##// END OF EJS Templates
docs: added SAML documentation....
marcink -
r3290:ac4e4e5a default
parent child Browse files
Show More
@@ -0,0 +1,105 b''
1 .. _config-saml-duosecurity-ref:
2
3
4 SAML 2.0 with Duo Security
5 --------------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with Duo Security provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as Duo. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure Duo Security SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `Duo Security` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `Duo Security` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-duosecurity`
27
28
29 .. _config-saml-duosecurity:
30
31
32 Example SAML Duo Security configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with Duo Security provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
50
51 *option*: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>
54
55 *option*: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from DuoSecurity for example via duo_username
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93 Below is example setup from DUO Administration page that can be used with above config.
94
95 .. image:: ../images/saml-duosecurity-service-provider-example.png
96 :alt: DUO Security SAML setup example
97 :scale: 50 %
98
99
100 Below is an example attribute mapping set for IDP provider required by the above config.
101
102
103 .. image:: ../images/saml-duosecurity-attributes-example.png
104 :alt: DUO Security SAML setup example
105 :scale: 50 % No newline at end of file
@@ -0,0 +1,18 b''
1 .. _config-saml-generic-ref:
2
3
4 SAML 2.0 Authentication
5 -----------------------
6
7
8 **This plugin is available only in EE Edition.**
9
10 RhodeCode Supports standard SAML 2.0 SSO for the web-application part.
11
12 Please check for reference two example providers:
13
14 .. toctree::
15
16 auth-saml-duosecurity
17 auth-saml-onelogin
18
@@ -0,0 +1,106 b''
1 .. _config-saml-onelogin-ref:
2
3
4 SAML 2.0 with One Login
5 -----------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with OneLogin provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as OneLogin. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure OneLogin SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `OneLogin` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `OneLogin` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-onelogin`
27
28
29 .. _config-saml-onelogin:
30
31
32 Example SAML OneLogin configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with OneLogin provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>
50
51 *option*: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
54
55 *option*: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from OneLogin for example via Internal ID
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93
94 Below is example setup that can be used with OneLogin SAML authentication that can be used with above config..
95
96 .. image:: ../images/saml-onelogin-config-example.png
97 :alt: OneLogin SAML setup example
98 :scale: 50 %
99
100
101 Below is an example attribute mapping set for IDP provider required by the above config.
102
103
104 .. image:: ../images/saml-onelogin-attributes-example.png
105 :alt: OneLogin SAML setup example
106 :scale: 50 % No newline at end of file
1 NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
@@ -1,22 +1,22 b''
1 1 .. _permissions-info-anon-ref:
2 2
3 3 Anonymous Users
4 4 ---------------
5 5
6 By default, |RCM| provides |repo| access for registered users only. It can be
6 By default, |RCE| provides |repo| access for registered users only. It can be
7 7 configured to be **world-open** in terms of read and write permissions. This
8 configuration is called "Anonymous Access" and allows |RCM| to be used as a
8 configuration is called "Anonymous Access" and allows |RCE| to be used as a
9 9 public hub where unregistered users have access to your |repos|.
10 10
11 11 Anonymous access is useful for open source projects, universities,
12 12 or if running inside a restricted internal corporate network to serve
13 13 documents to all employees. Anonymous users get the default user permission
14 settings that are applied across the whole |RCM| system.
14 settings that are applied across the whole |RCE| system.
15 15
16 16 To enable anonymous access to your |repos|, use the following steps:
17 17
18 1. From the |RCM| interface, select :menuselection:`Admin --> Permissions`.
18 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`.
19 19 2. On the Application tab, check the :guilabel:`Allow anonymous access` box.
20 20 3. Select :guilabel:`Save`.
21 21 4. To set the anonymous user access permissions, which are based on the
22 22 default user settings, see :ref:`permissions-default-ref`.
@@ -1,241 +1,241 b''
1 1 .. _admin-tricks:
2 2
3 3 One-time Admin Tasks
4 4 --------------------
5 5
6 6 * :ref:`web-analytics`
7 7 * :ref:`admin-tricks-license`
8 8 * :ref:`announcements`
9 9 * :ref:`md-rst`
10 10 * :ref:`repo-stats`
11 11 * :ref:`server-side-merge`
12 12 * :ref:`remap-rescan`
13 13 * :ref:`custom-hooks`
14 14 * :ref:`clear-repo-cache`
15 15 * :ref:`set-repo-pub`
16 16 * :ref:`ping`
17 17
18 18 .. _web-analytics:
19 19
20 20 Adding Web Analytics
21 21 ^^^^^^^^^^^^^^^^^^^^
22 22
23 23 If you wish to add a Google Analytics, or any other kind of tracker to your
24 24 |RCE| instance you can add the necessary codes to the header or footer
25 25 section of each instance using the following steps:
26 26
27 27 1. From the |RCE| interface, select
28 28 :menuselection:`Admin --> Settings --> Global`
29 29 2. To add a tracking code to you instance, enter it in the header or footer
30 30 section and select **Save**
31 31
32 32 Use the example templates in the drop-down menu to set up your configuration.
33 33
34 34 .. _admin-tricks-license:
35 35
36 36 Licence Key Management
37 37 ^^^^^^^^^^^^^^^^^^^^^^
38 38
39 39 To manage your license key, go to
40 40 :menuselection:`Admin --> Settings --> License`.
41 41 On this page you can see the license key details. If you need a new license,
42 42 or have questions about your current one, contact support@rhodecode.com
43 43
44 44 .. _announcements:
45 45
46 46 Server-wide Announcements
47 47 ^^^^^^^^^^^^^^^^^^^^^^^^^
48 48
49 49 If you need to make a server-wide announcement to all users,
50 50 you can add a message to be displayed using the following steps:
51 51
52 52 1. From the |RCE| interface, select
53 53 :menuselection:`Admin --> Settings --> Global`
54 54 2. To add a message that will be displayed to all users,
55 55 select :guilabel:`Server Announcement` from the drop-down menu and
56 56 change the ``var message = "TYPE YOUR MESSAGE HERE";`` example line.
57 57 3. Select :guilabel:`Save`, and you will see the message once your page
58 58 refreshes.
59 59
60 60 .. image:: ../images/server-wide-announcement.png
61 61 :alt: Server Wide Announcement
62 62
63 63 .. _md-rst:
64 64
65 65
66 66 Suppress license warnings or errors
67 67 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
68 68
69 69 In case you're running on maximum allowed users, RhodeCode will display a
70 70 warning message on pages that you're close to the license limits.
71 71 It's often not desired to show that all the time. Here's how you can suppress
72 72 the license messages.
73 73
74 74 1. From the |RCE| interface, select
75 75 :menuselection:`Admin --> Settings --> Global`
76 76 2. Select :guilabel:`Flash message filtering` from the drop-down menu.
77 77 3. Select :guilabel:`Save`, and you will no longer see the license message
78 78 once your page refreshes.
79 79
80 80 .. _admin-tricks-suppress-license-messages:
81 81
82 82
83 83 Markdown or RST Rendering
84 84 ^^^^^^^^^^^^^^^^^^^^^^^^^
85 85
86 86 |RCE| can use `Markdown`_ or `reStructured Text`_ in commit message,
87 87 code review messages, and inline comments. To set the default to either,
88 88 select your preference from the drop-down menu on the
89 89 :menuselection:`Admin --> Settings --> Visual` page and select
90 90 :guilabel:`Save settings`.
91 91
92 92 .. _repo-stats:
93 93
94 94 Enabling Repository Statistics
95 95 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
96 96
97 97 To enable |repo| statistics, use the following steps:
98 98
99 99 1. From the |RCE| interface, open
100 100 :menuselection:`Admin --> Repositories` and select
101 101 :guilabel:`Edit` beside the |repo| for which you wish to enable statistics.
102 102 2. Check the :guilabel:`Enable statistics` box, and select :guilabel:`Save`
103 103
104 104 .. _server-side-merge:
105 105
106 106 Enabling Server-side Merging
107 107 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
108 108
109 109 To enable server-side merging, use the following steps:
110 110
111 111 1. From the |RCE| interface, open :menuselection:`Admin --> Settings --> VCS`
112 112 2. Check the :guilabel:`Server-side merge` box, and select
113 113 :guilabel:`Save Settings`
114 114
115 115 If you encounter slow performance with server-side merging enabled, check the
116 116 speed at which your server is performing actions. When server-side merging is
117 117 enabled, the following actions occurs on the server.
118 118
119 119 * A |pr| is created in the database.
120 120 * A shadow |repo| is created as a working environment for the |pr|.
121 121 * On display, |RCE| checks if the |pr| can be merged.
122 122
123 123 To check how fast the shadow |repo| creation is occurring on your server, use
124 124 the following steps:
125 125
126 126 1. Log into your server and create a directory in your |repos| folder.
127 127 2. Clone a |repo| that is showing slow performance and time the action.
128 128
129 129 .. code-block:: bash
130 130
131 131 # One option is to use the time command
132 132 $ time hg clone SOURCE_REPO TARGET
133 133
134 134 .. _remap-rescan:
135 135
136 136 Remap and Rescan Repositories
137 137 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
138 138
139 139 You may want to Remap and rescan the |repos| that |RCE| is managing to ensure
140 140 the system is always up-to-date. This is useful after importing, deleting,
141 141 or carrying out general cleaning up operations. To do this use the
142 142 following steps:
143 143
144 144 1. From the |RCE|, open
145 145 :menuselection:`Admin --> Settings --> Remap and rescan`
146 146 2. Click :guilabel:`Rescan Repositories`
147 147
148 148 Check the additional options if needed:
149 149
150 150 * :guilabel:`Destroy old data`: Useful for purging deleted repository
151 151 information from the database.
152 152 * :guilabel:`Invalidate cache for all repositories`: Use this to completely
153 153 remap all |repos|. Useful when importing or migrating |repos| to ensure all
154 154 new information is picked up.
155 155
156 156 .. _custom-hooks:
157 157
158 158 Adding Custom Hooks
159 159 ^^^^^^^^^^^^^^^^^^^
160 160
161 161 To add custom hooks to your instance, use the following steps:
162 162
163 163 1. Open :menuselection:`Admin --> Settings --> Hooks`
164 164 2. Add your custom hook details, you can use a file path to specify custom
165 165 hook scripts, for example:
166 166 ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
167 167 3. Select :guilabel:`Save`
168 168
169 Also, see the |RC| Extensions section of the :ref:`rc-tools` guide. |RC|
169 Also, see the RhodeCode Extensions section of the :ref:`rc-tools` guide. RhodeCode
170 170 Extensions can be used to add additional hooks to your instance and comes
171 171 with a number of pre-built plugins if you chose to install them.
172 172
173 173 .. _clear-repo-cache:
174 174
175 175 Clearing |repo| cache
176 176 ^^^^^^^^^^^^^^^^^^^^^
177 177
178 178 If you need to clear the cache for a particular |repo|, use the following steps:
179 179
180 180 1. Open :menuselection:`Admin --> Repositories` and select :guilabel:`Edit`
181 181 beside the |repo| whose cache you wish to clear.
182 182 2. On the |repo| settings page, go to the :guilabel:`Caches` tab and select
183 183 :guilabel:`Invalidate repository cache`.
184 184
185 185 .. _set-lang:
186 186
187 187 Changing Default Language
188 188 ^^^^^^^^^^^^^^^^^^^^^^^^^
189 189
190 190 To change the default language of a |RCE| instance, change the language code
191 191 in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. To
192 192 do this, use the following steps.
193 193
194 194 1. Open the :file:`rhodecode.ini` file and set the required language code.
195 195
196 196 .. code-block:: ini
197 197
198 198 ## Optional Languages
199 199 ## en(default), de, fr, it, ja, pl, pt, ru, zh
200 200 lang = de
201 201
202 202 2. Restart the |RCE| instance and check that the language has been updated.
203 203
204 204 .. code-block:: bash
205 205
206 206 $ rccontrol restart enterprise-2
207 207 Instance "enterprise-2" successfully stopped.
208 208 Instance "enterprise-2" successfully started.
209 209
210 210 .. image:: ../images/language.png
211 211
212 212 .. _set-repo-pub:
213 213
214 214 Setting Repositories to Publish
215 215 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
216 216
217 217 To automatically promote your local |repos| to public after pushing to |RCE|,
218 218 enable the :guilabel:`Set repositories as publishing` option on the
219 219 :menuselection:`Admin --> Settings --> VCS` page.
220 220
221 221 .. note::
222 222
223 223 This option is enabled by default on most |RCE| versions, but if upgrading
224 224 from a 1.7.x version it could be disabled on upgrade due to inheriting
225 225 older default settings.
226 226
227 227 .. _ping:
228 228
229 229 Pinging the |RCE| Server
230 230 ^^^^^^^^^^^^^^^^^^^^^^^^
231 231
232 232 You can check the IP Address of your |RCE| instance using the
233 233 following URL: ``{instance-URL}/_admin/ping``.
234 234
235 235 .. code-block:: bash
236 236
237 237 $ curl https://your.rhodecode.url/_admin/ping
238 238 pong[rce-7880] => 203.0.113.23
239 239
240 240 .. _Markdown: http://daringfireball.net/projects/markdown/
241 241 .. _reStructured Text: http://docutils.sourceforge.net/docs/index.html
@@ -1,55 +1,55 b''
1 1 .. _apache-wsgi-ref:
2 2
3 3 Apache WSGI Configuration
4 4 ^^^^^^^^^^^^^^^^^^^^^^^^^
5 5
6 |RCM| can also be set up with Apache under ``mod_wsgi``. To configure this
6 |RCE| can also be set up with Apache under ``mod_wsgi``. To configure this
7 7 use the following steps.
8 8
9 9 1. Install ``mod_wsgi`` using the following command:
10 10 ``aptitude install libapache2-mod-wsgi``.
11 11 2. Enable ``mod_wsgi`` using the following command: ``a2enmod wsgi``
12 12 3. Create a ``wsgi`` dispatch script, using the following examples.
13 13
14 14 .. code-block:: bash
15 15
16 16 WSGIDaemonProcess pylons \
17 17 threads=4 \
18 18 # check the python virtual env location
19 19 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
20 20 # Check the install location
21 21 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
22 22 WSGIPassAuthorization On
23 23 # user=www-data group=www-data # Enable if running Apache as root
24 24
25 25 .. note::
26 26
27 27 Do not set ``processes=num`` in this configuration file. Running |RCE| in
28 28 multiprocess mode with Apache is not supported.
29 29
30 30 The following is an example ``wsgi`` dispatch script.
31 31
32 32 .. code-block:: python
33 33
34 34 import os
35 35 os.environ["HGENCODING"] = "UTF-8"
36 36 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
37 37
38 38 # Set the current dir
39 39 os.chdir('/home/web/rhodecode/')
40 40
41 41 import site
42 42 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
43 43
44 44 from paste.deploy import loadapp
45 45 from paste.script.util.logging_config import fileConfig
46 46
47 47 fileConfig('/home/web/rhodecode/production.ini')
48 48 application = loadapp('config:/home/web/rhodecode/production.ini')
49 49
50 50 .. note::
51 51
52 52 When using `mod_wsgi` the same version of |hg| must be running in your
53 system's |PY| environment and on |RCM|. To check the |RCM| version,
53 system's |PY| environment and on |RCE|. To check the |RCE| version,
54 54 on the interface go to
55 55 :menuselection:`Admin --> Settings --> System Info`
@@ -1,74 +1,74 b''
1 1 .. _config-files:
2 2
3 3 Configuration Files Overview
4 4 ============================
5 5
6 6 |RCE| and |RCC| have a number of different configuration files. The following
7 7 is a brief explanation of each, and links to their associated configuration
8 8 sections.
9 9
10 10 .. rst-class:: dl-horizontal
11 11
12 12 \- **rhodecode.ini**
13 13 Default location:
14 14 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
15 15
16 16 This is the main |RCE| configuration file and controls much of its
17 17 default behaviour. It is also used to configure certain customer
18 18 settings. Here are some of the most common reasons to make changes to
19 19 this file.
20 20
21 21 * :ref:`config-database`
22 22 * :ref:`set-up-mail`
23 23 * :ref:`increase-gunicorn`
24 24 * :ref:`x-frame`
25 25
26 26 \- **mapping.ini**
27 27 Default location:
28 28 :file:`/home/{user}/.rccontrol/{instance-id}/mapping.ini`
29 29
30 30 This file is used to control the |RCE| indexer. It comes configured
31 31 to index your instance. To change the default configuration, see
32 32 :ref:`advanced-indexing`.
33 33
34 34 \- **vcsserver.ini**
35 35 Default location:
36 36 :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`
37 37
38 38 The VCS Server handles the connection between your |repos| and |RCE|.
39 39 See the :ref:`vcs-server` section for configuration options and more
40 40 detailed information.
41 41
42 42 \- **supervisord.ini**
43 43 Default location:
44 44 :file:`/home/{user}/.rccontrol/supervisor/supervisord.ini`
45 45
46 46 |RCC| uses Supervisor to monitor and manage installed instances of
47 47 |RCE| and the VCS Server. |RCC| will manage this file completely,
48 48 unless you install |RCE| in self-managed mode. For more information,
49 49 see the :ref:`Supervisor Setup<control:supervisor-setup>` section.
50 50
51 51 \- **.rccontrol.ini**
52 52 Default location: :file:`/home/{user}/.rccontrol.ini`
53 53
54 54 This file contains the instances that |RCC| starts at boot, which is all
55 55 by default, but for more information, see
56 56 the :ref:`Manually Start At Boot <control:set-start-boot>` section.
57 57
58 58 \- **.rhoderc**
59 59 Default location: :file:`/home/{user}/.rhoderc`
60 60
61 61 This file is used by the |RCE| API when accessing an instance from a
62 62 remote machine. The API checks this file for connection and
63 63 authentication details. For more details, see the :ref:`config-rhoderc`
64 64 section.
65 65
66 66 \- **MANIFEST**
67 67 Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
68 68
69 69 |RCC| uses this file to source the latest available builds from the
70 secure |RC| download channels. The only reason to mess with this file
70 secure RhodeCode download channels. The only reason to mess with this file
71 71 is if you need to do an offline installation,
72 72 see the :ref:`Offline Installation<control:offline-installer-ref>`
73 73 instructions, otherwise |RCC| will completely manage this file.
74 74
@@ -1,50 +1,50 b''
1 1 .. _glossary:
2 2
3 3 Glossary
4 4 ========
5 5
6 6 .. glossary::
7 7
8 8 DVCS
9 9 Distributed Version Control System, usually referring to |git| or |hg|.
10 10
11 11 Extension
12 12 An extension extends the capabilities of, or the data available to,
13 13 an existing software application.
14 14
15 15 Full-text Search
16 16 Indexing all files and |repos| managed by |RCE| and
17 17 making this data searchable from the interface.
18 18
19 19 Gist
20 20 A note that can only be edited by the author and shared using its
21 21 link within others. The sharing permissions can be set during
22 22 its creation.
23 23
24 24 Gunicorn
25 25 A Python WSGI HTTP Server used by |RCE|.
26 26
27 27 Hook
28 28 A hook intercepts function calls, messages, or events passed between
29 29 software components and can be used to trigger plugins, or their
30 30 extensions.
31 31
32 32 Horizontal scaling
33 33 Adding more machines or workers into your pool of resources.
34 34
35 35 Instance
36 A single installed version of one of the |RC| products. It could
36 A single installed version of one of the RhodeCode products. It could
37 37 refer to |RCE| or the VCS server depending on the context.
38 38
39 39 Plugin
40 40 A Plugin is software that adds a specific feature to an existing
41 41 software application.
42 42
43 43 tmpfs
44 44 Temporary file storage kept in volatile memory instead of persistent
45 45 storage.
46 46
47 47 VCS Server
48 48 The VCS Server handles the abstraction layer between the
49 49 supported version control systems and RhodeCode Enterprise.
50 50
@@ -1,276 +1,276 b''
1 1 .. _indexing-ref:
2 2
3 3 Full-text Search
4 4 ----------------
5 5
6 By default |RC| is configured to use `Whoosh`_ to index |repos| and
6 By default RhodeCode is configured to use `Whoosh`_ to index |repos| and
7 7 provide full-text search.
8 8
9 9 |RCE| also provides support for `Elasticsearch`_ as a backend for scalable
10 10 search. See :ref:`enable-elasticsearch` for details.
11 11
12 12 Indexing
13 13 ^^^^^^^^
14 14
15 15 To run the indexer you need to use an |authtoken| with admin rights to all
16 16 |repos|.
17 17
18 18 To index new content added, you have the option to set the indexer up in a
19 19 number of ways, for example:
20 20
21 21 * Call the indexer via a cron job. We recommend running this nightly,
22 22 unless you need everything indexed immediately.
23 23 * Set the indexer to infinitely loop and reindex as soon as it has run its
24 24 cycle.
25 25 * Hook the indexer up with your CI server to reindex after each push.
26 26
27 27 The indexer works by indexing new commits added since the last run. If you
28 28 wish to build a brand new index from scratch each time,
29 29 use the ``force`` option in the configuration file.
30 30
31 31 .. important::
32 32
33 33 You need to have |RCT| installed, see :ref:`install-tools`. Since |RCE|
34 34 3.5.0 they are installed by default.
35 35
36 36 To set up indexing, use the following steps:
37 37
38 38 1. :ref:`config-rhoderc`, if running tools remotely.
39 39 2. :ref:`run-index`
40 40 3. :ref:`set-index`
41 41 4. :ref:`advanced-indexing`
42 42
43 43 .. _config-rhoderc:
44 44
45 45 Configure the ``.rhoderc`` File
46 46 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
47 47
48 48 |RCT| uses the :file:`/home/{user}/.rhoderc` file for connection details
49 to |RCM| instances. If this file is not automatically created,
49 to |RCE| instances. If this file is not automatically created,
50 50 you can configure it using the following example. You need to configure the
51 51 details for each instance you want to index.
52 52
53 53 .. code-block:: bash
54 54
55 55 # Check the instance details
56 56 # of the instance you want to index
57 57 $ rccontrol status
58 58
59 59 - NAME: enterprise-1
60 60 - STATUS: RUNNING
61 61 - TYPE: Momentum
62 62 - VERSION: 1.5.0
63 63 - URL: http://127.0.0.1:10000
64 64
65 To get your API Token, on the |RCM| interface go to
65 To get your API Token, on the |RCE| interface go to
66 66 :menuselection:`username --> My Account --> Auth tokens`
67 67
68 68 .. code-block:: ini
69 69
70 70 # Configure .rhoderc with matching details
71 71 # This allows the indexer to connect to the instance
72 72 [instance:enterprise-1]
73 73 api_host = http://127.0.0.1:10000
74 74 api_key = <auth token goes here>
75 75 repo_dir = /home/<username>/repos
76 76
77 77 .. _run-index:
78 78
79 79 Run the Indexer
80 80 ^^^^^^^^^^^^^^^
81 81
82 82 Run the indexer using the following command, and specify the instance you
83 83 want to index:
84 84
85 85 .. code-block:: bash
86 86
87 87 # From inside a virtualevv
88 88 (venv)$ rhodecode-index --instance-name=enterprise-1
89 89
90 90 # Using default installation
91 91 $ /home/user/.rccontrol/enterprise-1/profile/bin/rhodecode-index \
92 92 --instance-name=enterprise-1
93 93
94 94 # Using a custom mapping file
95 95 $ /home/user/.rccontrol/enterprise-1/profile/bin/rhodecode-index \
96 96 --instance-name=enterprise-1 \
97 97 --mapping=/home/user/.rccontrol/enterprise-1/mapping.ini
98 98
99 99 .. note::
100 100
101 101 In case of often indexing the index may become fragmented. Most often a result of that
102 102 is error about `too many open files`. To fix this indexer needs to be executed with
103 103 --optimize flag. E.g `rhodecode-index --instance-name=enterprise-1 --optimize`
104 104 This should be executed regularly, once a week is recommended.
105 105
106 106
107 107 .. _set-index:
108 108
109 109 Schedule the Indexer
110 110 ^^^^^^^^^^^^^^^^^^^^
111 111
112 112 To schedule the indexer, configure the crontab file to run the indexer inside
113 113 your |RCT| virtualenv using the following steps.
114 114
115 115 1. Open the crontab file, using ``crontab -e``.
116 116 2. Add the indexer to the crontab, and schedule it to run as regularly as you
117 117 wish.
118 118 3. Save the file.
119 119
120 120 .. code-block:: bash
121 121
122 122 $ crontab -e
123 123
124 124 # The virtualenv can be called using its full path, so for example you can
125 125 # put this example into the crontab
126 126
127 127 # Run the indexer daily at 4am using the default mapping settings
128 128 * 4 * * * /home/ubuntu/.virtualenv/rhodecode-venv/bin/rhodecode-index \
129 129 --instance-name=enterprise-1
130 130
131 131 # Run the indexer every Sunday at 3am using default mapping
132 132 * 3 * * 0 /home/ubuntu/.virtualenv/rhodecode-venv/bin/rhodecode-index \
133 133 --instance-name=enterprise-1
134 134
135 135 # Run the indexer every 15 minutes
136 136 # using a specially configured mapping file
137 137 */15 * * * * ~/.rccontrol/enterprise-4/profile/bin/rhodecode-index \
138 138 --instance-name=enterprise-4 \
139 139 --mapping=/home/user/.rccontrol/enterprise-4/mapping.ini
140 140
141 141 .. _advanced-indexing:
142 142
143 143 Advanced Indexing
144 144 ^^^^^^^^^^^^^^^^^
145 145
146 146 |RCT| indexes based on the :file:`mapping.ini` file. To configure your index,
147 147 you can specify different options in this file. The default location is:
148 148
149 149 * :file:`/home/{user}/.rccontrol/{instance-id}/mapping.ini`, using default
150 150 |RCT|.
151 151 * :file:`~/venv/lib/python2.7/site-packages/rhodecode_tools/templates/mapping.ini`,
152 152 when using ``virtualenv``.
153 153
154 154 .. note::
155 155
156 156 If you need to create the :file:`mapping.ini` file, use the |RCT|
157 157 ``rhodecode-index --create-mapping path/to/file`` API call. For details,
158 158 see the :ref:`tools-cli` section.
159 159
160 160 The indexer runs in a random order to prevent a failing |repo| from stopping
161 161 a build. To configure different indexing scenarios, set the following options
162 162 inside the :file:`mapping.ini` and specify the altered file using the
163 163 ``--mapping`` option.
164 164
165 165 * ``index_files`` : Index the specified file types.
166 166 * ``skip_files`` : Do not index the specified file types.
167 167 * ``index_files_content`` : Index the content of the specified file types.
168 168 * ``skip_files_content`` : Do not index the content of the specified files.
169 169 * ``force`` : Create a fresh index on each run.
170 170 * ``max_filesize`` : Files larger than the set size will not be indexed.
171 171 * ``commit_parse_limit`` : Set the batch size when indexing commit messages.
172 172 Set to a lower number to lessen memory load.
173 173 * ``repo_limit`` : Set the maximum number or |repos| indexed per run.
174 174 * ``[INCLUDE]`` : Set |repos| you want indexed. This takes precedent over
175 175 ``[EXCLUDE]``.
176 176 * ``[EXCLUDE]`` : Set |repos| you do not want indexed. Exclude can be used to
177 177 not index branches, forks, or log |repos|.
178 178
179 179 At the end of the file you can specify conditions for specific |repos| that
180 180 will override the default values. To configure your indexer,
181 181 use the following example :file:`mapping.ini` file.
182 182
183 183 .. code-block:: ini
184 184
185 185 [__DEFAULT__]
186 186 # default patterns for indexing files and content of files.
187 187 # Binary files are skipped by default.
188 188
189 189 # Index python and markdown files
190 190 index_files = *.py, *.md
191 191
192 192 # Do not index these file types
193 193 skip_files = *.svg, *.log, *.dump, *.txt
194 194
195 195 # Index both file types and their content
196 196 index_files_content = *.cpp, *.ini, *.py
197 197
198 198 # Index file names, but not file content
199 199 skip_files_content = *.svg,
200 200
201 201 # Force rebuilding an index from scratch. Each repository will be rebuild
202 202 # from scratch with a global flag. Use local flag to rebuild single repos
203 203 force = false
204 204
205 205 # Do not index files larger than 385KB
206 206 max_filesize = 385KB
207 207
208 208 # Limit commit indexing to 500 per batch
209 209 commit_parse_limit = 500
210 210
211 211 # Limit each index run to 25 repos
212 212 repo_limit = 25
213 213
214 214 # __INCLUDE__ is more important that __EXCLUDE__.
215 215
216 216 [__INCLUDE__]
217 217 # Include all repos with these names
218 218
219 219 docs/* = 1
220 220 lib/* = 1
221 221
222 222 [__EXCLUDE__]
223 223 # Do not include the following repo in index
224 224
225 225 dev-docs/* = 1
226 226 legacy-repos/* = 1
227 227 *-dev/* = 1
228 228
229 229 # Each repo that needs special indexing is a separate section below.
230 230 # In each section set the options to override the global configuration
231 231 # parameters above.
