Versions Compared

Version Old Version 19 New Version 20
Changes made by

Alan Prothero

Alan Prothero

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Note

This page describes the functionality of MettleCI Workbench version 1.0-1280 and later.
For older versions of Workbench, see this page: Configuring MettleCI Workbench to communicate with Git over HTTPS (legacy)

Data Migrators recommend using the SSH protocol for authentication between MettleCI Workbench and your remote Git repositories as it is easier to manage access in a uniform manner across multiple remote Git repository hosts (Github, Bitbucket, Gitlab, etc). SSH keys also tend to be more secure than username/password credentials.

Config.yml Changes

Warning

Warning

Upgrading MettleCI Workbench from a version prior to 1.0-1280 will result in a breaking change for customers using Git over HTTPS.
The global HTTPS credentials stored under the gitAuthentication section of the config.yml file are no longer used in MettleCI Workbench version 1.0-1280 onwards. The continued presence of those values in that file will not cause any adverse behaviour, but those values will be ignored, and would be better removed form from the file to avoid confusion.

...

.

In the event that you need to use Git over HTTPS rather than SSH you can configure MettleCI Workbench to store a set of username/password credentials for each user which will be used for all Git HTTPS requests.

These are configured in the config.yml file as shown below:-

Code Block
...
gitAuthentication:
  sshKey: "/opt/dm/mci/workbench.key"
  httpsEnabled: false/true
  httpsCredentialsStore:
    path: /opt/dm/mci/.secrets/git-credentials.p12
    password: ${file:UTF-8:/opt/dm/mci/.secrets/git-credentials-keystore-password}
...

This password will be stored in a file (.secrets/git-credentials-keystore-password) referenced in the config.yml file, as shown above.

The git credentials will be stored in a keystore (.secrets/git-credentials.p12) that requires a the keystore password and will be created when the config option httpsEnabled: true has been added to the config.ymlThis password will be stored in a file (

Generating the Git Credentials KeyStore

The Workbench Setup Wizard will automatically generate the .secrets/git-credentials-keystore-password) referenced in the config.yml file, as shown above.

...

file for you with MettleCI Workbench version 1.0-1327 and later

If you are running MettleCI Workbench on Microsoft Windows, you can skip this Section

Info

If you are upgrading from an older version of Workbench, you will need to create this file yourself using the following instructions:-

  1. Make sure the MettleCI Workbench Service is stopped

    Code Block
    $> service dm-mettleci-workbench stop

  2. Edit the config.yml file and add or set the httpsEnabled entry under the sshKey entry. Make sure it is set to false for the time being.

    Code Block
    gitAuthentication:
  sshKey: "/opt/dm/mci/workbench.key"
  httpsEnabled: false

  3. In order to create the password file make sure to login as the mciworkb user. (If you running are on Microsoft Windows you can skip this)

    Code Block
    $> sudo su - mciworkb
$> cd /opt/dm/mci
$> umask 006
$> touch .secrets/git-credentials-keystore-password

  4. Edit the file with your preferred editor and enter a new password

    Code Block
    $> vim .secrets/git-credentials-keystore-password


thisisasecurepasswordany_random_generated_password_with_letters_numbers_and_symbols

  5. Edit the config.yml file and add or set the httpsEnabled entry to true under the sshKey entry.

    Code Block
    gitAuthentication:
  sshKey: "/opt/dm/mci/workbench.key"
  httpsEnabled: true

  6. MettleCI Workbench will need to be restarted after saving changes to config.yml.

    Code Block
    $> service dm-mettleci-workbench start

  7. Check that the keystore has been created by MettleCI Workbench

    Code Block
    $> ls -l /opt/dm/mci/.secrets/git-credentials*
-rw-rw---- 1 mciworkb dstage  18 Jun  9 20:58 /opt/dm/mci/.secrets/git-credentials-keystore-password
-rw-rw---- 1 mciworkb dstage 297 Jun  9 21:17 /opt/dm/mci/.secrets/git-credentials.p12

When HTTPS is enabled, each user can add their git credentials on the Profile page which they can access from the menu in the top right corner of Workbench:

...