Git as a distributed version control system , using Git, general and server communications using the SSH protocol, the main advantage of SSH is the speed (before transmission data will be compressed first, faster than HTTP), secure, easy to read and write.
Client through SSH access to the server side of the authentication methods generally have two kinds, one is the way of user name password, one is the use of public key authentication method. Using the public key is a convenient way to enter a password without each login.
The public key of a trusted client is set in the ~/.ssh/authorized_keys file on the server side, and the format of the file can be found in the sshd User manual man sshd. Authorized_keys There is a powerful feature that supports the command parameter, which allows the following commands to be executed each time the user authenticates with this public key. So you can do some logical processing.
General git Library management needs permission control, how to facilitate the simple library permissions management? Authorized_keys is a thought that specifies the command parameter, and executes the relevant logic each time that the user is validated to detect whether the current user has a permission. So there is a gitosis, not so much that gitosis is a git rights management system, but rather it is a Authorized_keys file manager.
I. Environmental deployment
Operating system: centos6.3 x64
OpenSSH SERVER:OPENSSH-SERVER-5.3P1
Python-setuptools:python-setuptools-0.6.10-3
Git Server (centos6.3 x64): node2.example.com
Git Client (centos6.3 x64): node1.example.com
Server-side configuration:
I. Closing iptables and SELinux
The code is as follows |
Copy Code |
# Service Iptables Stop
# Setenforce 0
# Vi/etc/sysconfig/selinux
---------------
Selinux=disabled
|
---------------
The code is as follows |
Copy Code |
# ntpdate Cn.pool.ntp.org
|
Three. Install Apache
Transmission door: HTTP://WWW.SHOWERLEE.COM/ARCHIVES/6
1.yum Installation OpenSSH:
The code is as follows |
Copy Code |
# yum Install openssh-server-y
|
2. Modify SSH service-side configuration:
——————————————————————————————
Port 22 # Change to the landing ports you want
Permitrootlogin No # Prohibit root user from landing
Strictmodes Yes # Check that the user and permissions for the key are correct, the default open
Rsaauthentication Yes # Enable RSA authentication
Pubkeyauthentication Yes # Enable public key authentication
Passwordauthentication Yes # Enable password authentication, default is open
Serverkeybits 1024 # changed to this state, serverkey strength to 1024 bits
Permitemptypasswords No # changed to this state, no blank password to log on
——————————————————————————————
The code is as follows |
Copy Code |
#/etc/init.d/sshd Restart
|
The code is as follows |
Copy Code |
# yum Install Git-core-y
|
1. Install gitosis dependent Python-setuptools Package
code is as follows |
copy code |
# yum install python-setuptools-y
|
2. Installation Gitosis
The code is as follows |
Copy Code |
# CD ~
# mkdir SRC
# CD SRC
# git clone https://github.com/tv42/gitosis.git
# CD Gitosis
# python setup.py Install
|
3. Create a system user for gitosis
The code is as follows |
Copy Code |
# useradd-m Git
# passwd git
|
(1). Upload or copy the public key generated by the administrator to the server. The public key here needs to be created using the Ssh-keygen command under the GIT server administrator
Ensure that the Web page has permission to display the contents of the warehouse
The code is as follows |
Copy Code |
# Chmod-r 755/home/git
# ssh-keygen-t RSA
# CP ~/.ssh/id_rsa.pub/tmp
|
(2). Initialization of Gitosis
Enter the directory where the id_rsa.pub are copied.
code is as follows |
copy code |
# cd/tmp
# gitosis-init < id_rsa.pub
|
At this point, the gitosis warehouse and configuration directory
is generated in the/home/git directory
The code is as follows |
Copy Code |
# Cd/home/git
# LL
----------------------------------------------------------------
Drwxr-xr-x 2 git git 4096 Aug 13:39 gitosis
Drwxr-xr-x 4 git git 4096 Aug 13:39 repositories
---------------------------------------------------------------
|
(3). Switch back to the current (root) user
(4). Configure Permissions
If you want someone else to be able to clone gitosis-admin.git, you need to do the following:
# chmod 755/home/git/repositories/gitosis-admin.git/hooks/post-update
At this point, the installation of gitosis has been completed, and its associated configuration can be performed by an administrator and then submitted to the server.
(5) Now you can try SSH login to the server with the owner of the initialized Gitosis public key, and you should see something like this:
The code is as follows |
Copy Code |
# Su-git
$ ssh git@127.0.0.1
------------------------------------------------
PTY allocation request failed on channel 0
ERROR:gitosis.serve.main:Need Ssh_original_command in environment.
Connection to Gitserver closed.
|
------------------------------------------------
Description Gitosis recognizes the identity of the user, but because it has not run any Git commands, it cuts off the connection. So, now run a real Git command-clone Gitosis's control repository:
Clone a git repository on your local computer
The code is as follows |
Copy Code |
# cd/tmp
# git clone git@gitserver:gitosis-admin.git
|
This will get a working directory called Gitosis-admin, which consists of two main parts:
Red for git warehouse configuration, blue files saved for the actual warehouse
The code is as follows |
Copy Code |
# CD Gitosis-admin
# ll-a
----------------------------------------------------------
Total 20
Drwxr-xr-x 4 git git 4096 Aug 12 13:21.