232 232 # If special settings are not configured, the global configuration values
233 233 # above are inherited. If no special repositories are
234 234 # defined here RhodeCode will use the API to ask for all repositories
235 235
236 236 # For this repo use different settings
237 237 [special-repo]
238 238 commit_parse_limit = 20,
239 239 skip_files = *.idea, *.xml,
240 240
241 241 # For another repo use different settings
242 242 [another-special-repo]
243 243 index_files = *,
244 244 max_filesize = 800MB
245 245 commit_parse_limit = 20000
246 246
247 247 .. _enable-elasticsearch:
248 248
249 249 Enabling Elasticsearch
250 250 ^^^^^^^^^^^^^^^^^^^^^^
251 251
252 252 1. Open the :file:`rhodecode.ini` file for the instance you wish to edit. The
253 253 default location is
254 254 :file:`home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
255 255 2. Find the search configuration section:
256 256
257 257 .. code-block:: ini
258 258
259 259 ###################################
260 260 ## SEARCH INDEXING CONFIGURATION ##
261 261 ###################################
262 262
263 263 search.module = rhodecode.lib.index.whoosh
264 264 search.location = %(here)s/data/index
265 265
266 266 and change it to:
267 267
268 268 .. code-block:: ini
269 269
270 270 search.module = rc_elasticsearch
271 271 search.location = http://localhost:9200/
272 272
273 273 where ``search.location`` points to the elasticsearch server.
274 274
275 275 .. _Whoosh: https://pypi.python.org/pypi/Whoosh/
276 276 .. _Elasticsearch: https://www.elastic.co/ No newline at end of file
@@ -1,12 +1,12 b''
1 1 .. _public-access:
2 2
3 3 Public Access
4 4 -------------
5 5
6 By default |RCM| allows users to read all **public** |repos|. User
6 By default |RCE| allows users to read all **public** |repos|. User
7 7 permissions and |repo| access can be configured explicitly,
8 8 and those permissions will override any default settings. The default
9 9 settings can be found under the following section:
10 10
11 11 * :menuselection:`Admin --> Permissions --> Object`
12 12 * :menuselection:`Admin --> Permissions --> Global`
@@ -1,69 +1,69 b''
1 1 .. _permissions-default-ref:
2 2
3 3 Setting Default Permissions
4 4 ---------------------------
5 5
6 Default permissions allow you to configure |RCM| so that when a new |repo|, user group,
6 Default permissions allow you to configure |RCE| so that when a new |repo|, user group,
7 7 or user is created their permissions are already defined. To set default permissions you need administrator
8 8 privileges. See the following sections for setting up your permissions system:
9 9
10 10 * :ref:`user-default-ref`
11 11 * :ref:`user-group-default-ref`
12 12 * :ref:`repo-default-ref`
13 13 * :ref:`repo-group-default-ref`
14 14
15 15 .. _user-default-ref:
16 16
17 17 Setting User defaults
18 18 ^^^^^^^^^^^^^^^^^^^^^
19 19
20 20 To set default user permissions, use the following steps.
21 21
22 1. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
22 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
23 23 2. Select the :guilabel:`Global` tab from the left-hand menu. The permissions
24 24 set on this screen apply to users and user-groups across the whole instance.
25 25 3. Save your changes
26 26
27 27 .. _user-group-default-ref:
28 28
29 29 Setting User Group defaults
30 30 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
31 31
32 32 To set default user group permissions, use the following steps.
33 33
34 1. From the |RCM| interface, select :menuselection:`Admin --> User groups`
34 1. From the |RCE| interface, select :menuselection:`Admin --> User groups`
35 35 2. Select :guilabel:`Permissions`, and configure the default user
36 36 permissions. All users will get these permissions unless
37 37 individually set.
38 38 3. Select :guilabel:`Global permissions`, and if you wish to configure
39 39 non-standard behaviour, uncheck the
40 40 :guilabel:`inherit from default settings` box and configure the desired
41 41 permissions
42 42 4. Save your changes
43 43
44 44 .. _repo-default-ref:
45 45
46 46 Setting Repository defaults
47 47 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
48 48
49 49 To set default |repo| permissions, use the following steps.
50 50
51 1. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
51 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
52 52 2. Select the :guilabel:`Object` tab from the left-hand menu and set the
53 53 |perm| permissions
54 54 3. Save your changes
55 55
56 56 .. _repo-group-default-ref:
57 57
58 58 Setting Repository Group defaults
59 59 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
60 60
61 61 To set default Repository Group permissions, use the following steps.
62 62
63 1. From the |RCM| interface, select :menuselection:`Admin --> Repository Groups`
63 1. From the |RCE| interface, select :menuselection:`Admin --> Repository Groups`
64 64 2. Select :guilabel:`Edit` beside the |repo| group you wish to configure
65 65 3. On the left-hand pane select :guilabel:`Permissions`
66 66 4. Set the default permissions for all |repos| created in this group
67 67 5. Save your changes
68 68
69 69 .. |perm| replace:: :guilabel:`None, Read, Write, or Admin`
@@ -1,26 +1,26 b''
1 1 .. _permissions-info-add-group-ref:
2 2
3 3 Repository Administration
4 4 =========================
5 5
6 Repository permissions in |RCM| can be managed in a number of different ways.
6 Repository permissions in |RCE| can be managed in a number of different ways.
7 7 This overview should give you an insight into how you could adopt particular
8 8 settings for your needs:
9 9
10 10 * Global |repo| permissions: This allows you to set the default permissions
11 for each new |repo| created within |RCM|, see :ref:`repo-default-ref`. All
11 for each new |repo| created within |RCE|, see :ref:`repo-default-ref`. All
12 12 |repos| created will inherit these permissions unless explicitly configured.
13 13 * Individual |repo| permissions: To set individual |repo| permissions,
14 14 see :ref:`set-repo-perms`.
15 15 * Repository Group permissions: This allows you to define the permissions for
16 16 a group, and all |repos| created within that group will inherit the same
17 17 permissions.
18 18
19 19 .. toctree::
20 20
21 21 repo-perm-steps
22 22 repo-extra-fields
23 23 repo-hooks
24 24 repo-issue-tracker
25 25 repo-vcs
26 26
@@ -1,171 +1,171 b''
1 1 .. _system-overview-ref:
2 2
3 3 System Overview
4 4 ===============
5 5
6 6 Latest Version
7 7 --------------
8 8
9 9 * |release| on Unix and Windows systems.
10 10
11 11 System Architecture
12 12 -------------------
13 13
14 14 The following diagram shows a typical production architecture.
15 15
16 16 .. image:: ../images/architecture-diagram.png
17 17 :align: center
18 18
19 19 Supported Operating Systems
20 20 ---------------------------
21 21
22 22 Linux
23 23 ^^^^^
24 24
25 25 * Ubuntu 14.04
26 26 * CentOS 6.2 and 7
27 27 * Debian 7.8
28 28 * RedHat Fedora
29 29 * Arch Linux
30 30 * SUSE Linux
31 31
32 32 Windows
33 33 ^^^^^^^
34 34
35 35 * Windows Vista Ultimate 64bit
36 36 * Windows 7 Ultimate 64bit
37 37 * Windows 8 Professional 64bit
38 38 * Windows 8.1 Enterprise 64bit
39 39 * Windows Server 2008 64bit
40 40 * Windows Server 2008-R2 64bit
41 41 * Windows Server 2012 64bit
42 42
43 43 Supported Databases
44 44 -------------------
45 45
46 46 * SQLite
47 47 * MySQL
48 48 * MariaDB
49 49 * PostgreSQL
50 50
51 51 Supported Browsers
52 52 ------------------
53 53
54 54 * Chrome
55 55 * Safari
56 56 * Firefox
57 57 * Internet Explorer 10 & 11
58 58
59 59 System Requirements
60 60 -------------------
61 61
62 |RCM| performs best on machines with ultra-fast hard disks. Generally disk
62 |RCE| performs best on machines with ultra-fast hard disks. Generally disk
63 63 performance is more important than CPU performance. In a corporate production
64 64 environment handling 1000s of users and |repos| you should deploy on a 12+
65 65 core 64GB RAM server. In short, the more RAM the better.
66 66
67 67
68 68 For example:
69 69
70 70 - for team of 1 - 5 active users you can run on 1GB RAM machine with 1CPU
71 - above 250 active users, |RCM| needs at least 8GB of memory.
71 - above 250 active users, |RCE| needs at least 8GB of memory.
72 72 Number of CPUs is less important, but recommended to have at least 2-3 CPUs
73 73
74 74
75 75 .. _config-rce-files:
76 76
77 77 Configuration Files
78 78 -------------------
79 79
80 80 * :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
81 81 * :file:`/home/{user}/.rccontrol/{instance-id}/mapping.ini`
82 82 * :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`
83 83 * :file:`/home/{user}/.rccontrol/supervisor/supervisord.ini`
84 84 * :file:`/home/{user}/.rccontrol.ini`
85 85 * :file:`/home/{user}/.rhoderc`
86 86 * :file:`/home/{user}/.rccontrol/cache/MANIFEST`
87 87
88 88 For more information, see the :ref:`config-files` section.
89 89
90 90 Log Files
91 91 ---------
92 92
93 93 * :file:`/home/{user}/.rccontrol/{instance-id}/enterprise.log`
94 94 * :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.log`
95 95 * :file:`/home/{user}/.rccontrol/supervisor/supervisord.log`
96 96 * :file:`/tmp/rccontrol.log`
97 97 * :file:`/tmp/rhodecode_tools.log`
98 98
99 99 Storage Files
100 100 -------------
101 101
102 102 * :file:`/home/{user}/.rccontrol/{instance-id}/data/index/{index-file.toc}`
103 103 * :file:`/home/{user}/repos/.rc_gist_store`
104 104 * :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.db`
105 105 * :file:`/opt/rhodecode/store/{unique-hash}`
106 106
107 107 Default Repositories Location
108 108 -----------------------------
109 109
110 110 * :file:`/home/{user}/repos`
111 111
112 112 Connection Methods
113 113 ------------------
114 114
115 115 * HTTPS
116 116 * SSH
117 * |RCM| API
117 * |RCE| API
118 118
119 119 Internationalization Support
120 120 ----------------------------
121 121
122 122 Currently available in the following languages, see `Transifex`_ for the
123 123 latest details. If you want a new language added, please contact us. To
124 124 configure your language settings, see the :ref:`set-lang` section.
125 125
126 126 .. hlist::
127 127
128 128 * Belorussian
129 129 * Chinese
130 130 * French
131 131 * German
132 132 * Italian
133 133 * Japanese
134 134 * Portuguese
135 135 * Polish
136 136 * Russian
137 137 * Spanish
138 138
139 139 Licencing Information
140 140 ---------------------
141 141
142 142 * See licencing information `here`_
143 143
144 144 Peer-to-peer Failover Support
145 145 -----------------------------
146 146
147 147 * Yes
148 148
149 149 Additional Binaries
150 150 -------------------
151 151
152 152 * Yes, see :ref:`rhodecode-nix-ref` for full details.
153 153
154 154 Remote Connectivity
155 155 -------------------
156 156
157 157 * Available
158 158
159 159 Executable Files
160 160 ----------------
161 161
162 162 Windows: :file:`RhodeCode-installer-{version}.exe`
163 163
164 164 Deprecated Support
165 165 ------------------
166 166
167 167 - Internet Explorer 8 support deprecated since version 3.7.0.
168 168 - Internet Explorer 9 support deprecated since version 3.8.0.
169 169
170 170 .. _here: https://rhodecode.com/licenses/
171 171 .. _Transifex: https://www.transifex.com/projects/p/RhodeCode/
@@ -1,23 +1,23 b''
1 1 .. _user-admin-set:
2 2
3 3 User Administration
4 4 ===================
5 5
6 |RCM| enables you to define permissions for the following entities within the
6 |RCE| enables you to define permissions for the following entities within the
7 7 system; **users**, **user groups**, **repositories**, **repository groups**.
8 8
9 9 Within each one of these entities you can set default settings,
10 10 and then all users or |repos| inherit those default permission settings
11 11 unless individually defined. Each of these entities can have the following
12 12 permissions applied to it; |perm|.
13 13
14 14 .. toctree::
15 15
16 16 public-access
17 17 default-user-perms
18 18 adding-anonymous-user
19 19 adding-new-user
20 20 setting-default-permissions
21 21 setting-usergroup-permissions
22 22
23 23 .. |perm| replace:: **None**, **Read**, **Write**, or **Admin** No newline at end of file
@@ -1,324 +1,324 b''
1 1 .. _vcs-server:
2 2
3 3 VCS Server Management
4 4 ---------------------
5 5
6 The VCS Server handles |RCM| backend functionality. You need to configure
7 a VCS Server to run with a |RCM| instance. If you do not, you will be missing
8 the connection between |RCM| and its |repos|. This will cause error messages
6 The VCS Server handles |RCE| backend functionality. You need to configure
7 a VCS Server to run with a |RCE| instance. If you do not, you will be missing
8 the connection between |RCE| and its |repos|. This will cause error messages
9 9 on the web interface. You can run your setup in the following configurations,
10 10 currently the best performance is one of following:
11 11
12 * One VCS Server per |RCM| instance.
12 * One VCS Server per |RCE| instance.
13 13 * One VCS Server handling multiple instances.
14 14
15 15 .. important::
16 16
17 17 If your server locale settings are not correctly configured,
18 18 |RCE| and the VCS Server can run into issues. See this `Ask Ubuntu`_ post
19 19 which explains the problem and gives a solution.
20 20
21 21 For more information, see the following sections:
22 22
23 23 * :ref:`install-vcs`
24 24 * :ref:`config-vcs`
25 25 * :ref:`vcs-server-options`
26 26 * :ref:`vcs-server-versions`
27 27 * :ref:`vcs-server-maintain`
28 28 * :ref:`vcs-server-config-file`
29 29 * :ref:`svn-http`
30 30
31 31 .. _install-vcs:
32 32
33 33 VCS Server Installation
34 34 ^^^^^^^^^^^^^^^^^^^^^^^
35 35
36 36 To install a VCS Server, see
37 37 :ref:`Installing a VCS server <control:install-vcsserver>`.
38 38
39 39 .. _config-vcs:
40 40
41 41 Hooking |RCE| to its VCS Server
42 42 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
43 43
44 44 To configure a |RCE| instance to use a VCS server, see
45 45 :ref:`Configuring the VCS Server connection <control:manually-vcsserver-ini>`.
46 46
47 47 .. _vcs-server-options:
48 48
49 49 |RCE| VCS Server Options
50 50 ^^^^^^^^^^^^^^^^^^^^^^^^
51 51
52 The following list shows the available options on the |RCM| side of the
52 The following list shows the available options on the |RCE| side of the
53 53 connection to the VCS Server. The settings are configured per
54 54 instance in the
55 55 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
56 56
57 57 .. rst-class:: dl-horizontal
58 58
59 59 \vcs.backends <available-vcs-systems>
60 60 Set a comma-separated list of the |repo| options available from the
61 61 web interface. The default is ``hg, git, svn``,
62 62 which is all |repo| types available. The order of backends is also the
63 63 order backend will try to detect requests type.
64 64
65 65 \vcs.connection_timeout <seconds>
66 66 Set the length of time in seconds that the VCS Server waits for
67 67 requests to process. After the timeout expires,
68 68 the request is closed. The default is ``3600``. Set to a higher
69 69 number if you experience network latency, or timeout issues with very
70 70 large push/pull requests.
71 71
72 72 \vcs.server.enable <boolean>
73 73 Enable or disable the VCS Server. The available options are ``true`` or
74 74 ``false``. The default is ``true``.
75 75
76 76 \vcs.server <host:port>
77 77 Set the host, either hostname or IP Address, and port of the VCS server
78 you wish to run with your |RCM| instance.
78 you wish to run with your |RCE| instance.
79 79
80 80 .. code-block:: ini
81 81
82 82 ##################
83 83 ### VCS CONFIG ###
84 84 ##################
85 85 # set this line to match your VCS Server
86 86 vcs.server = 127.0.0.1:10004
87 87 # Set to False to disable the VCS Server
88 88 vcs.server.enable = True
89 89 vcs.backends = hg, git, svn
90 90 vcs.connection_timeout = 3600
91 91
92 92
93 93 .. _vcs-server-versions:
94 94
95 95 VCS Server Versions
96 96 ^^^^^^^^^^^^^^^^^^^
97 97
98 98 An updated version of the VCS Server is released with each |RCE| version. Use
99 99 the VCS Server number that matches with the |RCE| version to pair the
100 100 appropriate ones together. For |RCE| versions pre 3.3.0,
101 101 VCS Server 1.X.Y works with |RCE| 3.X.Y, for example:
102 102
103 103 * VCS Server 1.0.0 works with |RCE| 3.0.0
104 104 * VCS Server 1.2.2 works with |RCE| 3.2.2
105 105
106 106 For |RCE| versions post 3.3.0, the VCS Server and |RCE| version numbers
107 107 match, for example:
108 108
109 109 * VCS Server |release| works with |RCE| |release|
110 110
111 111 .. _vcs-server-maintain:
112 112
113 113 VCS Server Memory Optimization
114 114 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
115 115
116 116 To optimize the VCS server to manage the cache and memory usage efficiently, you need to
117 117 configure the following options in the
118 118 :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini` file. Once
119 119 configured, restart the VCS Server. By default we use an optimal settings, but in certain
120 120 conditions tunning expiration_time and max_size can affect memory usage and performance
121 121
122 122 .. code-block:: ini
123 123
124 124 ## cache region for storing repo_objects cache
125 125 rc_cache.repo_object.backend = dogpile.cache.rc.memory_lru
126 126
127 127 ## cache auto-expires after N seconds, setting this to 0 disabled cache
128 128 rc_cache.repo_object.expiration_time = 300
129 129
130 130 ## max size of LRU, old values will be discarded if the size of cache reaches max_size
131 131 ## Sets the maximum number of items stored in the cache, before the cache
132 132 ## starts to be cleared.
133 133
134 134 ## As a general rule of thumb, running this value at 120 resulted in a
135 135 ## 5GB cache. Running it at 240 resulted in a 9GB cache. Your results
136 136 ## will differ based on usage patterns and |repo| sizes.
137 137
138 138 ## Tweaking this value to run at a fairly constant memory load on your
139 139 ## server will help performance.
140 140
141 141 rc_cache.repo_object.max_size = 120
142 142
143 143
144 144 To clear the cache completely, you can restart the VCS Server.
145 145
146 146 .. important::
147 147
148 148 While the VCS Server handles a restart gracefully on the web interface,
149 149 it will drop connections during push/pull requests. So it is recommended
150 150 you only perform this when there is very little traffic on the instance.
151 151
152 152 Use the following example to restart your VCS Server,
153 153 for full details see the :ref:`RhodeCode Control CLI <control:rcc-cli>`.
154 154
155 155 .. code-block:: bash
156 156
157 157 $ rccontrol status
158 158
159 159 .. code-block:: vim
160 160
161 161 - NAME: vcsserver-1
162 162 - STATUS: RUNNING
163 163 logs:/home/ubuntu/.rccontrol/vcsserver-1/vcsserver.log
164 164 - VERSION: 4.7.2 VCSServer
165 165 - URL: http://127.0.0.1:10008
166 166 - CONFIG: /home/ubuntu/.rccontrol/vcsserver-1/vcsserver.ini
167 167
168 168 $ rccontrol restart vcsserver-1
169 169 Instance "vcsserver-1" successfully stopped.
170 170 Instance "vcsserver-1" successfully started.
171 171
172 172 .. _vcs-server-config-file:
173 173
174 174 VCS Server Configuration
175 175 ^^^^^^^^^^^^^^^^^^^^^^^^
176 176
177 177 You can configure settings for multiple VCS Servers on your
178 178 system using their individual configuration files. Use the following
179 179 properties inside the configuration file to set up your system. The default
180 180 location is :file:`home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`.
181 181 For a more detailed explanation of the logger levers, see :ref:`debug-mode`.
182 182
183 183 .. rst-class:: dl-horizontal
184 184
185 185 \host <ip-address>
186 186 Set the host on which the VCS Server will run. VCSServer is not
187 187 protected by any authentication, so we *highly* recommend running it
188 188 under localhost ip that is `127.0.0.1`
189 189
190 190 \port <int>
191 191 Set the port number on which the VCS Server will be available.
192 192
193 193 \locale <locale_utf>
194 194 Set the locale the VCS Server expects.
195 195
196 196 \workers <int>
197 197 Set the number of process workers.Recommended
198 198 value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
199 199
200 200 \max_requests <int>
201 201 The maximum number of requests a worker will process before restarting.
202 202 Any value greater than zero will limit the number of requests a work
203 203 will process before automatically restarting. This is a simple method
204 204 to help limit the damage of memory leaks.
205 205
206 206 \max_requests_jitter <int>
207 207 The maximum jitter to add to the max_requests setting.
208 208 The jitter causes the restart per worker to be randomized by
209 209 randint(0, max_requests_jitter). This is intended to stagger worker
210 210 restarts to avoid all workers restarting at the same time.
211 211
212 212
213 213 .. note::
214 214
215 215 After making changes, you need to restart your VCS Server to pick them up.
216 216
217 217 .. code-block:: ini
218 218
219 219 ################################################################################
220 220 # RhodeCode VCSServer with HTTP Backend - configuration #
221 221 # #
222 222 ################################################################################
223 223
224 224
225 225 [server:main]
226 226 ## COMMON ##
227 227 host = 127.0.0.1
228 228 port = 10002
229 229
230 230 ##########################
231 231 ## GUNICORN WSGI SERVER ##
232 232 ##########################
233 233 ## run with gunicorn --log-config vcsserver.ini --paste vcsserver.ini
234 234 use = egg:gunicorn#main
235 235 ## Sets the number of process workers. Recommended
236 236 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
237 237 workers = 3
238 238 ## process name
239 239 proc_name = rhodecode_vcsserver
240 240 ## type of worker class, one of sync, gevent
241 241 ## recommended for bigger setup is using of of other than sync one
242 242 worker_class = sync
243 243 ## The maximum number of simultaneous clients. Valid only for Gevent
244 244 #worker_connections = 10
245 245 ## max number of requests that worker will handle before being gracefully
246 246 ## restarted, could prevent memory leaks
247 247 max_requests = 1000
248 248 max_requests_jitter = 30
249 249 ## amount of time a worker can spend with handling a request before it
250 250 ## gets killed and restarted. Set to 6hrs
251 251 timeout = 21600
252 252
253 253 [app:main]
254 254 use = egg:rhodecode-vcsserver
255 255
256 256 pyramid.default_locale_name = en
257 257 pyramid.includes =
258 258
259 259 ## default locale used by VCS systems
260 260 locale = en_US.UTF-8
261 261
262 262 # cache regions, please don't change
263 263 beaker.cache.regions = repo_object
264 264 beaker.cache.repo_object.type = memorylru
265 265 beaker.cache.repo_object.max_items = 100
266 266 # cache auto-expires after N seconds
267 267 beaker.cache.repo_object.expire = 300
268 268 beaker.cache.repo_object.enabled = true
269 269
270 270
271 271 ################################
272 272 ### LOGGING CONFIGURATION ####
273 273 ################################
274 274 [loggers]
275 275 keys = root, vcsserver, beaker
276 276
277 277 [handlers]
278 278 keys = console
279 279
280 280 [formatters]
281 281 keys = generic
282 282
283 283 #############
284 284 ## LOGGERS ##
285 285 #############
286 286 [logger_root]
287 287 level = NOTSET
288 288 handlers = console
289 289
290 290 [logger_vcsserver]
291 291 level = DEBUG
292 292 handlers =
293 293 qualname = vcsserver
294 294 propagate = 1
295 295
296 296 [logger_beaker]
297 297 level = DEBUG
298 298 handlers =
299 299 qualname = beaker
300 300 propagate = 1
301 301
302 302
303 303 ##############
304 304 ## HANDLERS ##
305 305 ##############
306 306
307 307 [handler_console]
308 308 class = StreamHandler
309 309 args = (sys.stderr,)
310 310 level = DEBUG
311 311 formatter = generic
312 312
313 313 ################
314 314 ## FORMATTERS ##
315 315 ################
316 316
317 317 [formatter_generic]
318 318 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
319 319 datefmt = %Y-%m-%d %H:%M:%S
320 320
321 321
322 322 .. _Subversion Red Book: http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.ref.svn
323 323
324 324 .. _Ask Ubuntu: http://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue
@@ -1,208 +1,208 b''
1 1 .. _api:
2 2
3 3 API Documentation
4 4 =================
5 5
6 6 The |RCE| API uses a single scheme for calling all API methods. The API is
7 7 implemented with JSON protocol in both directions. To send API requests to
8 8 your instance of |RCE|, use the following URL format
9 9 ``<your_server>/_admin``
10 10
11 11 .. note::
12 12
13 13 To use the API, you should configure the :file:`~/.rhoderc` file with
14 14 access details per instance. For more information, see
15 15 :ref:`config-rhoderc`.
16 16
17 17
18 18 API ACCESS FOR WEB VIEWS
19 19 ------------------------
20 20
21 21 API access can also be turned on for each web view in |RCE| that is
22 22 decorated with a `@LoginRequired` decorator. To enable API access, change
23 23 the standard login decorator to `@LoginRequired(api_access=True)`.
24 24
25 From |RCM| version 1.7.0 you can configure a white list
25 From |RCE| version 1.7.0 you can configure a white list
26 26 of views that have API access enabled by default. To enable these,
27 edit the |RCM| configuration ``.ini`` file. The default location is:
27 edit the |RCE| configuration ``.ini`` file. The default location is:
28 28
29 * |RCM| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
30 * |RCM| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
29 * |RCE| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
30 * |RCE| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
31 31
32 32 To configure the white list, edit this section of the file. In this
33 33 configuration example, API access is granted to the patch/diff raw file and
34 34 archive.
35 35
36 36 .. code-block:: ini
37 37
38 38 ## List of controllers (using glob syntax) that AUTH TOKENS could be used for access.
39 39 ## Adding ?auth_token = <token> to the url authenticates this request as if it
40 40 ## came from the the logged in user who own this authentication token.
41 41 ##
42 42 ## Syntax is <ControllerClass>:<function_pattern>.
43 43 ## The list should be "," separated and on a single line.
44 44 ##
45 45 api_access_controllers_whitelist = RepoCommitsView:repo_commit_raw,RepoCommitsView:repo_commit_patch,RepoCommitsView:repo_commit_download
46 46
47 47 After this change, a |RCE| view can be accessed without login by adding a
48 48 GET parameter ``?auth_token=<auth_token>`` to a url. For example to
49 49 access the raw diff.
50 50
51 51 .. code-block:: html
52 52
53 53 http://<server>/<repo>/changeset-diff/<sha>?auth_token=<auth_token>
54 54
55 55 By default this is only enabled on RSS/ATOM feed views. Exposing raw diffs is a
56 56 good way to integrate with 3rd party services like code review, or build farms
57 57 that could download archives.
58 58
59 59 API ACCESS
60 60 ----------
61 61
62 62 All clients are required to send JSON-RPC spec JSON data.
63 63
64 64 .. code-block:: bash
65 65
66 66 {
67 67 "id:"<id>",
68 68 "auth_token":"<auth_token>",
69 69 "method":"<method_name>",
70 70 "args":{"<arg_key>":"<arg_val>"}
71 71 }
72 72
73 73 Example call for auto pulling from remote repositories using curl:
74 74
75 75 .. code-block:: bash
76 76
77 77 curl https://server.com/_admin/api -X POST -H 'content-type:text/plain' --data-binary '{"id":1,
78 78 "auth_token":"xe7cdb2v278e4evbdf5vs04v832v0efvcbcve4a3","method":"pull", "args":{"repoid":"CPython"}}'
79 79
80 80 Provide those parameters:
81 81 - **id** A value of any type, which is used to match the response with the
82 82 request that it is replying to.
83 83 - **auth_token** for access and permission validation.
84 84 - **method** is name of method to call
85 85 - **args** is an ``key:value`` list of arguments to pass to method
86 86
87 87 .. note::
88 88
89 89 To get your |authtoken|, from the |RCE| interface,
90 90 go to:
91 91 :menuselection:`username --> My account --> Auth tokens`
92 92
93 93 For security reasons you should always create a dedicated |authtoken| for
94 94 API use only.
95 95
96 96
97 97 The |RCE| API will always return a JSON-RPC response:
98 98
99 99 .. code-block:: bash
100 100
101 101 {
102 102 "id": <id>, # matching id sent by request
103 103 "result": "<result>"|null, # JSON formatted result, null if any errors
104 104 "error": "null"|<error_message> # JSON formatted error (if any)
105 105 }
106 106
107 107 All responses from API will be with `HTTP/1.0 200 OK` status code.
108 108 If there is an error when calling the API, the *error* key will contain a
109 109 failure description and the *result* will be `null`.
110 110
111 111 API CLIENT
112 112 ----------
113 113
114 114 To install the |RCE| API, see :ref:`install-tools`. To configure the API per
115 115 instance, see the :ref:`rc-tools` section as you need to configure a
116 116 :file:`~/.rhoderc` file with your |authtokens|.
117 117
118 118 Once you have set up your instance API access, use the following examples to
119 119 get started.
