Gitosis Install deployment step in CentOS6.3 system

Git as a distributed version control system , using Git, general and server communications using the SSH protocol, the main advantage of SSH is the speed (before transmission data will be compressed first, faster than HTTP), secure, easy to read and write.

Client through SSH access to the server side of the authentication methods generally have two kinds, one is the way of user name password, one is the use of public key authentication method. Using the public key is a convenient way to enter a password without each login.

The public key of a trusted client is set in the ~/.ssh/authorized_keys file on the server side, and the format of the file can be found in the sshd User manual man sshd. Authorized_keys There is a powerful feature that supports the command parameter, which allows the following commands to be executed each time the user authenticates with this public key. So you can do some logical processing.

General git Library management needs permission control, how to facilitate the simple library permissions management? Authorized_keys is a thought that specifies the command parameter, and executes the relevant logic each time that the user is validated to detect whether the current user has a permission. So there is a gitosis, not so much that gitosis is a git rights management system, but rather it is a Authorized_keys file manager.

Solution:

I. Environmental deployment

Operating system: centos6.3 x64

git:git-1.7.1

Gitosis:gitosis

Gitweb:1.7.1-3

OpenSSH SERVER:OPENSSH-SERVER-5.3P1

apache:httpd-2.4.4

Python-setuptools:python-setuptools-0.6.10-3

Git Server (centos6.3 x64): node2.example.com

Git Client (centos6.3 x64): node1.example.com

Server-side configuration:

I. Closing iptables and SELinux

The code is as follows	Copy Code
# Service Iptables Stop # Setenforce 0 # Vi/etc/sysconfig/selinux --------------- Selinux=disabled

---------------

Two. Sync time

The code is as follows	Copy Code
# ntpdate Cn.pool.ntp.org

Three. Install Apache

Transmission door: HTTP://WWW.SHOWERLEE.COM/ARCHIVES/6

Four. Install OpenSSH

1.yum Installation OpenSSH:

The code is as follows	Copy Code
# yum Install openssh-server-y

2. Modify SSH service-side configuration:

# Vi/etc/ssh/sshd_config

——————————————————————————————

Port 22 # Change to the landing ports you want

Permitrootlogin No # Prohibit root user from landing

Strictmodes Yes # Check that the user and permissions for the key are correct, the default open

Rsaauthentication Yes # Enable RSA authentication

Pubkeyauthentication Yes # Enable public key authentication

Passwordauthentication Yes # Enable password authentication, default is open

Serverkeybits 1024 # changed to this state, serverkey strength to 1024 bits

Permitemptypasswords No # changed to this state, no blank password to log on

——————————————————————————————

3. Restart Service:

The code is as follows	Copy Code
#/etc/init.d/sshd Restart

Five. Install git

The code is as follows	Copy Code
# yum Install Git-core-y

Six. Install Gitosis

1. Install gitosis dependent Python-setuptools Package

code is as follows	copy code
# yum install python-setuptools-y

2. Installation Gitosis

The code is as follows	Copy Code
# CD ~ # mkdir SRC # CD SRC # git clone https://github.com/tv42/gitosis.git # CD Gitosis # python setup.py Install

3. Create a system user for gitosis

The code is as follows	Copy Code
# useradd-m Git # passwd git

4. Run Gitosis

(1). Upload or copy the public key generated by the administrator to the server. The public key here needs to be created using the Ssh-keygen command under the GIT server administrator

# Su-git

Ensure that the Web page has permission to display the contents of the warehouse

The code is as follows	Copy Code
# Chmod-r 755/home/git # ssh-keygen-t RSA # CP ~/.ssh/id_rsa.pub/tmp

(2). Initialization of Gitosis

Enter the directory where the id_rsa.pub are copied.

code is as follows	copy code
# cd/tmp # gitosis-init < id_rsa.pub

At this point, the gitosis warehouse and configuration directory

is generated in the/home/git directory

The code is as follows	Copy Code
# Cd/home/git # LL ---------------------------------------------------------------- Drwxr-xr-x 2 git git 4096 Aug 13:39 gitosis Drwxr-xr-x 4 git git 4096 Aug 13:39 repositories ---------------------------------------------------------------

(3). Switch back to the current (root) user

# exit

(4). Configure Permissions

If you want someone else to be able to clone gitosis-admin.git, you need to do the following:

# chmod 755/home/git/repositories/gitosis-admin.git/hooks/post-update

At this point, the installation of gitosis has been completed, and its associated configuration can be performed by an administrator and then submitted to the server.

(5) Now you can try SSH login to the server with the owner of the initialized Gitosis public key, and you should see something like this:

The code is as follows	Copy Code
# Su-git $ ssh git@127.0.0.1 ------------------------------------------------ PTY allocation request failed on channel 0 ERROR:gitosis.serve.main:Need Ssh_original_command in environment. Connection to Gitserver closed.

