Gitolite Installation Step-By-Step
Recently, netSIGN asked me to setup gitolite to give external developers controlled access to git repositories. Gitolite enables easy management of this access control. In this post I will detail how I set this up.
The first thing to note about the gitolite install is that the installer is run remotely. Therefore, you will want to download the gitolite installation code onto your local machine.
git clone git://github.com/sitaramc/gitolite
This will fetch the gitolite code from github.
Cloning into gitolite... remote: Counting objects: 3156, done. remote: Compressing objects: 100% (1438/1438), done. remote: Total 3156 (delta 2149), reused 2479 (delta 1681) Receiving objects: 100% (3156/3156), 699.61 KiB | 268 KiB/s, done. Resolving deltas: 100% (2149/2149), done.
You will need to setup the git user account on the remote machine, under which gitolite will run, so login.
gitbox is the hostname of the remote machine I am using. You can replace this with your remote machine’s hostname or IP.
Now create the user. I’m calling my user “gitolite”, but you can use “git” or anything else.
sudo adduser \ --system \ --shell /bin/bash \ --gecos 'git version control' \ --group \ --disabled-password \ --home /home/gitolite gitolite
In this example above /home/gitolite is where gitolite and your code repositories will live.
Now you can return to your local machine.
Notice that when we created the user, we used –disable-password, which prevents us logging into the machine using a password. Therefore we’ll need to upload a ssh key for running the installer. Here, I will create a public and private keypair with the name id\rsa_gitolite_.
cd ~/.ssh ssh-keygen -t rsa -f id_rsa_gitolite cd ~
Hit return at the prompts to create the key without passphrase authentication.
You public key can be found here.
And the private key here.
Now you’ll need to upload the public key to gitolite user account, so that we can log into that account using our private key.
scp ~/.ssh/id_rsa_gitolite.pub gitbox
Now login to the remote machine
and copy the key to the gitolite account.
sudo cp id_rsa_gitolite.pub /home/gitolite sudo chown gitolite:gitolite /home/gitolite/id_rsa_gitolite.pub
Become the gitolite user
sudo su - gitolite
and add the gitolite public key to the list of authorized keys that can be used to login as this user.
mkdir .ssh chmod 700 .ssh cat id_rsa_gitolite.pub >> .ssh/authorized_keys chmod 600 .ssh/authorized_keys rm id_rsa_gitolite.pub
Now it’s time to return to you local machine.
exit # from gitolite user exit # from remote machine
To make things simple on ssh side I recommend adding the configuration for the gitolite account to you ssh config.
Host gitbox User gitolite Hostname gitbox Port 22 IdentityFile ~/.ssh/id_rsa_gitolite
Now you should be able to login to the remote machine as the gitolite user using the following…
ssh gitbox exit
The installer command gl-easy-install takes the following arguments
gl-easy-install <user> <host> [ <port> ] <admin name> <host nickname>
If port is not given it will default to 22.
Now you can run the gitolite installer using the gitolite code we downloaded.
cd gitolite/src ./gl-easy-install gitolite gitbox gitadmin
If all went well you should have a checked-out gitolite-admin git repository in your home directory.
This will be used for managing your users and git repositories. By simply editing conf/gitolite.conf and pushing it to the gitolite server you can create new repositories. Adding new users will involve adding an ssh key to the keydir. I will cover more on these in a follow-up post.
More great gitolite information can be found on the gitolite github page
1. Instead of hardconding the customisable names you should use a step to customise them :
2. you need to specify the home directory of the remote user when copying the public key to the remote host
scp ~/.ssh/id_rsa_gitolite.pub gitbox
needs to be
scp ~/.ssh/id_rsa_gitolite.pub $REMOTE_HOST:/home/$REMOTE_USER
Excellent suggestion, Airtonix. I’m finding that to be a better way to go as I write posts, as it makes it easier for others to simply cut-and-paste the commands.
Nice fast tutorial. Thank you.
One remark though. Regarding “cat id_rsa_gitolite.pub >> .ssh/authorized_keys” …
In my case gitolite user’s authorized_keys file needs to have following format in them:
command=”/usr/share/gitolite/gl-auth-command johndoe”,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAvwKWiIoF23S6TXMEr8H2U18hkpuPrt5nOsUhqvR7XB8Wpkf7Al5SKNpgpfb/4CGVrSSzDvwmTN/cO6SDO3td8h1NBVl0APaAmZ7x6RFyoN5NCco/raOfVK+0Ktwg1Yoq7S8TdUKRP1phDHnHnlSkwbhzk1TETOEiSZTboH6FMHs [email protected]
Only putting pub key file in it did not work.
it should be ssh gitbox and not ssh gitolite
Thanks Pradeep! I’ve updated the text.
This how-to is really great. Do you know of some other article(may be yours), where I can get details on setting up collaborators.
This is probably what you’re looking for…
Does anyone know if it is posible to use server where gitolite is installed, as client and edit repository files ? i don’t know where does even gitolite save this files on server so i could try “git status” or smth.
Curious why you want to do this?
You can easily checkout a git repository as a separate user on the same machine.
The repositories will be found under /home/gitolite/repositories if you followed the instructions above.
Possibly look at installing gitweb, as this may do all the things you want.
Of course.. this is what I should do
Thank you for making me realize.
i believe the steps:
./gl-easy-install gitolite gitbox gitadmin
is initiated from the client side. but who is gitadmin? what privileges does it have and on where?
for absolute beginner, it is not clear in the article. can you add more details? thanks
If you open the gl-easy-install file line 143 has a comment that “this *must* be run as “src/gl-easy-install”, not by cd-ing to src and then running “./gl-easy-install. You may want to update your gl-easy-install instructions.
Excellent article, I have been struggling with the gitolite install, there’s many docs on it, but your’s made the most sense.
Unfortunately the file gl-easy-install is no longer distributed with gitolite and this “remote” installation is no longer possible. In short – when you use non-root installation method, you create your git user, clone gitolite, run src/gl-system-install and later gl-setup YourName.pub (on the server), clone your gitolite-admin repo (to the workstation)
Phil, do you have updated instructions for the most recent versions of both Gotolite and Ubuntu (12.04LTS)?
It seems that this command is no longer valid: gl-easy-install
I’ve tried these instructions but hit permission issues: https://github.com/sitaramc/gitolite
Thanks Roger. I’ve written a new post https://www.bigfastblog.com/gitolite-installation-step-by-step
This covers Ubuntu 12.04LTS and changes to Gitolite.
I second what Roger Ivy says above: Love to see an updated version of thbis how-to for the most recent version of gitolite, since gl-easy-install doesn’t exist anymore…
Just wrote new post https://www.bigfastblog.com/gitolite-installation-step-by-step