120 120
121 121 .. code-block:: bash
122 122
123 123 # Getting the 'rhodecode' repository
124 124 # from a RhodeCode Enterprise instance
125 125 rhodecode-api --instance-name=enterprise-1 get_repo repoid:rhodecode
126 126
127 127 Calling method get_repo => http://127.0.0.1:5000
128 128 Server response
129 129 {
130 130 <json data>
131 131 }
132 132
133 133 # Creating a new mercurial repository called 'brand-new'
134 134 # with a description 'Repo-description'
135 135 rhodecode-api --instance-name=enterprise-1 create_repo repo_name:brand-new repo_type:hg description:Repo-description
136 136 {
137 137 "error": null,
138 138 "id": 1110,
139 139 "result": {
140 140 "msg": "Created new repository `brand-new`",
141 141 "success": true,
142 142 "task": null
143 143 }
144 144 }
145 145
146 146 A broken example, what not to do.
147 147
148 148 .. code-block:: bash
149 149
150 150 # A call missing the required arguments
151 151 # and not specifying the instance
152 152 rhodecode-api get_repo
153 153
154 154 Calling method get_repo => http://127.0.0.1:5000
155 155 Server response
156 156 "Missing non optional `repoid` arg in JSON DATA"
157 157
158 158 You can specify pure JSON using the ``--format`` parameter.
159 159
160 160 .. code-block:: bash
161 161
162 162 rhodecode-api --format=json get_repo repoid:rhodecode
163 163
164 164 In such case only output that this function shows is pure JSON, we can use that
165 165 and pipe output to some json formatter.
166 166
167 167 If output is in pure JSON format, you can pipe output to a JSON formatter.
168 168
169 169 .. code-block:: bash
170 170
171 171 rhodecode-api --instance-name=enterprise-1 --format=json get_repo repoid:rhodecode | python -m json.tool
172 172
173 173 API METHODS
174 174 -----------
175 175
176 176 Each method by default required following arguments.
177 177
178 178 .. code-block:: bash
179 179
180 180 id : "<id_for_response>"
181 181 auth_token : "<auth_token>"
182 182 method : "<method name>"
183 183 args : {}
184 184
185 185 Use each **param** from docs and put it in args, Optional parameters
186 186 are not required in args.
187 187
188 188 .. code-block:: bash
189 189
190 190 args: {"repoid": "rhodecode"}
191 191
192 192 .. Note: From this point on things are generated by the script in
193 193 `scripts/fabfile.py`. To change things below, update the docstrings in the
194 194 ApiController.
195 195
196 196 .. --- API DEFS MARKER ---
197 197 .. toctree::
198 198
199 199 methods/views
200 200 methods/license-methods
201 201 methods/deprecated-methods
202 202 methods/gist-methods
203 203 methods/pull-request-methods
204 204 methods/repo-methods
205 205 methods/repo-group-methods
206 206 methods/server-methods
207 207 methods/user-methods
208 208 methods/user-group-methods
@@ -1,15 +1,15 b''
1 1 .. _config-crowd-ref:
2 2
3 3 Crowd
4 4 -----
5 5
6 6 To enable Crowd authentication, use the following steps:
7 7
8 1. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
9 2. Enable the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
8 1. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
9 2. Activate the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
10 10 :guilabel:`Save`
11 11 3. On the Crowd plugin settings section, do the following:
12 12
13 13 * Check the :guilabel:`Enable` checkbox
14 14 * Enter your Crowd server settings
15 15 * Select :guilabel:`Save`
@@ -1,112 +1,160 b''
1 1 .. _config-ldap-groups-ref:
2 2
3 3 LDAP/AD With User Groups Sync
4 4 -----------------------------
5 5
6 |RCM| supports LDAP (Lightweight Directory Access Protocol) or
6 **This plugin is available only in EE Edition.**
7
8 |RCE| supports LDAP (Lightweight Directory Access Protocol) or
7 9 AD (active Directory) authentication.
8 All LDAP versions are supported, with the following |RCM| plugins managing each:
9
10 * For LDAP/AD with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)``
10 All LDAP versions are currently supported.
11 11
12 12 RhodeCode reads all data defined from plugin and creates corresponding
13 13 accounts on local database after receiving data from LDAP. This is done on
14 14 every user log-in including operations like pushing/pulling/checkout.
15 15 In addition group membership is read from LDAP and following operations are done:
16 16
17 - automatic addition of user to |RCM| user group
18 - automatic removal of user from any other |RCM| user groups not specified in LDAP.
17 - automatic addition of user to |RCE| user group
18 - automatic removal of user from any other |RCE| user groups not specified in LDAP.
19 19 The removal is done *only* on groups that are marked to be synced from ldap.
20 20 This setting can be changed in advanced settings on user groups
21 - automatic creation of user groups if they aren't yet existing in |RCM|
21 - automatic creation of user groups if they aren't yet existing in |RCE|
22 22 - marking user as super-admins if he is a member of any admin group defined in plugin settings
23 23
24 This plugin is available only in EE Edition.
25 24
26 25 .. important::
27 26
28 27 The email used with your |RCE| super-admin account needs to match the email
29 28 address attached to your admin profile in LDAP. This is because
30 29 within |RCE| the user email needs to be unique, and multiple users
31 30 cannot share an email account.
32 31
33 32 Likewise, if as an admin you also have a user account, the email address
34 33 attached to the user account needs to be different.
35 34
36 35
37 36 LDAP Configuration Steps
38 37 ^^^^^^^^^^^^^^^^^^^^^^^^
39 38
40 39 To configure |LDAP|, use the following steps:
41 40
42 1. From the |RCM| interface, select
41 1. From the |RCE| interface, select
43 42 :menuselection:`Admin --> Authentication`
44 2. Enable the ldap+ groups plugin and select :guilabel:`Save`
45 3. Select the :guilabel:`Enabled` check box in the plugin configuration section
46 4. Add the required LDAP information and :guilabel:`Save`, for more details,
43 2. Activate the `LDAP + User Groups` plugin and select :guilabel:`Save`
44 3. Go to newly available menu option called `LDAP + User Groups` on the left side.
45 4. Check the `enabled` check box in the plugin configuration section,
46 and fill in the required LDAP information and :guilabel:`Save`, for more details,
47 47 see :ref:`config-ldap-groups-examples`
48 48
49 49 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
50 50
51 51 .. _config-ldap-groups-examples:
52 52
53 53 Example LDAP configuration
54 54 ^^^^^^^^^^^^^^^^^^^^^^^^^^
55 .. code-block:: bash
55
56 Below is example setup that can be used with Active Directory and LDAP server with groups sync::
57
58 *option*: `enabled` => `True`
59 # Enable or disable this authentication plugin.
60
61 *option*: `cache_ttl` => `360`
62 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
63 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
64
65 *option*: `host` => `192.168.245.143,192.168.1.240`
66 # Host[s] of the LDAP Server
67 # (e.g., 192.168.2.154, or ldap-server.domain.com.
68 # Multiple servers can be specified using commas
69
70 *option*: `port` => `389`
71 # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
72
73 *option*: `timeout` => `300`
74 # Timeout for LDAP connection
75
76 *option*: `dn_user` => `Administrator@rhodecode.com`
77 # Optional user DN/account to connect to LDAP if authentication is required.
78 # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
79
80 *option*: `dn_pass` => `SomeSecret`
81 # Password to authenticate for given user DN.
82
83 *option*: `tls_kind` => `PLAIN`
84 # TLS Type
85
86 *option*: `tls_reqcert` => `NEVER`
87 # Require Cert over TLS?. Self-signed and custom certificates can be used when
88 # `RhodeCode Certificate` found in admin > settings > system info page is extended.
89
90 *option*: `tls_cert_file` => ``
91 # This specifies the PEM-format file path containing certificates for use in TLS connection.
92 # If not specified `TLS Cert dir` will be used
93
94 *option*: `tls_cert_dir` => `/etc/openldap/cacerts`
95 # This specifies the path of a directory that contains individual CA certificates in separate files.
96
97 *option*: `base_dn` => `dc=rhodecode,dc=com`
98 # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
99 # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
100
101 *option*: `user_search_base` => `ou=RC-Users`
102 # User search base will extend the Base DN
103 # (e.g., ou=Users will result in ou=Users,dc=mydomain,dc=com root DN)
56 104
57 # Auth Cache TTL, Defines the caching for authentication to offload LDAP server.
58 # This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access
59 3600
60 # Host, comma seperated format is optionally possible to specify more than 1 server
61 https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
62 # Default LDAP Port, use 689 for LDAPS
63 389
64 # Account, used for SimpleBind if LDAP server requires an authentication
65 e.g admin@server.com
66 # Password used for simple bind
67 ldap-user-password
68 # LDAP connection security
69 LDAPS
70 # Certificate checks level
71 DEMAND
72 # Base DN
73 cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
74 # User Search Base
75 ou=groups,ou=users
76 # LDAP search filter to narrow the results
77 (objectClass=person)
78 # LDAP search scope
79 SUBTREE
80 # Login attribute
81 sAMAccountName
82 # First Name Attribute to read
83 givenName
84 # Last Name Attribute to read
85 sn
86 # Email Attribute to read email address from
87 mail
88 # group extraction method
89 rfc2307bis
90 # Group search base
91 ou=RC-Groups
92 # Group Name Attribute, field to read the group name from
93 sAMAAccountName
94 # User Member of Attribute, field in which groups are stored
95 memberOf
96 # LDAP Group Search Filter, allows narrowing the results
105 *option*: `user_search_filter` => ``
106 # Filter to narrow results
107 # (e.g., (&(objectCategory=Person)(objectClass=user)), or
108 # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
109
110 *option*: `search_scope` => `SUBTREE`
111 # How deep to search LDAP. If unsure set to SUBTREE
112
113 *option*: `attr_login` => `sAMAccountName`
114 # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
115
116 *option*: `attr_email` => `mail`
117 # LDAP Attribute to map to email address (e.g., mail).
118 # Emails are a crucial part of RhodeCode.
119 # If possible add a valid email attribute to ldap users.
120
121 *option*: `attr_firstname` => `givenName`
122 # LDAP Attribute to map to first name (e.g., givenName)
123
124 *option*: `attr_lastname` => `sn`
125 # LDAP Attribute to map to last name (e.g., sn)
126
127 *option*: `group_extraction_type` => `rfc2307bis`
128 # With rfc2307, group members are listed by name in the memberUid attribute
129 # With rfc2307bis (Microsoft AD compatible) group members are listed by DN and stored in the member attribute
97 130
98 # Admin Groups. Comma separated list of groups. If user is member of
99 # any of those he will be marked as super-admin in RhodeCode
100 admins, management
131 *option*: `group_search_base` => `ou=RC-Groups`
132 # Group search base will extend the Base DN (e.g. ou=Groups will result in ou=Groups,dc=mydomain,dc=com)
101 133
134 *option*: `group_name_attr` => `sAMAccountName`
135 # LDAP Attribute to map to group name (e.g., cn, or sAMAccountName)
136
137 *option*: `user_member_of` => `memberOf`
138 # Users Attribute used to fetch the group membership.
139 # Use if users have stored group membership inside their attributes
140 # (e.g., memberOf, or userMemberOf)
102 141
103 Below is example setup that can be used with Active Directory and ldap groups.
142 *option*: `group_search_filter` => ``
143 # Filter to narrow results (e.g., (&(objectCategory=Group)(objectClass=group)), etc)
144
145 *option*: `group_member_of` => `memberOf`
146 # LDAP Attribute used to resolve the parent group (e.g., memberOf)
104 147
105 .. image:: ../images/ldap-groups-example.png
106 :alt: LDAP/AD setup example
107 :scale: 50 %
148 *option*: `admin_groups` => `Admins,Management`
149 # A comma separated list of group names that identify users as RhodeCode Administrators (e.g., admins)
150
151 *option*: `admin_groups_sync` => `full`
152 # Way to sync Admin groups.
153 # Full means admin flag is set to on or off according to membership in administrator group defined above.
154 # On-only means the flag is only set to on, and not turned off once user is no longer a member
155
108 156
109 157 .. toctree::
110 158
111 159 ldap-active-directory
112 160 ldap-authentication No newline at end of file
@@ -1,89 +1,117 b''
1 1 .. _config-ldap-ref:
2 2
3 3 LDAP/AD
4 4 -------
5 5
6 |RCM| supports LDAP (Lightweight Directory Access Protocol) or
6 |RCE| supports LDAP (Lightweight Directory Access Protocol) or
7 7 AD (active Directory) authentication.
8 All LDAP versions are supported, with the following |RCM| plugins managing each:
9
10 * For LDAP or Active Directory use ``LDAP (egg:rhodecode-enterprise-ce#ldap)``
8 All LDAP versions are currently supported.
11 9
12 10 RhodeCode reads all data defined from plugin and creates corresponding
13 11 accounts on local database after receiving data from LDAP. This is done on
14 12 every user log-in including operations like pushing/pulling/checkout.
15 13
16 14
17 15 .. important::
18 16
19 17 The email used with your |RCE| super-admin account needs to match the email
20 18 address attached to your admin profile in LDAP. This is because
21 19 within |RCE| the user email needs to be unique, and multiple users
22 20 cannot share an email account.
23 21
24 22 Likewise, if as an admin you also have a user account, the email address
25 23 attached to the user account needs to be different.
26 24
27 25
28 26 LDAP Configuration Steps
29 27 ^^^^^^^^^^^^^^^^^^^^^^^^
30 28
31 29 To configure |LDAP|, use the following steps:
32 30
33 1. From the |RCM| interface, select
31 1. From the |RCE| interface, select
34 32 :menuselection:`Admin --> Authentication`
35 2. Enable the ldap plugin and select :guilabel:`Save`
36 3. Select the :guilabel:`Enabled` check box in the plugin configuration section
37 4. Add the required LDAP information and :guilabel:`Save`, for more details,
33 2. Activate the `LDAP` plugin and select :guilabel:`Save`
34 3. Go to newly available menu option called `LDAP` on the left side.
35 4. Check the `enabled` check box in the plugin configuration section,
36 and fill in the required LDAP information and :guilabel:`Save`, for more details,
38 37 see :ref:`config-ldap-examples`
39 38
40 39 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
41 40
42 41 .. _config-ldap-examples:
43 42
44 43 Example LDAP configuration
45 44 ^^^^^^^^^^^^^^^^^^^^^^^^^^
46 .. code-block:: bash
45
46 Below is example setup that can be used with Active Directory/LDAP server::
47
48 *option*: `enabled` => `True`
49 # Enable or disable this authentication plugin.
50
51 *option*: `cache_ttl` => `360`
52 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
53 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
54
55 *option*: `host` => `192.168.245.143,192.168.1.240`
56 # Host[s] of the LDAP Server
57 # (e.g., 192.168.2.154, or ldap-server.domain.com.
58 # Multiple servers can be specified using commas
59
60 *option*: `port` => `389`
61 # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
62
63 *option*: `timeout` => `300`
64 # Timeout for LDAP connection
65
66 *option*: `dn_user` => `Administrator@rhodecode.com`
67 # Optional user DN/account to connect to LDAP if authentication is required.
68 # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
69
70 *option*: `dn_pass` => `SomeSecret`
71 # Password to authenticate for given user DN.
72
73 *option*: `tls_kind` => `PLAIN`
74 # TLS Type
47 75
48 # Auth Cache TTL, Defines the caching for authentication to offload LDAP server.
49 # This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access
50 3600
51 # Host, comma seperated format is optionally possible to specify more than 1 server
52 https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
53 # Default LDAP Port, use 689 for LDAPS
54 389
55 # Account, used for SimpleBind if LDAP server requires an authentication
56 e.g admin@server.com
57 # Password used for simple bind
58 ldap-user-password
59 # LDAP connection security
60 LDAPS
61 # Certificate checks level
62 DEMAND
63 # Base DN
64 cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
65 # LDAP search filter to narrow the results
66 (objectClass=person)
67 # LDAP search scope
68 SUBTREE
69 # Login attribute
70 sAMAccountName
71 # First Name Attribute to read
72 givenName
73 # Last Name Attribute to read
74 sn
75 # Email Attribute to read email address from
76 mail
76 *option*: `tls_reqcert` => `NEVER`
77 # Require Cert over TLS?. Self-signed and custom certificates can be used when
78 # `RhodeCode Certificate` found in admin > settings > system info page is extended.
79
80 *option*: `tls_cert_file` => ``
81 # This specifies the PEM-format file path containing certificates for use in TLS connection.
82 # If not specified `TLS Cert dir` will be used
83
84 *option*: `tls_cert_dir` => `/etc/openldap/cacerts`
85 # This specifies the path of a directory that contains individual CA certificates in separate files.
86
87 *option*: `base_dn` => `cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com`
88 # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
89 # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
77 90
91 *option*: `filter` => `(objectClass=person)`
92 # Filter to narrow results
93 # (e.g., (&(objectCategory=Person)(objectClass=user)), or
94 # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
78 95
79 Below is example setup that can be used with Active Directory/LDAP server.
96 *option*: `search_scope` => `SUBTREE`
97 # How deep to search LDAP. If unsure set to SUBTREE
98
99 *option*: `attr_login` => `sAMAccountName`
100 # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
80 101
81 .. image:: ../images/ldap-example.png
82 :alt: LDAP/AD setup example
83 :scale: 50 %
102 *option*: `attr_email` => `mail`
103 # LDAP Attribute to map to email address (e.g., mail).
104 # Emails are a crucial part of RhodeCode.
105 # If possible add a valid email attribute to ldap users.
106
107 *option*: `attr_firstname` => `givenName`
108 # LDAP Attribute to map to first name (e.g., givenName)
109
110 *option*: `attr_lastname` => `sn`
111 # LDAP Attribute to map to last name (e.g., sn)
84 112
85 113
86 114 .. toctree::
87 115
88 116 ldap-active-directory
89 117 ldap-authentication
@@ -1,14 +1,14 b''
1 1 .. _config-pam-ref:
2 2
3 3 PAM
4 4 ---
5 5
6 6 To enable PAM authentication, use the following steps:
7 7
8 1. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
9 2. Enable the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
8 1. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
9 2. Activate the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
10 10 3. On the PAM plugin settings section, do the following:
11 11
12 12 * Check the :guilabel:`Enable` checkbox
13 13 * Enter your PAM server settings
14 14 * Select :guilabel:`Save`
@@ -1,76 +1,80 b''
1 1 .. _config-token-ref:
2 2
3 3 Authentication Tokens
4 4 ---------------------
5 5
6 |RCE| has 4 different kinds of authentication tokens.
6 |RCE| has 4 different kinds of authentication tokens. `API token`, `Feed tokens` work
7 without a need to enable any additional authentication. `VCS tokens` require dedicated
8 authentication plugin to be activated. `Web Interface tokens` are controlled by the
9 white_list configuration.
7 10
8 11 * *API tokens*: API tokens can only be used to execute |RCE| API operations.
9 12 You can store your API token and assign it to each instance in
10 13 the :file:`/home/{user}/.rhoderc` file. See the
11 14 example in :ref:`indexing-ref` section for more details.
12 15
13 16 * *Feed tokens*: The feed token can only be used to access the RSS feed.
14 17 Usually those are safe to store inside your RSS feed reader.
15 18
16 * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
17 operations instead of a password. They are designed to be used with
18 CI Servers or other third party tools that require |repo| access.
19 They are also a good replacement for SSH based access.
20 To use these tokens you need be enabled special authentication method on
21 |RCE|, as they are disabled by default.
22 See :ref:`enable-vcs-tokens`.
23
24 19 * *Web Interface tokens*: These token allows users to access the web
25 20 interface of |RCE| without logging in.
26 21
27 22 You can add these tokens to an |RCE| server url, to expose the page content
28 23 based on the given token.
29 24
30 25 This is useful to integrate 3rd party systems, good example is to expose
31 26 raw diffs to another code-review system without having to worry about
32 27 authentication.
33 28
34 29 These tokens only work if a certain view is whitelisted
35 30 under `api_access_controllers_whitelist` inside
36 31 the :file:`rhodecode.ini` file.
37 32
38 33 .. code-block:: bash
39 34
40 35 # To download a repo without logging into Web UI
41 36 https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token>
42 37
43 38 # To show commit diff without logging into Web UI
44 https://rhodecode.com/repo/changeset-diff/<sha>?auth_token=<web-api-token>
39 https://rhodecode.com/repo/raw-diff/<sha>?auth_token=<web-api-token>
40
41 * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
42 operations instead of a password. They are designed to be used with
43 CI Servers or other third party tools that require |repo| access.
44 They are also a good replacement for SSH based access.
45 To use these tokens you need be enabled special authentication method on
46 |RCE|, as they are disabled by default.
47 See :ref:`enable-vcs-tokens`.
48
45 49
46 50 .. _enable-vcs-tokens:
47 51
48 52 Enabling VCS Tokens
49 53 ^^^^^^^^^^^^^^^^^^^
50 54
51 55 To enable VCS Tokens, use the following steps:
52 56
53 57 1. Go to :menuselection:`Admin --> Authentication`.
54 2. Enable the ``rhodecode.lib.auth_modules.auth_token`` plugin.
58 2. Activate the ``rhodecode.lib.auth_modules.auth_token`` plugin.
55 59 3. Click :guilabel:`Save`.
56 60
57 61 Authentication Token Tips
58 62 ^^^^^^^^^^^^^^^^^^^^^^^^^
59 63
60 64 * Use Authentication Tokens instead of your password with external services.
61 65 * Create multiple Authentication Tokens on your account to enable
62 66 access to your |repos| with a different |authtoken| per method used.
63 67 * Set an expiry limit on certain tokens if you think it would be a good idea.
64 68
65 69 Creating Tokens
66 70 ^^^^^^^^^^^^^^^
67 71
68 72 To create authentication tokens for an user, use the following steps:
69 73
70 1. From the |RCM| interface go to
74 1. From the |RCE| interface go to
71 75 :menuselection:`Username --> My Account --> Auth tokens`.
72 76
73 77 2. Label and Add the tokens you wish to use with |RCE|.
74 78
75 79 .. image:: ../images/tokens.png
76 80
@@ -1,32 +1,34 b''
1 1 .. _authentication-ref:
2 2
3 3 Authentication Options
4 4 ======================
5 5
6 6 |RCE| provides a built in authentication against its own database. This is
7 implemented using ``rhodecode.lib.auth_rhodecode`` plugin. This plugin is
8 enabled by default.
7 implemented using ``RhodeCode Internal`` plugin. This plugin is enabled by default.
9 8 Additionally, |RCE| provides a Pluggable Authentication System. This gives the
10 9 administrator greater control over how users authenticate with the system.
11 10
12 11 .. important::
13 12
14 You can disable the built in |RCM| authentication plugin
15 ``rhodecode.lib.auth_rhodecode`` and force all authentication to go
13 You can disable the built in |RCE| authentication plugin
14 ``RhodeCode Internal`` and force all authentication to go
16 15 through your authentication plugin of choice e.g LDAP only.
17 16 However, if you do this, and your external authentication tools fails,
18 you will be unable to access |RCM|.
17 accessing |RCE| will be blocked unless a fallback plugin is
18 enabled via :file: rhodecode.ini
19 19
20 |RCM| comes with the following user authentication management plugins:
20
21 |RCE| comes with the following user authentication management plugins:
21 22
22 23
23 24 .. toctree::
24 25
26 auth-token
25 27 auth-ldap
26 28 auth-ldap-groups
29 auth-saml-generic
30 auth-saml-onelogin
31 auth-saml-duosecurity
27 32 auth-crowd
28 33 auth-pam
29 auth-token
30 34 ssh-connection
31
32
@@ -1,29 +1,75 b''
1 1 .. _ldap-act-dir-ref:
2 2
3 3 Active Directory
4 4 ----------------
5 5
6 |RCM| can use Microsoft Active Directory for user authentication. This is
6 |RCE| can use Microsoft Active Directory for user authentication. This is
7 7 done through an LDAP or LDAPS connection to Active Directory. Use the
8 8 following example LDAP configuration setting to set your Active Directory
9 authentication.
10
11 .. code-block:: ini
12
13 # Set the Base DN
14 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
15 # Set the Active Directory SAM-Account-Name
16 Login Attribute = sAMAccountName
17 # Set the Active Directory user name
18 First Name Attribute = usernameame
19 # Set the Active Directory user surname
20 Last Name Attribute = user_surname
21 # Set the Active Directory user email
22 E-mail Attribute = userEmail
9 authentication::
23 10
24 11
25 Below is example setup that can be used with Active Directory and ldap groups.
12 *option*: `enabled` => `True`
13 # Enable or disable this authentication plugin.
14
15 *option*: `cache_ttl` => `360`
16 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
17 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
18
19 *option*: `host` => `192.168.245.143,192.168.1.240`
20 # Host[s] of the LDAP Server
21 # (e.g., 192.168.2.154, or ldap-server.domain.com.
22 # Multiple servers can be specified using commas
23
24 *option*: `port` => `389`
25 # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
26
27 *option*: `timeout` => `300`
28 # Timeout for LDAP connection
29
30 *option*: `dn_user` => `Administrator@rhodecode.com`
31 # Optional user DN/account to connect to LDAP if authentication is required.
32 # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
33
34 *option*: `dn_pass` => `SomeSecret`
35 # Password to authenticate for given user DN.
36
37 *option*: `tls_kind` => `PLAIN`
38 # TLS Type
39
40 *option*: `tls_reqcert` => `NEVER`
41 # Require Cert over TLS?. Self-signed and custom certificates can be used when
42 # `RhodeCode Certificate` found in admin > settings > system info page is extended.
26 43
27 .. image:: ../images/ldap-groups-example.png
28 :alt: LDAP/AD setup example
29 :scale: 50 % No newline at end of file
44 *option*: `tls_cert_file` => ``
45 # This specifies the PEM-format file path containing certificates for use in TLS connection.
46 # If not specified `TLS Cert dir` will be used
47
48 *option*: `tls_cert_dir` => `/etc/openldap/cacerts`
49 # This specifies the path of a directory that contains individual CA certificates in separate files.
50
51 *option*: `base_dn` => `OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local`
52 # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
53 # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
54
55 *option*: `filter` => `(objectClass=person)`
56 # Filter to narrow results
57 # (e.g., (&(objectCategory=Person)(objectClass=user)), or
58 # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
59
60 *option*: `search_scope` => `SUBTREE`
61 # How deep to search LDAP. If unsure set to SUBTREE
62
63 *option*: `attr_login` => `sAMAccountName`
64 # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
65
66 *option*: `attr_email` => `userEmail`
67 # LDAP Attribute to map to email address (e.g., mail).
68 # Emails are a crucial part of RhodeCode.
69 # If possible add a valid email attribute to ldap users.
70
71 *option*: `attr_firstname` => `user_firstname`
72 # LDAP Attribute to map to first name (e.g., givenName)
73
74 *option*: `attr_lastname` => `user_surname`
75 # LDAP Attribute to map to last name (e.g., sn)
@@ -1,113 +1,107 b''
1 1 .. _ldap-gloss-ref:
2 2
3 3 |LDAP| Glossary
4 4 ---------------
5 5
6 6 This topic aims to give you a concise overview of the different settings and
7 7 requirements that enabling |LDAP| on |RCE| requires.
8 8
9 9 Required settings
10 10 ^^^^^^^^^^^^^^^^^
11 11
12 12 The following LDAP attributes are required when enabling |LDAP| on |RCE|.
13 13
14 14 * **Hostname** or **IP Address**: Use a comma separated list for failover
15 15 support.
16 16 * **First Name**
17 17 * **Surname**
18 18 * **Email**
19 19 * **Port**: Port `389` for unencrypted LDAP or port `636` for SSL-encrypted
20 20 LDAP (LDAPS).
21 21 * **Base DN (Distinguished Name)**: The Distinguished Name (DN)
22 22 is how searches for users will be performed, and these searches can be
23 23 controlled by using an LDAP Filter or LDAP Search Scope. A DN is a sequence of
24 24 relative distinguished names (RDN) connected by commas. For example,
25 25
26 26 .. code-block:: vim
27 27
28 28 DN: cn='Monty Python',ou='people',dc='example',dc='com'
29 29
30 30 * **Connection security level**: The following are the valid types:
31 31
32 32 * *No encryption*: This connection type uses a plain non-encrypted connection.
33 33 * *LDAPS connection*: This connection type uses end-to-end SSL. To enable
34 34 an LDAPS connection you must set the following requirements:
35 35
36 36 * You must specify port `636`
37 37 * Certificate checks are required.
38 38 * To enable ``START_TLS`` on LDAP connection, set the path to the SSL
39 39 certificate in the default LDAP configuration file. The default
40 40 `ldap.conf` file is located in `/etc/openldap/ldap.conf`.
41 41
42 42 .. code-block:: vim
43 43
44 44 TLS_CACERT /etc/ssl/certs/ca.crt
45 45
46 46 * The LDAP username or account used to connect to |RCE|. This will be added
47 47 to the LDAP filter for locating the user object.
48 48 * For example, if an LDAP filter is specified as `LDAPFILTER`,
49 the login attribute is specified as `uid`, and the user connects as
49 the login/username attribute is specified as `uid`, and the user connects as
50 50 `jsmith`, then the LDAP Filter will be like the following example.
