centos7.x+git+gitolite
一. 什么是Gitolite
Gitolite is an authorization layer on top of Git, relying on sshd or httpd for authentication.
Gitolite allows you to specify permissions not just by repository, but also by branch or tag names within each repository. That is, you can specify that certain people (or groups of people) can only push certain "refs" (branches or tags) but not others.
二. 安装Git
[root@version-server ~]# yum install git -y [root@version-server ~]# git --version git version 1.8.3.1 |
三. 创建Git用户
[root@version-server ~]# useradd git [root@version-server ~]# passwd git # 根据提示设置密码 [root@version-server ~]# su - git [git@version-server ~]$ pwd /home/git [git@version-server ~]$ ls -a . .. .bash_logout .bash_profile .bashrc |
四. 安装Gitolite
克隆gitolite:
[git@version-server ~]$ git clone https://github.com/sitaramc/gitolite |
创建bin目录并安装gitolite到bin目录:
[git@version-server ~]$ mkdir $HOME/bin [git@version-server ~]$ gitolite/install -to $HOME/bin |
(如果执行gitolite/install时报错BEGIN failed--compilation aborted at /home/git/gitolite/src/lib/Gitolite/Common.pm line 67,则需要先回到root用户并yum install -y perl-Data-Dumper.x86_64)
[git@version-server ~]$ cd bin/ [git@version-server bin]$ ll total 24 drwxrwxr-x. 2 git git 4096 Jan 26 17:03 commands -rwxrwxr-x. 1 git git 3292 Jan 26 17:03 gitolite -rwxrwxr-x. 1 git git 9023 Jan 26 17:03 gitolite-shell drwxrwxr-x. 3 git git 22 Jan 26 17:03 lib drwxrwxr-x. 2 git git 92 Jan 26 17:03 syntactic-sugar drwxrwxr-x. 3 git git 166 Jan 26 17:03 triggers -rw-rw-r--. 1 git git 19 Jan 26 17:13 VERSION drwxrwxr-x. 2 git git 174 Jan 26 17:03 VREF |
五. 配置Gitolite管理员
gitolite使用特殊的版本库gitolite-admin来管理用户和版本库,所以需要创建一个管理员来管理所有的用户和版本库。
1. 用Git用户生成公钥
执行ssh-keygen并一路回车:
[git@version-server bin]$ cd [git@version-server ~]$ ssh-keygen -t rsa |
2. 修改.ssh/id_rsa.pub为admin.pub
改成admin.pub是gitolite的固定要求。
[git@version-server ~]$ mv .ssh/id_rsa.pub admin.pub [git@version-server ~]$ ll total 4 -rw-r--r--. 1 git git 400 Jan 26 17:19 admin.pub drwxrwxr-x. 7 git git 137 Jan 26 17:13 bin drwxrwxr-x. 6 git git 245 Jan 26 17:03 gitolite |
3. 使用管理员公钥配置Gitolite
[git@version-server ~]$ $HOME/bin/gitolite setup -pk admin.pub Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/ Initialized empty Git repository in /home/git/repositories/testing.git/ WARNING: /home/git/.ssh/authorized_keys missing; creating a new one (this is normal on a brand new install) |
4. 生成管理员管理仓库
[git@version-server ~]$ $HOME/bin/gitolite setup -pk admin.pub Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/ Initialized empty Git repository in /home/git/repositories/testing.git/ WARNING: /home/git/.ssh/authorized_keys missing; creating a new one (this is normal on a brand new install) [git@version-server ~]$ git clone git@127.0.0.1:gitolite-admin Cloning into 'gitolite-admin'... The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:hrz8c27CZn4c/iIN0pFuC59qwheBUaUpszGP7if3oGs. ECDSA key fingerprint is MD5:59:bf:ad:49:4f:c6:26:d4:e6:dd:d6:f0:5b:9d:48:6a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. remote: Counting objects: 6, done. remote: Compressing objects: 100% (4/4), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done. |
进去看看:
[git@version-server ~]$ cd gitolite-admin/ [git@version-server gitolite-admin]$ ll total 0 drwxrwxr-x. 2 git git 27 Jan 26 17:29 conf drwxrwxr-x. 2 git git 23 Jan 26 17:29 keydir [git@version-server gitolite-admin]$ cd conf/ [git@version-server conf]$ ll total 4 -rw-rw-r--. 1 git git 77 Jan 26 17:29 gitolite.conf [git@version-server conf]$ cd .. [git@version-server gitolite-admin]$ cd keydir/ [git@version-server keydir]$ ll total 4 -rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub |
conf/gitolite.conf是添加用户/仓库的配置,keydir存放客户端的公钥。现有的这个admin.pub可以删除了。
六. 配置用户和仓库
打开gitolite.conf可以看到:
[git@version-server ~]$ vim gitolite-admin/conf/gitolite.conf repo gitolite-admin RW+ = admin
repo testing RW+ = @all |
可以看到现有两个仓库gitolite-admin和testing,gitolite-admin只有admin用户有读写权限,testing则对所有人有读写权限。改一下:
@user = admin aaa_nb repo gitolite-admin RW+ = admin
repo edsserver RW+ = @user |
上述修改的意思是仓库edsserver对用户组user有读写权限。用户组user中有一个用户aaa_nb,其对应的密钥为在某git客户端上用“ssh-keygen -t rsa -C “用户邮箱名””命令生成的密钥id_rsa.pub改名为aaa_nb.pub(改名是为了和用户名一致,便于分辨管理),然后用Filezilla之类的客户端上传到/home/git/gitolite-admin/keydir目录下。
好了,改了gitolite.conf并上传了aaa_nb.pub后,提交吧:
[git@version-server gitolite-admin]$ git add keydir/aaa_nb.pub conf/gitolite.conf [git@version-server gitolite-admin]$ git status # On branch master # Changes to be committed: # (use "git reset HEAD <file>..." to unstage) # # modified: conf/gitolite.conf # new file: keydir/aaa_nb.pub # [git@version-server gitolite-admin]$ git commit -m "new project and user" [master 3ea654d] new project and user 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 keydir/aaa_nb.pub [git@version-server gitolite-admin]$ git push origin master Counting objects: 10, done. Delta compression using up to 6 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (6/6), 821 bytes | 0 bytes/s, done. Total 6 (delta 0), reused 0 (delta 0) remote: Initialized empty Git repository in /home/git/repositories/edsserver.git/ To git@127.0.0.1:gitolite-admin bb5c5f1..3ea654d master -> master |
注意,第一次使用git commit等指令之前,记得先配置user.name和user.email:
[git@version-server gitolite-admin]$ git config --global user.email "admin@gdcni.cn" [git@version-server gitolite-admin]$ git config --global user.name "admin" |
现在进入respositoeries,可以看到刚才配置的仓库edsserver.git了:
[git@version-server ~]$ cd repositories/ [git@version-server repositories]$ ll total 0 drwx------. 7 git git 134 Jan 26 18:19 edsserver.git drwx------. 8 git git 181 Jan 26 18:19 gitolite-admin.git drwx------. 7 git git 134 Jan 26 18:19 testing.git [git@version-server repositories]$ |
总结:以后增加用户或仓库就是用git用户登录服务器后,修改配置文件/home/gitolite-admin/conf/gitolite.conf,添加用户名或仓库名,同时将用户所使用机器上生成的密钥拷贝到/home/gitolite-admin/keydir目录下,然后git add、commit、push等一系列动作即可。
七. Windows上测试Git客户端
从 https://www.git-scm.com/download/win 下载git客户端windows版本,一步步缺省安装即可。
在windows资源管理器中想克隆仓库的目录下点击鼠标右键,选择Git Bash Here,弹出的命令行窗口中仍然是首先配置user.name和user.email:
$ git config --global user.email = "aaa@cni.cn" $ git config --global user.name = "aaa_nb" |
好了,现在可以clone了:
$ git clone git@192.168.1.200:edsserver.git |
任何本地修改后依此执行git add .、git commit -m “***”、git push origin master即可。
八. CentOS7.x上测试Git客户端
同样是先生成公钥:
[gdcni@server202 ~]$ ssh-keygen -t rsa -C "aaa@cni.cn" |
改名:
[gdcni@server202 ~]$ cd .ssh/ [gdcni@server202 .ssh]$ cp id_rsa.pub aaa_server202.pub |
将此pub拷贝到git服务器的/home/gitolite-admin/keydir目录下:
[git@version-server keydir]$ ll total 12 -rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub -rw-rw-r--. 1 git git 402 Jan 26 18:05 aaa_nb.pub -rw-rw-r--. 1 git git 402 Jan 26 19:17 aaa_server202.pub |
修改gitolite.conf,用户组user中添加aaa_server202。
然后git add .、git commit -m “***”、git push origin master。
好了,回到server202上clone吧:
[gdcni@server202 ~]$ git clone git@192.168.1.200:edsserver.git |