Configuring hosts to checkout code
Before you add a new host machine to the work pool, you must ensure that it is ready to checkout code from the repositories that you want to analyze. When a worker collects a job to analyze a project, the first step is to checkout the code from the repository.
The essential requirements are:
- Appropriate client software to allow the worker to check out code from the repository—that is, Git, Subversion or Team Foundation Version Control (TFVC). The LGTM Enterprise installer automatically installs Git and Subversion clients. For TFVC, you must install the Team Explorer Everywhere command-line client (TEE-CLC) on each worker host machine.
- Authentication method to allow the worker host machine to authenticate with the repository host and have read access to the code. For Subversion and TFVC repositories, the credentials you specify when you
create a repository providerare used. For Git repositories, the simplest method is use an SSH configuration, but other options are also available.
Client software for repository access
If you installed LGTM Enterprise using the install script, the client software for Git and Subversion are installed automatically when you deploy LGTM to a new host. If you used an alternative method to install LGTM Enterprise and want to analyze code stored in Git or Subversion, you will need to install this client software on each new host machine.
If you plan to use LGTM to analyze code stored in Team Foundation Version Control (TFVC), you must install the command-line client for TFVC on all machines in the LGTM cluster.
LGTM Enterprise uses the Team Explorer Everywhere command-line client to access Team Foundation Version Control (TFVC) repositories. If you use TFVC repositories, install this client software on the coordinator server and on each worker host whose workers will access TFVC repositories.
Download the latest
TEE-CLC-<version>.zipfile from https://github.com/Microsoft/team-explorer-everywhere/releases.
Unzip the file to a suitable location on the machine.
Add the directory containing the
tffile to the PATH. It is usually best to define this in the cluster configuration. For an example, see Example—putting tf on the PATH for TFVC checkout.
The machine may already have a
tf command in the PATH. LGTM Enterprise requires the version of
tf that comes with Team Explorer Everywhere 14.123 or above (see the link above). The version of
tf included in Visual Studio does not support XML output and cannot be used.
Authenticating with repositories
The best way to allow the machines in the LGTM cluster to authenticate with repositories varies according to your enterprise infrastructure. Options include:
- Configuring an SSH connection—this is a secure way to create a connection to Subversion and Git repositories that are configured to accept SSH connections.
- Specifying an account for LGTM workers to use—when you create a repository provider for Subversion or TFVC (hosted by TFS or Azure DevOps) repositories, you can specify an account for LGTM workers to use.
- Caching authentication details—this is often the preferred method for creating a connection to Subversion repositories that only accept HTTPS connections.
- Using third-party clients—you may be able to use the internal methods that are already set up to allow continuous integration (CI) systems to access repositories securely.
The worker daemons run as a user called
lgtm-worker. The home directory for this user is:
- Put the SSH configuration for the connection to your repository host into
- Set the permissions for the private key to
600, for example:
chmod 600 .ssh/id_rsa
- Check that the repository host is listed in the
.ssh/known_hostsfile. If it is listed, you can skip steps 4 and 5. If it isn't listed continue to the next step.
- Check that you can retrieve the public key for the repository host using ssh-keyscan, for example:
- Append the key details to the
known_hostsfile (creating the file if it does not already exist):
ssh-keyscan <repository-root-hostname> >> known_hosts
You need to configure an SSH connection for each of the external repository hosts that the machine needs to access. The section below contains links to the relevant topics for most of the supported systems.
When you've generated each SSH key, you should install it for the user that runs the LGTM worker services.
When you use
install-machine.bat to deploy LGTM workers, the script sets the LGTM worker daemons to run under the account that you specify when you run the script. Alternatively, if you don't specify an account the LocalSystem account is used.
Generating an SSH key
For more information, see:
- Azure DevOps (or TFS): Use SSH key authentication
- Bitbucket Cloud: Set up an SSH key
- Bitbucket Server: Creating SSH keys then SSH access keys for system use.
- GitHub: Generating a new SSH key and adding it to the ssh-agent then Adding a new SSH key to your GitHub account.
- GitLab: How to create your SSH Keys