Recently, netSIGN asked me to setup gitolite to give external developers controlled access to git repositories. Gitolite enables easy management of this access control. In this post I will detail how I set this up.
The first thing to note about the gitolite install is that the installer is run remotely. Therefore, you will want to download the gitolite installation code onto your local machine.
git clone git://github.com/sitaramc/gitolite
This will fetch the gitolite code from github.
Cloning into gitolite... remote: Counting objects: 3156, done. remote: Compressing objects: 100% (1438/1438), done. remote: Total 3156 (delta 2149), reused 2479 (delta 1681) Receiving objects: 100% (3156/3156), 699.61 KiB | 268 KiB/s, done. Resolving deltas: 100% (2149/2149), done.
You will need to setup the git user account on the remote machine, under which gitolite will run, so login.
gitbox is the hostname of the remote machine I am using. You can replace this with your remote machine’s hostname or IP.
Now create the user. I’m calling my user “gitolite”, but you can use “git” or anything else.
sudo adduser \ --system \ --shell /bin/bash \ --gecos 'git version control' \ --group \ --disabled-password \ --home /home/gitolite gitolite
In this example above /home/gitolite is where gitolite and your code repositories will live.
Now you can return to your local machine.
Notice that when we created the user, we used –disable-password, which prevents us logging into the machine using a password. Therefore we’ll need to upload a ssh key for running the installer. Here, I will create a public and private keypair with the name id\rsa_gitolite_.
cd ~/.ssh ssh-keygen -t rsa -f id_rsa_gitolite cd ~
Hit return at the prompts to create the key without passphrase authentication.
You public key can be found here.
And the private key here.
Now you’ll need to upload the public key to gitolite user account, so that we can log into that account using our private key.
scp ~/.ssh/id_rsa_gitolite.pub gitbox
Now login to the remote machine
and copy the key to the gitolite account.
sudo cp id_rsa_gitolite.pub /home/gitolite sudo chown gitolite:gitolite /home/gitolite/id_rsa_gitolite.pub
Become the gitolite user
sudo su - gitolite
and add the gitolite public key to the list of authorized keys that can be used to login as this user.
mkdir .ssh chmod 700 .ssh cat id_rsa_gitolite.pub >> .ssh/authorized_keys chmod 600 .ssh/authorized_keys rm id_rsa_gitolite.pub
Now it’s time to return to you local machine.
exit # from gitolite user exit # from remote machine
To make things simple on ssh side I recommend adding the configuration for the gitolite account to you ssh config.
Host gitbox User gitolite Hostname gitbox Port 22 IdentityFile ~/.ssh/id_rsa_gitolite
Now you should be able to login to the remote machine as the gitolite user using the following…
ssh gitbox exit
The installer command gl-easy-install takes the following arguments
gl-easy-install <user> <host> [ <port> ] <admin name> <host nickname>
If port is not given it will default to 22.
Now you can run the gitolite installer using the gitolite code we downloaded.
cd gitolite/src ./gl-easy-install gitolite gitbox gitadmin
If all went well you should have a checked-out gitolite-admin git repository in your home directory.
This will be used for managing your users and git repositories. By simply editing conf/gitolite.conf and pushing it to the gitolite server you can create new repositories. Adding new users will involve adding an ssh key to the keydir. I will cover more on these in a follow-up post.