LGTM Enterprise 1.20

Configuring hosts to checkout code

Before you add a new host machine to the work pool, you must ensure that it is ready to checkout code from the repositories that you want to analyze. When a worker collects a job to analyze a project, the first step is to checkout the code from the repository.

The essential requirements are:

  1. Appropriate client software to allow the worker to check out code from the repository—that is, Git, Subversion or Team Foundation Version Control (TFVC). The LGTM Enterprise installer automatically installs Git and Subversion clients. For TFVC, you must install the Team Explorer Everywhere command-line client (TEE-CLC) on each worker host machine.
  2. Authentication method to allow the worker host machine to authenticate with the repository host and have read access to the code. For Subversion and TFVC repositories, the credentials you specify when you create a repository provider are used. For Git repositories, the simplest method is use an SSH configuration, but other options are also available.

Client software for repository access

If you installed LGTM Enterprise using the install script, the client software for Git and Subversion are installed automatically when you deploy LGTM to a new host. If you used an alternative method to install LGTM Enterprise and want to analyze code stored in Git or Subversion, you will need to install this client software on each new host machine.

If you plan to use LGTM to analyze code stored in Team Foundation Version Control (TFVC), you must install the command-line client for TFVC on all machines in the LGTM cluster.

Installing a command-line client for TFVC

LGTM Enterprise uses the Team Explorer Everywhere command-line client to access Team Foundation Version Control (TFVC) repositories. If you use TFVC repositories, install this client software on the coordinator server and on each worker host whose workers will access TFVC repositories.

  1. Download the latest TEE-CLC-<version>.zip file from https://github.com/Microsoft/team-explorer-everywhere/releases.

  2. Unzip the file to a suitable location on the machine.

  3. Add the directory containing the tf file to the PATH. It is usually best to define this in the cluster configuration. For an example, see Example—putting tf on the PATH for TFVC checkout.

The machine may already have a tf command in the PATH. LGTM Enterprise requires the version of tf that comes with Team Explorer Everywhere 14.123 or above (see the link above). The version of tf included in Visual Studio does not support XML output and cannot be used.

Authenticating with repositories

The best way to allow the machines in the LGTM cluster to authenticate with repositories varies according to your enterprise infrastructure. Options include:

  • Configuring an SSH connection—this is a secure way to create a connection to Subversion and Git repositories that are configured to accept SSH connections.
  • Specifying an account for LGTM workers to use—when you create a repository provider for Subversion or TFVC (hosted by TFS or Azure DevOps) repositories, you can specify an account for LGTM workers to use.
  • Caching authentication details—this is often the preferred method for creating a connection to Subversion repositories that only accept HTTPS connections.
  • Using third-party clients—you may be able to use the internal methods that are already set up to allow continuous integration (CI) systems to access repositories securely.

Configuring an SSH connection on Linux

The worker daemons run as a user called lgtm-worker. The home directory for this user is: /var/lib/lgtm-worker.

  1. Put the SSH configuration for the connection to your repository host into /var/lib/lgtm-worker/.ssh.
  2. Set the permissions for the private key to 600, for example: chmod 600 .ssh/id_rsa
  3. Check that the repository host is listed in the .ssh/known_hosts file. If it is listed, you can skip steps 4 and 5. If it isn't listed continue to the next step.
  4. Check that you can retrieve the public key for the repository host using ssh-keyscan, for example: ssh-keyscan <repository-root-hostname>
  5. Append the key details to the known_hosts file (creating the file if it does not already exist): ssh-keyscan <repository-root-hostname> >> known_hosts

Configuring an SSH connection on Windows

You need to configure an SSH connection for each of the external repository hosts that the machine needs to access. The section below contains links to the relevant topics for most of the supported systems.

When you've generated each SSH key, you should install it for the user that runs the LGTM worker services.

When you use install-machine.bat to deploy LGTM workers, the script sets the LGTM worker daemons to run under the account that you specify when you run the script. Alternatively, if you don't specify an account the LocalSystem account is used.

Generating an SSH key

For more information, see:

Related topicsRelated topics