Installing and Administer a Git Server using GitoLite
GitoLite is a simple Git server that can handle user authentication per project / branch. Even though I don’t mind too much to shell out $300 bucks for a simple business plan with GitHub I want to keep my code closer to my heart that anything else. Even though I don’t think that my server is tightly protected it is at least my fault when something goes wrong. Lately there have been reports of nasty security breaches on user data servers and even Dropbox had their account unprotected for a few hours.
The first thing I was surprised of was the fact that there is no out-of-the-box git server available as it is with Subversion. Then I tried Gitosis but ran into issues with Python and abandoned that. Later I heard about GitoLite which gave me some grief at the beginning but eventually I could make it work out. The trick was to make sure that I was focuses on the task and made sure only to proceed if the previous step worked out.
To install Gitolite you need to follow these steps and make sure that all work before go to the next. Unfortunately the error message are cryptic and so it is hard to figure out what is wrong.
The Rules: ∞
- This installation is tested for Mac OS X Snow Leopard (10.6) Server
- Make sure that each step worked nicely
- I tested the installation on a Mac OS X server and on a workstation you need to create the user account yourself. Make sure that you can login as the given user.
- SSH can be nasty at times so I make sure that it works before going on. This means we need to undo a step later but it is worth while.
- I could not clone a repository on the server but that is because I forgot to add my SSH public key of the server as well.
- Gitolite needs your public SSH key file from the workstation where you initially are going to configure the server. This also means that this is the only computer from where you can access the git server until you added new public SSH key files.
-
Keep in mind that for Gitolite a user is a combination of a user and a computer which is represented by the public SSH key. That means that you need to install a public SSH key for every user and every computer they want to access the Git server from. The positive side is that you don’t need to manage passwords because the user is authenticated by the SSH key pair.
Installation Step of GitoLit: ∞
- Create a user named “git” on the server with a home directory (assuming “/Users/git”) using WorkGroup Manager
- Copy the public ssh key (for example id_rsa.pub) from your local workstation onto the server (use ‘ssh-keygen -t rsa’ to generate one inside the ‘/.ssh’ directory. Make sure that permission is set to “700” on the “/.ssh” directory.
- Add the content of your public key file on the server into this file (create one if needed): ‘/Users/git/.ssh/authorized_keys’ and also make sure that the permission on the .ssh directory is set to 700.
- On the workstation try to log in using: ‘ssh git@
‘. If you can login without entering a password your are good to proceed. Otherwise you need to check the permissions as well as the content of the authorized_keys file that no character was dropped. - Make sure “git” software is installed by executing “git” on the command line (should be there by default)
- There is one little problem left. For whatever reason the path to the “git” software was not setup on my server. So create or edit “/Users/git/.bashrc” and add the following lines:
#!/bin/bash export PATH=$PATH:/usr/local/git/bin/
- Check the path from your workstation with:
ssh git@<server name> echo $PATH
- It must contain ‘/usr/local/bin‘ and ‘/usr/local/git/bin‘
- Attention: the test on 7) must be done before installation Gitolite because afterwards we cannot login as git on the server using SSH (it will give you a list of repos instead)
- Login to your server and sudo (sudo -s) to become root
- Get the gitolite code:
git clone git://github.com/sitaramc/gitolite
- Change into the ‘gitolite’ directory and execute this:
src/gl-system-install
- Now become user “git” (IMPORTANT) using ‘su git’ (check with ‘whoami’)
- Change into the “gitolite/src” directory (from the code cloned above)
- Change the name of the public ssh key because Gitolite will use that as name for the virtual user
- Execute the setup with:
gl-setup <path to the renamed public ssh key>
- Because Gitolite is also installing the same public ssh key we need to go back to ‘/Users/git/.ssh/authorized_keys’ and delete the line we originally added to test the passwordless login
- Now login into the server with SSH (ssh git@
) should display this: PTY allocation request failed on channel 0 hello schaefa, the gitolite version here is v2.0.2-6-gfda9f37 the gitolite config gives you the following access: R W gitolite-admin @R_ @W_ testing Connection to 192.168.0.2 closed.
-
On the workstation checkout ‘gitolite-admin’ with:
git clone git@<your server name>:gitolite-admin
Next Steps: ∞
The Gitolite server is configured use the clone of the ‘gitolite-admin’ and your workstation and then pushed back to activate it. So for example to create a new repo:
- Go to the ‘gitolite-admin/conf’ directory
- Open ‘gitolite.conf’ file and add a new repo name together with the users allowed to access it
- Commit the changes:
git commit -a -m "Your Message here"
- Push the changes to the server
git push git@<server name>
-
You can now clone the new repo using
git clone git@<server name>:<your new repo name>
To add new users you need to do the following: ∞
- Ask the users for a public SSH key (id-rsa.pub)
- Rename the file so that it names the user (maybe together with its computer)
- Copy that file to ‘gitolite-admin/keydir’ or any sub directory
- Gitolite will seach for these files recursively so you can organize them as you like
- Open gitolite-admin/conf/gitolite.conf file and add the users to the desired repositories
- Commit these changes to your local repo
-
Push the changes to the server
Notes ∞
In case you have problems understanding how GIT works then you might want to check out the book Pragmatic Guide to GIT from the Pragmatic Bookshelf as it gives some ideas how to use it. Anyone coming from Subersion, as I did, will have quite some problems to understand how git works.
Mario noted in the corresponding blog that he ran into issues at point 19) which I did too initially and that is why we did the elaborate check with the PATH setup but there seems to be another issue. Please check out this Stackoverlflow entry.