Configuring worker hosts to checkout code
Before you add a new host machine to the work pool, you must ensure that it is ready to checkout code from the repositories that you want to analyze. When a worker collects a job to analyze a project, the first step is to checkout the code from the repository.
The essential requirements are:
Appropriate client software to allow the worker to check out code from the repository—that is, Git, Subversion or Team Foundation Version Control (TFVC). The LGTM Enterprise installer automatically installs Git and Subversion clients. For TFVC, you must install the Team Explorer Everywhere command-line client (TEE-CLC) on each worker host machine.
Repository access for all worker daemons. All of the worker daemons running on machines in the work pool need to be able to connect to all of the repository hosts you use. They also need read access to the code.
All general and on-demand workers can be used to poll your repositories, to check whether new changes have been made to the code. This is true even for workers that will not be used to build and analyze code from a particular repository. So, typically, connections to all of your repository hosts occur from all of your worker host machines.
Generally, workers use the authentication credentials you specify when you
configure repository settings for an integrationto access the repositories. For Git-based repository providers, however, you have the option of configuring workers to connect over SSH, by setting the integration's Checkout method accordingly.
Client software for repository access
If you installed LGTM Enterprise using the install script, the client software for Git and Subversion are installed automatically when you deploy LGTM to a new host. If you used an alternative method to install LGTM Enterprise and want to analyze code stored in Git or Subversion, you will need to install this client software on each new host machine.
If you plan to use LGTM to analyze code stored in Team Foundation Version Control (TFVC), you must install the command-line client for TFVC on all machines in the LGTM cluster.
LGTM Enterprise uses the Team Explorer Everywhere command-line client to access Team Foundation Version Control (TFVC) repositories. If you use TFVC repositories, install this client software on the coordinator server and on each worker host whose workers will access TFVC repositories.
Download the latest
TEE-CLC-<version>.zipfile from https://github.com/Microsoft/team-explorer-everywhere/releases.
Unzip the file to a suitable location on the machine.
Add the directory containing the
tffile to the PATH. It is usually best to define this in the cluster configuration. For an example, see Example—putting tf on the PATH for TFVC checkout.
The machine may already have a
tf command in the PATH. LGTM Enterprise requires the version of
tf that comes with Team Explorer Everywhere 14.123 or later (see the link above). The version of
tf included in Visual Studio does not support XML output and cannot be used.
Connections between LGTM and your repository hosts are made using the Checkout method defined in the Adding repositories settings for each integration. Generally the default method is the best setting to use. Options include:
- Specifying an account for LGTM workers to use—generally the account credentials you specify when you create an integration are used by workers to authenticate with the repository host.
- Configuring an SSH connection—this is an alternative way to create a connection to Subversion and Git repositories that are configured to accept SSH connections. For further information, see the SSH configuration details below.
- Using third-party clients—you may be able to use the internal methods that are already set up to allow continuous integration (CI) systems to access repositories securely.
Configuring an SSH connection
Generally this is only necessary for integrations whose Checkout method has been set to
SSH—see Configuring LGTM Enterprise access to repositories. However, you will also have to do this for any worker hosts whose workers check out code from a repository containing submodules with SSH URLs.
The worker daemons run as a user called
lgtm-worker. The home directory for this user is:
- Put the SSH configuration for the connection to your repository host into
- Set the permissions for the private key to
600, for example:
chmod 600 .ssh/id_rsa
- Check that the repository host is listed in the
.ssh/known_hostsfile. If it is listed, you can skip steps 4 and 5. If it isn't listed continue to the next step.
- Check that you can retrieve the public key for the repository host using ssh-keyscan, for example:
- Append the key details to the
known_hostsfile (creating the file if it does not already exist):
ssh-keyscan <repository-root-hostname> >> known_hosts
Generate an appropriate SSH key for the external repository system to which workers need to connect, then install it for the user that runs the LGTM worker services.
When you use
install-machine.bat to deploy LGTM workers, the script sets the LGTM worker daemons to run under the account that you specify when you run the script. Alternatively, if you don't specify an account the LocalSystem account is used.
Generating an SSH key
For information on how to generate an SSH key to use to connect to an external repository system, see the help pages within the relevant repository system.