Configuring SSH support for EWM Git integration

IBM® Engineering Workflow Management (EWM) and Git integration supports SSH as a communication protocol between a Git client and Git server (Linux operating system only). The communication protocol between the Jazz™ Team Server and Git server is HTTP(S) for communication with each other. While the Git server-side hooks invoke the REST services of EWM, EWM queries the Git server to retrieve commit details.

Before you begin

You must have permissions to configure SSH on a Git server.

About this task

Because the communication protocol between EWM and the Git server is HTTP, the Git Server must run an HTTP server, so that EWM can retrieve commit information from the Git server.

Note: This integration is supported only when SSH uses the key-based authentication and not with password-based authentication.

Procedure

  1. As a user, generate a key pair and send the public key to the administrator. The public key is added to id_rsa.pub (by default). For more information, see Generating SSH Keys.
  2. As an administrator, complete the following steps:
    1. On the Git server, create a functional user ID. For example, git. This functional user ID hosts the public keys and is part of the SSH URL.
    2. Create an .ssh directory inside the home directory of the hosting user.
    3. Create an empty authorized_keys file.
    4. Ensure that the .ssh directory has rwx permissions only for the hosting user (drwx-------).
    5. Ensure that the authorized_keys file has rw permissions only for the host user (-rw-------).
      Note: The UNIX file system permissions for the .ssh directory and authorized_keys are mandatory; otherwise, SSH does not trust the public keys that are hosted there. Typically, Git repositories are placed under a directory, such as =/gitrepos=.
    6. Ensure that the hosting user has read, write, and executable permissions for the directory and repositories (and their contents).
    7. To set the user.name and user.email global configuration for the hosting user, run the following commands:

      git config --global user.name git
      git config –-global user.email git@git-server.com

    8. Append the contents of the user's public key file to the authorized_keys file. For example, add the contents of cat id_rsa.pub to /home/git/.ssh/authorized_keys. For more information, see Setting up a Git server.
    9. Download the Git server tools from the jazz.net download pages. Extract the files into a local directory, such as /rtc-git-server-toolkit. Ensure that the shell scripts and python scripts have read and execute permissions for the hosting user.
    10. Open the authorized_keys file in an editor and prefix the key line with the following line: command="export REMOTE_USER=user-id;/rtc-git-server-toolkit/server/hooks/rtc-git-ssh-interceptor". Ensure that there is at least one space between this command and the start of the public key. Replace user-id with the user ID that the key references.
    11. Configure the rtc-git-ssh-interceptor by providing the value for the variable RTC_GIT_SERVER_TOOLKIT_PATH. The interceptor script is part of the /rtc-git-server-toolkit/server/hooks directory.

What to do next

Deploy the Git server-side hooks (pre-receive and post-receive) into each of the Git repositories and configure them.

After you complete the configuration, you can clone the repository and start working with it by running the following command: git clone ssh://git@server/gitrepos/repo1.git.


video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki