-integrations: |
|
30 | 30 |
@@ -9,7 +9,7 b' You can set an issue tracker connection ' | |||
|
9 | 9 | * At the |repo| level, you can configure an integration with a different issue |
|
10 | 10 | tracker. |
|
11 | 11 | |
|
12 |
To integrate |RC |
|
|
12 | To integrate |RCE| with an issue tracker, you need to define a regular | |
|
13 | 13 | expression that will fetch the issue ID stored in commit messages, and replace |
|
14 | 14 | it with a URL. This enables |RCE| to generate a link matching each issue to the |
|
15 | 15 | target |repo|. |
@@ -7,7 +7,7 b' Error Message' | |||
|
7 | 7 | Error creating repository repo-name |
|
8 | 8 | |
|
9 | 9 | Cause |
|
10 |
As of |RC |
|
|
10 | As of |RCE| 3.0, a VCS Server is required to run backend operations. | |
|
11 | 11 | |
|
12 | 12 | Solution |
|
13 | 13 | Install a VCS Server. See the `Install a VCS Server`_ section of |RCC| |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | Nix Packaging |
|
4 | 4 | ============= |
|
5 | 5 | |
|
6 |
|RC |
|
|
6 | |RCE| is installed using |Nix Package Manager|. The Nix environment provides | |
|
7 | 7 | the following features for maintenance and deployment: |
|
8 | 8 | |
|
9 | 9 | * Atomic upgrades and rollbacks |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | |RCE| 3.0.0 |RNS| |
|
2 | 2 | ----------------- |
|
3 | 3 | |
|
4 |
As |RC |
|
|
4 | As |RCE| 3.0 is a big release, the release notes have been split into the following sections: | |
|
5 | 5 | |
|
6 | 6 | * :ref:`general-rn-ref` |
|
7 | 7 | * :ref:`security-rn-ref` |
@@ -44,10 +44,10 b' following example:' | |||
|
44 | 44 | Installing |RCT| |
|
45 | 45 | ^^^^^^^^^^^^^^^^ |
|
46 | 46 | |
|
47 |
|RCT| enable you to automate many of the most common |RC |
|
|
47 | |RCT| enable you to automate many of the most common |RCE| functions through | |
|
48 | 48 | the API. Installing them on a local machine lets you carry out maintenance on |
|
49 | 49 | the server remotely. Once installed you can use them to index your |repos| |
|
50 |
to setup full-text search, strip commits, or install |
|
|
50 | to setup full-text search, strip commits, or install RhodeCode Extensions for | |
|
51 | 51 | additional functionality. |
|
52 | 52 | |
|
53 | 53 | For more detailed instructions about using |RCT| for indexing and full-text |
@@ -3,7 +3,7 b'' | |||
|
3 | 3 | |RCT| |
|
4 | 4 | ===== |
|
5 | 5 | |
|
6 |
|RCT| enable you to automate many of the most common |RC |
|
|
6 | |RCT| enable you to automate many of the most common |RCE| functions through | |
|
7 | 7 | the API. |
|
8 | 8 | |
|
9 | 9 | .. toctree:: |
@@ -16,7 +16,7 b' rhodecode-tools' | |||
|
16 | 16 | --------------- |
|
17 | 17 | |
|
18 | 18 | Use |RCT| to setup automation, run the indexer, and install extensions for |
|
19 |
your |RC |
|
|
19 | your |RCE| instances. Options: | |
|
20 | 20 | |
|
21 | 21 | .. rst-class:: dl-horizontal |
|
22 | 22 | |
@@ -49,7 +49,7 b' Example usage:' | |||
|
49 | 49 | rhodecode-api |
|
50 | 50 | ------------- |
|
51 | 51 | |
|
52 |
The |
|
|
52 | The RhodeCode API lets you connect to |RCE| and carry out management tasks from a | |
|
53 | 53 | remote machine, for more information about the API, see the :ref:`api`. To |
|
54 | 54 | pass arguments on the command-line use the ``method:option`` syntax. |
|
55 | 55 | |
@@ -117,7 +117,7 b' Options:' | |||
|
