centos7.x+git+gitolite

一.     什么是Gitolite

Gitolite is an authorization layer on top of Git, relying on sshd or httpd for authentication.

Gitolite allows you to specify permissions not just by repository, but also by branch or tag names within each repository. That is, you can specify that certain people (or groups of people) can only push certain "refs" (branches or tags) but not others.

二.     安装Git

[root@version-server ~]# yum install git -y

[root@version-server ~]# git --version

git version 1.8.3.1

三.     创建Git用户

[root@version-server ~]# useradd git

[root@version-server ~]# passwd git

# 根据提示设置密码

[root@version-server ~]# su - git

[git@version-server ~]$ pwd

/home/git

[git@version-server ~]$ ls -a

.  ..  .bash_logout  .bash_profile  .bashrc

四.     安装Gitolite

克隆gitolite:

[git@version-server ~]$ git clone https://github.com/sitaramc/gitolite

创建bin目录并安装gitolite到bin目录:

[git@version-server ~]$ mkdir $HOME/bin

[git@version-server ~]$ gitolite/install -to $HOME/bin

(如果执行gitolite/install时报错BEGIN failed--compilation aborted at /home/git/gitolite/src/lib/Gitolite/Common.pm line 67,则需要先回到root用户并yum install -y perl-Data-Dumper.x86_64)

[git@version-server ~]$ cd bin/

[git@version-server bin]$ ll

total 24

drwxrwxr-x. 2 git git 4096 Jan 26 17:03 commands

-rwxrwxr-x. 1 git git 3292 Jan 26 17:03 gitolite

-rwxrwxr-x. 1 git git 9023 Jan 26 17:03 gitolite-shell

drwxrwxr-x. 3 git git   22 Jan 26 17:03 lib

drwxrwxr-x. 2 git git   92 Jan 26 17:03 syntactic-sugar

drwxrwxr-x. 3 git git  166 Jan 26 17:03 triggers

-rw-rw-r--. 1 git git   19 Jan 26 17:13 VERSION

drwxrwxr-x. 2 git git  174 Jan 26 17:03 VREF

五.     配置Gitolite管理员

gitolite使用特殊的版本库gitolite-admin来管理用户和版本库,所以需要创建一个管理员来管理所有的用户和版本库。

1. 用Git用户生成公钥

执行ssh-keygen并一路回车:

[git@version-server bin]$ cd

[git@version-server ~]$ ssh-keygen -t rsa

2. 修改.ssh/id_rsa.pub为admin.pub

改成admin.pub是gitolite的固定要求。

[git@version-server ~]$ mv .ssh/id_rsa.pub admin.pub

[git@version-server ~]$ ll

total 4

-rw-r--r--. 1 git git 400 Jan 26 17:19 admin.pub

drwxrwxr-x. 7 git git 137 Jan 26 17:13 bin

drwxrwxr-x. 6 git git 245 Jan 26 17:03 gitolite

3. 使用管理员公钥配置Gitolite

[git@version-server ~]$ $HOME/bin/gitolite setup -pk admin.pub

Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/

Initialized empty Git repository in /home/git/repositories/testing.git/

WARNING: /home/git/.ssh/authorized_keys missing; creating a new one

    (this is normal on a brand new install)

4. 生成管理员管理仓库

[git@version-server ~]$ $HOME/bin/gitolite setup -pk admin.pub

Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/

Initialized empty Git repository in /home/git/repositories/testing.git/

WARNING: /home/git/.ssh/authorized_keys missing; creating a new one

    (this is normal on a brand new install)

[git@version-server ~]$ git clone git@127.0.0.1:gitolite-admin

Cloning into 'gitolite-admin'...

The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.

ECDSA key fingerprint is SHA256:hrz8c27CZn4c/iIN0pFuC59qwheBUaUpszGP7if3oGs.

ECDSA key fingerprint is MD5:59:bf:ad:49:4f:c6:26:d4:e6:dd:d6:f0:5b:9d:48:6a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.

remote: Counting objects: 6, done.

remote: Compressing objects: 100% (4/4), done.

remote: Total 6 (delta 0), reused 0 (delta 0)

Receiving objects: 100% (6/6), done.

进去看看:

[git@version-server ~]$ cd gitolite-admin/

[git@version-server gitolite-admin]$ ll

total 0

drwxrwxr-x. 2 git git 27 Jan 26 17:29 conf

drwxrwxr-x. 2 git git 23 Jan 26 17:29 keydir

[git@version-server gitolite-admin]$ cd conf/

[git@version-server conf]$ ll

total 4

-rw-rw-r--. 1 git git 77 Jan 26 17:29 gitolite.conf

[git@version-server conf]$ cd ..