51 51
52 52 .. code-block:: vim
53 53
54 54 (&(LDAPFILTER)(uid=jsmith))
55 55
56 56 * The LDAP search scope must be set. This limits how far LDAP will search for
57 57 a matching object.
58 58
59 59 * ``BASE`` Only allows searching of the Base DN.
60 60 * ``ONELEVEL`` Searches all entries under the Base DN,
61 61 but not the Base DN itself.
62 62 * ``SUBTREE`` Searches all entries below the Base DN, but not Base DN itself.
63 63
64 64 .. note::
65 65
66 66 When using ``SUBTREE`` LDAP filtering it is useful to limit object location.
67 67
68 68 Optional settings
69 69 ^^^^^^^^^^^^^^^^^
70 70
71 The following are optional when enabling LDAP on |RCM|
71 The following are optional when enabling LDAP on |RCE|
72 72
73 73 * An LDAP account is only required if the LDAP server does not allow
74 74 anonymous browsing of records.
75 75 * An LDAP password is only required if the LDAP server does not allow
76 76 anonymous browsing of records
77 77 * Using an LDAP filter is optional. An LDAP filter defined by `RFC 2254`_. This
78 78 is more useful that the LDAP Search Scope if set to `SUBTREE`. The filter
79 79 is useful for limiting which LDAP objects are identified as representing
80 80 Users for authentication. The filter is augmented by Login Attribute
81 81 below. This can commonly be left blank.
82 82 * Certificate Checks are only required if you need to use LDAPS.
83 83 You can use the following levels of LDAP service with RhodeCode Enterprise:
84 84
85 85 * **NEVER** : A serve certificate will never be requested or checked.
86 86 * **ALLOW** : A server certificate is requested. Failure to provide a
87 87 certificate or providing a bad certificate will not terminate the session.
88 88 * **TRY** : A server certificate is requested. Failure to provide a
89 89 certificate does not halt the session; providing a bad certificate
90 90 halts the session.
91 91 * **DEMAND** : A server certificate is requested and must be provided
92 92 and authenticated for the session to proceed.
93 93 * **HARD** : The same as DEMAND.
94 94
95 95 .. note::
96 96
97 97 Only **DEMAND** or **HARD** offer full SSL security while the other
98 98 options are vulnerable to man-in-the-middle attacks.
99 99
100 100 |RCE| uses ``OPENLDAP`` libraries. This allows **DEMAND** or
101 101 **HARD** LDAPS connections to use self-signed certificates or
102 102 certificates that do not have traceable certificates of authority.
103 103 To enable this functionality install the SSL certificates in the
104 104 following directory: `/etc/openldap/cacerts`
105 105
106 106
107 Below is example setup that can be used with Active Directory and ldap groups.
108
109 .. image:: ../images/ldap-groups-example.png
110 :alt: LDAP/AD setup example
111 :scale: 50 %
112
113 107 .. _RFC 2254: http://www.rfc-base.org/rfc-2254.html No newline at end of file
@@ -1,27 +1,27 b''
1 1 .. _code-review-ref:
2 2
3 3 Code Review
4 4 ===========
5 5
6 |RCM| provides two ways in which you can review code. You can review |prs| or
6 |RCE| provides two ways in which you can review code. You can review |prs| or
7 7 commits. To better understand |prs|, see the :ref:`pull-requests-ref`
8 8 and :ref:`collaborate-ref` sections. For more information about why
9 9 code review matters, see these posts on the topic:
10 10
11 11 * `Code Review - Fix Bugs Early and Often`_
12 12 * `Code Review - How to Convince a Skeptic`_
13 13 * `Code Review - Learn How NASA Codes`_
14 14
15 15 You can also use the |RCE| API set up continuous integration servers to leave
16 16 comments from a test suite. See the :ref:`api` and
17 17 :ref:`extensions-hooks-ref` sections for examples on how to set this up.
18 18
19 19 .. toctree::
20 20
21 21 review-diffs
22 22 approve-changes
23 23 reviewing-best-practices
24 24
25 25 .. _Code Review - Fix Bugs Early and Often: https://rhodecode.com/blog/code-review-fix-bugs-early-often/
26 26 .. _Code Review - How to Convince a Skeptic: https://rhodecode.com/blog/code-review-convince-skeptic/
27 27 .. _Code Review - Learn How NASA Codes: https://rhodecode.com/blog/code-review-learn-nasa-codes/
@@ -1,42 +1,42 b''
1 1 .. _code-diff-side-ref:
2 2
3 3 Reviewing Diffs
4 4 ---------------
5 5
6 6 Diffs are representations of changes made between different changesets of
7 7 a file. |RCE| provides 4 different types of diffs for each commit or
8 8 changeset, and depending on your preference you can use whichever for code
9 9 review purposes.
10 10
11 11 * Plain diff
12 12 * Full diff
13 13 * Side-by-side diff
14 14 * Raw diff
15 15
16 16 Reviewing Changes
17 17 -----------------
18 18
19 |RCM| displays all code changes made with each commit. Removed content is
19 |RCE| displays all code changes made with each commit. Removed content is
20 20 marked in red and new content in green.
21 21
22 22 .. image:: ../images/plain-diff.png
23 23 :alt: Plain Diff
24 24
25 25 Side-By-Side Diffs
26 26 ------------------
27 27
28 28 To review code with a side-by-side diff, use the following steps:
29 29
30 30 1. Open the repository in which you wish to review a file
31 31 2. Select the revision you wish to review
32 32 3. Select the side-by-side diff icon beside the file name
33 33
34 34 .. image:: ../images/side-by-side-diff.png
35 35 :alt: Side by side diff
36 36
37 37
38 38 Notifying Users
39 39 ---------------
40 40
41 41 To notify other users of you comments, or requests for feedback,
42 42 see :ref:`review-notifications-ref`
@@ -1,19 +1,19 b''
1 1 Approve |prs|
2 2 -------------
3 3
4 4 To approve a |pr|, use the following steps:
5 5
6 6 1. Select :menuselection:`username --> Notifications --> Pull Requests`
7 7 and open the |pr| you with to approve
8 8 2. Leave your review comments inline, or in the commit message.
9 9 3. Leave a commit message that outlines the review.
10 10 4. Set the review status to :guilabel:`Approved`
11 11 5. Select :guilabel:`Comment`
12 12
13 If you approve the |pr|, you will be able to merge automatically if |RCM|
13 If you approve the |pr|, you will be able to merge automatically if |RCE|
14 14 detects that it can do so safely. You will see this message:
15 15
16 16 :guilabel:`This pull request can be automatically merged.`
17 17
18 18 Otherwise you will need to merge the |pr| locally and push your changes, see
19 19 :ref:`manual-merge-requests-ref`.
@@ -1,24 +1,24 b''
1 1 .. _collaborate-ref:
2 2
3 3 Collaboration
4 4 =============
5 5
6 6 .. note::
7 7
8 8 Forking and branching does not work with |svn| |repos|.
9 9
10 Collaboration in |RCM| is accomplished through a combination of the following
10 Collaboration in |RCE| is accomplished through a combination of the following
11 11 functions:
12 12
13 13 .. only:: latex
14 14
15 15 * :ref:`review-notifications-ref`
16 16 * :ref:`forks-branches-ref`
17 17 * :ref:`pull-requests-ref`
18 18
19 19 .. toctree::
20 20
21 21 workflow
22 22 forks-branches
23 23 repo-locking
24 24
@@ -1,101 +1,101 b''
1 1 .. _forks-branches-ref:
2 2
3 3 Forking and Branching
4 4 ---------------------
5 5
6 6 Forking clones the original |repo| and creates an independent |repo|.
7 7 Branching allows you to develop independently
8 8 of the main branch based on the changeset branched, but remains linked to the
9 9 main |repo|.
10 10
11 11 Both provide excellent collaboration functionality,
12 12 and do not differ greatly, but you can find many online discussions
13 13 where people fight about the differences.
14 14
15 15 Fork a |repo|
16 16 ^^^^^^^^^^^^^
17 17
18 18 To fork a |repo|, use the following steps:
19 19
20 20 1. Select :menuselection:`Admin --> repositories`
21 21 2. Select the |repo| you wish to fork.
22 22 3. Select :menuselection:`Options --> Fork`
23 23 4. On the :guilabel:`Create fork` page, set the following properties:
24 24
25 25 * The fork name
26 26 * The fork description
27 27 * If the fork is private or public
28 28 * The copy permissions
29 29
30 30 Branch a |git| |repo|
31 31 ^^^^^^^^^^^^^^^^^^^^^
32 32
33 33 Currently branching is only supported from the command line but is picked up
34 34 on the web interface. To branch a |git| |repo| use the following example:
35 35
36 36 .. code-block:: bash
37 37
38 38 # branch and checkout
39 39 git branch new-branch
40 40 git checkout new-branch
41 41
42 42 # same function shorthand
43 43 git checkout -b new-branch
44 44
45 45 # Example usage
46 46 $ git checkout -b example-branch
47 47 Switched to a new branch 'example-branch'
48 48
49 49 $ git status
50 50 On branch example-branch
51 51 Initial commit
52 52 nothing to commit (create/copy files and use "git add" to track)
53 53 $ vi example-script.sh
54 54 $ git add example-script.sh
55 55 $ git commit -a -m "ghost script: initial file"
56 56 $ git push
57 57
58 Once it is pushed to the |RCM| server, you can switch to the newly created
58 Once it is pushed to the |RCE| server, you can switch to the newly created
59 59 branch using the following steps:
60 60
61 61 1. Select :menuselection:`Admin --> Repositories`.
62 62 2. Select the |repo| you branched.
63 63 3. Select :menuselection:`Switch To --> Branches` and choose the new branch.
64 64
65 65 For more information, your can read more here on the Git website,
66 66 `Git Branching`_.
67 67
68 68 Branch a |hg| |repo|
69 69 ^^^^^^^^^^^^^^^^^^^^
70 70
71 71 .. note::
72 72
73 73 To use branches in |hg| like |git|, use the `hg bookmark` option instead.
74 74 Also see the :ref:`bvb` section for more information.
75 75
76 76 To branch a |hg| |repo|, use the following example and push your changes to
77 77 the main |repo|. Once pushed, you can view the new branch in |RCE| by
78 78 selecting :menuselection:`Switch To --> Branches` from the |repo| page.
79 79
80 80 .. code-block:: bash
81 81
82 82 $ hg branch example-456
83 83 $ hg ci -m "branch: ticket #456"
84 84 $ hg push --new-branch
85 85
86 86 Bookmark a |hg| |repo|
87 87 ^^^^^^^^^^^^^^^^^^^^^^
88 88
89 89 Bookmarks are used in |hg| in much the same way as branches are in |git|. See
90 90 the `Mercurial Bookmarks`_ documentation for more information.
91 91
92 92 .. code-block:: bash
93 93
94 94 $ hg bookmark example-456
95 95 $ hg ci -m "branch: ticket #456"
96 96 $ hg push -B example-456
97 97
98 98 .. image:: ../images/branch-example.png
99 99
100 100 .. _Git Branching: http://git-scm.com/book/en/v2/Git-Branching-Basic-Branching-and-Merging
101 101 .. _Mercurial Bookmarks: https://mercurial.selenic.com/wiki/Bookmarks
@@ -1,39 +1,39 b''
1 1 .. _user-notify-ref:
2 2
3 3 Using Notifications
4 4 -------------------
5 5
6 6 To notify users of items that require their attention you can use the mention
7 function. The mention function allows you to use ``@username`` within |RCM|.
7 function. The mention function allows you to use ``@username`` within |RCE|.
8 8 The notification function can be used within the following
9 9 items to highlight their need for attention:
10 10
11 11 * Commit messages
12 12 * Pull requests
13 13 * Inline comments
14 14 * Code review
15 15
16 16 .. note::
17 17
18 18 Mentioned users will receive an email and a notification.
19 19
20 20 Pull Request Notifications
21 21 --------------------------
22 22
23 23 To notify a user of a pull request, use the following steps.
24 24
25 25 1. Open the repository fork
26 26 2. Select :guilabel:`Open new pull request`
27 27 3. Add the :guilabel:`@username` in the :guilabel:`Pull request viewers`
28 28 input field.
29 29 4. Select :guilabel:`Submit Pull Request`
30 30
31 31 Commit Message Notifications
32 32 ----------------------------
33 33
34 34 To notify a user in a commit message, use the following steps.
35 35
36 36 1. Open a repository with commits in it.
37 37 2. Click on the commit message or revision number.
38 38 3. Add an :guilabel:`@username` in an inline comment or in your approval
39 39 comment and commit.
@@ -1,35 +1,35 b''
1 1 .. _merge-requests-ref:
2 2
3 3 Merge a |pr|
4 4 ------------
5 5
6 |RCM| can detect if it can automatically merge the changes in a |pr|. If it
6 |RCE| can detect if it can automatically merge the changes in a |pr|. If it
7 7 can, you will see the following message:
8 8 :guilabel:`This pull request can be automatically merged.` To merge,
9 9 click the big blue button! To enable this feature, see :ref:`server-side-merge`.
10 10
11 11 .. image:: ../images/merge-pr-button.png
12 12
13 13 If you cannot automatically merge a |pr|, you will see one of the following
14 14 messages:
15 15
16 16 * :guilabel:`This pull request cannot be merged because of conflicts`
17 17 * :guilabel:`Reviewer approval is pending`
18 18
19 19 .. _manual-merge-requests-ref:
20 20
21 21 Manual Merge a |PR|
22 22 ^^^^^^^^^^^^^^^^^^^
23 23
24 If |RCM| cannot safely merge the changes in a |pr|,
24 If |RCE| cannot safely merge the changes in a |pr|,
25 25 usually due to conflicts, you need to manually merge the changes on the
26 26 command line. You can see more information for each |repo| type at the
27 27 following links:
28 28
29 29 * `Git Manual Merging`_
30 30 * `Mercurial Manual Merging`_
31 31 * `Subversion Manual Merging`_
32 32
33 33 .. _Git Manual Merging: http://git-scm.com/book/en/v2/Git-Branching-Basic-Branching-and-Merging
34 34 .. _Mercurial Manual Merging: http://hgbook.red-bean.com/read/a-tour-of-mercurial-merging-work.html
35 35 .. _Subversion Manual Merging: http://svnbook.red-bean.com/en/1.7/svn.branchmerge.basicmerging.html
@@ -1,22 +1,22 b''
1 1 Notifications Overview
2 2 ----------------------
3 3
4 |RCM| has an integrated notification system which alerts users to requests
4 |RCE| has an integrated notification system which alerts users to requests
5 5 that they have received. Notifications can occur for the following reasons:
6 6
7 7 * Pull request reviews
8 8 * Commit message mentions
9 9
10 10 When someone opens a |pr| on one of your |repos|, or adds you as a |pr|
11 11 reviewer, you will receive a notification in |RCE| and an email,
12 12 if not configured see :ref:`set-up-mail`. Also, during the review process you
13 13 receive notifications on the following actions:
14 14
15 15 * New comments
16 16 * Status changes
17 17 * Inline code review comments
18 18
19 19 Each notifications provides a link to take you directly to the issue.
20 20
21 21 .. image:: ../images/notifications.png
22 22 :alt: Notifying Colleagues
@@ -1,47 +1,47 b''
1 1 Pull request management
2 2 -----------------------
3 3
4 4 .. only:: html
5 5
6 There are two ways of tracking |prs| within |RCM|.
6 There are two ways of tracking |prs| within |RCE|.
7 7
8 8 1. :ref:`prs-your-review`
9 9 2. :ref:`prs-per-repo`
10 10
11 11 .. _prs-your-review:
12 12
13 13 Pull requests for your review
14 14 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
15 15
16 16 To view pull requests for your review, use the following steps:
17 17
18 1. From the |RCM| interface, Select
18 1. From the |RCE| interface, Select
19 19 :menuselection:`username --> Notifications`
20 20 2. Select :guilabel:`Pull Requests`
21 21
22 22 .. image:: ../images/prs-for-my-review.png
23 23 :alt: pull requests for my review
24 24
25 25 .. _prs-per-repo:
26 26
27 27 Pull requests per |repo|
28 28 ^^^^^^^^^^^^^^^^^^^^^^^^
29 29
30 30 To view pull requests going to and from a |repo|, use the following steps:
31 31
32 32 1. Select the |repo| you wish to view
33 33 2. Select :guilabel:`Pull Requests` from the top menu
34 34 3. On the left-hand pane you will see the following options for |pr|
35 35 management on that |repo|:
36 36
37 37 * :guilabel:`Opened`: Pull requests opened on this |repo|.
38 38 * :guilabel:`Opened by me`: Pull requests you opened on this |repo|.
39 39 * :guilabel:`Awaiting my review`: Pull requests awaiting your review.
40 40 * :guilabel:`Closed`: Closed |prs| on this |repo|.
41 41 * :guilabel:`Awaiting review`: Pull requests still awaiting review on
42 42 this |repo|.
43 43 * :guilabel:`From this repo`: Pull requests opened on another |repo| with
44 44 the changes coming from this |repo|.
45 45
46 46 .. image:: ../images/pr-screen.png
47 47 :alt: pull request dashboard
@@ -1,27 +1,27 b''
1 1 .. _review-requests-ref:
2 2
3 3 Review a |pr|
4 4 -------------
5 5
6 6 To review a pull request, use the following steps:
7 7
8 8 1. Open the review request from
9 9 :menuselection:`Admin --> Repositories --> repo name --> Pull Requests --> Awaiting my review`
10 10 2. Leave your review comments inline, or in the commit message.
11 11 3. Set the review status from one of the following options:
12 12
13 13 * :guilabel:`Not Reviewed`
14 14 * :guilabel:`Approved`
15 15 * :guilabel:`Approved & Closed`
16 16 * :guilabel:`Rejected`
17 17 * :guilabel:`Rejected & Closed`
18 18 * :guilabel:`Under Review`
19 19
20 20 4. Select Comment
21 21
22 22 When the |pr| is approved by all reviewers you will be able to merge
23 automatically if |RCM| detects that it can do so safely. You will see this
23 automatically if |RCE| detects that it can do so safely. You will see this
24 24 message: `This pull request can be automatically merged.`
25 25
26 26 If rejected, you can fix the issues raised during review and then update the
27 27 |pr|.
@@ -1,9 +1,9 b''
1 1 Supported Workflows
2 2 -------------------
3 3
4 |RCM| can be used to develop using a variety of different workflows.
4 |RCE| can be used to develop using a variety of different workflows.
5 5
6 6 * Centralized, using |svn|, |git|, or |hg| |repos|
7 7 * Feature-Branch, using |git| or |hg| |repos|
8 8 * Fork-Pull, using |git| or |hg| |repos|
9 9 * Gitflow, using |git| |repos|
@@ -1,36 +1,32 b''
1 1 # Try and keep this list alphabetical
2 2 # ui is for user interface elements and messages
3 3 # button - that's obvious
4 4
5 5 rst_epilog = '''
6 6 .. |AE| replace:: Appenlight
7 7 .. |authtoken| replace:: Authentication Token
8 8 .. |authtokens| replace:: **Auth Tokens**
9 9 .. |RCCEshort| replace:: Community
10 10 .. |RCEEshort| replace:: Enterprise
11 11 .. |git| replace:: Git
12 12 .. |hg| replace:: Mercurial
13 13 .. |svn| replace:: Subversion
14 14 .. |LDAP| replace:: LDAP / Active Directory
15 15 .. |os| replace:: operating system
16 16 .. |OS| replace:: Operating System
17 17 .. |PY| replace:: Python
18 18 .. |pr| replace:: pull request
19 19 .. |prs| replace:: pull requests
20 20 .. |psf| replace:: Python Software Foundation
21 21 .. |repo| replace:: repository
22 22 .. |repos| replace:: repositories
23 .. |RCI| replace:: RhodeCode Control
24 23 .. |RCC| replace:: RhodeCode Control
25 .. |RCV| replace:: RhodeCode Enterprise
26 .. |RCM| replace:: RhodeCode Enterprise
27 24 .. |RCE| replace:: RhodeCode Enterprise
28 25 .. |RCCE| replace:: RhodeCode Community
29 26 .. |RCEE| replace:: RhodeCode Enterprise
30 27 .. |RCX| replace:: RhodeCode Extensions
31 28 .. |RCT| replace:: RhodeCode Tools
32 29 .. |RCEBOLD| replace:: **RhodeCode Enterprise**
33 30 .. |RCEITALICS| replace:: `RhodeCode Enterprise`
34 .. |RC| replace:: RhodeCode
35 31 .. |RNS| replace:: Release Notes
36 32 '''
@@ -1,36 +1,36 b''
1 1 .. _extensions-hooks-ref:
2 2
3 3 Extensions & Hooks
4 4 ==================
5 5
6 6 The extensions & hooks section references three concepts regularly,
7 7 so to clarify what is meant each time, read the following definitions:
8 8
9 9 * **Plugin**: A Plugin is software that adds a specific feature to
10 10 an existing software application.
11 11 * **Extension**: An extension extends the capabilities of,
12 12 or the data available to, an existing software application.
13 13 * **Hook**: A hook intercepts function calls, messages, or events passed
14 14 between software components and can be used to trigger plugins, or their
15 15 extensions.
16 16
17 17
18 18 Hooks
19 19 -----
20 20
21 Within |RCM| there are two types of supported hooks.
21 Within |RCE| there are two types of supported hooks.
22 22
23 23 * **Internal built-in hooks**: The internal |hg|, |git| or |svn| hooks are
24 24 triggered by different VCS operations, like push, pull,
25 25 or clone and are non-configurable, but you can add your own VCS hooks,
26 26 see :ref:`custom-hooks`.
27 27 * **Custom rcextensions hooks**: User defined hooks centre around the lifecycle of
28 28 certain actions such are |repo| creation, user creation etc. The actions
29 29 these hooks trigger can be rejected based on the API permissions of the
30 30 user calling them.
31 31
32 32 On instructions how to use the custom `rcextensions`
33 33 see :ref:`integrations-rcextensions` section.
34 34
35 35
36 36
@@ -1,87 +1,87 b''
1 |RCM|
1 |RCE|
2 2 =====
3 3
4 |RCM| is a high-performance source code management and collaboration system.
4 |RCE| is a high-performance source code management and collaboration system.
5 5 It enables you to develop projects securely behind the firewall while
6 6 providing collaboration tools that work with |git|, |hg|,
7 7 and |svn| |repos|. The user interface allows you to create, edit,
8 8 and commit files and |repos| while managing their security permissions.
9 9
10 |RCM| provides the following features:
10 |RCE| provides the following features:
11 11
12 12 * Source code management.
13 13 * Extended permissions management.
14 14 * Integrated code collaboration tools.
15 15 * Integrated code review and notifications.
16 16 * Scalability provided by multi-node setup.
17 17 * Fully programmable automation API.
18 18 * Web-based hook management.
19 19 * Native |svn| support.
20 20 * Migration from existing databases.
21 * |RCM| SDK.
21 * |RCE| SDK.
22 22 * Built-in analytics
23 23 * Built in integrations including: Slack, Webhooks (used for Jenkins/TeamCity and other CIs), Jira, Redmine, Hipchat
24 24 * Pluggable authentication system.
25 25 * Support for AD, |LDAP|, Crowd, CAS, PAM.
26 26 * Support for external authentication via Oauth Google, Github, Bitbucket, Twitter.
27 27 * Debug modes of operation.
28 28 * Private and public gists.
29 29 * Gists with limited lifetimes and within instance only sharing.
30 30 * Fully integrated code search function.
31 31 * Always on SSL connectivity.
32 32
33 33 .. only:: html
34 34
35 35 Table of Contents
36 36 -----------------
37 37
38 38 .. toctree::
39 39 :maxdepth: 1
40 40 :caption: Admin Documentation
41 41
42 42 install/quick-start
43 43 install/install-database
44 44 install/install-steps
45 45 admin/system-overview
46 46 nix/default-env
47 47 admin/system-admin
48 48 admin/user-admin
49 49 admin/setting-repo-perms
50 50 admin/security-tips
51 51 auth/auth
52 52 issue-trackers/issue-trackers
53 53 admin/lab-settings
54 54
55 55 .. toctree::
56 56 :maxdepth: 1
57 57 :caption: Feature Documentation
58 58
59 59 collaboration/collaboration
60 60 collaboration/review-notifications
61 61 collaboration/pull-requests
62 62 code-review/code-review
63 63 integrations/integrations
64 64
65 65 .. toctree::
66 66 :maxdepth: 1
67 67 :caption: Developer Documentation
68 68
69 69 api/api
70 70 tools/rhodecode-tools
71 71 extensions/extensions-hooks
72 72 contributing/contributing
73 73
74 74 .. toctree::
75 75 :maxdepth: 1
76 76 :caption: User Documentation
77 77
78 78 usage/basic-usage
79 79 tutorials/tutorials
80 80
81 81 .. toctree::
82 82 :maxdepth: 1
83 83 :caption: About
84 84
85 85 known-issues/known-issues
86 86 release-notes/release-notes
87 87 admin/glossary
@@ -1,68 +1,66 b''
1 1 .. _rhodecode-database-ref:
2 2
3 3 Supported Databases
4 4 ===================
5 5
6 6 .. important::
7 7
8 We do not recommend using SQLite in a production environment. It is
9 supported by |RCE| for evaluation purposes.
8 We do not recommend using SQLite in a production environment of more than 5 people.
9 It is not suited for higher usage and mayb cause problems.
10
11
12 |RCE| supports the following databases. The recommended encoding is UTF-8.
13
14 .. only:: latex
15
16 * :ref:`install-sqlite-database`
17 * :ref:`install-mysql-database`
18 * :ref:`install-postgresql-database`
19
20 .. toctree::
21
22 using-mysql
23 using-postgresql
24 using-sqllite
25
10 26
11 27 Database Overview
12 28 -----------------
13 29
14 30 Prior to installing |RCE| you should install and set up your database.
15 31 This means carrying out the following tasks:
16 32
17 33 1. Install the database software of your choice.
18 34 2. Using the relevant instructions, create a user on that database to use
19 35 with |RCE|.
20 36 3. Create a database, granting that user read/write access.
21 37 4. During |RCE| installation you will be prompted for these user credentials,
22 38 enter them where appropriate. These credentials will be what |RCE| uses
23 39 to read/write from the database tables.
24 40
25 41 Version Differences
26 42 -------------------
27 43
28 44 |RCE| releases 2(Major).x(Minor).x(Bug Fix) and 3.x.x use different database
29 45 schemas. Therefore, if you wish to run multiple instances using one database,
30 46 you can only do so using the same Minor Release numbered versions.
31 47 Though Bug Fix updates rarely have a database change, it is recommended to use
32 48 identical |RCE| version numbers for multi-instance setups.
33 49
34 50 You can use the same database server to run multiple databases for differing
35 51 version numbers, but you will need separate databases for each |RCE| version on
36 52 that server. You can specify the database during installation, use the
37 53 following example to configure the correct one.
38 54
39 55 .. code-block:: bash
40 56
41 57 Database type - [s]qlite, [m]ysql, [p]ostresql:
42 58 PostgreSQL selected
43 59 Database host [127.0.0.1]:
44 60 Database port [5432]:
45 61 Database username: rhodecode
46 62 Database password: somepassword
47 63 # Specify the database you with to use on that server
48 64 # for the RCE instance you are installing
49 65 Database name: example-db-name-for-2xx # The 2xx version database
50 66 Database name: example-db-name-for-3xx # The 3xx version database
51
52 Supported Databases
53 -------------------
54
55 |RCM| supports the following databases. The recommended encoding is Unicode
56 UTF-8.
57
58 .. only:: latex
59
60 * :ref:`install-sqlite-database`
61 * :ref:`install-mysql-database`
62 * :ref:`install-postgresql-database`
63
64 .. toctree::
65
66 using-mysql
67 using-postgresql
68 using-sqllite
@@ -1,14 +1,14 b''
1 1 .. _rhodecode-post-instal-ref:
2 2
3 3 Post Installation Tasks
4 4 =======================
5 5
6 6 The following tasks are the most common post installation requirements. Use
7 the information in these sections to configure your instance of |RCM|.
7 the information in these sections to configure your instance of |RCE|.
8 8
9 9 .. toctree::
10 10
11 11 setup-email
12 12 database-string
13 13 configure-celery
14 14 migrate-repos
@@ -1,23 +1,23 b''
1 1 .. _mig-repos:
2 2
3 3 Migrating |repos|
4 4 -----------------
5 5
6 If you have installed |RCM| and have |repos| that you wish to migrate into
6 If you have installed |RCE| and have |repos| that you wish to migrate into
7 7 the system, use the following instructions.
8 8
9 1. On the |RCM| interface, check your |repo| storage location under
9 1. On the |RCE| interface, check your |repo| storage location under
10 10 :menuselection:`Admin --> Settings --> System Info`. For example,
11 11 Storage location: /home/{username}/repos.
12 12
13 2. Copy the |repos| that you want |RCM| to manage to this location.
13 2. Copy the |repos| that you want |RCE| to manage to this location.