117 | 117 | rhodecode-cleanup-gists |
|
118 | 118 | ----------------------- |
|
119 | 119 | |
|
120 |
Use this to delete gists within |RC |
|
|
120 | Use this to delete gists within |RCE|. Options: | |
|
121 | 121 | |
|
122 | 122 | .. rst-class:: dl-horizontal |
|
123 | 123 | |
@@ -166,7 +166,7 b' Example usage:' | |||
|
166 | 166 | rhodecode-cleanup-repos |
|
167 | 167 | ----------------------- |
|
168 | 168 | |
|
169 |
Use this to manage |repos| and |repo| groups within |RC |
|
|
169 | Use this to manage |repos| and |repo| groups within |RCE|. Options: | |
|
170 | 170 | |
|
171 | 171 | .. rst-class:: dl-horizontal |
|
172 | 172 | |
@@ -280,7 +280,7 b' the using :ref:`integrations-rcextension' | |||
|
280 | 280 | rhodecode-gist |
|
281 | 281 | -------------- |
|
282 | 282 | |
|
283 |
Use this to create, list, show, or delete gists within |RC |
|
|
283 | Use this to create, list, show, or delete gists within |RCE|. Options: | |
|
284 | 284 | |
|
285 | 285 | .. rst-class:: dl-horizontal |
|
286 | 286 |
@@ -7,7 +7,7 b' To install |RCT| correctly, see the inst' | |||
|
7 | 7 | :ref:`install-tools`, and :ref:`config-rhoderc`. |
|
8 | 8 | |
|
9 | 9 | Once |RCT| is installed, and the :file:`/home/{user}/.rhoderc` file is |
|
10 |
configured you can then use |RCT| on each |RC |
|
|
10 | configured you can then use |RCT| on each |RCE| instance to carry out admin | |
|
11 | 11 | tasks. Use the following example to configure that file, |
|
12 | 12 | and once configured see the :ref:`tools-cli` for more details. |
|
13 | 13 |
@@ -95,10 +95,10 b' but below is the example shortcut.' | |||
|
95 | 95 | |
|
96 | 96 | # Check that the script is uploaded to your home directory |
|
97 | 97 | $ ls -1 |
|
98 | RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3 | |
|
98 | RhodeCode-installer-linux-buildYYYYXXXX_ZZZZ | |
|
99 | 99 | |
|
100 | 100 | # Change the script permissions |
|
101 |
$ chmod |
|
|
101 | $ chmod +x RhodeCode-installer-linux* | |
|
102 | 102 | |
|
103 | 103 | # Run the installer and accept the prompts |
|
104 | 104 | $ ./RhodeCode-installer-linux-* |
@@ -7,13 +7,13 b'' | |||
|
7 | 7 | Git Large File Storage (or LFS) is a new, open-source extension to Git that |
|
8 | 8 | aims to improve handling of large files. It does this by replacing large files |
|
9 | 9 | in your repository—such as graphics and videos—with simple text pointers. |
|
10 |
|
|
|
10 | RhodeCode Server includes an embedded LFS object store server, allowing storage of | |
|
11 | 11 | large files without the need for an external object store. |
|
12 | 12 | Git LFS is disabled by default, globally, and for each individual repository. |
|
13 | 13 | |
|
14 | 14 | .. note:: |
|
15 | 15 | |
|
16 |
|
|
|
16 | RhodeCode implements V2 API of Git LFS. Please make sure your git client is | |
|
17 | 17 | using the latest version (2.0.X recommended) to leverage full feature set |
|
18 | 18 | of the V2 API. |
|
19 | 19 | |
@@ -22,7 +22,7 b' Git LFS is disabled by default, globally' | |||
|
22 | 22 | Enabling Git LFS |
|
23 | 23 | ++++++++++++++++ |
|
24 | 24 | |
|
25 |
Git LFS is disabled by default within |
|
|
25 | Git LFS is disabled by default within RhodeCode Server. | |
|
26 | 26 | |
|
27 | 27 | To enable Git LFS Globally: |
|
28 | 28 | |
@@ -87,7 +87,7 b' size in bytes. For example::' | |||
|
87 | 87 | |
|
88 | 88 | |
