First, the environment introduction:
1.1Git Account Management Machine Manage
ip:10.0.0.56
[[email protected] ~]# cat /etc/redhat-release CentOS release 6.7 (Final)[[email protected] ~]# hostnamemanage[[email protected] ~]# tail -2 /etc/hosts10.0.0.56 manage10.0.0.11 git-server
1.2.git Remote Repository Git-server
Git remote repository ip:10.0.0.11
[[email protected] ~]# cat /etc/redhat-release CentOS release 6.7 (Final)[[email protected] ~]# hostnamegit-server[[email protected] ~]# tail -2 /etc/hosts10.0.0.11 git-server10.0.0.56 server
Second, installation deployment 2.1 on the GIT Account Management machine (10.0.0.56) operation:
2.1.1 Installing git
[email protected] ~]# Yum install Git–y
2.1.2 Creating public and private keys
The GIT account administrator needs to create an SSH public/private key pair on its own machine (10.0.0.56).
Ssh-keygen-f ~/.ssh/git-admin
[email protected] ~]# LL. ssh/
Git-admin git-admin.pub known_hosts
2.1.3 Configuring config file
To facilitate management and avoid confusion with other public key keys, first configure the next SSH client file ~/.ssh/config,
You can use a specific public key when connecting to a host by creating a host alias. For example, the following configuration in the ~/.ssh/config file
[[email protected] ~]# cat .ssh/config host git-server user git hostname 10.0.0.11 port 22 identityfile ~/.ssh/git-admin
Copy the public key on the 10.0.0.56 administrator machine to the Git-server (10.0.0.11) server,
[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/
Tips:
Note that the sshd port of the 1.git-server machine must be Port 22, otherwise the failed key will be committed when the Git commit code is configured
Note 2. Git account Management machine Manage (10.0.0.56) on the/root/.ssh/config file permissions must be 600, or in the subsequent addition of public key, will be error, prompt permission does not allow
[[email protected] ~]# ll /root/.ssh/config-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config[[email protected] ~]# chmod 600 /root/.ssh/config[[email protected] ~]# ll /root/.ssh/config -rw------- 1 root root 99 Mar 29 11:28 /root/.ssh/config
2.2 Operating on the Git-server Remote repository machine:
Install Gitolite software on the git-server git Remote repository (ip:10.0.0.11) machine to manage Git repository accounts
Install git in git-server git remote repository
Reference Documentation:
Http://blog.sina.com.cn/s/blog_4b5039210102e3r3.html
Description
Gitolite is actually a git repository, first installed on the Git-server machine, on the client side manage machine on the server repository clone down, make some local changes, Push back to the server,server end of the hooks will update the permissions based on the configuration of the push.
To operate on Git-server:
2.2.1 Creating a git user on the Git-server machine
useradd gitpasswd git 123456
2.2.2 Install git and download gitolite on Git-server
Download the Gitolite package under Git's user directory:
[[email protected] ~]# yum install git -y [[email protected] ~]# su - git[[email protected] ~]$ git clone https://github.com/sitaramc/gitoliteInitialized empty Git repository in /home/git/gitolite/.git/ remote: Counting objects: 9385, done.remote: Total 9385 (delta 0), reused 0 (delta 0), pack-reused 9385Receiving objects: 100% (9385/9385), 2.96 MiB | 95 KiB/s, done.Resolving deltas: 100% (5805/5805), done.
2.2.3 Installation Gitolite
[[email protected] ~]$ mkdir bin[[email protected] ~]$ gitolite/install -to $HOME/bin[[email protected] ~]$ lsbin gitolite[[email protected] ~]$ cd bin[[email protected] bin]$ lscommands gitolite gitolite-shell lib syntactic-sugar triggers VERSION VREF
Generates a gitolite executable file under the bin
The Git-admin.pub public key must first be copied to the git-server10.0.0.11 machine on the 10.0.0.56 machine.
[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/git-admin.pub[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pub[[email protected] ~]$ cd bin/[[email protected] bin]$ lsgitolite[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pubInitialized empty Git repository in /home/git/repositories/gitolite-admin.git/Initialized empty Git repository in /home/git/repositories/testing.git/WARNING: /home/git/.ssh missing; creating a new one (this is normal on a brand new install)WARNING: /home/git/.ssh/authorized_keys missing; creating a new one (this is normal on a brand new install)[[email protected] bin]$
This command generates two Repository:gitolite-admin.git and testing.git in your ~/repositories/directory
[[email protected] ~]$ cd repositories/[[email protected] repositories]$ lsgitolite-admin.git testing.git[[email protected] bin]$ ll /home/git/repositories/total 8drwx------ 8 git git 4096 Jul 23 15:53 gitolite-admin.gitdrwx------ 7 git git 4096 Jul 23 15:53 testing.git
The user directory generates a project.list with a testing git project in the default
[[email protected] ~]$ more projects.list testing.git
Here Gitolite installation is complete!