14 14 3. Remap and rescan the |repos|, see :ref:`remap-rescan`
15 15
16 16 .. important::
17 17
18 Directories create |repo| groups inside |RCM|.
18 Directories create |repo| groups inside |RCE|.
19 19
20 Importing adds |RCM| git hooks to your |repos|.
20 Importing adds |RCE| git hooks to your |repos|.
21 21
22 22 You should verify if custom ``.hg`` or ``.hgrc`` files inside
23 repositories should be adjusted since |RCM| reads the content of them.
23 repositories should be adjusted since |RCE| reads the content of them.
@@ -1,110 +1,113 b''
1 1 .. _quick-start:
2 2
3 3 Quick Start Installation Guide
4 4 ==============================
5 5
6 6 .. important::
7 7
8 8 These are quick start instructions. To optimize your |RCE|,
9 9 |RCC|, and |RCT| usage, read the more detailed instructions in our guides.
10 10 For detailed installation instructions, see
11 11 :ref:`RhodeCode Control Documentation <control:rcc>`
12 12
13 13 .. tip::
14 14
15 15 If using a non-SQLite database, install and configure the database, create
16 16 a new user, and grant permissions. You will be prompted for this user's
17 17 credentials during |RCE| installation. See the relevant database
18 18 documentation for more details.
19 19
20 20 To get |RCE| up and running, run through the below steps:
21 21
22 22 1. Download the latest |RCC| installer from `rhodecode.com/download`_.
23 23 If you don't have an account, sign up at `rhodecode.com/register`_.
24 24
25 25 2. Run the |RCC| installer and accept the End User Licence using the
26 26 following example:
27 27
28 28 .. code-block:: bash
29 29
30 $ chmod 755 RhodeCode-installer-linux-*
30 $ chmod +x RhodeCode-installer-linux-*
31 31 $ ./RhodeCode-installer-linux-*
32 32
33 Do you accept the RhodeCode Control license?
34 Press [Y] to accept license and [V] to view license text: y
35
33 36 3. Install a VCS Server, and configure it to start at boot.
34 37
35 38 .. code-block:: bash
36 39
37 40 $ rccontrol install VCSServer
38 41
39 42 Agree to the licence agreement? [y/N]: y
40 43 IP to start the server on [127.0.0.1]:
41 44 Port for the server to start [10005]:
42 45 Creating new instance: vcsserver-1
43 46 Installing RhodeCode VCSServer
44 47 Configuring RhodeCode VCS Server ...
45 48 Supervisord state is: RUNNING
46 49 Added process group vcsserver-1
47 50
48 51
49 52 4. Install |RCEE| or |RCCE|. If using MySQL or PostgreSQL, during
50 53 installation you'll be asked for your database credentials, so have them at hand.
51 54 Mysql or Postgres needs to be running and a new database needs to be created.
52 55 You don't need any credentials or to create a database for SQLite.
53 56
54 57 .. code-block:: bash
55 58 :emphasize-lines: 11-16
56 59
57 60 $ rccontrol install Community
58 61
59 62 or
60 63
61 64 $ rccontrol install Enterprise
62 65
63 66 Username [admin]: username
64 67 Password (min 6 chars):
65 68 Repeat for confirmation:
66 69 Email: your@mail.com
67 70 Respositories location [/home/brian/repos]:
68 71 IP to start the Enterprise server on [127.0.0.1]:
69 72 Port for the Enterprise server to use [10004]:
70 73 Database type - [s]qlite, [m]ysql, [p]ostresql:
71 74 PostgreSQL selected
72 75 Database host [127.0.0.1]:
73 76 Database port [5432]:
74 77 Database username: db-user-name
75 78 Database password: somepassword
76 79 Database name: example-db-name
77 80
78 81 5. Check the status of your installation. You |RCEE|/|RCCE| instance runs
79 82 on the URL displayed in the status message.
80 83
81 84 .. code-block:: bash
82 85
83 86 $ rccontrol status
84 87
85 88 - NAME: enterprise-1
86 89 - STATUS: RUNNING
87 90 - TYPE: Enterprise
88 91 - VERSION: 4.1.0
89 92 - URL: http://127.0.0.1:10003
90 93
91 94 - NAME: vcsserver-1
92 95 - STATUS: RUNNING
93 96 - TYPE: VCSServer
94 97 - VERSION: 4.1.0
95 98 - URL: http://127.0.0.1:10001
96 99
97 100 .. note::
98 101
99 102 Recommended post quick start install instructions:
100 103
101 104 * Read the documentation
102 105 * Carry out the :ref:`rhodecode-post-instal-ref`
103 106 * Set up :ref:`indexing-ref`
104 107 * Familiarise yourself with the :ref:`rhodecode-admin-ref` section.
105 108
106 109 .. _rhodecode.com/download/: https://rhodecode.com/download/
107 110 .. _rhodecode.com: https://rhodecode.com/
108 111 .. _rhodecode.com/register: https://rhodecode.com/register/
109 112 .. _rhodecode.com/download: https://rhodecode.com/download/
110 113
@@ -1,30 +1,30 b''
1 1 .. _set-up-mail:
2 2
3 3 Set up Email
4 4 ------------
5 5
6 To setup email with your |RCM| instance, open the default
6 To setup email with your |RCE| instance, open the default
7 7 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
8 8 file and uncomment and configure the email section. If it is not there,
9 9 use the below example to insert it.
10 10
11 Once configured you can check the settings for your |RCM| instance on the
11 Once configured you can check the settings for your |RCE| instance on the
12 12 :menuselection:`Admin --> Settings --> Email` page.
13 13
14 14 .. code-block:: ini
15 15
16 16 ################################################################################
17 17 ## Uncomment and replace with the email address which should receive ##
18 18 ## any error reports after an application crash ##
19 19 ## Additionally these settings will be used by the RhodeCode mailing system ##
20 20 ################################################################################
21 21 #email_to = admin@localhost
22 22 #app_email_from = rhodecode-noreply@localhost
23 23 #email_prefix = [RhodeCode]
24 24
25 25 #smtp_server = mail.server.com
26 26 #smtp_username =
27 27 #smtp_password =
28 28 #smtp_port =
29 29 #smtp_use_tls = false
30 30 #smtp_use_ssl = true
@@ -1,26 +1,26 b''
1 1 .. _install-mysql-database:
2 2
3 3 MySQL or MariaDB
4 4 ----------------
5 5
6 6 To use a MySQL or MariaDB database you should install and configure the
7 database before installing |RCM|. This is because during |RCM| installation
7 database before installing |RCE|. This is because during |RCE| installation
8 8 you will setup a connection to your MySQL or MariaDB database. To work with
9 9 either, use the following steps:
10 10
11 11 1. Depending on your |os|, install a MySQL or MariaDB database following the
12 12 appropriate instructions from the `MySQL website`_ or `MariaDB website`_.
13 13 2. Configure the database with a username and password which you will use
14 with |RCM|.
15 3. Install |RCM|, and during installation select MySQL as your database.
14 with |RCE|.
15 3. Install |RCE|, and during installation select MySQL as your database.
16 16 4. Enter the following information during the database setup:
17 17
18 18 * Your network IP Address
19 19 * The port number for MySQL or MariaDB access.
20 20 The default port for both is ``3306``
21 21 * Your database username
22 22 * Your database password
23 23 * A new database name
24 24
25 25 .. _MySQL website: http://www.mysql.com/
26 26 .. _MariaDB website: https://mariadb.com/
@@ -1,24 +1,24 b''
1 1 .. _install-postgresql-database:
2 2
3 3 PostgreSQL
4 4 ----------
5 5
6 6 To use a PostgreSQL database, you should install and configure the database
7 before installing |RCV|. This is because during |RCV| installation you will
7 before installing |RCE|. This is because during |RCE| installation you will
8 8 setup the connection to your PostgreSQL database. To work with PostgreSQL,
9 9 use the following steps:
10 10
11 11 1. Depending on your |os|, install a PostgreSQL database following the
12 12 appropriate instructions from the `PostgreSQL website`_.
13 13 2. Configure the database with a username and password, which you will use
14 with |RCV|.
15 3. Install |RCV|, and during installation select PostgreSQL as your database.
14 with |RCE|.
15 3. Install |RCE|, and during installation select PostgreSQL as your database.
16 16 4. Enter the following information during the database setup:
17 17
18 18 * Your network IP Address
19 19 * The port number for PostgreSQL access; the default port is ``5434``
20 20 * Your database username
21 21 * Your database password
22 22 * A new database name
23 23
24 24 .. _PostgreSQL website: http://www.postgresql.org/
@@ -1,32 +1,32 b''
1 1 .. _install-sqlite-database:
2 2
3 3 SQLite
4 4 ------
5 5
6 6 .. important::
7 7
8 8 We do not recommend using SQLite in a large development environment
9 9 as it has an internal locking mechanism which can become a performance
10 10 bottleneck when there are more than 5 concurrent users.
11 11
12 |RCM| installs SQLite as the default database if you do not specify another
12 |RCE| installs SQLite as the default database if you do not specify another
13 13 during installation. SQLite is suitable for small teams,
14 14 projects with a low load, and evaluation purposes since it is built into
15 |RCM| and does not require any additional database server.
15 |RCE| and does not require any additional database server.
16 16
17 17 Using MySQL or PostgreSQL in an large setup gives you much greater
18 18 performance, and while migration tools exist to move from one database type
19 19 to another, it is better to get it right first time and to immediately use
20 MySQL or PostgreSQL when you deploy |RCM| in a production environment.
20 MySQL or PostgreSQL when you deploy |RCE| in a production environment.
21 21
22 22 Migrating From SQLite to PostgreSQL
23 23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
24 24
25 25 If you started working with SQLite and now need to migrate your database
26 26 to PostgreSQL, you can contact support@rhodecode.com for some help. We have a
27 27 set of scripts that enable SQLite to PostgreSQL migration. These scripts have
28 28 been tested, and work with PostgreSQL 9.1+.
29 29
30 30 .. note::
31 31
32 32 There are no SQLite to MySQL or MariaDB scripts available.
@@ -1,60 +1,60 b''
1 1 .. _integrations:
2 2
3 3 Integrations
4 4 ------------
5 5
6 6 |RCE| supports integrations with external services for various events,
7 7 such as commit pushes and pull requests. Multiple integrations of the same type
8 8 can be added at the same time; this is useful for posting different events to
9 9 different Slack channels, for example.
10 10
11 11 Supported integrations
12 12 ^^^^^^^^^^^^^^^^^^^^^^
13 13
14 ================================ ============ ========================================
15 Type/Name |RC| Edition Description
16 ================================ ============ ========================================
14 ================================ ================== ========================================
15 Type/Name RhodeCode Edition Description
16 ================================ ================== ========================================
17 17 :ref:`integrations-webhook` |RCCEshort| Trigger events as `json` to a custom url
18 18 :ref:`integrations-slack` |RCCEshort| Integrate with https://slack.com/
19 19 :ref:`integrations-hipchat` |RCCEshort| Integrate with https://www.hipchat.com/
20 20 :ref:`integrations-email` |RCCEshort| Send repo push commits by email
21 21 :ref:`integrations-ci` |RCCEshort| Trigger Builds for Common CI Systems
22 22 :ref:`integrations-rcextensions` |RCCEshort| Advanced low-level integration framework
23 23
24 24 :ref:`integrations-jenkins` |RCEEshort| Trigger Builds for Jenkins CI System
25 25 :ref:`integrations-redmine` |RCEEshort| Close/Resolve/Reference Redmine issues
26 26 :ref:`integrations-jira` |RCEEshort| Close/Resolve/Reference JIRA issues
27 ================================ ============ ========================================
27 ================================ ================== ========================================
28 28
29 29 .. _creating-integrations:
30 30
31 31 Creating an Integration
32 32 ^^^^^^^^^^^^^^^^^^^^^^^
33 33
34 34 Integrations can be added globally via the admin UI:
35 35
36 36 :menuselection:`Admin --> Integrations`
37 37
38 38 or per repository in each repository's settings:
39 39
40 40 :menuselection:`Admin --> Repositories --> Edit --> Integrations`
41 41
42 42 To create an integration, select the type from the list in the *Create New
43 43 Integration* section.
44 44
45 45 The *Current Integrations* section shows existing integrations that have been
46 46 created along with their type (eg. Slack) and enabled status.
47 47
48 48 See pages specific to each type of integration for more instructions:
49 49
50 50 .. toctree::
51 51
52 52 slack
53 53 hipchat
54 54 redmine
55 55 jira
56 56 webhook
57 57 email
58 58 ci
59 59 jenkins
60 60 integrations-rcextensions
@@ -1,81 +1,81 b''
1 1 .. _rhodecode-issue-trackers-ref:
2 2
3 3 Issue Tracker Integration
4 4 =========================
5 5
6 6 You can set an issue tracker connection in two ways with |RCE|.
7 7
8 8 * At the instance level, you can set a default issue tracker.
9 9 * At the |repo| level, you can configure an integration with a different issue
10 10 tracker.
11 11
12 To integrate |RCM| with an issue tracker, you need to define a regular
12 To integrate |RCE| with an issue tracker, you need to define a regular
13 13 expression that will fetch the issue ID stored in commit messages, and replace
14 14 it with a URL. This enables |RCE| to generate a link matching each issue to the
15 15 target |repo|.
16 16
17 17 Default Issue Tracker Configuration
18 18 -----------------------------------
19 19
20 20 To integrate your issue tracker, use the following steps:
21 21
22 22 1. Open :menuselection:`Admin --> Settings --> Issue Tracker`.
23 23 2. In the new entry field, enter the following information:
24 24
25 25 * :guilabel:`Description`: A name for this set of rules.
26 26 * :guilabel:`Pattern`: The regular expression that will match issues
27 27 tagged in commit messages, or more see :ref:`issue-tr-eg-ref`.
28 28 * :guilabel:`URL`: The URL to your issue tracker.
29 29 * :guilabel:`Prefix`: The prefix with which you want to mark issues.
30 30
31 31 3. Select **Add** so save the rule to your issue tracker configuration.
32 32
33 33 Repository Issue Tracker Configuration
34 34 --------------------------------------
35 35
36 36 You can configure specific |repos| to use a different issue tracker than the
37 37 default one. See the instructions in :ref:`repo-it`
38 38
39 39 .. _issue-tr-eg-ref:
40 40
41 41 Jira Integration
42 42 ----------------
43 43
44 44 * Regex = ``(?:^#|\s#)(\w+-\d+)``
45 45 * URL = ``https://myissueserver.com/browse/${id}``
46 46 * Issue Prefix = ``#``
47 47
48 48 Confluence (Wiki)
49 49 -----------------
50 50
51 51 * Regex = ``(?:conf-)([A-Z0-9]+)``
52 52 * URL = ``https://example.atlassian.net/display/wiki/${id}/${repo_name}``
53 53 * issue prefix = ``CONF-``
54 54
55 55 Redmine Integration
56 56 -------------------
57 57
58 58 * Regex = ``(issue-+\d+)``
59 59 * URL = ``https://myissueserver.com/redmine/issue/${id}``
60 60 * Issue Prefix = ``issue-``
61 61
62 62 Redmine (wiki)
63 63 --------------
64 64
65 65 * Regex = ``(?:wiki-)([a-zA-Z0-9]+)``
66 66 * URL = ``https://example.com/redmine/projects/wiki/${repo_name}``
67 67 * Issue prefix = ``Issue-``
68 68
69 69 Pivotal Tracker
70 70 ---------------
71 71
72 72 * Regex = ``(?:pivot-)(?<project_id>\d+)-(?<story>\d+)``
73 73 * URL = ``https://www.pivotaltracker.com/s/projects/${project_id}/stories/${story}``
74 74 * Issue prefix = ``Piv-``
75 75
76 76 Trello
77 77 ------
78 78
79 79 * Regex = ``(?:trello-)(?<card_id>[a-zA-Z0-9]+)``
80 80 * URL = ``https://trello.com/example.com/${card_id}``
81 81 * Issue prefix = ``Trello-``
@@ -1,15 +1,15 b''
1 1 .. _err-msg-ref:
2 2
3 3 Error Message Guide
4 4 ===================
5 5
6 6 Error Message
7 7 Error creating repository repo-name
8 8
9 9 Cause
10 As of |RCM| 3.0, a VCS Server is required to run backend operations.
10 As of |RCE| 3.0, a VCS Server is required to run backend operations.
11 11
12 12 Solution
13 13 Install a VCS Server. See the `Install a VCS Server`_ section of |RCC|
14 14
15 15 .. _Install a VCS Server: https://docs.rhodecode.com/RhodeCode-Control/tasks/upgrade-from-cli.html#install-a-vcs-server No newline at end of file
@@ -1,31 +1,31 b''
1 1 .. _rhodecode-nix-ref:
2 2
3 3 Nix Packaging
4 4 =============
5 5
6 |RCM| is installed using |Nix Package Manager|. The Nix environment provides
6 |RCE| is installed using |Nix Package Manager|. The Nix environment provides
7 7 the following features for maintenance and deployment:
8 8
9 9 * Atomic upgrades and rollbacks
10 10 * Complete dependency management
11 11 * Garbage collection
12 12 * Binary patching
13 13 * Secure channel updates
14 14 * Nix works on Windows, Linux, and OSX
15 15
16 16 The complete list of dependencies can be found in
17 17 :file:`/opt/rhodecode/store/{unique-hash}`.
18 18
19 19 .. note::
20 20
21 21 No |RCE| data is stored in this location.
22 22
23 23 .. warning::
24 24
25 25 Never alter any of the packages in the store. Always use the
26 26 :ref:`RhodeCode Control CLI <control:rcc-cli>` update functions to keep
27 27 the packages and instances updated.
28 28
29 29 .. |Nix Package Manager| raw:: html
30 30
31 31 <a href="http://nixos.org/nix/" target="_blank">Nix</a>
@@ -1,166 +1,166 b''
1 1 |RCE| 3.0.0 |RNS|
2 2 -----------------
3 3
4 As |RCM| 3.0 is a big release, the release notes have been split into the following sections:
4 As |RCE| 3.0 is a big release, the release notes have been split into the following sections:
5 5
6 6 * :ref:`general-rn-ref`
7 7 * :ref:`security-rn-ref`
8 8 * :ref:`api-rn-ref`
9 9 * :ref:`performance-rn-ref`
10 10 * :ref:`prs-rn-ref`
11 11 * :ref:`gists-rn-ref`
12 12 * :ref:`search-rn-ref`
13 13 * :ref:`fixes-rn-ref`
14 14
15 15 .. _general-rn-ref:
16 16
17 17 General
18 18 ^^^^^^^
19 19 * Released 2015-01-27
20 20 * Basic |svn| support added
21 21 * GPLv3 components removed
22 22 * Server/Client architecture for VCS systems created
23 23 * Python 2.5 and 2.6 support deprecated
24 24 * Server info pages now show gist/archive cache storage, and also CPU/Memory/Load information.
25 25 * Added new bulk commit (changeset) status comment form into compare view which enables bulk code-reviews without
26 26 opening a pull-request.
27 27 * License checks and limits now only apply to active users.
28 28 * Removed CLI command for |repo| scans as it can be done via an API call.
29 29 * VCS backends can be globally enabled/disabled from the :file:`rhodecode.ini` file.
30 30 * Added a UI option to set default rendering to rst or markdown.
31 31 * Added syntax highlighting to 2 way compare diff.
32 32 * Markup rendering can now render checkboxes for easy checklists generation.
33 33 * Gravatars are now retina ready.
34 34 * Admins can define custom CSS or JavaScript in the header or footer via new pre/post code options.
35 35 * Replaced ``graph.js`` with ``commits-graph.js`` html5 implementation.
36 36 * Added editable owner field for repository groups, and user group.
37 37 * Added an option to detach/delete user repositories when deleting users from the system.
38 38 * Added a Supervisor control page that shows status of processes.
39 39 * User admin grid can now filter by username OR email.
40 40 * Added personal |repo| group link for easier fork creation.
41 41 * Added support for using subdirectories when creating and uploading new files.
42 42 * Added option to rename a file from the web interface.
43 43 * Added arrow key navigation to file filter and fixed the back button behaviour.
44 44 * Added fuzzy matching to file filter.
45 45 * Added functionality to create folder structures along with files when adding content via the web interface.
46 46 * Separated default permissions UI into `global`, `user`, or `object` permissions management.
47 47 * Added an inheritance flag to object permissions which allows for explicit permissions which disregard global
48 48 permissions.
49 49 * Added post create repository group hook.
50 50 * Added trigger push hooks on online file editor.
51 51 * Added default title for pull request.
52 52 * More detailed logs during Authentication.
53 53 * More explicit logging when permission checks occur.
54 54 * Switched the implementation of |git| ``fetch clone pull checkout`` commands to pure |py| without any subprocess
55 55 calls.
56 56 * Introduced the ``rcserver`` command for custom development.
57 57 * Added the ability to force no cache archived via the ``GET no_cache`` flag
58 58
59 59 .. _security-rn-ref:
60 60
61 61 Security
62 62 ^^^^^^^^
63 63
64 64 * CSRF (Cross-Site Request Forgery) tokens now in all pages that use forms.
65 65 * The ``clone_url`` field is now AES encrypted inside the database.
66 66 * ACLs (Access Control Lists) are checked on the gist edit page for logged in users.
67 67 * New repository groups and repositories are created with 0755 permissions and not not 0777.
68 68 * Explicit RSS tokens are used for the RSS journal, when leaked, limits access to RSS only.
69 69 * Fixed XSS issues when rendering raw SVG files.
70 70 * Added force password reset option for users.
71 71 * IP list now accepts comma-separated values, and also ranges using `-` to specify multiple addresses.
72 72 * Added ``auth tokens``, these authentication tokens can be used as an alternative to passwords.
73 73 * Added roles (``http, api, rss, all, vcs``) into authentication tokens (previously called ``apikeys``).
74 74 * LDAP Group Support added.
75 75 * Added JASIG CAS auth plugin support.
76 76 * Added a plugin parameter that defines if a plugin can create new users on the fly.
77 77
78 78 .. _api-rn-ref:
79 79
80 80 API
81 81 ^^^
82 82 * Added permissions delegation when creating |repos| or |repo| groups.
83 83 * Added ``strip`` support for |hg| and |git| |repos|.
84 84 * Added comments API for commits.
85 85 * Added add/remove methods for extra fields in repositories.
86 86 * ``get_*`` calls now use ``permission()`` and ``permission_user_group()`` methods for unified permissions structure.
87 87 * ``get_repo_nodes`` information sending has changed and is no longer a boolean flag, it's now ``basic`` or ``full``.
88 88 * Due to configurable backends ``repo_type`` is now mandatory parameter for the ``create_repo`` call.
89 89
90 90 .. _performance-rn-ref:
91 91
92 92 Performance
93 93 ^^^^^^^^^^^
94 94
95 95 * Significant performance improvements across all application functions.
96 96 * HTTP Authentication performance enhancements.
97 97 * Added a ``scope`` variable to the permissions fetching function which improves building permission trees in large
98 98 amounts by a factor of 10.
99 99 * Implemented caching logic for all authentication plugins. The ``AUTH_CACHE_TTL = <int>`` property now allow you to
100 100 set the cache in seconds.
101 101
102 102 .. _prs-rn-ref:
103 103
104 104 Pull Requests
105 105 ^^^^^^^^^^^^^
106 106
107 107 * Pull requests can be now updated and merged from the web interface
108 108 * Fixed creating a Mercurial |pr| from a bookmark.
109 109 * Forbid closing pull requests when calculated status is different that the approved or rejected version.
110 110 * Properly display calculated pull request review status on listing page.
111 111 * Disable delete comment button if |pr| is closed.
112 112
113 113 .. _gists-rn-ref:
114 114
115 115 Gists
116 116 ^^^^^
117 117 * New UI based on grids with filtering.
118 118 * Super-admins can see all gists.
119 119 * Gists can now be created with a custom names.
120 120
121 121 .. _search-rn-ref:
122 122
123 123 Search
124 124 ^^^^^^
125 125
126 126 * New API based indexer.
127 127 * Added the ability to create size limits for indexed files.
128 128 * Added a new mapping configuration file which gives a very high level of flexibility when creating full text search.
129 129
130 130 .. _fixes-rn-ref:
131 131
132 132 Fixes
133 133 ^^^^^
134 134
135 135 * General: fixed issues with dependent objects, such as ``users`` in ``user groups``. Cleaning up these dependent
136 136 objects is now done in a safe way.
137 137 * General: deleting a ``user group`` from **settings > advanced** will use force removal and cleanup from all
138 138 associations.
139 139 * General: fixed issue with filter proxy middleware it's now more error prone.
140 140 * General: fixed issues with unable to create fork inside a group.
141 141 * General: fixed bad logic in ``ext_json`` lib, that checked bool on microseconds, in case it was 0 bool it returned False.
142 142 * General: authors in annotation mode shows authors of current source, not from all history (that is in normal mode)
143 143 * Permissions: fix issue when inherit flag for user group stopped working after initial permissions set.
144 144 * |git|: fixed shallow clones.
145 145 * |git|: added ``\n`` into the service line of |git| protocol. It is in the specifications and some python clients
146 146 require this.
147 147 * |hg|: fix thread safety for mercurial ``in-memory`` commits.
148 148 * Windows: fixed issue with shebang and env headers.
149 149 * MySQL: fixed database fields with 256 char length with added indexes. Mysql had problems with them.
150 150 * Database: fixed bad usage of matching using ``ILIKE``. Previously it could happen that if you had
151 151 ``marcin_1@rhodecode.com`` and ``marcin_2@rhodecode.com`` emails, using ``marcin_@rhodecode.com`` would match both.
152 152 * VCS: fixed issues with double new lines on the commit patches.
153 153 * VCS: repository locking now requires write permission to repository. If we allowed locking with read,
154 154 people can lock repository without an option to unlock it.
155 155 * Models: removed the ``isdigit`` call that can create issues when names are actually numbers on fetching objects.
156 156 * Files: Fix bug with show authors in annotate view.
157 157 * Hooks: truncate excessive commit lists on ``post_push`` hook.
158 158 * Hooks: in |git|, support added to set the default branch if it is not ``master``.
159 159 * Notifications: now can be marked as read when you are not admin.
160 160 * Notifications: marking all notifications as read will hide the counter.
161 161 * Frontend: fixed branch-tag switcher multiple ajax calls.
162 162 * Repository group: |repo| group owners can now change group settings even if they don't have access to top-level
163 163 permissions.
164 164 * Repositories: if you set ``Fork of`` in advanced repository settings it will now only show valid repositories
165 165 with the same type.
166 166
@@ -1,85 +1,85 b''
1 1 .. _install-tools:
2 2
3 3 |RCT| Installation
4 4 ------------------
5 5
6 6 As of |RCE| 3.4.1 |RCT| is installed automatically on the server with |RCE|. You
7 7 do not need to install |RCT| on the server, but you will need to install them
8 8 on machines that need remote access. The tools are linked to the instance
9 9 folder, for example :file:`~/.rccontrol/{instance-id}/profile/bin`
10 10
11 11 You can list the available tools using the following example, and the valid
12 12 tools options are those which correspond with those in the :ref:`rc-tools`
13 13 section.
14 14
15 15 .. code-block:: bash
16 16
17 17 $ ls ~/.rccontrol/enterprise-4/profile/bin/
18 18
19 19 gen_js_i18n rhodecode-cleanup-gists rhodecode-tools svnrdump
20 20 gen_js_routes rhodecode-cleanup-repos supervisorctl svnserve
21 21 git rhodecode-config supervisord svnsync
22 22 gunicorn rhodecode-extensions svn svnversion
23 23 hg rhodecode-gist svnadmin vcsserver
24 24 paster rhodecode-index svndumpfilter
25 25 rc-server rhodecode-list-instances svnlook
26 26 rhodecode-api rhodecode-setup-config svnmucc
27 27
28 28 You can then use the tools as described in the :ref:`rc-tools` section using the
29 29 following example:
30 30
31 31 .. code-block:: bash
32 32
33 33 # Running the indexer
34 34 $ ~/.rccontrol/enterprise-1/profile/bin/rhodecode-index \
35 35 --instance-name=enterprise-1
36 36
37 37 # Cleaning up gists
38 38 $ ~/.rccontrol/enterprise-4/profile/bin/rhodecode-cleanup-gists \
39 39 --instance-name=enterprise-4
40 40
41 41 Scanning for gists in /home/brian/repos/.rc_gist_store...
42 42 preparing to remove [1] found gists
43 43
44 44 Installing |RCT|
45 45 ^^^^^^^^^^^^^^^^
46 46
47 |RCT| enable you to automate many of the most common |RCM| functions through
47 |RCT| enable you to automate many of the most common |RCE| functions through
48 48 the API. Installing them on a local machine lets you carry out maintenance on
49 49 the server remotely. Once installed you can use them to index your |repos|
50 to setup full-text search, strip commits, or install |RC| Extensions for
50 to setup full-text search, strip commits, or install RhodeCode Extensions for
51 51 additional functionality.
52 52
53 53 For more detailed instructions about using |RCT| for indexing and full-text
54 54 search, see :ref:`indexing-ref`
55 55
56 56 To install |RCT|, use the following steps:
57 57
58 58 1. Set up a ``virtualenv`` on your local machine, see virtualenv_ instructions
59 59 here.