|
89 | 89 | The object itself will be uploaded to a separate location via the Git LFS Batch API. |
|
90 |
The transfer is validated and authorized by |
|
|
90 | The transfer is validated and authorized by RhodeCode server itself. | |
|
91 | 91 | |
|
92 | 92 | If give repository has Git LFS disabled, a proper message will be sent back to |
|
93 | 93 | the client and upload of LFS objects will be forbidden. |
@@ -13,7 +13,7 b' of the current revision. This saves both' | |||
|
13 | 13 | Enabling HG Largefiles |
|
14 | 14 | ++++++++++++++++++++++ |
|
15 | 15 | |
|
16 |
Mercurial Largefiles extension is disabled by default within |
|
|
16 | Mercurial Largefiles extension is disabled by default within RhodeCode Server. | |
|
17 | 17 | |
|
18 | 18 | To enable Mercurial Largefiles Globally: |
|
19 | 19 |
@@ -25,7 +25,7 b' Pre-requisites' | |||
|
25 | 25 | * For MySQL, do not use `localhost` in the database connection string of the |
|
26 | 26 | :file:`rhodecode.ini` file. |
|
27 | 27 | * InnoDB must be the database tables engine. |
|
28 |
* Contact |
|
|
28 | * Contact RhodeCode for a new licence Key/Token pair. If you don't, a trial licence | |
|
29 | 29 | will be applied so you are not locked out of the upgraded instance. |
|
30 | 30 | |
|
31 | 31 | You can find the specific instructions to carry out these pre-requisite steps |
@@ -3,19 +3,19 b'' | |||
|
3 | 3 | Getting Started with VCS |
|
4 | 4 | ------------------------ |
|
5 | 5 | |
|
6 |
When using |RC |
|
|
6 | When using |RCE|, you will be working with |git|, |svn| or |hg| |repos| from the | |
|
7 | 7 | command line or using a GUI client such as Tortoise, Tower or SourceTree. |
|
8 | 8 | |
|
9 |
|RC |
|
|
9 | |RCE| uses a standard |git|, |svn| and |hg| protocols. So all tools that | |
|
10 | 10 | can interact with there protocols are supported, including Eclipse or PyCharm |
|
11 | 11 | plugins. |
|
12 | 12 | |
|
13 | 13 | |
|
14 | 14 | If you have never used either before, the following information should |
|
15 | 15 | help you set up your local machine so that you can sync changes with the |
|
16 |
|RC |
|
|
16 | |RCE| server. | |
|
17 | 17 | |
|
18 |
All of the following instructions assume you have a |RC |
|
|
18 | All of the following instructions assume you have a |RCE| account, | |
|
19 | 19 | and you can access your |repos| from the web interface. |
|
20 | 20 | |
|
21 | 21 | .. note:: |
@@ -3,14 +3,14 b' File Editing' | |||
|
3 | 3 | |
|
4 | 4 | To edit files using the online editor, use the following steps. |
|
5 | 5 | |
|
6 |
1. From the |RC |
|
|
6 | 1. From the |RCE| interface, select :menuselection:`Admin --> Repositories` | |
|
7 | 7 | 2. Select the |repo| in which you want to edit a file. |
|
8 | 8 | 3. Select the :guilabel:`file` view of the |repo|, and double-click on the file. |
|
9 | 9 | 4. To open the editor, select the :guilabel:`edit on branch:default` button. |
|
10 | 10 | |
|
11 |
* If the filename has an extension |RC |
|
|
11 | * If the filename has an extension |RCE| recognises, | |
|
12 | 12 | the syntax highlighting will appear automatically. |
|
13 |
* If the filename does not have an extension |RC |
|
|
13 | * If the filename does not have an extension |RCE| recognises, | |
|
14 | 14 | you can set the language syntax highlighter by |
|
15 | 15 | choosing from the file type drop down menu. |
|
