About git-server configuration based on gitolite
Create the repository:
1.On the local machine we should generate a key using the command:
$ ssh-keygen -t rsa
Then the key (~/.ssh/id_rsa.pub) forward to the server where the git will be installed (for example here /tmp/user.pub)
2. connect to the server using ssh and install git and gitolite on the server.
sudo apt-get install git gitolite
3. Create a gitolite user
$ sudo useradd -m gitolite
and change to user gitolite
$ sudo su gitolite
4. Configurate gitolite using the command:
$ gl-setup /tmp/user.pub
This will open the editor. We just need to get out of it by typing :x to save and exit the editor. Logout the user gitolite.
The server configuration is completed.
5. On the local machine we receive the repository gitolite-admin (no authorization and no password while performing this operation are not required). If the authorization is required then the key was transferred into gitolite
git clone gitolite@198.191.236.199:gitolite-admin.git Cloning into 'gitolite-admin'... remote: Counting objects: 6, done. remote: Compressing objects: 100% (4/4), done. Receiving objects: 100% (6/6), done. remote: Total 6 (delta 0), reused 0 (delta 0)
gitolite-admin contains two folders:
The directory keys — are files with user keys of the repository.
The directory conf contains configuration files for gitolite.
We are interested in conf/gitolite.conf:
repo gitolite-admin
RW+ = admin
repo testing
RW+ = @all
The content of this file means that two repositories are created on the git-server: gitolite-admin and testing.
The user with the key saved in the file keys/user.pub has read and write permissions for the repository gitolite-admin.
All users have the read and write permissions for the repository testing.
6. Add a new repository by modifying the file conf/gitolite.conf as follows:
repo gitolite-admin
RW+ = user
repo testing
RW+ = @all
repo boot_ctrl
RW+ = @all
Then we should save changes (commit) and run the command (push) to send changes to the server:
$ git commit -am 'Add new project' $ git push origin master
We can then check ourself by running the command that will show the list of repositories in the git server:
ssh gitolite@198.191.236.199 info
hello user, this is gitolite 2.2-1 (Debian) running on git 1.7.9.5
the gitolite config gives you the following access:
@R_ @W_ boot_ctrl
R W gitolite-admin
@R_ @W_ testing
We can also connect to the server via ssh and view a list of repository using the ls command
$ ssh gore_user@198.191.236.199 sudo ls -l /home/gitolite/repositories/ итого 12 drwx------ 7 gitolite gitolite 4096 июля 7 15:38 boot_ctrl.git drwx------ 8 gitolite gitolite 4096 июля 7 15:38 gitolite-admin.git drwx------ 7 gitolite gitolite 4096 июля 7 15:38 testing.git
7. The new project is created but it is empty.
How to add data to the created repository gitolite:
On the local machine, we initialize a git repository by a standard command in the folder with the source code of the project:
$ git init
Add the remote repository to the server:
$ git remote add origin gitolite@198.191.236.199:boot_ctrl.git
or clone the empty repository and then add the project into the repository:
$ git clone gitolite@198.191.236.199:boot_ctrl.git
Next steps are adding the files (add), saving the data of (commit) and sending the changes to the server (push)
$ git add . $ git commit -am "Initial commit" $ git push origin master
To synchronize the local copy with the server gitolite, we use the command:
git pull origin master
Removing the repository from gitolite:
1. remove the repository from the file conf/gitolite.conf.
2. run the commands commit and push.
3. connect to the server using ssh and remove the directory in /home/gitolite/repositories/ manually.
Admin reset in gitolite.
If we lost our admin key or the administration is realized from another place we should reset the admin key as follows:
1. generate a new key
$ ssh-keygen -t rsa
and upload it using ssh to the server into the folder /tmp. And the name of the new key have to match the name of the admin file gitolite.conf.
For example in the file gitolite.conf:
repo gitolite-admin
RW+ = super_admin
and the file name have to be /tmp/super_admin.pub
2. run
gl-setup /tmp/super_admin.pub
3. if while cloning we get such an error:
$ git clone gitolite@193.191.236.199:gitolite-admin.git Cloning into 'gitolite-admin'... Agent admitted failure to sign using the key.
we should run:
$ ssh-add
and then to clone again. It should be ok.
For public access through gitweb to the server gitolite
Gitweb allows to access the gitolite server using browser. While there might be a problem when we go to the gitweb page and see the list of repositories, therefore we should correct some settings.
1. The file /etc/gitweb.conf. The following fields must contain the correct path to the corresponding files/directories
$projectroot = "/home/gitolite/repositories"; $projects_list = '/home/gitolite/projects.list';
2. Modify the field REPO_UMASK in the file /home/gitolite/.gitolite.rc
$REPO_UMASK = 0022;
3. change permissions for:
sudo chmod a+r /home/gitolite/projects.list chmod a+rx /home/gitolite/repositories
4. add an user gitweb in the file gitolite-admin/conf/gitolite.conf as follows:
repo testing
RW+ = @all
R = gitweb daemon
repo testing_2
RW+ = @all
R = gitweb daemon
Create a new repository and check that it will be visible via gitweb. To do this, open the server address in the browser or by using locally it will look like this:
http://127.0.0.1/gitweb
At the same time the repositories that have been created before applying these settings will not be visible through gitweb, therefore we should set the permissions for them as follows:
chmod -R a+rX /home/gitolite/repositories/testing_1.git
Changing the address line for access via gitweb.