------------------------------------------------

Description Gitosis recognizes the identity of the user, but because it has not run any Git commands, it cuts off the connection. So, now run a real Git command-clone Gitosis's control repository:

Clone a git repository on your local computer

The code is as follows	Copy Code
# cd/tmp # git clone git@gitserver:gitosis-admin.git

This will get a working directory called Gitosis-admin, which consists of two main parts:

Red for git warehouse configuration, blue files saved for the actual warehouse

The code is as follows	Copy Code
# CD Gitosis-admin # ll-a ---------------------------------------------------------- Total 20 Drwxr-xr-x 4 git git 4096 Aug 12 13:21. Drwxr-xr-x 4 git git 4096 Aug 12 13:23. Drwxr-xr-x 8 git git 4096 Aug 13:22. git -rwxr-xr-x 1 git git 157 Aug 13:21 gitosis.conf Drwxr-xr-x 2 git git 4096 Aug 13:20 keydir

-----------------------------------------------------------

The above operation is equivalent, the system git user initializes and becomes the Gitosis administrator, and uses its administrator right to gitosis-admin the warehouse clone to the local.

5. Add local user john and warehouse test to gitosis and work with administrator git to manage gitosis

1. User John adds and sends Id_rsa.pub to GIT

The code is as follows

Copy Code

# Su- # Useradd John & passwd John # Su-john # ssh-keyge n-t RSA ----------------------------------------------------------- Generating Public/private RSA key pair. Enter file in which to save the key (/home/john/.ssh/id_rsa):  Created Direct Ory '/home/john/.ssh '. Enter passphrase (empty for no passphrase):  Enter same passphrase Again:&nbs P The Your identification has been saved In/home/john/.ssh/id_rsa. The Your public key has been saved in/home/john/.ssh/id_rsa.pub. The ----------------------------------------------------------- # cp/home/john/. Ssh/id_rsa.pub/tmp

2. Gitosis administrator git assign John permissions

The code is as follows

Copy Code

# Su-git # mkdir Projects # CD ~/projects # git clone git@node2.example.com:gitosis-admin # CD Gitosis-admin # Cat Gitosis.conf ------------------------------------------------ [Gitosis] [Group Gitosis-admin] writable = Gitosis-admin Members = Git@node2.example.com ------------------------------------------------ # ls keydir/ ------------------------- Git@node2.example.com.pub ------------------------- # cp/tmp/id_rsa.pub Keydir/john.pub # VI Gitosis.conf ———————————————————————————————————— [Gitosis] [Group Gitosis-admin] writable = Gitosis-admin Members = Git@node2.example.com [Group Test] writable = Test Members = git@node2.example.com John ———————————————————————————————————— # git Add. # git Commit-am "add member John and Project Foo" # git push

3. User git Add Project test

The code is as follows

Copy Code

# Su-git # CD ~/projects # mkdir Test # CD Test # git Init # echo "Hello world." > Hello.txt # git Add hello.txt # git commit-am ' the ' a ' # git remote add Origin git@node2.example.com:test.git # Git push Origin Master 4. User John Clone test and modify Hello.txt # Su-john # git clone git@node2.example.com:test.git # CD Test # date >> Hello.txt # git commit-am ' Add time to Hello.txt ' && git push

The whole process is divided into:

1. By modifying the Gitosis-admin management gitosis user rights, you need to clone to local, and then modify the configuration file, and finally the add push pushes the results to remote implementation permission modifications.

2. Add the system user, generate the user's public key, and copy it to the Keydir, implement the user has the right to git and other related operations.

3. Login to the user account for GIT related operations, after the modified Commit,push to the server can complete the warehouse permissions configuration.

Seven. Install Gitweb

1. First we need Git's source code, which has gitweb, and can generate custom CGI scripts:

The code is as follows	Copy Code
# git clone git://git.kernel.org/pub/scm/git/git.git # CD git/ # Make gitweb_projectroot= "/home/git/repositories" Prefix=/usr gitweb # CP-RF gitweb/usr/local/apache2/htdocs/

Note: Tell the compile command the location of the Git warehouse by specifying the GITWEB_PROJECTROOT variable

2. Set Apache to run the script in CGI and add a virtualhost configuration:

(1). Loading Apache's vhost configuration file

The code is as follows	Copy Code
# vi/usr/local/apache2/conf/httpd.conf

Searches for a row containing httpd-vhosts and removes the line comment.

(2). Load the Cgid module to support the Perl language.

The code is as follows	Copy Code
# vi/usr/local/apache2/conf/httpd.conf

Searches for a row containing mod_cgid.so and removes the line comment.

(3). Configure VirtualHost

# vi/usr/local/apache2/conf/extra/httpd-vhosts.conf

Add the following configuration:

——————————————————————————————————————————

The code is as follows	Copy Code
<virtualhost *:80> ServerName git.example.com Documentroot/usr/local/apache2/htdocs/gitweb <Directory/usr/local/apache2/htdocs/gitweb> Options +execcgi AllowOverride All Order Allow,deny Allow from all AddHandler cgi-script CGI Pl DirectoryIndex gitweb.cgi </Directory> </VirtualHost>

——————————————————————————————————————————

(4). Install TIME/HIRES.PM Perl module

First open web page report can ' t locate time/hires.pm in @INC ... error

Workaround:

The code is as follows	Copy Code
# yum Install Perl-devel perl-cpan-y # PERL-MCPAN-E Shell Cpan[2]> Install Time::hires Cpan[3]> exit

(5). Restart the Apache service

(6). Modify the native host and open the Gitweb page

code is as follows	copy code
#/usr/local/apache2/bin/apachectl Restart

 

is done.