[git@version-server gitolite-admin]$ cd keydir/

[git@version-server keydir]$ ll

total 4

-rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub

conf/gitolite.conf是添加用户/仓库的配置,keydir存放客户端的公钥。现有的这个admin.pub可以删除了。

六.     配置用户和仓库

打开gitolite.conf可以看到:

[git@version-server ~]$ vim gitolite-admin/conf/gitolite.conf

repo gitolite-admin

    RW+     =   admin

 

repo testing

    RW+     =   @all

可以看到现有两个仓库gitolite-admin和testing,gitolite-admin只有admin用户有读写权限,testing则对所有人有读写权限。改一下:

@user = admin aaa_nb

repo gitolite-admin

    RW+     =   admin

 

repo edsserver

    RW+     =   @user

上述修改的意思是仓库edsserver对用户组user有读写权限。用户组user中有一个用户aaa_nb,其对应的密钥为在某git客户端上用“ssh-keygen -t rsa -C “用户邮箱名””命令生成的密钥id_rsa.pub改名为aaa_nb.pub(改名是为了和用户名一致,便于分辨管理),然后用Filezilla之类的客户端上传到/home/git/gitolite-admin/keydir目录下。

好了,改了gitolite.conf并上传了aaa_nb.pub后,提交吧:

[git@version-server gitolite-admin]$ git add keydir/aaa_nb.pub conf/gitolite.conf

[git@version-server gitolite-admin]$ git status

# On branch master

# Changes to be committed:

#   (use "git reset HEAD <file>..." to unstage)

#

#       modified:   conf/gitolite.conf

#       new file:   keydir/aaa_nb.pub

#

[git@version-server gitolite-admin]$ git commit -m "new project and user"

[master 3ea654d] new project and user

 2 files changed, 4 insertions(+), 2 deletions(-)

 create mode 100644 keydir/aaa_nb.pub

[git@version-server gitolite-admin]$ git push origin master

Counting objects: 10, done.

Delta compression using up to 6 threads.

Compressing objects: 100% (5/5), done.

Writing objects: 100% (6/6), 821 bytes | 0 bytes/s, done.

Total 6 (delta 0), reused 0 (delta 0)

remote: Initialized empty Git repository in /home/git/repositories/edsserver.git/

To git@127.0.0.1:gitolite-admin

   bb5c5f1..3ea654d  master -> master

注意,第一次使用git commit等指令之前,记得先配置user.name和user.email:

[git@version-server gitolite-admin]$ git config --global user.email "admin@gdcni.cn"

[git@version-server gitolite-admin]$ git config --global user.name "admin"

现在进入respositoeries,可以看到刚才配置的仓库edsserver.git了:

[git@version-server ~]$ cd repositories/

[git@version-server repositories]$ ll

total 0

drwx------. 7 git git 134 Jan 26 18:19 edsserver.git

drwx------. 8 git git 181 Jan 26 18:19 gitolite-admin.git

drwx------. 7 git git 134 Jan 26 18:19 testing.git

[git@version-server repositories]$

总结:以后增加用户或仓库就是用git用户登录服务器后,修改配置文件/home/gitolite-admin/conf/gitolite.conf,添加用户名或仓库名,同时将用户所使用机器上生成的密钥拷贝到/home/gitolite-admin/keydir目录下,然后git add、commit、push等一系列动作即可。

七.     Windows上测试Git客户端

https://www.git-scm.com/download/win 下载git客户端windows版本,一步步缺省安装即可。

在windows资源管理器中想克隆仓库的目录下点击鼠标右键,选择Git Bash Here,弹出的命令行窗口中仍然是首先配置user.name和user.email:

$ git config --global user.email = "aaa@cni.cn"

$ git config --global user.name = "aaa_nb"

好了,现在可以clone了:

$ git clone git@192.168.1.200:edsserver.git

任何本地修改后依此执行git add .、git commit -m “***”、git push origin master即可。

八.     CentOS7.x上测试Git客户端

同样是先生成公钥:

[gdcni@server202 ~]$ ssh-keygen -t rsa -C "aaa@cni.cn"

改名:

[gdcni@server202 ~]$ cd .ssh/

[gdcni@server202 .ssh]$ cp id_rsa.pub aaa_server202.pub

将此pub拷贝到git服务器的/home/gitolite-admin/keydir目录下:

[git@version-server keydir]$ ll

total 12

-rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub

-rw-rw-r--. 1 git git 402 Jan 26 18:05 aaa_nb.pub

-rw-rw-r--. 1 git git 402 Jan 26 19:17 aaa_server202.pub

修改gitolite.conf,用户组user中添加aaa_server202。

然后git add .、git commit -m “***”、git push origin master。

好了,回到server202上clone吧:

[gdcni@server202 ~]$ git clone git@192.168.1.200:edsserver.git

posted @ 2019-01-26 20:01  鸟瞰的鸟  阅读(320)  评论(0编辑  收藏  举报