The company code base with Git, all with SSH authentication, multiple code base multiple users, rights management is a headache problem, today finally has the empty test under Gitolite,
gitolite is an authorization layer on top of git, relying on sshd
or HTTPD
for authentication. (Summary: Authentication is determining who the user is, and authorization is deciding whether the user is allowed to do what he wants to do).
Gitolite allows you to define access permissions and not just the repository, but also every branch and tag name in the warehouse. You can define the exact person (or group of people) who can only push specific "refs" (or branches or tags) and not others.
Test environment:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/82/wKiom1YfTjHCrNewAAC_QNGRQL0134.jpg "title=" Qq20151015145444.png "alt=" Wkiom1yftjhcrnewaac_qngrql0134.jpg "/>
The "gitolite server" git code base and Gitolite are the same server.
"Management side" Administrator Management Gitolite
"Client" Git code base consumer
Installing Gitolite
First, each server will install the GIT environment,
Ubuntu:apt-get Install Git-core or apt-get install Gitcentos:yum install git
Gitolite Server
Build gituser account, source code warehouse placed in the server's general account [email protected]# adduser--system--shell/bin/bash--group gituser[email protected]# passwd gituser User Gituser Set the password, after the SSH public key is established can disable this password
Management side Generate key
[Email protected]# adduser gitadmin[email protected]# passwd gitadmin[email protected] #su-gitadmin[email protected]~$ SSH-KEYGEN-T RSA This generates the Gitadmin key we will copy the key gitadmin under the gitolite gituser user [email protected]~ $ssh-copy-id-i ~/.ssh/id_ rsa.pub [email protected] first transmission to enter the Gituser password. Of course, this is only two of the machine to do SSH without password login verification, it is not difficult. Confirm the success, [email protected]~ $ssh [email protected] so that no password login to the gitolite server [email protected]~$ mv. Ssh/authorized_keys Gitadmin.pub, mark the keys before they pass.
Installing Gitolite
Operating on the Gitolite server
[email protected]~$ git clone https://github.com/sitaramc/gitolite.git # Download Source [Email protected]~$ mkdir bin[email protected]~$ lsbin gitolite gitadmin.pub[email protected]~$ ./gitolite/install -to /home/gituser/bin/[email protected]~$ cd bin/ [email protected]~$ ls commands gitolite gitolite-shell lib syntactic-sugar triggers version vref so we installed in the Gitolite, the following generation gitadmin.pub management git library [email protected]:~/bin$ gl-setup -q ~/gitadmin.pubcreating gitolite-admin ... initialized empty git repository in /home/gituser/repositories/gitolite-admin.git/ Creating testing ... Initialized empty git repository in /home/gituser/repositories/testing.git/[master (Root-commit)  74DDB16] START 2 FILES&NBsp;changed, 6 insertions (+) create mode 100644 conf/gitolite.conf create mode 100644 keydir/sunny.pub can see that there will be two default Git project libraries gitolite-admin, testing execute gl-setup When a few notes: Gl-setup to $path, make sure ~/bin has been placed in the PATH variable, if not, edit ~/.BASHRC, add Path=~/bin on the last side: $PATH and execute the following command to take effect: SH ~/.BASHRC
Gitolite Management and authority setting
Gitolite management, including user management and code base management, is implemented by manipulating a library of the specified name: Gitolite-admin warehouse. Therefore, the Gitolite administrator sunny need to catch the library locally, make the necessary configuration, and then push to the remote server, let the settings take effect
Management-Side Server
Crawl Gitolite-admin Warehouse to Local
[[email protected] tmp]$ git clone [email protected]:gitolite-admininitialized empty git repository In/tmp/gitolite-admi N/.git/remote:counting Objects:6, done.remote:Compressing objects:100% (4/4), Done.remote:Total 6 (Delta 0), reused 0 (Delta 0) Receiving objects:100% (6/6), done. You have mail in/var/spool/mail/root[[email protected]]$ CD gitolite-admin/[[email protected] gitolite-admin]$ lsconf ke ydirconf configuration items and permissions for Keydir SSH keys in the same directory
Gitolite Configuration Management
New added user to increase Testusergit Library has access rights
Git client testuser generates a key to the Management Server
[[email protected] ~]# su testuser[[email Protected] ~]$ ssh-keygen -t rsaid_rsa id_rsa.pub Pass id_rsa.pub to the Management Server The Gitolite-admin/keydir directory is named Testuser.pub
Go to the management end [[email protected] gitolite-admin]$ lsconf keydir[[email protected] gitolite-admin]$ cd keydir/[[email protected] keydir]$ lsgitadmin.pub TESTUSER.PUB[[EMAIL&NBSP;PROTECTED]&NBSP;KEYDIR]$&NBSP;CD&NBSP, .... [[email protected] gitolite-admin]$ git add . [[email protected] gitolite-admin]$ git commit -m "Add testuser pubkey "[master 7fd7da1] add testuser pubkey committer: sunny <[email Protected] (None) >Your name and email address were configured Automatically basedon your username and hostname. please check that they are accurate. you can suppress this message by setting them explicitly: git config --global user.name "Your name" git config --global user.email [email protected]If the identity used for this commit is wrong, you can fix it With: git commit --amend --author= ' your name <[email Protected]> ' 1 files changed, 1 insertions (+), 0 deletions (-) Create mode 100644 keydir/testuser.pub[[email protected] gitolite-admin]$ git pushcounting objects: 6, done. Delta compression using up to 4 threads. compressing objects: 100% (4/4), done. writing objects: 100% (4/4), 681 bytes, done. total 4 (delta 0), reused 0 (delta 0) remote: remote: ***** waRning *****remote: the following users (Pubkey files in parens) do not appear in the config File:remote: testuser (testuser.pub) to [email protected]:gitolite-admin 74ddb16 .. 7fd7da1 master -> master This will add SSH authentication to testuser, but TestUser can only access the system's own testing library, not operate other libraries