60 60 2. Install |RCT| using pip. Full url with token is available at https://rhodecode.com/u/#rhodecode-tools
61 61 ``pip install -I https://dls.rhodecode.com/dls/<token>/rhodecode-tools/latest``
62 62
63 63
64 64 Once |RCT| is installed using these steps there are a few extra
65 65 configuration changes you can make. These are explained in more detail in the
66 66 :ref:`indexing-ref` section, and the :ref:`rc-tools` section.
67 67
68 68 .. code-block:: bash
69 69
70 70 # Create a virtualenv
71 71 brian@ubuntu:~$ virtualenv venv
72 72 New python executable in venv/bin/python
73 73 Installing setuptools, pip...done.
74 74
75 75 # Activate the virtualenv
76 76 brian@ubuntu:~$ . venv/bin/activate
77 77
78 78 # Install RhodeCode Tools inside the virtualenv, full url with token is available at https://rhodecode.com/u/#rhodecode-tools
79 79 $ pip install -I https://dls.rhodecode.com/dls/<token>/rhodecode-tools/latest
80 80
81 81 # Check the installation
82 82 $ rhodecode-tools --help
83 83
84 84 .. _virtualenv: https://virtualenv.pypa.io/en/latest/index.html
85 85
@@ -1,14 +1,14 b''
1 1 .. _rc-tools:
2 2
3 3 |RCT|
4 4 =====
5 5
6 |RCT| enable you to automate many of the most common |RCM| functions through
6 |RCT| enable you to automate many of the most common |RCE| functions through
7 7 the API.
8 8
9 9 .. toctree::
10 10 :maxdepth: 1
11 11
12 12 tools-overview
13 13 install-tools
14 14 tools-cli
@@ -1,578 +1,578 b''
1 1 .. _tools-cli:
2 2
3 3 |RCT| CLI
4 4 ---------
5 5
6 6 The commands available with |RCT| can be split into three categories:
7 7
8 8 - Remotely executable commands that can be run from your local machine once you
9 9 have your connection details to |RCE| configured.
10 10 - Locally executable commands the can be run on the server to carry out
11 11 general maintenance.
12 12 - Local configuration commands used to help set up your |RCT| configuration.
13 13
14 14
15 15 rhodecode-tools
16 16 ---------------
17 17
18 18 Use |RCT| to setup automation, run the indexer, and install extensions for
19 your |RCM| instances. Options:
19 your |RCE| instances. Options:
20 20
21 21 .. rst-class:: dl-horizontal
22 22
23 23 \ - -apihost <api_host>
24 24 Set the API host value.
25 25
26 26 \ - -apikey <apikey_value>
27 27 Set the API key value.
28 28
29 29 \-c, - -config <config_file>
30 30 Create a configuration file. The default file is created
31 31 in ``~/.rhoderc``
32 32
33 33 \ - -save-config
34 34 Save the configuration file.
35 35
36 36 \ - -show-config
37 37 Show the current configuration values.
38 38
39 39 \ - -format {json,pretty}
40 40 Set the formatted representation.
41 41
42 42 Example usage:
43 43
44 44 .. code-block:: bash
45 45
46 46 $ rhodecode-tools --apikey=key --apihost=http://rhodecode.server \
47 47 --save-config
48 48
49 49 rhodecode-api
50 50 -------------
51 51
52 The |RC| API lets you connect to |RCE| and carry out management tasks from a
52 The RhodeCode API lets you connect to |RCE| and carry out management tasks from a
53 53 remote machine, for more information about the API, see the :ref:`api`. To
54 54 pass arguments on the command-line use the ``method:option`` syntax.
55 55
56 56 Example usage:
57 57
58 58 .. code-block:: bash
59 59
60 60 # Run the get_repos API call and sample output
61 61 $ rhodecode-api --instance-name=enterprise-1 create_repo \
62 62 repo_name:brand-new repo_type:hg description:repo-desc
63 63
64 64 {
65 65 "error": null,
66 66 "id": 1110,
67 67 "result": {
68 68 "msg": "Created new repository `brand-new`",
69 69 "success": true,
70 70 "task": null
71 71 }
72 72 }
73 73
74 74 Options:
75 75
76 76 .. rst-class:: dl-horizontal
77 77
78 78 \ - -api-cache-only
79 79 Requires a cache to be present when running this call
80 80
81 81 \ - -api-cache-rebuild
82 82 Replaces existing cached values with new ones from server
83 83
84 84 \ - -api-cache <PATH>
85 85 Use a special cache dir to read responses from instead of the server
86 86
87 87 \ - -api-cert-verify
88 88 Verify the endpoint ssl certificate
89 89
90 90 \ - -api-cert <PATH>
91 91 Path to alternate CA bundle.
92 92
93 93 \ - -apihost <api_host>
94 94 Set the API host value.
95 95
96 96 \ - -apikey <apikey_value>
97 97 Set the API key value.
98 98
99 99 \ - -instance-name <instance-id>
100 100 Set the instance name
101 101
102 102 \-I, - -install-dir <DIR>
103 103 Location of application instances
104 104
105 105 \-c, - -config <.rhoderc-file>
106 106 Location of the :file:`.rhoderc`
107 107
108 108 \-F, - -format {json,pretty}
109 109 Set the formatted representation.
110 110
111 111 \-h, - -help
112 112 Show help messages.
113 113
114 114 \-v, - -verbose
115 115 Enable verbose messaging
116 116
117 117 rhodecode-cleanup-gists
118 118 -----------------------
119 119
120 Use this to delete gists within |RCM|. Options:
120 Use this to delete gists within |RCE|. Options:
121 121
122 122 .. rst-class:: dl-horizontal
123 123
124 124 \-c, - -config <config_file>
125 125 Set the file path to the configuration file. The default file is
126 126 :file:`/home/{user}/.rhoderc`
127 127
128 128 \ - -corrupted
129 129 Remove gists with corrupted metadata.
130 130
131 131 \ - -dont-ask
132 132 Remove gists without asking for confirmation.
133 133
134 134 \-h, - -help
135 135 Show help messages. current configuration values.
136 136
137 137 \ - -instance-name <instance-id>
138 138 Set the instance name.
139 139
140 140 \-R, - -repo-dir
141 141 Set the repository file path.
142 142
143 143 \ - -version
144 144 Display your |RCT| version.
145 145
146 146 Example usage:
147 147
148 148 .. code-block:: bash
149 149
150 150 # Clean up gists related to an instance
151 151 $ rhodecode-cleanup-gists --instance-name=enterprise-1
152 152 Scanning for gists in /home/brian/repos/.rc_gist_store...
153 153 preparing to remove [3] found gists
154 154
155 155 # Clean up corrupted gists in an instance
156 156 $ rhodecode-cleanup-gists --instance-name=enterprise-1 --corrupted
157 157 Scanning for gists in /home/brian/repos/.rc_gist_store...
158 158 preparing to remove [2] found gists
159 159 the following gists will be archived:
160 160 * EXPIRED: BAD METADATA | /home/brian/repos/.rc_gist_store/5
161 161 * EXPIRED: BAD METADATA | /home/brian/repos/.rc_gist_store/8FtC
162 162 are you sure you want to archive them? [y/N]: y
163 163 removing gist /home/brian/repos/.rc_gist_store/5
164 164 removing gist /home/brian/repos/.rc_gist_store/8FtCKdcbRKmEvRzTVsEt
165 165
166 166 rhodecode-cleanup-repos
167 167 -----------------------
168 168
169 Use this to manage |repos| and |repo| groups within |RCM|. Options:
169 Use this to manage |repos| and |repo| groups within |RCE|. Options:
170 170
171 171 .. rst-class:: dl-horizontal
172 172
173 173 \-c, - -config <config_file>
174 174 Set the file path to the configuration file. The default file is
175 175 :file:`/home/{user}/.rhoderc`.
176 176
177 177 \-h, - -help
178 178 Show help messages. current configuration values.
179 179
180 180 \ - -interactive
181 181 Enable an interactive prompt for each repository when deleting.
182 182
183 183 \ - -include-groups
184 184 Remove repository groups.
185 185
186 186 \ - -instance-name <instance-id>
187 187 Set the instance name.
188 188
189 189 \ - -list-only
190 190 Display repositories selected for deletion.
191 191
192 192 \ - -older-than <str>
193 193 Delete repositories older that a specified time.
194 194 You can use the following suffixes; d for days, h for hours,
195 195 m for minutes, s for seconds.
196 196
197 197 \-R, - -repo-dir
198 198 Set the repository file path
199 199
200 200 Example usage:
201 201
202 202 .. code-block:: bash
203 203
204 204 # Cleaning up repos using tools installed with RCE 350 and above
205 205 $ ~/.rccontrol/enterprise-4/profile/bin/rhodecode-cleanup-repos \
206 206 --instance-name=enterprise-4 --older-than=1d
207 207 Scanning for repositories in /home/brian/repos...
208 208 preparing to remove [2] found repositories older than 1 day, 0:00:00 (1d)
209 209
210 210 the following repositories will be deleted completely:
211 211 * REMOVED: 2015-08-05 00:23:18 | /home/brian/repos/rm__20150805_002318_831
212 212 * REMOVED: 2015-08-04 01:22:10 | /home/brian/repos/rm__20150804_012210_336
213 213 are you sure you want to remove them? [y/N]:
214 214
215 215 # Clean up repos older than 1 year
216 216 # If using virtualenv and pre RCE 350 tools installation
217 217 (venv)$ rhodecode-cleanup-repos --instance-name=enterprise-1 \
218 218 --older-than=365d
219 219
220 220 Scanning for repositories in /home/brian/repos...
221 221 preparing to remove [343] found repositories older than 365 days
222 222
223 223 # clean up repos older than 3 days
224 224 # If using virtualenv and pre RCE 350 tools installation
225 225 (venv)$ rhodecode-cleanup-repos --instance-name=enterprise-1 \
226 226 --older-than=3d
227 227 Scanning for repositories in /home/brian/repos...
228 228 preparing to remove [3] found repositories older than 3 days
229 229
230 230 .. _tools-config:
231 231
232 232 rhodecode-config
233 233 ----------------
234 234
235 235 Use this to create or update a |RCE| configuration file on the local machine.
236 236
237 237 .. rst-class:: dl-horizontal
238 238
239 239 \- -filename </path/to/config_file>
240 240 Set the file path to the |RCE| configuration file.
241 241
242 242 \- -show-defaults
243 243 Display the defaults set in the |RCE| configuration file.
244 244
245 245 \- -update
246 246 Update the configuration with the new settings passed on the command
247 247 line.
248 248
249 249 .. code-block:: bash
250 250
251 251 # Create a new config file
252 252 $ rhodecode-config --filename=dev.ini
253 253 Wrote new config file in /Users/user/dev.ini
254 254
255 255 # Update config value for given section:
256 256 $ rhodecode-config --update --filename=prod.ini [handler_console]level=INFO
257 257
258 258 $ rhodecode-config --filename=dev.ini --show-defaults
259 259 lang=en
260 260 cpu_number=4
261 261 uuid=<function <lambda> at 0x10d86ac08>
262 262 license_token=ff1e-aa9c-bb66-11e5
263 263 host=127.0.0.1
264 264 here=/Users/brian
265 265 error_aggregation_service=None
266 266 database_url=sqlite:///%(here)s/rhodecode.db?timeout=30
267 267 git_path=git
268 268 http_server=waitress
269 269 port=5000
270 270
271 271 .. _tools-rhodecode-extensions:
272 272
273 273 rhodecode-extensions
274 274 --------------------
275 275
276 276 The `rcextensions` since version 4.14 are now shipped together with |RCE| please check
277 277 the using :ref:`integrations-rcextensions` section.
278 278
279 279
280 280 rhodecode-gist
281 281 --------------
282 282
283 Use this to create, list, show, or delete gists within |RCM|. Options:
283 Use this to create, list, show, or delete gists within |RCE|. Options:
284 284
285 285 .. rst-class:: dl-horizontal
286 286
287 287 \ - -api-cache-only
288 288 Requires a cache to be present when running this call
289 289
290 290 \ - -api-cache-rebuild
291 291 Replaces existing cached values with new ones from server
292 292
293 293 \ - -api-cache PATH
294 294 Use a special cache dir to read responses from instead of the server
295 295
296 296 \ - -api-cert-verify
297 297 Verify the endpoint ssl certificate
298 298
299 299 \ - -api-cert PATH
300 300 Path to alternate CA bundle.
301 301
302 302 \ - -apihost <api_host>
303 303 Set the API host value.
304 304
305 305 \ - -apikey <apikey_value>
306 306 Set the API key value.
307 307
308 308 \-c, - -config <config_file>
309 309 Create a configuration file.
310 310 The default file is created in :file:`~/.rhoderc`
311 311
312 312 \ - -create <gistname>
313 313 create the gist
314 314
315 315 \-d, - -description <str>
316 316 Set gist description
317 317
318 318 \ - -delete <gistid>
319 319 Delete the gist
320 320
321 321 \-f, - -file
322 322 Specify the filename The file extension will enable syntax highlighting.
323 323
324 324 \-F, - -format {json,pretty}
325 325 Set the formatted representation.
326 326
327 327 \ - -help
328 328 Show help messages.
329 329
330 330 \-I, - -install-dir <DIR>
331 331 Location of application instances
332 332
333 333 \ - -instance-name <instance-id>
334 334 Set the instance name.
335 335
336 336 \ - -list
337 337 Display instance gists.
338 338
339 339 \-l, --lifetime <minutes>
340 340 Set the gist lifetime. The default value is (-1) forever
341 341
342 342 \ - -show <gistname>
343 343 Show the content of the gist
344 344
345 345 \-o, - -open
346 346 After creating Gist open it in browser
347 347
348 348 \-p, - -private
349 349 Create a private gist
350 350
351 351 \ - -version
352 352 Display your |RCT| version.
353 353
354 354 Example usage:
355 355
356 356 .. code-block:: bash
357 357
358 358 # List the gists in an instance
359 359 (venv)brian@ubuntu:~$ rhodecode-gist --instance-name=enterprise-1 list
360 360 {
361 361 "error": null,
362 362 "id": 7102,
363 363 "result": [
364 364 {
365 365 "access_id": "2",
366 366 "content": null,
367 367 "created_on": "2015-01-19T12:52:26.494",
368 368 "description": "A public gust",
369 369 "expires": -1.0,
370 370 "gist_id": 2,
371 371 "type": "public",
372 372 "url": "http://127.0.0.1:10003/_admin/gists/2"
373 373 },
374 374 {
375 375 "access_id": "7gs6BsSEC4pKUEPLz5AB",
376 376 "content": null,
377 377 "created_on": "2015-01-19T11:27:40.812",
378 378 "description": "Gist testing API",
379 379 "expires": -1.0,
380 380 "gist_id": 1,
381 381 "type": "private",
382 382 "url": "http://127.0.0.1:10003/_admin/gists/7gs6BsSEC4pKUEPLz5AB"
383 383 }
384 384 ]
385 385 }
386 386
387 387 # delete a particular gist
388 388 # You use the access_id to specify the gist to delete
389 389 (venv)brian@ubuntu:~$ rhodecode-gist delete 2 --instance-name=enterprise-1
390 390 {
391 391 "error": null,
392 392 "id": 6284,
393 393 "result": {
394 394 "gist": null,
395 395 "msg": "deleted gist ID:2"
396 396 }
397 397 }
398 398
399 399 # cat a file and pipe to new gist
400 400 # This is if you are using virtualenv
401 401 (venv)$ cat ~/.rhoderc | rhodecode-gist --instance-name=enterprise-1 \
402 402 -d '.rhoderc copy' create
403 403
404 404 {
405 405 "error": null,
406 406 "id": 5374,
407 407 "result": {
408 408 "gist": {
409 409 "access_id": "7",
410 410 "content": null,
411 411 "created_on": "2015-01-26T11:31:58.774",
412 412 "description": ".rhoderc copy",
413 413 "expires": -1.0,
414 414 "gist_id": 7,
415 415 "type": "public",
416 416 "url": "http://127.0.0.1:10003/_admin/gists/7"
417 417 },
418 418 "msg": "created new gist"
419 419 }
420 420 }
421 421
422 422 # Cat a file and pipe to gist
423 423 # in RCE 3.5.0 tools and above
424 424 $ cat ~/.rhoderc | ~/.rccontrol/{instance-id}/profile/bin/rhodecode-gist \
425 425 --instance-name=enterprise-4 -d '.rhoderc copy' create
426 426 {
427 427 "error": null,
428 428 "id": 9253,
429 429 "result": {
430 430 "gist": {
431 431 "access_id": "4",
432 432 "acl_level": "acl_public",
433 433 "content": null,
434 434 "created_on": "2015-08-20T05:54:11.250",
435 435 "description": ".rhoderc copy",
436 436 "expires": -1.0,
437 437 "gist_id": 4,
438 438 "modified_at": "2015-08-20T05:54:11.250",
439 439 "type": "public",
440 440 "url": "http://127.0.0.1:10000/_admin/gists/4"
441 441 },
442 442 "msg": "created new gist"
443 443 }
444 444 }
445 445
446 446
447 447 rhodecode-index
448 448 ---------------
449 449
450 450 More detailed information regarding setting up the indexer is available in
451 451 the :ref:`indexing-ref` section. Options:
452 452
453 453 .. rst-class:: dl-horizontal
454 454
455 455 \ - -api-cache-only
456 456 Requires a cache to be present when running this call
457 457
458 458 \ - -api-cache-rebuild
459 459 Replaces existing cached values with new ones from server
460 460
461 461 \ - -api-cache PATH
462 462 Use a special cache dir to read responses from instead of the server
463 463
464 464 \ - -api-cert-verify
465 465 Verify the endpoint ssl certificate
466 466
467 467 \ - -api-cert PATH
468 468 Path to alternate CA bundle.
469 469
470 470 \ - -apihost <api_host>
471 471 Set the API host value.
472 472
473 473 \ - -apikey <apikey_value>
474 474 Set the API key value.
475 475
476 476 \-c, --config <config_file>
477 477 Create a configuration file.
478 478 The default file is created in :file:`~/.rhoderc`
479 479
480 480 \ - -create-mapping <PATH>
481 481 Creates an example mapping configuration for indexer.
482 482
483 483 \-F, - -format {json,pretty}
484 484 Set the formatted representation.
485 485
486 486 \-h, - -help
487 487 Show help messages.
488 488
489 489 \ - -instance-name <instance-id>
490 490 Set the instance name
491 491
492 492 \-I, - -install-dir <DIR>
493 493 Location of application instances
494 494
495 495 \-m, - -mapping <file_name>
496 496 Parse the output to the .ini mapping file.
497 497
498 498 \ - -optimize
499 499 Optimize index for performance by amalgamating multiple index files
500 500 into one. Greatly increases incremental indexing speed.
501 501
502 502 \-R, - -repo-dir <DIRECTORY>
503 503 Location of repositories
504 504
505 505 \ - -source <PATH>
506 506 Use a special source JSON file to feed the indexer
507 507
508 508 \ - -version
509 509 Display your |RCT| version.
510 510
511 511 Example usage:
512 512
513 513 .. code-block:: bash
514 514
515 515 # Run the indexer
516 516 $ ~/.rccontrol/enterprise-4/profile/bin/rhodecode-index \
517 517 --instance-name=enterprise-4
518 518
519 519 # Run indexer based on mapping.ini file
520 520 # This is using pre-350 virtualenv
521 521 (venv)$ rhodecode-index --instance-name=enterprise-1
522 522
523 523 # Index from the command line without creating
524 524 # the .rhoderc file
525 525 $ rhodecode-index --apikey=key --apihost=http://rhodecode.server \
526 526 --instance-name=enterprise-2 --save-config
527 527
528 528 # Create the indexing mapping file
529 529 $ ~/.rccontrol/enterprise-4/profile/bin/rhodecode-index \
530 530 --create-mapping mapping.ini --instance-name=enterprise-4
531 531
532 532 .. _tools-rhodecode-list-instance:
533 533
534 534 rhodecode-list-instances
535 535 ------------------------
536 536
537 537 Use this command to list the instance details configured in the
538 538 :file:`~/.rhoderc` file.
539 539
540 540 .. code-block:: bash
541 541
542 542 $ .rccontrol/enterprise-1/profile/bin/rhodecode-list-instances
543 543 [instance:production] - Config only
544 544 API-HOST: https://some.url.com
545 545 API-KEY: some.auth.token
546 546
547 547 [instance:development] - Config only
548 548 API-HOST: http://some.ip.address
549 549 API-KEY: some.auth.token
550 550
551 551
552 552 .. _tools-setup-config:
553 553
554 554 rhodecode-setup-config
555 555 ----------------------
556 556
557 557 Use this command to create the ``~.rhoderc`` file required by |RCT| to access
558 558 remote instances.
559 559
560 560 .. rst-class:: dl-horizontal
561 561
562 562 \- -instance-name <name>
563 563 Specify the instance name in the :file:`~/.rhoderc`
564 564
565 565 \api_host <hostname>
566 566 Create a configuration file. The default file is created
567 567 in ``~/.rhoderc``
568 568
569 569 \api_key <auth-token>
570 570 Create a configuration file. The default file is created
571 571 in ``~/.rhoderc``
572 572
573 573
574 574 .. code-block:: bash
575 575
576 576 (venv)$ rhodecode-setup-config --instance-name=tea api_host=URL api_key=xyz
577 577 Config not found under /Users/username/.rhoderc, creating a new one
578 578 Wrote new configuration into /Users/username/.rhoderc
@@ -1,66 +1,66 b''
1 1 .. _tools-overview:
2 2
3 3 |RCT| Overview
4 4 --------------
5 5
6 6 To install |RCT| correctly, see the installation steps covered in
7 7 :ref:`install-tools`, and :ref:`config-rhoderc`.
8 8
9 9 Once |RCT| is installed, and the :file:`/home/{user}/.rhoderc` file is
10 configured you can then use |RCT| on each |RCM| instance to carry out admin
10 configured you can then use |RCT| on each |RCE| instance to carry out admin
11 11 tasks. Use the following example to configure that file,
12 12 and once configured see the :ref:`tools-cli` for more details.
13 13
14 14 .. note::
15 15
16 16 |RCT| require |PY| 2.7 to run.
17 17
18 18 .. code-block:: bash
19 19
20 20 # Get the status of each instance you wish to use with Tools
21 21 (venv)brian@ubuntu:~$ rccontrol status
22 22
23 23 - NAME: momentum-1
24 24 - STATUS: RUNNING
25 25 - TYPE: Momentum
26 26 - VERSION: 3.0.0-nightly-momentum
27 27 - URL: http://127.0.0.1:10003
28 28
29 29 - NAME: momentum-3
30 30 - STATUS: RUNNING
31 31 - TYPE: Momentum
32 32 - VERSION: 3.0.0-nightly-momentum
33 33 - URL: http://127.0.0.1:10007
34 34
35 35 Example :file:`/home/{user}/.rhoderc` file.
36 36
37 37 .. code-block:: ini
38 38
39 39 # Configure the .rhoderc file for each instance
40 40 # API keys found in your instance
41 41 [instance:enterprise-1]
42 42 api_host = http://127.0.0.1:10003/
43 43 api_key = 91fdbdc257289c46633ef5aab274412911de1ba9
44 44 repo_dir = /home/brian/repos
45 45
46 46 [instance:enterprise-3]
47 47 api_host = http://127.0.0.1:10007/
48 48 api_key = 5a925f65438d29f8d6ced8ab8e8c3d305998d1d9
49 49 repo_dir = /home/brian/testing-repos/
50 50
51 51
52 52 Example usage of |RCT| after |RCE| 3.5.0. From this version onwards |RCT| is
53 53 packaged with |RCE| by default.
54 54
55 55 .. code-block:: bash
56 56
57 57 $ .rccontrol/enterprise-4/profile/bin/rhodecode-api --instance-name=enterprise-4 get_ip [11:56:57 on 05/10/2018]
58 58
59 59 {
60 60 "error": null,
61 61 "id": 1000,
62 62 "result": {
63 63 "server_ip_addr": "1.2.3.4",
64 64 "user_ips": []
65 65 }
66 66 }
@@ -1,220 +1,220 b''
1 1 .. _hosted-solution:
2 2
3 3 Deploy |RCE| From a Hosted Server
4 4 =================================
5 5
6 6 If you wish to deploy your own |RCE| instance from something like a
7 7 `Digital Ocean`_ droplet, or a `hetzner`_ server use the following
8 8 instructions to get it setup.
9 9
10 10 I'm using an Ubuntu 14.04 image for the purposes of this
11 11 tutorial, but all other Unix environments will be pretty similar. You can
12 12 check out the full lists of supported platforms and versions in the
13 13 :ref:`system-overview-ref` section.
14 14
15 15
16 16 Create a Digital Ocean Droplet
17 17 ------------------------------
18 18
19 19 1. Sign into Digital Ocean.
20 20 2. Create a Droplet choosing Ubuntu 14.04 as your |os|.
21 21 3. (Optional) Add SSH keys if you have them set up.
22 22
23 23 Configure Your Server
24 24 ---------------------
25 25
26 26 Once you have your server created, you need to sign into it and set it up to
27 27 host |RCE|.
28 28
29 29 1. Open a terminal and sign into your server. Digital Ocean will mail you the
30 30 IP address. You'll need to change your password on the first login if you
31 31 don not have SSH keys set up.
32 32
33 33 .. code-block:: bash
34 34
35 35 $ ssh root@203.0.113.113
36 36
37 37 2. It is not advised to install |RCE| as the ``root`` user. So create a user
38 38 with sudo permissions and then carry out the rest of the steps from that user
39 39 account.
40 40
41 41 .. code-block:: bash
42 42
43 43 # Create a user with sudo permissions
44 44 root@rhodecode:~# sudo useradd -m -s /bin/bash -d /home/brian -U brian
45 45 root@rhodecode:~# sudo usermod -a -G sudo brian
46 46
47 47 # Set the password for that user
48 48 root@rhodecode:~# passwd brian
49 49 Enter new UNIX password:
50 50 Retype new UNIX password:
51 51 passwd: password updated successfully
52 52
53 53 # Switch to that user for the rest of the steps
54 54 root@rhodecode:~# su brian
55 55
56 56 # You should see your home dir change to what was set during installation
57 57 brian@rhodecode:~$ cd ~
58 58 brian@rhodecode:~$ pwd
59 59 /home/brian
60 60
61 61 Once you have this set up, you are ready to install |RCC|.
62 62
63 63 Install |RCC|
64 64 -------------
65 65
66 66 |RCC| will install and manage the package dependencies for your |RCE| instance.
67 67
68 68 1. Download the |RCC| installer from https://rhodecode.com/download/
69 69 2. Once downloaded to your computer, transfer the package to your server
70 70
71 71 .. note::
72 72
73 73 These steps happen on your computer, not on the server.
74 74
75 75 .. code-block:: bash
76 76
77 77 # Change to where the file is downloaded
78 78 $ cd Downloads/
79 79
80 80 # SFTP to your server
81 81 $ sftp brian@203.0.113.113
82 82
83 83 # Use mput to transfer the file
84 84 sftp> mput RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
85 85 Uploading RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3 to /home/brian/RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
86 86 RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d 100% 289MB 4.1MB/s 01:11
87 87 sftp> exit
88 88
89 89 The |RCC| installer is now on your server, and you can read the full
90 90 instructions here
91 91 :ref:`Install RhodeCode Control <control:rcc-linux-ref>` ,
92 92 but below is the example shortcut.
93 93
94 94 .. code-block:: bash
95 95
96 96 # Check that the script is uploaded to your home directory
97 97 $ ls -1
98 RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
98 RhodeCode-installer-linux-buildYYYYXXXX_ZZZZ
99 99
100 100 # Change the script permissions
101 $ chmod 755 RhodeCode-installer-linux*
101 $ chmod +x RhodeCode-installer-linux*
102 102
103 103 # Run the installer and accept the prompts
104 104 $ ./RhodeCode-installer-linux-*
105 105
106 106 .. important::
107 107
108 108 Once finished, exit the terminal and sign in again. This is to refresh you
109 109 session to pick up the new commands.
110 110
111 111 Install |RCE|
112 112 -------------
113 113
114 114 Now that |RCC| is installed, you can install |RCE|. For the full
115 115 instructions, see
116 116 :ref:`Install RhodeCode Enterprise <control:rce-cli-install-ref>`,
117 117 but the below is an example shortcut.
118 118
119 119 .. code-block:: bash
120 120
121 121 # Install a VCS Server and follow the prompts
122 122 $ rccontrol install VCSServer --start-at-boot
123 123
124 124 Extracting VCSServer ...
125 125 Configuring RhodeCode VCS Server ...
126 126 Supervisord state is: RUNNING
127 127 Added process group vcsserver-1
128 128
129 129 # Install a RhodeCode Enterprise instance and follow the prompts
130 130 $ rccontrol install Enterprise --start-at-boot
131 131
132 132 Configuration of RhodeCode Enterprise passed.