2.3 Again back to operate on the Manage End machine:
Clone the Gitolite-admin to manage account management machine on the Git-server version library
!!! Attention:
命令一定要是git clone git-server:gitolite-admin而不是:git clone git-server:/home/git/repositories/gitolite-admin更不是:git clone git-server:gitolite-admin.git
[[email protected] ~]# git clone git-server:gitolite-admin
Prompt error:
[[email protected] ~]# git clone git-server:gitolite-adminInitialized empty Git repository in /root/gitolite-admin/.git/Bad owner or permissions on /root/.ssh/configfatal: The remote end hung up unexpectedly
Permissions are incorrect, the following gives 600 permissions to resolve the issue
[[email protected] ~]# ll /root/.ssh/config-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config[[email protected] ~]# chmod 600 /root/.ssh/config[[email protected] ~]# git clone git-server:gitolite-adminInitialized empty Git repository in /root/gitolite-admin/.git/Warning: Permanently added ‘221.195.1.233‘ (RSA) to the list of known hosts.remote: Counting objects: 6, done.remote: Compressing objects: 100% (4/4), done.remote: Total 6 (delta 0), reused 0 (delta 0)Receiving objects: 100% (6/6), done.
[email protected] ~]# ll gitolite-admin/
Total 8
Drwxrwxr-x 2 root root 4096 Mar conf
Drwxrwxr-x 2 root root 4096 Mar Keydir
Clone after the end of a new directory gitolite-admin, there are two folders conf and Keydir, the first directory contains a configuration file, which is the location of the record permissions configuration, the second directory contains all users of the pub key.
[[email protected] ~]# ll gitolite-admin/*gitolite-admin/conf:total 4-rw-r--r-- 1 root root 77 Jul 22 15:10 gitolite.confgitolite-admin/keydir:total 4-rw-r--r-- 1 root root 393 Jul 22 15:10 git-admin.pub
[[email protected] ~]# cat gitolite-admin/conf/gitolite.conf repo gitolite-admin RW+ = adminrepo testingRW+ = @all
First of all gitolite-admin only admin has read and write permission, no one else can read and write
Another code base testing is accessible to everyone
2.4 Place the public key file of the manage-side machine git-admin.pub to the Gitolite-admin/keydir directory and submit it to the remote repository Git-server
[[email protected] ~]# git add conf/ keydir/[[email protected] ~]# git status[[email protected] ~]# git push
To view the key file on the Git-server Machine remote repository:
[[email protected] ~]$ cat /home/git/.ssh/authorized_keys
#gitolite startcommand="/home/git/gitolite/src/gitolite-shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzXc/2BPDIZ/3PnoXhgVEyZLdF5oiE+UuumBeOxcR2FGoGUVEaSWYOZ2zWYIk5RCzKNWb3d9Ur51l7DpQunmCUlvf4lOZ7UT68jnhAF/NNN9a6upEHBls5hpFvVp+DmqOYuVuWs+FQhShPvp70QJfsx/+gg14rw9A1/jN5GdgrrStYorNEE1Ut8/T1t9tNxsIlfwgd6pQPKpWJ11sANWx9U+DfUEAN4a0bCiZ/PQ+9aR+SJ1Y+H68pt2+iy4I8UXuhtgSqYTu5YmxsJlF3uoHypF4lOTqgiP0HYr8FNZ3KWg2ome8fUOnO2VbNvgAXafhLEfBd5zxd6YChDHwfIclvQ== [email protected]#gitolite end
At this point you can clone the code on the remote repository on the Manage machine with the secret key:
[[email protected] ~]# git clone git-server:gitolite-adminInitialized empty Git repository in /tmp/gitolite-admin/.git/remote: Counting objects: 16, done.remote: Compressing objects: 100% (12/12), done.remote: Total 16 (delta 2), reused 0 (delta 0)Receiving objects: 100% (16/16), done.Resolving deltas: 100% (2/2), done.[[email protected] ~]# ll gitolite-admintotal 8drwxrwxr-x 2 root root 4096 Mar 30 21:57 confdrwxrwxr-x 2 root root 4096 Mar 30 21:57 keydir
If you comment out [[email protected] ~]$ Ll/home/git/.ssh/authorized_keys The contents of this file, you are prompted to enter the password when you clone, colleague even if you enter the password, clone remote repository code will still fail
[[email protected] tmp]# git clone git-server:gitolite-admin
Initialized Empty Git repository in/tmp/gitolite-admin/.git/
[email protected] ' s password:123456
Fatal: ' Gitolite-admin ' does not appear to be a git repository
Fatal:the remote end hung up unexpectedly
Build gitolite on Linux server to implement permissions control on Git server's repository