2. Configure code library permissions
Gitolite Server
Now to create a new code warehouse in Gitserver proj_a, Gitolite-admin is still configured
Edit gitolite-admin/conf/gitolite.conf, follow the format of the library later, add:
[[Email protected] gitolite-admin]$ CD Conf/[[email protected] gitolite-admin]$ cat gitolite.conf repo gitolite-admin rw+ = Gitadminrepo Testing rw+ = @allrepo Proj_a # This setting is the name of the new library rw+ = gitadmin # R is read permission, W is write permission, + is include "Force update a branch, delete branch and update a tag" permission RW = testuser # Set RW permissions for people
Execute add, Commmit, Push, and
[[email protected] gitolite-admin]$ git add . [[email protected] gitolite-admin]$ git commit -m "Add a new repo "[master a0f9f26] add a new repo committer: sunny <[email Protected] (None) >Your name and email address were configured Automatically basedon your username and hostname. please check that they are accurate. you can suppress this message by setting them explicitly: git config --global user.name "Your name" git config --global user.email [email protected]if the identity used for this commit is wrong, you can fix it with: git commit --amend --author= ' your name <[email protected]> ' 1 files changed, 7 Insertions (+), 0 deletions (-) [[email protected] gitolite-admin]$ git Pushcounting objects: 7, done. Delta compression using up to 4 threads. compressing objects: 100% (3/3), done. writing objects: 100% (4/4), 395 bytes, done. total 4 (delta 0), reused 0 (delta 0) remote: creating proj_a ... Remote: initialized empty git repository in /home/gituser/repositories/proj_ A.git/to [email protected]:gitolite-admin 7fd7da1. A0f9f26 master -> master
The gitolite.conf format actually has quite a few complex configurations (see the official manual for details), and in general, there are enough open-minded small teams like the following to use, for example:
@proj_a = Sunny Jacob # @proj_a are grouped named, grouped with @, and can be referenced later in group @proj_b = Sunny Taylor Jean # if there is Multiple users, separated by spaces @admins = Sunny @qa = Elapse flora@engineers = Sunny Jacob Taylor Jean@staff = @admins @qa @engineers # groups can be referenced by R EPO Gitolite-admin # This is the Gitolite management repository, Sunny is the administrator that specifies what can be done with it rw+ = Sunnyrepo proj_arw+ = @adminsRW = @proj_a Elapserepo proj_ brw+ = SUNNYRW = @engineers Florar refs/tags/= @qa # Set Here, is the QA this group, the path to the beginning of the refs/tags/file only Read permission repo testingrw+ = @stall
3. Delete a user
The administrator locally, delete the corresponding user PubKey in the Gitolite-admin/keydir directory, then perform the RM operation of Git, then commit, push push, you can
[[email protected] gitolite-admin]$ rm-f keydir/jacob.pub[[email protected] gitolite-admin]$ git rm keydir/jacob.pub[[ Email protected] gitolite-admin]$ git commit-m "delete a user" [[email protected] gitolite-admin]$ git push
4. Delete code library
To delete the Proj_a code base, the administrator will take two steps:
Local edit gitolite-admin/conf/gitolite.conf, delete related repo proj_a code, then add, commit, push push
[[email protected] gitolite-admin]$ git Add. [[email protected] gitolite-admin]$ git commit-m "remove a repo" [[email protected] gitolite-admin]$ git push
Use the Gituser account or root account to enter the Gitserver server, delete the related repo directory gituser/repositories
[Email protected]:/home/gituser/repositories$ rm-rf proj_a.git # Library corresponds to proj_a directory, with. Git end
5. modify the name of the code base
Renaming, is also divided into two steps, and the above executes the removal order in turn,
First Use Gituser account or root account to enter Gitserver server, CD repositories, perform mobile
[Email protected]:/home/gituser/repositories$ mv Proj_a.git Proj_b.git
Go back to the management, modify the conf/gitolite.conf, change the old-name to New-name, then add, commit, and push
[[email protected] gitolite-admin]$ git Add. [[email protected] gitolite-admin]$ git commit-m "rename a repo" [[email protected] gitolite-admin]$ git push
6. Normal User Check-out operation
For example, Jacob would checkout the codebase, modify it locally, and then merge the code with the remote library. These operations are purely git operations, and the team's daily development process is exactly how it is done. Grab the remote repository before you start modifying
[Email protected]:~$ git clone [email protected]:p Roj_a # project is placed by default in the Proj_a directory or [email protected]:~$ git clone [email protecte D]:p roj_a my_proj_a # project is downloaded to the My_proj_a directory
Jacob already has a ready-made project Proj_a being developed and managed with git and now wants to share this project to Proj_a
[Email protected]:~$ cd proj_a[email protected]:~/proj_a$ git push--all [email protected]:p roj_a # push to remote server
7. List the libraries that I have permissions for
Try logging in to the remote server with an account of the normal user Gituser,
[[email protected] proj_a]$ SSH [email protected]pty allocation request failed on channel 0hello testuser, this is Gitolit E 2.2-1 (Debian) running on git 1.7.9.5the gitolite config gives the following access:r W proj_a @R_ @W _ Testingconnection to 192.168.1.50 closed.
Gitolite managing git server code library permissions is basically about this, and post-testing the import and backup of Git code libraries between different servers. Please keep your eye on it.
This article is from the "xiangcun168" blog, make sure to keep this source http://xiangcun168.blog.51cto.com/4788340/1703328
Ubuntu gitolite managing git server code library permissions