The access to the repository using gitweb has the following address by default - http://127.0.0.1/gitweb. We can change the address line in the file /etc/apache2/conf.d/gitweb as follows
Alias /new_repo /usr/share/gitwebOptions +FollowSymLinks +ExecCGI AddHandler cgi-script .cgi
And then the access through gitweb to the repository will have the address
http://127.0.0.1/new_repo
gitweb and adding categories.
By default, when browsing the repository gitolite via gitweb all projects are presented in one list. If we need to divide the projects into categories then we need to do the following:
1. the line $GL_GITCONFIG_KEYS in the file .gitolite.rc has to look like the following:
$GL_GITCONFIG_KEYS = ".*";
2. add a field to the file /etc/gitweb.conf
$projects_list_group_categories = 1;
3. the file gitolite-admin/conf/gitolite.conf the file should look like:
repo alpha/testing_6
RW+ = @all
R = gitweb daemon
config gitweb.category = "Репозитории проекта alpha"
repo beta/testing_7
RW+ = @all
R = gitweb daemon
config gitweb.category = "Репозитории проекта beta"
Access limiting to the server gitolite via gitweb.
By default, all users have the ability to go to the address http://127.0.0.1/gitweb and get the access to the repository via gitweb. To limit the access using gitweb do the following:
1. create file .htpasswd in the home directory /home/gitolite/.htpasswd
2. Modify the file /etc/apache2/conf.d/gitweb as follows
Alias / new_repo /usr/share/gitwebOptions +FollowSymLinks +ExecCGI AddHandler cgi-script .cgi Options ExecCGI FollowSymLinks Indexes AuthName "git repo" AuthType Basic AuthUserFile /home/gitolite/.htpasswd Require valid-user
3. create user and password:
sudo htpasswd /home/gitolite/.htpasswd UserName
Public access to the gitolite server using git-daemon.
Configuring access to the gitolite server without authorization:
1. create a file named etc/init.d/git-daemon
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=git-daemon
PIDFILE=/var/run/$NAME.pid
DESC="the git daemon"
DAEMON=/usr/lib/git-core/git-daemon
DAEMON_OPTS="--base-path=/home/gitolite/repositories --verbose --syslog --detach --pid-file=$PIDFILE --user=gitolite --group=nogroup"
test -x $DAEMON || exit 0
[ -r /etc/default/git-daemon ] && . /etc/default/git-daemon
. /lib/lsb/init-functions
start_git() {
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--startas $DAEMON -- $DAEMON_OPTS
}
stop_git() {
start-stop-daemon --stop --quiet --pidfile $PIDFILE
rm -f $PIDFILE
}
status_git() {
start-stop-daemon --stop --test --quiet --pidfile $PIDFILE >/dev/null 2>&1
}
case "$1" in
start)
log_begin_msg "Starting $DESC"
start_git
log_end_msg 0
;;
stop)
log_begin_msg "Stopping $DESC"
stop_git
log_end_msg 0
;;
status)
log_begin_msg "Testing $DESC: "
if status_git
then
log_success_msg "Running"
exit 0
else
log_failure_msg "Not running"
exit 1
fi
;;
restart|force-reload)
log_begin_msg "Restarting $DESC"
stop_git
sleep 1
start_git
log_end_msg 0
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
Check that the key —base-path,--user has correct values (key value —user=gitolite comes from the key --base-path=/home/gitolite/repositories)
2. run the git-daemon:
chmod a+x /etc/init.d/git-daemon /etc/init.d/git-daemon start
3. add the user named daemon for accessing the proper repository in the file gitolite-admin/conf/gitolite.conf
repo alpha/testing_9
RW+ = @all
R = gitweb daemon
4. get the repository:
git clone git://127.0.0.1/testing_9
or in this way:
git clone git://127.0.0.1/testing_9 temp_prj_name
Adding of a new user to gitolite
1. generate akey using the computer with the access to the repository:
$ ssh-keygen -t rsa
and place it in our local gitolite-admin/keydir. The key name will be the name of the new user. For example: user2.pub
2. To add a new user to the repository to which he should have access by modifying the file gitolite-admin/conf/gitolite.conf
it can be done in this way:
repo testing_3
RW+ = user2
or in this way:
repo testing_2
RW+ = @all
or in this way for getting the administrative rights:
repo gitolite-admin
RW+ = admin_dima user2
3. run commit of the admin repository:
git commit -am "add new" git push origin master
4. clone the repository:
git clone git@192.168.0.10:testing_3.git