133 133 Supervisord state is: RUNNING
134 134 Added process group enterprise-1
135 135
136 136 |RCE| is now installed on your server, and is running on the port displayed
137 137 by the ``rccontrol status`` command.
138 138
139 139 .. code-block:: bash
140 140
141 141 brian@rhodecode:~$ rccontrol status
142 142
143 143 - NAME: enterprise-1
144 144 - STATUS: RUNNING
145 145 - TYPE: Enterprise
146 146 - VERSION: 3.1.1
147 147 - URL: http://127.0.0.1:10002
148 148
149 149 - NAME: vcsserver-1
150 150 - STATUS: RUNNING
151 151 - TYPE: VCSServer
152 152 - VERSION: 1.1.1
153 153 - URL: http://127.0.0.1:10001
154 154
155 155 Serve |RCE| using Nginx
156 156 -----------------------
157 157
158 158 Now that |RCE| is running, you need to use Nginx or Apache to serve it to
159 159 users. For detailed instructions about setting up your webserver, see the
160 160 :ref:`rhodecode-admin-ref` section. But the below shortcut should help serve
161 161 it.
162 162
163 163 1. Install Nginx on your server.
164 164
165 165 .. code-block:: bash
166 166
167 167 # Install nginx
168 168 $ sudo apt-get install nginx
169 169
170 170 2. Create a virtual hosts file for RhodeCode Enterprise. Create
171 171 the file in this location :file:`/etc/nginx/sites-available`. In this demo
172 172 I have called it ``vcs.conf``
173 173
174 174 .. code-block:: bash
175 175
176 176 # Create the file
177 177 $ sudo vi /etc/nginx/sites-available/vcs.conf
178 178
179 179 Use the following example to create yours.
180 180
181 181 .. code-block:: nginx
182 182
183 183 server {
184 184 listen 80;
185 185 # Change to your IP, or a domain name if you've set that up
186 186 server_name 203.0.113.113 ;
187 187
188 188 location / {
189 189 # Set this line to match the RhodeCode Enterprise Instance URL
190 190 proxy_pass http://127.0.0.1:10002/;
191 191 proxy_set_header Host $Host;
192 192 proxy_buffering off;
193 193 # Setting this to a high number allows large repo pushes
194 194 client_max_body_size 4G;
195 195 }
196 196 }
197 197
198 198 3. Symlink the virtual hosts file to the ``sites-enabled`` folder,
199 199 and then restart Nginx.
200 200
201 201 .. code-block:: bash
202 202
203 203 # Symlink the virtual hosts file
204 204 $ ln -s /etc/nginx/sites-available/vcs.conf /etc/nginx/sites-enabled/vcs.conf
205 205
206 206 # You can also delete the Nginx default symlink
207 207 $ rm /etc/nginx/sites-enabled/default
208 208
209 209 # Restart Nginx
210 210 $ sudo /etc/init.d/nginx restart
211 211 * Restarting nginx nginx [ OK ]
212 212
213 213 Once restarted, you should see a clean |RCE| instance running on the IP
214 214 address, or the domain you have set up.
215 215
216 216 .. image:: ../images/clean-rce.png
217 217 :alt: A fresh RhodeCode Enterprise Instance
218 218
219 219 .. _Digital Ocean: https://www.digitalocean.com/
220 220 .. _hetzner: https://www.hetzner.de/en/
@@ -1,93 +1,93 b''
1 1 .. _git-lfs-files:
2 2
3 3 |git| LFS Extension
4 4 ===================
5 5
6 6
7 7 Git Large File Storage (or LFS) is a new, open-source extension to Git that
8 8 aims to improve handling of large files. It does this by replacing large files
9 9 in your repository—such as graphics and videos—with simple text pointers.
10 |RC| Server includes an embedded LFS object store server, allowing storage of
10 RhodeCode Server includes an embedded LFS object store server, allowing storage of
11 11 large files without the need for an external object store.
12 12 Git LFS is disabled by default, globally, and for each individual repository.
13 13
14 14 .. note::
15 15
16 |RC| implements V2 API of Git LFS. Please make sure your git client is
16 RhodeCode implements V2 API of Git LFS. Please make sure your git client is
17 17 using the latest version (2.0.X recommended) to leverage full feature set
18 18 of the V2 API.
19 19
20 20
21 21
22 22 Enabling Git LFS
23 23 ++++++++++++++++
24 24
25 Git LFS is disabled by default within |RC| Server.
25 Git LFS is disabled by default within RhodeCode Server.
26 26
27 27 To enable Git LFS Globally:
28 28
29 29 - Go to :menuselection:`Admin --> Settings --> VCS`
30 30
31 31 - Scroll down into `Git settings`
32 32
33 33 - Tick `Enable lfs extension`
34 34
35 35 - Save your settings.
36 36
37 37 Those settings apply globally to each repository that inherits from the defaults
38 38 You can leave `lfs extension` disabled globally, and only enable it per
39 39 repository that would use the lfs.
40 40
41 41
42 42 .. note::
43 43
44 44 You might want to adjust the global storage location at that point, however
45 45 we recommend leaving the default one created.
46 46
47 47
48 48 Installing and using the Git LFS command line client
49 49 ++++++++++++++++++++++++++++++++++++++++++++++++++++
50 50
51 51 Git LFS aims to integrate with the standard Git workflow as seamlessly
52 52 as possible. To push your first Git LFS files to an existing repository
53 53 Download and install the git-lfs command line client
54 54 Install the Git LFS filters::
55 55
56 56 git lfs install
57 57
58 58 This adds the following lines to the .gitconfig file located in your home directory::
59 59
60 60 [filter "lfs"]
61 61 clean = git-lfs clean %f
62 62 smudge = git-lfs smudge %f
63 63 required = true
64 64
65 65 The above change applies globally, so it is not necessary to run this for
66 66 each repository you work with. Choose the file types you would like LFS to
67 67 handle by executing the git lfs track command. The git lfs track command
68 68 creates or updates the .gitattributes file in your repository.
69 69 Change to your cloned repository, then execute git add to ensure updates
70 70 to the .gitattributes are later committed::
71 71
72 72 git lfs track "*.jpg"
73 73 git add .gitattributes
74 74
75 75 Add, commit, and push your changes as you normally would::
76 76
77 77 git add image.jpg
78 78 git commit -m "Added an image"
79 79 git push
80 80
81 81 When pushed, the Git tree updates to include a pointer to the file actual
82 82 file content. This pointer will include the SHA256 hash of the object and its
83 83 size in bytes. For example::
84 84
85 85 oid sha256:4fa32d6f9b1461c4a53618a47324ee43e36ce7ceaea2ad440cc811a7e6881be1
86 86 size 2580390
87 87
88 88
89 89 The object itself will be uploaded to a separate location via the Git LFS Batch API.
90 The transfer is validated and authorized by |RC| server itself.
90 The transfer is validated and authorized by RhodeCode server itself.
91 91
92 92 If give repository has Git LFS disabled, a proper message will be sent back to
93 93 the client and upload of LFS objects will be forbidden.
@@ -1,69 +1,69 b''
1 1 .. _hg-big-files:
2 2
3 3 |hg| Large Files Extension
4 4 ==========================
5 5
6 6 Large files, such as image or zip files can cause a lot of bandwidth overhead
7 7 during clone, push, and pull operations. To remove this inefficiency, |hg|
8 8 has a large files extension which tracks their revisions by checksums. This
9 9 means that the large files are only downloaded when they are needed as part
10 10 of the current revision. This saves both disk space and bandwidth.
11 11
12 12
13 13 Enabling HG Largefiles
14 14 ++++++++++++++++++++++
15 15
16 Mercurial Largefiles extension is disabled by default within |RC| Server.
16 Mercurial Largefiles extension is disabled by default within RhodeCode Server.
17 17
18 18 To enable Mercurial Largefiles Globally:
19 19
20 20 - Go to :menuselection:`Admin --> Settings --> VCS`
21 21
22 22 - Scroll down into `Mercurial settings`
23 23
24 24 - Tick `Enable largefiles extension`
25 25
26 26 - Save your settings.
27 27
28 28 Those settings apply globally to each repository that inherits from the defaults
29 29 You can leave `largefiles extension` disabled globally, and only enable it per
30 30 repository that would use the largefiles.
31 31
32 32
33 33 .. note::
34 34
35 35 You might want to adjust the global storage location at that point, however
36 36 we recommend leaving the default one created.
37 37
38 38
39 39 Installing and using the |hg| Largefiles
40 40 ++++++++++++++++++++++++++++++++++++++++
41 41
42 42 To find out more, see the |hg| `Large Files Extensions Documentation`_.
43 43
44 44 To configure the large files extension, you need to set up your
45 45 :file:`~/.hgrc` file.
46 46
47 47 1. Open your :file:`~/.hgrc` file.
48 48 2. Add ``largefiles =`` to the ``[extensions]`` section.
49 49 3. Configure the ``[largefiles]`` section with the patterns and file size you
50 50 wish |hg| to handle as large. The ``minsize`` option is specified in
51 51 megabytes.
52 52 4. Save your changes.
53 53
54 54 .. code-block:: ini
55 55
56 56 [extensions]
57 57 hgext.churn =
58 58 largefiles =
59 59 rebase =
60 60 record =
61 61 histedit =
62 62
63 63 [largefiles]
64 64 patterns = re:.*\.(png|bmp|jpg|zip|tar|tar.gz|rar)$
65 65 minsize = 10
66 66
67 67 For a complete :file:`~/.hgrc` file example, see :ref:`config-hgrc`.
68 68
69 69 .. _Large Files Extensions Documentation: http://mercurial.selenic.com/wiki/LargefilesExtension
@@ -1,121 +1,121 b''
1 1 Moving From Windows to Linux
2 2 ============================
3 3
4 4 If you are moving from a Windows server to a Linux server, especially from
5 5 running an older version of |RCE| pre 2.x, use the following information to
6 6 successfully migrate your instances and database.
7 7
8 8 Overview
9 9 --------
10 10
11 11 * Install |RCC| on your Linux server, use the
12 12 :ref:`RhodeCode Control Docs <control:rcc>` to guide you through this.
13 13 * Copy your |repos| directory to the Linux server.
14 14 * Copy your original :file:`rhodecode.ini` file to the Linux server, named
15 15 :file:`production.ini` in older versions, and make a minor edit to
16 16 point to the copied database.
17 17 * Copy your original instance database and update Windows paths to Linux
18 18 paths pointing to your |repos| directory.
19 19 * Use |RCC| to import and upgrade your |RCE| instance, using the copied and
20 20 edited file and database.
21 21
22 22 Pre-requisites
23 23 --------------
24 24
25 25 * For MySQL, do not use `localhost` in the database connection string of the
26 26 :file:`rhodecode.ini` file.
27 27 * InnoDB must be the database tables engine.
28 * Contact |RC| for a new licence Key/Token pair. If you don't, a trial licence
28 * Contact RhodeCode for a new licence Key/Token pair. If you don't, a trial licence
29 29 will be applied so you are not locked out of the upgraded instance.
30 30
31 31 You can find the specific instructions to carry out these pre-requisite steps
32 32 in the :ref:`RhodeCode Control upgrade <control:rce-upgrade-2x>` docs.
33 33
34 34 Configuration File Update
35 35 -------------------------
36 36
37 37 Configure the copied :file:`rhodecode.ini` file to connect to your copied
38 38 database. Use the following steps:
39 39
40 40 1. Open the copied :file:`rhodecode.ini` file.
41 41 2. When you open the file, find the database configuration section,
42 42 and use the below example to change the connection details:
43 43
44 44 .. code-block:: ini
45 45
46 46 #########################################################
47 47 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
48 48 #########################################################
49 49
50 50 # Point to copied DB
51 51 sqlalchemy.db1.url = postgresql://postgres:qwe@localhost/rhodecode.db.copy
52 52 sqlalchemy.db1.url = mysql://root:qweqwe@127.0.0.1/rhodecode.db.copy
53 53
54 54 Database Update
55 55 ---------------
56 56
57 57 Update the Windows paths in the ``rhodecode.rhodecode_ui`` database tables.
58 58 To do this log into the database and reset the file paths to
59 59 Unix format. One login option is to use iShell, see usage examples in the
60 60 :ref:`rhodecode-reset-ref` section.
61 61
62 62 .. code-block:: python
63 63
64 64 In [28]: from rhodecode.model.settings import SettingsModel
65 65 In [29]: paths = SettingsModel().get_ui_by_section('paths')
66 66 In [30]: paths[0].value = '/home/user/repos'
67 67 In [32]: Session().add(paths[0])
68 68 In [33]: Session().commit()
69 69
70 70 Import and Upgrade
71 71 ------------------
72 72
73 73 Once you have made your changes, use |RCC| to import and upgrade your |RCE|
74 74 instance to the latest version.
75 75
76 76 .. code-block:: bash
77 77
78 78 # Import original instance as explained above
79 79 $ rccontrol import Enterprise path/to/rhodecode.ini
80 80
81 81 # Install a VCS Server as explained above
82 82 $ rccontrol install VCSServer
83 83
84 84 # Check the status of them
85 85 $ rccontrol status
86 86
87 87 - NAME: enterprise-1
88 88 - STATUS: RUNNING
89 89 - TYPE: Enterprise
90 90 - VERSION: 1.5.0
91 91 - URL: http://127.0.0.1:10000
92 92
93 93 - NAME: vcsserver-1
94 94 - STATUS: RUNNING
95 95 - TYPE: VCSServer
96 96 - VERSION: 3.5.0
97 97 - URL: http://127.0.0.1:10001
98 98
99 99 # Upgrade from version 1.5.0 to 3.5.0
100 100 $ rccontrol upgrade enterprise-1 --version 3.5.0
101 101
102 102 Checking for available update for enterprise-1 @ 1.5.0
103 103 Stopped enterprise-1
104 104 Initiating upgrade to version 3.5.0
105 105 ...
106 106 ****************************************
107 107 *** UPGRADE TO VERSION 45 SUCCESSFUL ***
108 108 ****************************************
109 109
110 110 Note that RCE 3.x requires a new license please contact support@rhodecode.com
111 111
112 112 Upgrade of RhodeCode Enterprise successful.
113 113 Auto starting enterprise-1
114 114
115 115 Post Migration Tasks
116 116 --------------------
117 117
118 118 * From the |RCE| :menuselection:`Admin --> Settings --> VCS` page, check that
119 119 the :guilabel:`Repositories Location` is correctly pointing to your |repos|.
120 120 * Remap and rescan |repos| so that the new instance picks them up, see
121 121 :ref:`remap-rescan`.
@@ -1,28 +1,28 b''
1 1 .. _basic-vcs-cmds:
2 2
3 3 Getting Started with VCS
4 4 ------------------------
5 5
6 When using |RCM|, you will be working with |git|, |svn| or |hg| |repos| from the
6 When using |RCE|, you will be working with |git|, |svn| or |hg| |repos| from the
7 7 command line or using a GUI client such as Tortoise, Tower or SourceTree.
8 8
9 |RCM| uses a standard |git|, |svn| and |hg| protocols. So all tools that
9 |RCE| uses a standard |git|, |svn| and |hg| protocols. So all tools that
10 10 can interact with there protocols are supported, including Eclipse or PyCharm
11 11 plugins.
12 12
13 13
14 14 If you have never used either before, the following information should
15 15 help you set up your local machine so that you can sync changes with the
16 |RCM| server.
16 |RCE| server.
17 17
18 All of the following instructions assume you have a |RCM| account,
18 All of the following instructions assume you have a |RCE| account,
19 19 and you can access your |repos| from the web interface.
20 20
21 21 .. note::
22 22
23 23 |svn| |repo| management is currently only available from the web interface.
24 24
25 25 .. toctree::
26 26
27 27 get-start-hg
28 28 get-start-git
@@ -1,17 +1,17 b''
1 1 File Editing
2 2 ^^^^^^^^^^^^
3 3
4 4 To edit files using the online editor, use the following steps.
5 5
6 1. From the |RCM| interface, select :menuselection:`Admin --> Repositories`
6 1. From the |RCE| interface, select :menuselection:`Admin --> Repositories`
7 7 2. Select the |repo| in which you want to edit a file.
8 8 3. Select the :guilabel:`file` view of the |repo|, and double-click on the file.
9 9 4. To open the editor, select the :guilabel:`edit on branch:default` button.
10 10
11 * If the filename has an extension |RCM| recognises,
11 * If the filename has an extension |RCE| recognises,
12 12 the syntax highlighting will appear automatically.
13 * If the filename does not have an extension |RCM| recognises,
13 * If the filename does not have an extension |RCE| recognises,
14 14 you can set the language syntax highlighter by
15 15 choosing from the file type drop down menu.
16 16 5. To save your changes, select :guilabel:`Commit changes`
17 17
@@ -1,33 +1,33 b''
1 1 .. _gist-edit:
2 2
3 3 Gist Editing
4 4 ^^^^^^^^^^^^
5 5
6 6 Gists are standalone files that only the creator can edit. To work with
7 gists, click on the :guilabel:`Gists` tab on the |RCM| header. The gist
7 gists, click on the :guilabel:`Gists` tab on the |RCE| header. The gist
8 8 editor also has syntax highlighting.
9 9
10 10 You can set the following properties for each gist:
11 11
12 12 * :guilabel:`Public`: Public gists are as the name suggests,
13 13 and will show up in searches.
14 14 * :guilabel:`Gist Lifetime`: You can set a gist to expire after a set
15 15 period by using the :guilabel:`Gist Lifetime` dropdown menu.
16 This means that when the gist expires it will be deleted from the |RCM|
16 This means that when the gist expires it will be deleted from the |RCE|
17 17 gist database.
18 18 * :guilabel:`Private`: This means that the gist will not show up in searches.
19 19 * :guilabel:`Gist access level`: If you create a private gist you can have
20 20 two levels of privacy with the gist link.
21 21
22 22 * :guilabel:`Requires registered account`: This option requires users to
23 23 have a registered account on the |RCE| instance, otherwise they will not
24 24 have access to the gist.
25 25 * :guilabel:`Can be accessed by anonymous users`: This option hides the
26 26 link so that it does not show up in searches, but you can still share it
27 27 with people outside of your organisation.
28 28
29 29 For more advanced use of gists, see the gist API options in the :ref:`api`
30 30
31 31 .. image:: ../images/gists-acl.png
32 32 :alt: Gist Management
33 33 :scale: 50 %
@@ -1,11 +1,11 b''
1 1 Online Editing
2 2 --------------
3 3
4 |RCM| has an integrated online editor, allowing you to edit files in the
4 |RCE| has an integrated online editor, allowing you to edit files in the
5 5 browser. The online editor has syntax highlighting and the ability to fork,
6 6 merge, and commit changes to files.
7 7
8 8 .. toctree::
9 9
10 10 file-editing
11 11 gist-editing No newline at end of file
@@ -1,535 +1,535 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 RhodeCode authentication plugin for LDAP
23 23 """
24 24
25 25 import logging
26 26 import traceback
27 27
28 28 import colander
29 29 from rhodecode.translation import _
30 30 from rhodecode.authentication.base import (
31 31 RhodeCodeExternalAuthPlugin, AuthLdapBase, hybrid_property)
32 32 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
33 33 from rhodecode.authentication.routes import AuthnPluginResourceBase
34 34 from rhodecode.lib.colander_utils import strip_whitespace
35 35 from rhodecode.lib.exceptions import (
36 36 LdapConnectionError, LdapUsernameError, LdapPasswordError, LdapImportError
37 37 )
38 38 from rhodecode.lib.utils2 import safe_unicode, safe_str
39 39 from rhodecode.model.db import User
40 40 from rhodecode.model.validators import Missing
41 41
42 42 log = logging.getLogger(__name__)
43 43
44 44 try:
45 45 import ldap
46 46 except ImportError:
47 47 # means that python-ldap is not installed, we use Missing object to mark
48 48 # ldap lib is Missing
49 49 ldap = Missing
50 50
51 51
52 52 class LdapError(Exception):
53 53 pass
54 54
55 55
56 56 def plugin_factory(plugin_id, *args, **kwargs):
57 57 """
58 58 Factory function that is called during plugin discovery.
59 59 It returns the plugin instance.
60 60 """
61 61 plugin = RhodeCodeAuthPlugin(plugin_id)
62 62 return plugin
63 63
64 64
65 65 class LdapAuthnResource(AuthnPluginResourceBase):
66 66 pass
67 67
68 68
69 69 class AuthLdap(AuthLdapBase):
70 70 default_tls_cert_dir = '/etc/openldap/cacerts'
71 71
72 72 def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
73 73 tls_kind='PLAIN', tls_reqcert='DEMAND', tls_cert_file=None,
74 74 tls_cert_dir=None, ldap_version=3,
75 75 search_scope='SUBTREE', attr_login='uid',
76 76 ldap_filter='', timeout=None):
77 77 if ldap == Missing:
78 78 raise LdapImportError("Missing or incompatible ldap library")
79 79
80 80 self.debug = False
81 81 self.timeout = timeout or 60 * 5
82 82 self.ldap_version = ldap_version
83 83 self.ldap_server_type = 'ldap'
84 84
85 85 self.TLS_KIND = tls_kind
86 86
87 87 if self.TLS_KIND == 'LDAPS':
88 88 port = port or 689
89 89 self.ldap_server_type += 's'
90 90
91 91 OPT_X_TLS_DEMAND = 2
92 92 self.TLS_REQCERT = getattr(ldap, 'OPT_X_TLS_%s' % tls_reqcert, OPT_X_TLS_DEMAND)
93 93 self.TLS_CERT_FILE = tls_cert_file or ''
94 94 self.TLS_CERT_DIR = tls_cert_dir or self.default_tls_cert_dir
95 95
96 96 # split server into list
97 97 self.SERVER_ADDRESSES = self._get_server_list(server)
98 98 self.LDAP_SERVER_PORT = port
99 99
100 100 # USE FOR READ ONLY BIND TO LDAP SERVER
101 101 self.attr_login = attr_login
102 102
103 103 self.LDAP_BIND_DN = safe_str(bind_dn)
104 104 self.LDAP_BIND_PASS = safe_str(bind_pass)
105 105
106 106 self.SEARCH_SCOPE = getattr(ldap, 'SCOPE_%s' % search_scope)
107 107 self.BASE_DN = safe_str(base_dn)
108 108 self.LDAP_FILTER = safe_str(ldap_filter)
109 109
110 110 def _get_ldap_conn(self):
111 111
112 112 if self.debug:
113 113 ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
114 114
115 115 if self.TLS_CERT_FILE and hasattr(ldap, 'OPT_X_TLS_CACERTFILE'):
116 116 ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.TLS_CERT_FILE)
117 117
118 118 elif hasattr(ldap, 'OPT_X_TLS_CACERTDIR'):
119 119 ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, self.TLS_CERT_DIR)
120 120
121 121 if self.TLS_KIND != 'PLAIN':
122 122 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
123 123
124 124 ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
125 125 ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
126 126
127 127 # init connection now
128 128 ldap_servers = self._build_servers(
129 129 self.ldap_server_type, self.SERVER_ADDRESSES, self.LDAP_SERVER_PORT)
130 130 log.debug('initializing LDAP connection to:%s', ldap_servers)
131 131 ldap_conn = ldap.initialize(ldap_servers)
132 132 ldap_conn.set_option(ldap.OPT_NETWORK_TIMEOUT, self.timeout)
133 133 ldap_conn.set_option(ldap.OPT_TIMEOUT, self.timeout)
134 134 ldap_conn.timeout = self.timeout
135 135
136 136 if self.ldap_version == 2:
137 137 ldap_conn.protocol = ldap.VERSION2
138 138 else:
139 139 ldap_conn.protocol = ldap.VERSION3
140 140
141 141 if self.TLS_KIND == 'START_TLS':
142 142 ldap_conn.start_tls_s()
143 143
144 144 if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
145 145 log.debug('Trying simple_bind with password and given login DN: %r',
146 146 self.LDAP_BIND_DN)
147 147 ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
148 148
149 149 return ldap_conn
150 150
151 151 def fetch_attrs_from_simple_bind(self, server, dn, username, password):
152 152 try:
153 153 log.debug('Trying simple bind with %r', dn)
154 154 server.simple_bind_s(dn, safe_str(password))
155 155 user = server.search_ext_s(
156 156 dn, ldap.SCOPE_BASE, '(objectClass=*)', )[0]
157 157 _, attrs = user
158 158 return attrs
159 159
160 160 except ldap.INVALID_CREDENTIALS:
161 161 log.debug(
162 162 "LDAP rejected password for user '%s': %s, org_exc:",
163 163 username, dn, exc_info=True)
164 164
165 165 def authenticate_ldap(self, username, password):
166 166 """
167 167 Authenticate a user via LDAP and return his/her LDAP properties.
168 168
169 169 Raises AuthenticationError if the credentials are rejected, or
170 170 EnvironmentError if the LDAP server can't be reached.
