Recently, netSIGN asked me to setup gitolite to give external developers controlled access to git repositories. Gitolite enables easy management of this access control. In this post I will detail how I set this up.
The first thing to note about the gitolite install is that the installer is run remotely. Therefore, you will want to download the gitolite installation code onto your local machine.
git clone git://github.com/sitaramc/gitoliteThis will fetch the gitolite code from github.
Cloning into gitolite...
remote: Counting objects: 3156, done.
remote: Compressing objects: 100% (1438/1438), done.
remote: Total 3156 (delta 2149), reused 2479 (delta 1681)
Receiving objects: 100% (3156/3156), 699.61 KiB | 268 KiB/s, done.
Resolving deltas: 100% (2149/2149), done.You will need to setup the git user account on the remote machine, under which gitolite will run, so login.
ssh gitboxgitbox is the hostname of the remote machine I am using. You can replace this with your remote machine’s hostname or IP.
Now create the user. I’m calling my user “gitolite”, but you can use “git” or anything else.
sudo adduser \
--system \
--shell /bin/bash \
--gecos 'git version control' \
--group \
--disabled-password \
--home /home/gitolite gitoliteIn this example above /home/gitolite is where gitolite and your code repositories will live.
Now you can return to your local machine.
exitNotice that when we created the user, we used –disable-password, which prevents us logging into the machine using a password. Therefore we’ll need to upload a ssh key for running the installer. Here, I will create a public and private keypair with the name id\rsa_gitolite_.
cd ~/.ssh
ssh-keygen -t rsa -f id_rsa_gitolite
cd ~Hit return at the prompts to create the key without passphrase authentication.
You public key can be found here.
~/.ssh/id_rsa_gitolite.pubAnd the private key here.
~/.ssh/id_rsa_gitoliteNow you’ll need to upload the public key to gitolite user account, so that we can log into that account using our private key.
scp ~/.ssh/id_rsa_gitolite.pub gitboxNow login to the remote machine
ssh gitboxand copy the key to the gitolite account.
sudo cp id_rsa_gitolite.pub /home/gitolite
sudo chown gitolite:gitolite /home/gitolite/id_rsa_gitolite.pubBecome the gitolite user
sudo su - gitoliteand add the gitolite public key to the list of authorized keys that can be used to login as this user.
mkdir .ssh
chmod 700 .ssh
cat id_rsa_gitolite.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
rm id_rsa_gitolite.pubNow it’s time to return to you local machine.
exit # from gitolite user
exit # from remote machineTo make things simple on ssh side I recommend adding the configuration for the gitolite account to you ssh config.
vim ~/.ssh/configHost gitbox
User gitolite
Hostname gitbox
Port 22
IdentityFile ~/.ssh/id_rsa_gitoliteNow you should be able to login to the remote machine as the gitolite user using the following…
ssh gitbox
exitThe installer command gl-easy-install takes the following arguments
gl-easy-install <user> <host> [ <port> ] <admin name> <host nickname>If port is not given it will default to 22.
Now you can run the gitolite installer using the gitolite code we downloaded.
cd gitolite/src
./gl-easy-install gitolite gitbox gitadminIf all went well you should have a checked-out gitolite-admin git repository in your home directory.
cd ~/gitolite-adminThis will be used for managing your users and git repositories. By simply editing conf/gitolite.conf and pushing it to the gitolite server you can create new repositories. Adding new users will involve adding an ssh key to the keydir. I will cover more on these in a follow-up post.
More great gitolite information can be found on the gitolite github page
https://github.com/sitaramc/gitolite
1. Instead of hardconding the customisable names you should use a step to customise them :
$REMOTE_HOST=”gitbox”
$REMOTE_USER=”Phil”
2. you need to specify the home directory of the remote user when copying the public key to the remote host
scp ~/.ssh/id_rsa_gitolite.pub gitbox
needs to be
scp ~/.ssh/id_rsa_gitolite.pub $REMOTE_HOST:/home/$REMOTE_USER
Excellent suggestion, Airtonix. I’m finding that to be a better way to go as I write posts, as it makes it easier for others to simply cut-and-paste the commands.
Nice fast tutorial. Thank you.
One remark though. Regarding “cat id_rsa_gitolite.pub >> .ssh/authorized_keys” …
In my case gitolite user’s authorized_keys file needs to have following format in them:
command=”/usr/share/gitolite/gl-auth-command johndoe”,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAvwKWiIoF23S6TXMEr8H2U18hkpuPrt5nOsUhqvR7XB8Wpkf7Al5SKNpgpfb/4CGVrSSzDvwmTN/cO6SDO3td8h1NBVl0APaAmZ7x6RFyoN5NCco/raOfVK+0Ktwg1Yoq7S8TdUKRP1phDHnHnlSkwbhzk1TETOEiSZTboH6FMHs johndoe@hostname
Only putting pub key file in it did not work.
it should be ssh gitbox and not ssh gitolite
Thanks Pradeep! I’ve updated the text.
This how-to is really great. Do you know of some other article(may be yours), where I can get details on setting up collaborators.
This is probably what you’re looking for…
https://progit.org/book/ch4-8.html#config_file_and_access_control_rules
Does anyone know if it is posible to use server where gitolite is installed, as client and edit repository files ? i don’t know where does even gitolite save this files on server so i could try “git status” or smth.
Curious why you want to do this?
You can easily checkout a git repository as a separate user on the same machine.
The repositories will be found under /home/gitolite/repositories if you followed the instructions above.
Possibly look at installing gitweb, as this may do all the things you want.
https://progit.org/book/ch4-6.html
https://groups.google.com/group/gitolite/msg/e7579cbd35dc1b3d
Of course.. this is what I should do
Thank you for making me realize.
i believe the steps:
cd gitolite/src
./gl-easy-install gitolite gitbox gitadmin
is initiated from the client side. but who is gitadmin? what privileges does it have and on where?
for absolute beginner, it is not clear in the article. can you add more details? thanks
If you open the gl-easy-install file line 143 has a comment that “this *must* be run as “src/gl-easy-install”, not by cd-ing to src and then running “./gl-easy-install. You may want to update your gl-easy-install instructions.
Excellent article, I have been struggling with the gitolite install, there’s many docs on it, but your’s made the most sense.
Unfortunately the file gl-easy-install is no longer distributed with gitolite and this “remote” installation is no longer possible. In short – when you use non-root installation method, you create your git user, clone gitolite, run src/gl-system-install and later gl-setup YourName.pub (on the server), clone your gitolite-admin repo (to the workstation)
Phil, do you have updated instructions for the most recent versions of both Gotolite and Ubuntu (12.04LTS)?
It seems that this command is no longer valid: gl-easy-install
I’ve tried these instructions but hit permission issues: https://github.com/sitaramc/gitolite
Thanks Roger. I’ve written a new post https://www.bigfastblog.com/gitolite-installation-step-by-step
This covers Ubuntu 12.04LTS and changes to Gitolite.
I second what Roger Ivy says above: Love to see an updated version of thbis how-to for the most recent version of gitolite, since gl-easy-install doesn’t exist anymore…
Just wrote new post https://www.bigfastblog.com/gitolite-installation-step-by-step