Drwxr-xr-x 4 git git 4096 Aug 12 13:23.
Drwxr-xr-x 8 git git 4096 Aug 13:22. git
-rwxr-xr-x 1 git git 157 Aug 13:21 gitosis.conf
Drwxr-xr-x 2 git git 4096 Aug 13:20 keydir
|
-----------------------------------------------------------
The above operation is equivalent, the system git user initializes and becomes the Gitosis administrator, and uses its administrator right to gitosis-admin the warehouse clone to the local.
5. Add local user john and warehouse test to gitosis and work with administrator git to manage gitosis
1. User John adds and sends Id_rsa.pub to GIT
The code is as follows |
Copy Code |
# Su-
# Useradd John & passwd John
# Su-john
# ssh-keyge n-t RSA
-----------------------------------------------------------
Generating Public/private RSA key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
Created Direct Ory '/home/john/.ssh '.
Enter passphrase (empty for no passphrase):
Enter same passphrase Again:&nbs P The
Your identification has been saved In/home/john/.ssh/id_rsa. The
Your public key has been saved in/home/john/.ssh/id_rsa.pub. The
-----------------------------------------------------------
# cp/home/john/. Ssh/id_rsa.pub/tmp
|
2. Gitosis administrator git assign John permissions
The code is as follows |
Copy Code |
# git clone git@node2.example.com:gitosis-admin
------------------------------------------------
Members = Git@node2.example.com
------------------------------------------------
-------------------------
Git@node2.example.com.pub
-------------------------
# cp/tmp/id_rsa.pub Keydir/john.pub
————————————————————————————————————
Members = Git@node2.example.com
Members = git@node2.example.com John
————————————————————————————————————
# git Commit-am "add member John and Project Foo"
|
3. User git Add Project test
The code is as follows |
Copy Code |
# Su-git
# CD ~/projects
# mkdir Test
# CD Test
# git Init
# echo "Hello world." > Hello.txt
# git Add hello.txt
# git commit-am ' the ' a '
# git remote add Origin git@node2.example.com:test.git
# Git push Origin Master
4. User John Clone test and modify Hello.txt
# Su-john
# git clone git@node2.example.com:test.git
# CD Test
# date >> Hello.txt
# git commit-am ' Add time to Hello.txt ' && git push
|
The whole process is divided into:
1. By modifying the Gitosis-admin management gitosis user rights, you need to clone to local, and then modify the configuration file, and finally the add push pushes the results to remote implementation permission modifications.
2. Add the system user, generate the user's public key, and copy it to the Keydir, implement the user has the right to git and other related operations.
3. Login to the user account for GIT related operations, after the modified Commit,push to the server can complete the warehouse permissions configuration.
1. First we need Git's source code, which has gitweb, and can generate custom CGI scripts:
The code is as follows |
Copy Code |
# git clone git://git.kernel.org/pub/scm/git/git.git
# CD git/
# Make gitweb_projectroot= "/home/git/repositories" Prefix=/usr gitweb
# CP-RF gitweb/usr/local/apache2/htdocs/
|
Note: Tell the compile command the location of the Git warehouse by specifying the GITWEB_PROJECTROOT variable
2. Set Apache to run the script in CGI and add a virtualhost configuration:
(1). Loading Apache's vhost configuration file
The code is as follows |
Copy Code |
# vi/usr/local/apache2/conf/httpd.conf
|
Searches for a row containing httpd-vhosts and removes the line comment.
(2). Load the Cgid module to support the Perl language.
The code is as follows |
Copy Code |
# vi/usr/local/apache2/conf/httpd.conf
|
Searches for a row containing mod_cgid.so and removes the line comment.
(3). Configure VirtualHost
# vi/usr/local/apache2/conf/extra/httpd-vhosts.conf
Add the following configuration:
——————————————————————————————————————————
The code is as follows |
Copy Code |
<virtualhost *:80>
ServerName git.example.com
Documentroot/usr/local/apache2/htdocs/gitweb
<Directory/usr/local/apache2/htdocs/gitweb>
Options +execcgi
AllowOverride All
Order Allow,deny
Allow from all
AddHandler cgi-script CGI Pl
DirectoryIndex gitweb.cgi
</Directory>
</VirtualHost>
|
——————————————————————————————————————————
(4). Install TIME/HIRES.PM Perl module
First open web page report can ' t locate time/hires.pm in @INC ... error
The code is as follows |
Copy Code |
# yum Install Perl-devel perl-cpan-y
# PERL-MCPAN-E Shell
Cpan[2]> Install Time::hires
Cpan[3]> exit
|
(5). Restart the Apache service
code is as follows |
copy code |
#/usr/local/apache2/bin/apachectl Restart
|
(6). Modify the native host and open the Gitweb page