16 | 16 | 5. To save your changes, select :guilabel:`Commit changes` |
@@ -4,7 +4,7 b' Gist Editing' | |||
|
4 | 4 | ^^^^^^^^^^^^ |
|
5 | 5 | |
|
6 | 6 | Gists are standalone files that only the creator can edit. To work with |
|
7 |
gists, click on the :guilabel:`Gists` tab on the |RC |
|
|
7 | gists, click on the :guilabel:`Gists` tab on the |RCE| header. The gist | |
|
8 | 8 | editor also has syntax highlighting. |
|
9 | 9 | |
|
10 | 10 | You can set the following properties for each gist: |
@@ -13,7 +13,7 b' You can set the following properties for' | |||
|
13 | 13 | and will show up in searches. |
|
14 | 14 | * :guilabel:`Gist Lifetime`: You can set a gist to expire after a set |
|
15 | 15 | period by using the :guilabel:`Gist Lifetime` dropdown menu. |
|
16 |
This means that when the gist expires it will be deleted from the |RC |
|
|
16 | This means that when the gist expires it will be deleted from the |RCE| | |
|
17 | 17 | gist database. |
|
18 | 18 | * :guilabel:`Private`: This means that the gist will not show up in searches. |
|
19 | 19 | * :guilabel:`Gist access level`: If you create a private gist you can have |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | Online Editing |
|
2 | 2 | -------------- |
|
3 | 3 | |
|
4 |
|RC |
|
|
4 | |RCE| has an integrated online editor, allowing you to edit files in the | |
|
5 | 5 | browser. The online editor has syntax highlighting and the ability to fork, |
|
6 | 6 | merge, and commit changes to files. |
|
7 | 7 |
@@ -249,7 +249,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||
|
249 | 249 | colander.Int(), |
|
250 | 250 | default=389, |
|
251 | 251 | description=_('Custom port that the LDAP server is listening on. ' |
|
252 | 'Default value is: 389'), | |
|
252 | 'Default value is: 389, use 689 for LDAPS(SSL)'), | |
|
253 | 253 | preparer=strip_whitespace, |
|
254 | 254 | title=_('Port'), |
|
255 | 255 | validator=colander.Range(min=0, max=65536), |
@@ -534,7 +534,7 b' address {' | |||
|
534 | 534 | color: @grey4; |
|
535 | 535 | font-family: @text-light; |
|
536 | 536 | &.pre-formatting { |
|
537 | white-space: pre; | |
|
537 | white-space: pre-wrap; | |
|
538 | 538 | } |
|
539 | 539 | } |
|
540 | 540 |
@@ -97,6 +97,18 b'' | |||
|
97 | 97 | ${h.end_form()} |
|
98 | 98 | </div> |
|
99 | 99 | </div> |
|
100 | ||
|
101 | % if request.GET.get('schema'): | |
|
102 | ## this is for development and creation of example configurations for documentation | |
|
103 | <pre> | |
|
104 | % for node in plugin.get_settings_schema(): | |
|
105 | *option*: `${node.name}` => `${defaults.get(node.name)}`${'\n # '.join(['']+node.description.splitlines())} | |
|
106 | ||
|
107 | % endfor | |
|
108 | </pre> | |
|
109 | ||
|
110 | % endif | |
|
111 | ||
|
100 | 112 | </div> |
|
101 | 113 | </div> |
|
102 | 114 | </div> |
@@ -104,8 +116,7 b'' | |||
|
104 | 116 | </div> |
|
105 | 117 | </div> |
|
106 | 118 | |
|
107 | ## TODO: Ugly hack to get ldap select elements to work. | |
|
108 | ## Find a solution to integrate this nicely. | |
|
119 | ||
|
109 | 120 | <script> |
|
110 | 121 | $(document).ready(function() { |
|
111 | 122 | var select2Options = { |
|
1 | NO CONTENT: file was removed, binary diff hidden |
|
1 | NO CONTENT: file was removed, binary diff hidden |
General Comments 0
You need to be logged in to leave comments.
Login now