Note |
---|
Note This page describes the functionality of MettleCI Workbench version 1.0- 1280 and later. |
Data Migrators recommend using the SSH protocol for authentication between MettleCI Workbench and your remote Git repositories as it is easier to manage access in a uniform manner across multiple remote Git repository hosts (Github, Bitbucket, Gitlab, etc). SSH keys also tend to be more secure than username/password credentials.
Config.yml Changes
Warning |
---|
Warning Upgrading MettleCI Workbench from a version prior to 1.0-1280 will result in a breaking change for customers using Git over HTTPS. |
...
. |
In the event that you need to use Git over HTTPS rather than SSH you can configure MettleCI Workbench to store a set of username/password credentials for each user which will be used for all Git HTTPS requests.
These are configured in the config.yml
file as shown below:
Code Block | ||
---|---|---|
| ||
... gitAuthentication: sshKey: "/opt/dm/mci/workbench.key" # Location of our private SSH key httpsEnabled: true # Set true to use HTTPS httpsProvider: "SunJSSE" # httpsCredentialsStore: # Details of the SSL certificate file type: "PKCS12" path: "/opt/dm/mci/.secrets/git-credentials.p12" password: ${file:UTF-8:/opt/dm/mci/.secrets/git-credentials-keystore-password} ... |
...
Note |
---|
The comments in the example above are just for clarity. You should not have any comments or trailing whitespace after the entries in your |
This password will be stored in a file (.secrets/git-credentials-keystore-password
) referenced in the config.yml
file, as shown above.
...
The git credentials will be stored in a keystore (.secrets/git-credentials.p12
) that requires the keystore password and will be created when the config option httpsEnabled: true
has been added to the config.yml
Generating the Git Credentials KeyStore
The Workbench Setup Wizard will automatically generate
...
the .secrets/git-credentials-keystore-password
file for you with
...
MettleCI Workbench version 1.0-1327 and later
If you are running MettleCI Workbench on Microsoft Windows, you can skip this Section
Info |
---|
If you are upgrading from an older version of Workbench, you will need to create this file yourself using the following instructions:- |
Make sure the MettleCI Workbench Service is stopped
Code Block $> service dm-mettleci-workbench stop
Edit the
config.yml
file and add or set thehttpsEnabled
entry under thesshKey
entry. Make sure it is set tofalse
for the time being.Code Block gitAuthentication: sshKey: "/opt/dm/mci/workbench.key" httpsEnabled: false
In order to create the password file make sure to login as the
mciworkb
user.
...
Code Block $> sudo su - mciworkb
...
Go to your mettle home directory
...
$> cd /opt/dm/mci
...
Create the file where the keystore password will be saved
...
$> umask 006 $> touch .secrets/git-credentials-keystore-password
Edit the file with your preferred editor and enter a new password
Code Block $> vim .secrets/git-credentials-keystore-password
...
any_random_generated_password_with_letters_numbers_and_symbols
Edit the
config.yml
file and add or set thehttpsEnabled
entry totrue
under thesshKey
entry.Code Block gitAuthentication: sshKey: "/opt/dm/mci/workbench.key" httpsEnabled: true
MettleCI Workbench will need to be restarted after saving changes to
config.yml
.Code Block $> service dm-mettleci-workbench start
Check that the keystore has been created by MettleCI Workbench
Code Block $> ls -l /opt/dm/mci/.secrets/git-credentials* -rw-rw---- 1 mciworkb dstage 18 Jun 9 20:58 /opt/dm/mci/.secrets/git-credentials-keystore-password -rw-rw---- 1 mciworkb dstage 297 Jun 9 21:17 /opt/dm/mci/.secrets/git-credentials.p12
User Profile Git Configuration
When HTTPS is enabled, each user can add their git credentials on the Profile page which they can access from the menu in the top right corner of Workbench:
...
You can then enter Git HTTPS or SSH repository URLS in the project registration page. The ssh or https credentials will be used depending on the configured Git protocol, any username shown in the URL will be ignored and overridden by the settings included in config.yml
:
...
Ensure that the Git Repository Server is reachable on Port 443 for HTTPS or Port 80 for HTTP or Port 21 for FTP
Info |
---|
Tip |