171 171
172 172 :param username: username
173 173 :param password: password
174 174 """
175 175
176 176 uid = self.get_uid(username, self.SERVER_ADDRESSES)
177 177 user_attrs = {}
178 178 dn = ''
179 179
180 180 self.validate_password(username, password)
181 181 self.validate_username(username)
182 182
183 183 ldap_conn = None
184 184 try:
185 185 ldap_conn = self._get_ldap_conn()
186 186 filter_ = '(&%s(%s=%s))' % (
187 187 self.LDAP_FILTER, self.attr_login, username)
188 188 log.debug("Authenticating %r filter %s", self.BASE_DN, filter_)
189 189
190 190 lobjects = ldap_conn.search_ext_s(
191 191 self.BASE_DN, self.SEARCH_SCOPE, filter_)
192 192
193 193 if not lobjects:
194 194 log.debug("No matching LDAP objects for authentication "
195 195 "of UID:'%s' username:(%s)", uid, username)
196 196 raise ldap.NO_SUCH_OBJECT()
197 197
198 198 log.debug('Found matching ldap object, trying to authenticate')
199 199 for (dn, _attrs) in lobjects:
200 200 if dn is None:
201 201 continue
202 202
203 203 user_attrs = self.fetch_attrs_from_simple_bind(
204 204 ldap_conn, dn, username, password)
205 205 if user_attrs:
206 206 break
207 207 else:
208 208 raise LdapPasswordError(
209 209 'Failed to authenticate user `{}`'
210 210 'with given password'.format(username))
211 211
212 212 except ldap.NO_SUCH_OBJECT:
213 213 log.debug("LDAP says no such user '%s' (%s), org_exc:",
214 214 uid, username, exc_info=True)
215 215 raise LdapUsernameError('Unable to find user')
216 216 except ldap.SERVER_DOWN:
217 217 org_exc = traceback.format_exc()
218 218 raise LdapConnectionError(
219 219 "LDAP can't access authentication "
220 220 "server, org_exc:%s" % org_exc)
221 221 finally:
222 222 if ldap_conn:
223 223 log.debug('ldap: connection release')
224 224 try:
225 225 ldap_conn.unbind_s()
226 226 except Exception:
227 227 # for any reason this can raise exception we must catch it
228 228 # to not crush the server
229 229 pass
230 230
231 231 return dn, user_attrs
232 232
233 233
234 234 class LdapSettingsSchema(AuthnPluginSettingsSchemaBase):
235 235 tls_kind_choices = ['PLAIN', 'LDAPS', 'START_TLS']
236 236 tls_reqcert_choices = ['NEVER', 'ALLOW', 'TRY', 'DEMAND', 'HARD']
237 237 search_scope_choices = ['BASE', 'ONELEVEL', 'SUBTREE']
238 238
239 239 host = colander.SchemaNode(
240 240 colander.String(),
241 241 default='',
242 242 description=_('Host[s] of the LDAP Server \n'
243 243 '(e.g., 192.168.2.154, or ldap-server.domain.com.\n '
244 244 'Multiple servers can be specified using commas'),
245 245 preparer=strip_whitespace,
246 246 title=_('LDAP Host'),
247 247 widget='string')
248 248 port = colander.SchemaNode(
249 249 colander.Int(),
250 250 default=389,
251 251 description=_('Custom port that the LDAP server is listening on. '
252 'Default value is: 389'),
252 'Default value is: 389, use 689 for LDAPS(SSL)'),
253 253 preparer=strip_whitespace,
254 254 title=_('Port'),
255 255 validator=colander.Range(min=0, max=65536),
256 256 widget='int')
257 257
258 258 timeout = colander.SchemaNode(
259 259 colander.Int(),
260 260 default=60 * 5,
261 261 description=_('Timeout for LDAP connection'),
262 262 preparer=strip_whitespace,
263 263 title=_('Connection timeout'),
264 264 validator=colander.Range(min=1),
265 265 widget='int')
266 266
267 267 dn_user = colander.SchemaNode(
268 268 colander.String(),
269 269 default='',
270 270 description=_('Optional user DN/account to connect to LDAP if authentication is required. \n'
271 271 'e.g., cn=admin,dc=mydomain,dc=com, or '
272 272 'uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com'),
273 273 missing='',
274 274 preparer=strip_whitespace,
275 275 title=_('Account'),
276 276 widget='string')
277 277 dn_pass = colander.SchemaNode(
278 278 colander.String(),
279 279 default='',
280 280 description=_('Password to authenticate for given user DN.'),
281 281 missing='',
282 282 preparer=strip_whitespace,
283 283 title=_('Password'),
284 284 widget='password')
285 285 tls_kind = colander.SchemaNode(
286 286 colander.String(),
287 287 default=tls_kind_choices[0],
288 288 description=_('TLS Type'),
289 289 title=_('Connection Security'),
290 290 validator=colander.OneOf(tls_kind_choices),
291 291 widget='select')
292 292 tls_reqcert = colander.SchemaNode(
293 293 colander.String(),
294 294 default=tls_reqcert_choices[0],
295 295 description=_('Require Cert over TLS?. Self-signed and custom '
296 296 'certificates can be used when\n `RhodeCode Certificate` '
297 297 'found in admin > settings > system info page is extended.'),
298 298 title=_('Certificate Checks'),
299 299 validator=colander.OneOf(tls_reqcert_choices),
300 300 widget='select')
301 301 tls_cert_file = colander.SchemaNode(
302 302 colander.String(),
303 303 default='',
304 304 description=_('This specifies the PEM-format file path containing '
305 305 'certificates for use in TLS connection.\n'
306 306 'If not specified `TLS Cert dir` will be used'),
307 307 title=_('TLS Cert file'),
308 308 missing='',
309 309 widget='string')
310 310 tls_cert_dir = colander.SchemaNode(
311 311 colander.String(),
312 312 default=AuthLdap.default_tls_cert_dir,
313 313 description=_('This specifies the path of a directory that contains individual '
314 314 'CA certificates in separate files.'),
315 315 title=_('TLS Cert dir'),
316 316 widget='string')
317 317 base_dn = colander.SchemaNode(
318 318 colander.String(),
319 319 default='',
320 320 description=_('Base DN to search. Dynamic bind is supported. Add `$login` marker '
321 321 'in it to be replaced with current user credentials \n'
322 322 '(e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)'),
323 323 missing='',
324 324 preparer=strip_whitespace,
325 325 title=_('Base DN'),
326 326 widget='string')
327 327 filter = colander.SchemaNode(
328 328 colander.String(),
329 329 default='',
330 330 description=_('Filter to narrow results \n'
331 331 '(e.g., (&(objectCategory=Person)(objectClass=user)), or \n'
332 332 '(memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))'),
333 333 missing='',
334 334 preparer=strip_whitespace,
335 335 title=_('LDAP Search Filter'),
336 336 widget='string')
337 337
338 338 search_scope = colander.SchemaNode(
339 339 colander.String(),
340 340 default=search_scope_choices[2],
341 341 description=_('How deep to search LDAP. If unsure set to SUBTREE'),
342 342 title=_('LDAP Search Scope'),
343 343 validator=colander.OneOf(search_scope_choices),
344 344 widget='select')
345 345 attr_login = colander.SchemaNode(
346 346 colander.String(),
347 347 default='uid',
348 348 description=_('LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)'),
349 349 preparer=strip_whitespace,
350 350 title=_('Login Attribute'),
351 351 missing_msg=_('The LDAP Login attribute of the CN must be specified'),
352 352 widget='string')
353 353 attr_email = colander.SchemaNode(
354 354 colander.String(),
355 355 default='',
356 356 description=_('LDAP Attribute to map to email address (e.g., mail).\n'
357 357 'Emails are a crucial part of RhodeCode. \n'
358 358 'If possible add a valid email attribute to ldap users.'),
359 359 missing='',
360 360 preparer=strip_whitespace,
361 361 title=_('Email Attribute'),
362 362 widget='string')
363 363 attr_firstname = colander.SchemaNode(
364 364 colander.String(),
365 365 default='',
366 366 description=_('LDAP Attribute to map to first name (e.g., givenName)'),
367 367 missing='',
368 368 preparer=strip_whitespace,
369 369 title=_('First Name Attribute'),
370 370 widget='string')
371 371 attr_lastname = colander.SchemaNode(
372 372 colander.String(),
373 373 default='',
374 374 description=_('LDAP Attribute to map to last name (e.g., sn)'),
375 375 missing='',
376 376 preparer=strip_whitespace,
377 377 title=_('Last Name Attribute'),
378 378 widget='string')
379 379
380 380
381 381 class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
382 382 uid = 'ldap'
383 383 # used to define dynamic binding in the
384 384 DYNAMIC_BIND_VAR = '$login'
385 385 _settings_unsafe_keys = ['dn_pass']
386 386
387 387 def includeme(self, config):
388 388 config.add_authn_plugin(self)
389 389 config.add_authn_resource(self.get_id(), LdapAuthnResource(self))
390 390 config.add_view(
391 391 'rhodecode.authentication.views.AuthnPluginViewBase',
392 392 attr='settings_get',
393 393 renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
394 394 request_method='GET',
395 395 route_name='auth_home',
396 396 context=LdapAuthnResource)
397 397 config.add_view(
398 398 'rhodecode.authentication.views.AuthnPluginViewBase',
399 399 attr='settings_post',
400 400 renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
401 401 request_method='POST',
402 402 route_name='auth_home',
403 403 context=LdapAuthnResource)
404 404
405 405 def get_settings_schema(self):
406 406 return LdapSettingsSchema()
407 407
408 408 def get_display_name(self):
409 409 return _('LDAP')
410 410
411 411 @classmethod
412 412 def docs(cls):
413 413 return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth-ldap.html"
414 414
415 415 @hybrid_property
416 416 def name(self):
417 417 return u"ldap"
418 418
419 419 def use_fake_password(self):
420 420 return True
421 421
422 422 def user_activation_state(self):
423 423 def_user_perms = User.get_default_user().AuthUser().permissions['global']
424 424 return 'hg.extern_activate.auto' in def_user_perms
425 425
426 426 def try_dynamic_binding(self, username, password, current_args):
427 427 """
428 428 Detects marker inside our original bind, and uses dynamic auth if
429 429 present
430 430 """
431 431
432 432 org_bind = current_args['bind_dn']
433 433 passwd = current_args['bind_pass']
434 434
435 435 def has_bind_marker(username):
436 436 if self.DYNAMIC_BIND_VAR in username:
437 437 return True
438 438
439 439 # we only passed in user with "special" variable
440 440 if org_bind and has_bind_marker(org_bind) and not passwd:
441 441 log.debug('Using dynamic user/password binding for ldap '
442 442 'authentication. Replacing `%s` with username',
443 443 self.DYNAMIC_BIND_VAR)
444 444 current_args['bind_dn'] = org_bind.replace(
445 445 self.DYNAMIC_BIND_VAR, username)
446 446 current_args['bind_pass'] = password
447 447
448 448 return current_args
449 449
450 450 def auth(self, userobj, username, password, settings, **kwargs):
451 451 """
452 452 Given a user object (which may be null), username, a plaintext password,
453 453 and a settings object (containing all the keys needed as listed in
454 454 settings()), authenticate this user's login attempt.
455 455
456 456 Return None on failure. On success, return a dictionary of the form:
457 457
458 458 see: RhodeCodeAuthPluginBase.auth_func_attrs
459 459 This is later validated for correctness
460 460 """
461 461
462 462 if not username or not password:
463 463 log.debug('Empty username or password skipping...')
464 464 return None
465 465
466 466 ldap_args = {
467 467 'server': settings.get('host', ''),
468 468 'base_dn': settings.get('base_dn', ''),
469 469 'port': settings.get('port'),
470 470 'bind_dn': settings.get('dn_user'),
471 471 'bind_pass': settings.get('dn_pass'),
472 472 'tls_kind': settings.get('tls_kind'),
473 473 'tls_reqcert': settings.get('tls_reqcert'),
474 474 'tls_cert_file': settings.get('tls_cert_file'),
475 475 'tls_cert_dir': settings.get('tls_cert_dir'),
476 476 'search_scope': settings.get('search_scope'),
477 477 'attr_login': settings.get('attr_login'),
478 478 'ldap_version': 3,
479 479 'ldap_filter': settings.get('filter'),
480 480 'timeout': settings.get('timeout')
481 481 }
482 482
483 483 ldap_attrs = self.try_dynamic_binding(username, password, ldap_args)
484 484
485 485 log.debug('Checking for ldap authentication.')
486 486
487 487 try:
488 488 aldap = AuthLdap(**ldap_args)
489 489 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
490 490 log.debug('Got ldap DN response %s', user_dn)
491 491
492 492 def get_ldap_attr(k):
493 493 return ldap_attrs.get(settings.get(k), [''])[0]
494 494
495 495 # old attrs fetched from RhodeCode database
496 496 admin = getattr(userobj, 'admin', False)
497 497 active = getattr(userobj, 'active', True)
498 498 email = getattr(userobj, 'email', '')
499 499 username = getattr(userobj, 'username', username)
500 500 firstname = getattr(userobj, 'firstname', '')
501 501 lastname = getattr(userobj, 'lastname', '')
502 502 extern_type = getattr(userobj, 'extern_type', '')
503 503
504 504 groups = []
505 505
506 506 user_attrs = {
507 507 'username': username,
508 508 'firstname': safe_unicode(get_ldap_attr('attr_firstname') or firstname),
509 509 'lastname': safe_unicode(get_ldap_attr('attr_lastname') or lastname),
510 510 'groups': groups,
511 511 'user_group_sync': False,
512 512 'email': get_ldap_attr('attr_email') or email,
513 513 'admin': admin,
514 514 'active': active,
515 515 'active_from_extern': None,
516 516 'extern_name': user_dn,
517 517 'extern_type': extern_type,
518 518 }
519 519
520 520 log.debug('ldap user: %s', user_attrs)
521 521 log.info('user `%s` authenticated correctly', user_attrs['username'])
522 522
523 523 return user_attrs
524 524
525 525 except (LdapUsernameError, LdapPasswordError, LdapImportError):
526 526 log.exception("LDAP related exception")
527 527 return None
528 528 except (Exception,):
529 529 log.exception("Other exception")
530 530 return None
531 531
532 532
533 533 def includeme(config):
534 534 plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
535 535 plugin_factory(plugin_id).includeme(config)
@@ -1,545 +1,545 b''
1 1 //
2 2 // Typography
3 3 // modified from Bootstrap
4 4 // --------------------------------------------------
5 5
6 6 // Base
7 7 body {
8 8 font-size: @basefontsize;
9 9 font-family: @text-light;
10 10 letter-spacing: .02em;
11 11 color: @grey2;
12 12 }
13 13
14 14 #content, label{
15 15 font-size: @basefontsize;
16 16 }
17 17
18 18 label {
19 19 color: @grey2;
20 20 }
21 21
22 22 ::selection { background: @rchighlightblue; }
23 23
24 24 // Headings
25 25 // -------------------------
26 26
27 27 h1, h2, h3, h4, h5, h6,
28 28 .h1, .h2, .h3, .h4, .h5, .h6 {
29 29 margin: 0 0 @textmargin 0;
30 30 padding: 0;
31 31 line-height: 1.8em;
32 32 color: @text-color;
33 33 a {
34 34 color: @rcblue;
35 35 }
36 36 }
37 37
38 38 h1, .h1 { font-size: 1.54em; font-weight: @text-bold-weight; font-family: @text-bold; }
39 39 h2, .h2 { font-size: 1.23em; font-weight: @text-semibold-weight; font-family: @text-semibold; }
40 40 h3, .h3 { font-size: 1.23em; font-family: @text-regular; }
41 41 h4, .h4 { font-size: 1em; font-weight: @text-bold-weight; font-family: @text-bold; }
42 42 h5, .h5 { font-size: 1em; font-weight: @text-bold-weight; font-family: @text-bold; }
43 43 h6, .h6 { font-size: 1em; font-weight: @text-bold-weight; font-family: @text-bold; }
44 44
45 45 // Breadcrumbs
46 46 .breadcrumbs {
47 47 font-size: @repo-title-fontsize;
48 48 margin: 0;
49 49 }
50 50
51 51 .breadcrumbs_light {
52 52 float:left;
53 53 font-size: 1.3em;
54 54 line-height: 38px;
55 55 }
56 56
57 57 // Body text
58 58 // -------------------------
59 59
60 60 p {
61 61 margin: 0 0 @textmargin 0;
62 62 padding: 0;
63 63 line-height: 2em;
64 64 }
65 65
66 66 .lead {
67 67 margin-bottom: @textmargin;
68 68 font-weight: 300;
69 69 line-height: 1.4;
70 70
71 71 @media (min-width: @screen-sm-min) {
72 72 font-size: (@basefontsize * 1.5);
73 73 }
74 74 }
75 75
76 76 a,
77 77 .link {
78 78 color: @rcblue;
79 79 text-decoration: none;
80 80 outline: none;
81 81 cursor: pointer;
82 82
83 83 &:focus {
84 84 outline: none;
85 85 }
86 86
87 87 &:hover {
88 88 color: @rcdarkblue;
89 89 }
90 90 }
91 91
92 92 img {
93 93 border: none;
94 94 outline: none;
95 95 }
96 96
97 97 strong {
98 98 font-weight: @text-bold-weight;
99 99 font-family: @text-bold;
100 100 }
101 101
102 102 em {
103 103 font-family: @text-italic;
104 104 font-style: italic;
105 105 }
106 106
107 107 strong em,
108 108 em strong {
109 109 font-style: italic;
110 110 font-weight: @text-bold-italic-weight;
111 111 font-family: @text-bold-italic;
112 112 }
113 113
114 114 //TODO: lisa: b and i are depreciated, but we are still using them in places.
115 115 // Should probably make some decision whether to keep or lose these.
116 116 b {
117 117
118 118 }
119 119
120 120 i {
121 121 font-style: normal;
122 122 }
123 123
124 124 label {
125 125 color: @text-color;
126 126
127 127 input[type="checkbox"] {
128 128 margin-right: 1em;
129 129 }
130 130 input[type="radio"] {
131 131 margin-right: 1em;
132 132 }
133 133 }
134 134
135 135 code,
136 136 .code {
137 137 font-size: .95em;
138 138 font-family: @text-code;
139 139 color: @grey3;
140 140
141 141 a {
142 142 color: lighten(@rcblue,10%)
143 143 }
144 144 }
145 145
146 146 pre {
147 147 margin: 0;
148 148 padding: 0;
149 149 border: 0;
150 150 outline: 0;
151 151 font-size: @basefontsize*.95;
152 152 line-height: 1.4em;
153 153 font-family: @text-code;
154 154 color: @grey3;
155 155 }
156 156
157 157 // Emphasis & misc
158 158 // -------------------------
159 159
160 160 small,
161 161 .small {
162 162 font-size: 75%;
163 163 font-weight: normal;
164 164 line-height: 1em;
165 165 }
166 166
167 167 mark,
168 168 .mark {
169 169 background-color: @rclightblue;
170 170 padding: .2em;
171 171 }
172 172
173 173 // Alignment
174 174 .text-left { text-align: left; }
175 175 .text-right { text-align: right; }
176 176 .text-center { text-align: center; }
177 177 .text-justify { text-align: justify; }
178 178 .text-nowrap { white-space: nowrap; }
179 179
180 180 // Transformation
181 181 .text-lowercase { text-transform: lowercase; }
182 182 .text-uppercase { text-transform: uppercase; }
183 183 .text-capitalize { text-transform: capitalize; }
184 184
185 185 // Contextual colors
186 186 .text-muted {
187 187 color: @grey4;
188 188 }
189 189 .text-primary {
190 190 color: @rcblue;
191 191 }
192 192 .text-success {
193 193 color: @alert1;
194 194 }
195 195 .text-info {
196 196 color: @alert4;
197 197 }
198 198 .text-warning {
199 199 color: @alert3;
200 200 }
201 201 .text-danger {
202 202 color: @alert2;
203 203 }
204 204
205 205 // Contextual backgrounds
206 206 .bg-primary {
207 207 background-color: white;
208 208 }
209 209 .bg-success {
210 210 background-color: @alert1;
211 211 }
212 212 .bg-info {
213 213 background-color: @alert4;
214 214 }
215 215 .bg-warning {
216 216 background-color: @alert3;
217 217 }
218 218 .bg-danger {
219 219 background-color: @alert2;
220 220 }
221 221
222 222
223 223 // Page header
224 224 // -------------------------
225 225
226 226 .page-header {
227 227 margin: @pagepadding 0 @textmargin;
228 228 border-bottom: @border-thickness solid @grey5;
229 229 }
230 230
231 231 .title {
232 232 clear: both;
233 233 float: left;
234 234 width: 100%;
235 235 margin: @pagepadding/2 0 @pagepadding;
236 236
237 237 .breadcrumbs {
238 238 float: left;
239 239 clear: both;
240 240 width: 700px;
241 241 margin: 0;
242 242
243 243 .q_filter_box {
244 244 margin-right: @padding;
245 245 }
246 246 }
247 247
248 248 h1 a {
249 249 color: @rcblue;
250 250 }
251 251
252 252 input{
253 253 margin-right: @padding;
254 254 }
255 255
256 256 h5, .h5 {
257 257 color: @grey1;
258 258 margin-bottom: @space;
259 259
260 260 span {
261 261 display: inline-block;
262 262 }
263 263 }
264 264
265 265 p {
266 266 margin-bottom: 0;
267 267 }
268 268
269 269 .links {
270 270 float: right;
271 271 display: inline;
272 272 margin: 0;
273 273 padding-left: 0;
274 274 list-style: none;
275 275 text-align: right;
276 276
277 277 li {
278 278 float: right;
279 279 list-style-type: none;
280 280 }
281 281
282 282 a {
283 283 display: inline-block;
284 284 margin-left: @textmargin/2;
285 285 }
286 286 }
287 287
288 288 .title-content {
289 289 float: left;
290 290 margin: 0;
291 291 padding: 0;
292 292
293 293 & + .breadcrumbs {
294 294 margin-top: @padding;
295 295 }
296 296
297 297 & + .links {
298 298 margin-top: -@button-padding;
299 299
300 300 & + .breadcrumbs {
301 301 margin-top: @padding;
302 302 }
303 303 }
304 304 }
305 305
306 306 .title-main {
307 307 font-size: @repo-title-fontsize;
308 308 }
309 309
310 310 .title-description {
311 311 margin-top: .5em;
312 312 }
313 313
314 314 .q_filter_box {
315 315 width: 200px;
316 316 }
317 317
318 318 }
319 319
320 320 #readme .title {
321 321 text-transform: none;
322 322 }
323 323
324 324 // Lists
325 325 // -------------------------
326 326
327 327 // Unordered and Ordered lists
328 328 ul,
329 329 ol {
330 330 margin-top: 0;
331 331 margin-bottom: @textmargin;
332 332 ul,
333 333 ol {
334 334 margin-bottom: 0;
335 335 }
336 336 }
337 337
338 338 li {
339 339 line-height: 2em;
340 340 }
341 341
342 342 ul li {
343 343 position: relative;
344 344 list-style-type: disc;
345 345
346 346 p:first-child {
347 347 display:inline;
348 348 }
349 349 }
350 350
351 351 // List options
352 352
353 353 // Unstyled keeps list items block level, just removes default browser padding and list-style
354 354 .list-unstyled {
355 355 padding-left: 0;
356 356 list-style: none;
357 357 li:before { content: none; }
358 358 }
359 359
360 360 // Inline turns list items into inline-block
361 361 .list-inline {
362 362 .list-unstyled();
363 363 margin-left: -5px;
364 364
365 365 > li {
366 366 display: inline-block;
367 367 padding-left: 5px;
368 368 padding-right: 5px;
369 369 }
370 370 }
371 371
372 372 // Description Lists
373 373
374 374 dl {
375 375 margin-top: 0; // Remove browser default
376 376 margin-bottom: @textmargin;
377 377 }
378 378
379 379 dt,
380 380 dd {
381 381 line-height: 1.4em;
382 382 }
383 383
384 384 dt {
385 385 margin: @textmargin 0 0 0;
386 386 font-weight: @text-bold-weight;
387 387 font-family: @text-bold;
388 388 }
389 389
390 390 dd {
391 391 margin-left: 0; // Undo browser default
392 392 }
393 393
394 394 // Horizontal description lists
395 395 // Defaults to being stacked without any of the below styles applied, until the
396 396 // grid breakpoint is reached (default of ~768px).
397 397 // These are used in forms as well; see style guide.
398 398 // TODO: lisa: These should really not be used in forms.
399 399
400 400 .dl-horizontal {
401 401
402 402 overflow: hidden;
403 403 margin-bottom: @space;
404 404
405 405 dt, dd {
406 406 float: left;
407 407 margin: 5px 0 5px 0;
408 408 }
409 409
410 410 dt {
411 411 clear: left;
412 412 width: @label-width - @form-vertical-margin;
413 413 }
414 414
415 415 dd {
416 416 &:extend(.clearfix all); // Clear the floated `dt` if an empty `dd` is present
417 417 margin-left: @form-vertical-margin;
418 418 max-width: @form-max-width - (@label-width - @form-vertical-margin) - @form-vertical-margin;
419 419 }
420 420
421 421 pre {
422 422 margin: 0;
423 423 }
424 424
425 425 &.settings {
426 426 dt {
427 427 text-align: left;
428 428 }
429 429 }
430 430
431 431 @media (min-width: 768px) {
432 432 dt {
433 433 float: left;
434 434 width: 185px;
435 435 clear: left;
436 436 text-align: right;
437 437 }
438 438 dd {
439 439 margin-left: 20px;
440 440 }
441 441 }
442 442 }
443 443
444 444
445 445 // Misc
446 446 // -------------------------
447 447
448 448 // Abbreviations and acronyms
449 449 abbr[title],
450 450 abbr[data-original-title] {
451 451 cursor: help;
452 452 border-bottom: @border-thickness dotted @grey4;
453 453 }
454 454 .initialism {
455 455 font-size: 90%;
456 456 text-transform: uppercase;
457 457 }
458 458
459 459 // Blockquotes
460 460 blockquote {
461 461 padding: 1em 2em;
462 462 margin: 0 0 2em;
463 463 font-size: @basefontsize;
464 464 border-left: 2px solid @grey6;
465 465
466 466 p,
467 467 ul,
468 468 ol {
469 469 &:last-child {
470 470 margin-bottom: 0;
471 471 }
472 472 }
473 473
474 474 footer,
475 475 small,
476 476 .small {
477 477 display: block;
478 478 font-size: 80%;
479 479
480 480 &:before {
481 481 content: '\2014 \00A0'; // em dash, nbsp
482 482 }
483 483 }
484 484 }
485 485
486 486 // Opposite alignment of blockquote
487 487 //
488 488 .blockquote-reverse,
489 489 blockquote.pull-right {
490 490 padding-right: 15px;
491 491 padding-left: 0;
492 492 border-right: 5px solid @grey6;
493 493 border-left: 0;
494 494 text-align: right;
495 495
496 496 // Account for citation
497 497 footer,
498 498 small,
499 499 .small {
500 500 &:before { content: ''; }
501 501 &:after {
502 502 content: '\00A0 \2014'; // nbsp, em dash
503 503 }
504 504 }
505 505 }
506 506
507 507 // Addresses
508 508 address {
509 509 margin-bottom: 2em;
510 510 font-style: normal;
511 511 line-height: 1.8em;
512 512 }
513 513
514 514 .error-message {
515 515 display: block;
516 516 margin: @padding/3 0;
517 517 color: @alert2;
518 518 }
519 519
520 520 .issue-tracker-link {
521 521 color: @rcblue;
522 522 }
523 523
524 524 .info_text{
525 525 font-size: @basefontsize;
526 526 color: @grey4;
527 527 font-family: @text-regular;
528 528 }
529 529
530 530 // help block text
531 531 .help-block {
532 532 display: block;
533 533 margin: 0 0 @padding;
534 534 color: @grey4;
535 535 font-family: @text-light;
536 536 &.pre-formatting {
537 white-space: pre;
537 white-space: pre-wrap;
538 538 }
539 539 }
540 540
541 541 .error-message {
542 542 display: block;
543 543 margin: @padding/3 0;
544 544 color: @alert2;
545 545 }
@@ -1,121 +1,132 b''
1 1 ## -*- coding: utf-8 -*-
2 2 <%inherit file="/base/base.mako"/>
3 3
4 4 <%def name="title()">
5 5 ${_('Authentication Settings')}
6 6 %if c.rhodecode_name:
7 7 &middot; ${h.branding(c.rhodecode_name)}}
8 8 %endif
9 9 </%def>
10 10
11 11 <%def name="breadcrumbs_links()">
12 12 ${h.link_to(_('Admin'),h.route_path('admin_home'))}
13 13 &raquo;
14 14 ${h.link_to(_('Authentication Plugins'),request.resource_path(resource.__parent__, route_name='auth_home'))}
15 15 &raquo;
16 16 ${resource.display_name}
17 17 </%def>
18 18
19 19 <%def name="menu_bar_nav()">
20 20 ${self.menu_items(active='admin')}
21 21 </%def>
22 22
23 23 <%def name="main()">
24 24 <div class="box">
25 25 <div class="title">
26 26 ${self.breadcrumbs()}
27 27 </div>
28 28 <div class='sidebar-col-wrapper'>
29 29
30 30 ## TODO: This is repeated in the auth root template and should be merged
31 31 ## into a single solution.
32 32 <div class="sidebar">
33 33 <ul class="nav nav-pills nav-stacked">
34 34 % for item in resource.get_root().get_nav_list():
35 35 <li ${'class=active' if item == resource else ''}>
36 36 <a href="${request.resource_path(item, route_name='auth_home')}">${item.display_name}</a>
37 37 </li>
38 38 % endfor
39 39 </ul>
40 40 </div>
41 41
42 42 <div class="main-content-full-width">
43 43 <div class="panel panel-default">
44 44 <div class="panel-heading">
45 45 <h3 class="panel-title">${_('Plugin')}: ${resource.display_name}</h3>
46 46 </div>
47 47 <div class="panel-body">
48 48 <div class="plugin_form">
49 49 <div class="fields">
50 50 ${h.secure_form(request.resource_path(resource, route_name='auth_home'), request=request)}
51 51 <div class="form">
52 52
53 53 %for node in plugin.get_settings_schema():
54 54 <%
55 55 label_to_type = {'label-checkbox': 'bool', 'label-textarea': 'textarea'}
56 56 %>
57 57
58 58 <div class="field">
59 59 <div class="label ${label_to_type.get(node.widget)}"><label for="${node.name}">${node.title}</label></div>
60 60 <div class="input">
61 61 %if node.widget in ["string", "int", "unicode"]:
62 62 ${h.text(node.name, defaults.get(node.name), class_="large")}
63 63 %elif node.widget == "password":
64 64 ${h.password(node.name, defaults.get(node.name), class_="large")}
65 65 %elif node.widget == "bool":
66 66 <div class="checkbox">${h.checkbox(node.name, True, checked=defaults.get(node.name))}</div>
67 67 %elif node.widget == "select":
68 68 ${h.select(node.name, defaults.get(node.name), node.validator.choices, class_="select2AuthSetting")}
69 69 %elif node.widget == "textarea":
70 70 <div class="textarea" style="margin-left: 0px">${h.textarea(node.name, defaults.get(node.name), rows=10)}</div>
71 71 %elif node.widget == "readonly":
72 72 ${node.default}
73 73 %else:
74 74 This field is of type ${node.typ}, which cannot be displayed. Must be one of [string|int|bool|select].
75 75 %endif
76 76
77 77 %if node.name in errors:
78 78 <span class="error-message">${errors.get(node.name)}</span>
79 79 <br />
80 80 %endif
81 81 <p class="help-block pre-formatting">${node.description}</p>
82 82 </div>
83 83 </div>
84 84 %endfor
85 85
86 86 ## Allow derived templates to add something below the form
87 87 ## input fields
88 88 %if hasattr(next, 'below_form_fields'):
89 89 ${next.below_form_fields()}
90 90 %endif
91 91
92 92 <div class="buttons">
93 93 ${h.submit('save',_('Save'),class_="btn")}
94 94 </div>
95 95
96 96 </div>
97 97 ${h.end_form()}
98 98 </div>
99 99 </div>
100
101 % if request.GET.get('schema'):
102 ## this is for development and creation of example configurations for documentation
103 <pre>
104 % for node in plugin.get_settings_schema():
105 *option*: `${node.name}` => `${defaults.get(node.name)}`${'\n # '.join(['']+node.description.splitlines())}
106
107 % endfor
108 </pre>
109
110 % endif
111
100 112 </div>
101 113 </div>
102 114 </div>
103 115
104 116 </div>
105 117 </div>
106 118
107 ## TODO: Ugly hack to get ldap select elements to work.
108 ## Find a solution to integrate this nicely.
119
109 120 <script>
110 121 $(document).ready(function() {
111 122 var select2Options = {
112 123 containerCssClass: 'drop-menu',
113 124 dropdownCssClass: 'drop-menu-dropdown',
114 125 dropdownAutoWidth: true,
115 126 minimumResultsForSearch: -1
116 127 };
117 128 $('.select2AuthSetting').select2(select2Options);
118 129
119 130 });
120 131 </script>
121 132 </%def>
1 NO CONTENT: file was removed, binary diff hidden
1 NO CONTENT: file was removed, binary diff hidden
General Comments 0
You need to be logged in to leave comments. Login now