centos7.x+git+gitolite

Posted zjd1396

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos7.x+git+gitolite相关的知识,希望对你有一定的参考价值。

一.     什么是Gitolite

Gitolite is an authorization layer on top of Git, relying on sshd or httpd for authentication.

Gitolite allows you to specify permissions not just by repository, but also by branch or tag names within each repository. That is, you can specify that certain people (or groups of people) can only push certain "refs" (branches or tags) but not others.

二.     安装Git

[[email protected] ~]# yum install git -y

[[email protected] ~]# git --version

git version 1.8.3.1

三.     创建Git用户

[[email protected] ~]# useradd git

[[email protected] ~]# passwd git

# 根据提示设置密码

[[email protected] ~]# su - git

[[email protected] ~]$ pwd

/home/git

[[email protected] ~]$ ls -a

.  ..  .bash_logout  .bash_profile  .bashrc

四.     安装Gitolite

克隆gitolite:

[[email protected] ~]$ git clone https://github.com/sitaramc/gitolite

创建bin目录并安装gitolite到bin目录:

[[email protected] ~]$ mkdir $HOME/bin

[[email protected] ~]$ gitolite/install -to $HOME/bin

(如果执行gitolite/install时报错BEGIN failed--compilation aborted at /home/git/gitolite/src/lib/Gitolite/Common.pm line 67,则需要先回到root用户并yum install -y perl-Data-Dumper.x86_64)

[[email protected] ~]$ cd bin/

[[email protected] bin]$ ll

total 24

drwxrwxr-x. 2 git git 4096 Jan 26 17:03 commands

-rwxrwxr-x. 1 git git 3292 Jan 26 17:03 gitolite

-rwxrwxr-x. 1 git git 9023 Jan 26 17:03 gitolite-shell

drwxrwxr-x. 3 git git   22 Jan 26 17:03 lib

drwxrwxr-x. 2 git git   92 Jan 26 17:03 syntactic-sugar

drwxrwxr-x. 3 git git  166 Jan 26 17:03 triggers

-rw-rw-r--. 1 git git   19 Jan 26 17:13 VERSION

drwxrwxr-x. 2 git git  174 Jan 26 17:03 VREF

五.     配置Gitolite管理员

gitolite使用特殊的版本库gitolite-admin来管理用户和版本库,所以需要创建一个管理员来管理所有的用户和版本库。

1. 用Git用户生成公钥

执行ssh-keygen并一路回车:

[[email protected] bin]$ cd

[[email protected] ~]$ ssh-keygen -t rsa

2. 修改.ssh/id_rsa.pub为admin.pub

改成admin.pub是gitolite的固定要求。

[[email protected] ~]$ mv .ssh/id_rsa.pub admin.pub

[[email protected] ~]$ ll

total 4

-rw-r--r--. 1 git git 400 Jan 26 17:19 admin.pub

drwxrwxr-x. 7 git git 137 Jan 26 17:13 bin

drwxrwxr-x. 6 git git 245 Jan 26 17:03 gitolite

3. 使用管理员公钥配置Gitolite

[[email protected] ~]$ $HOME/bin/gitolite setup -pk admin.pub

Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/

Initialized empty Git repository in /home/git/repositories/testing.git/

WARNING: /home/git/.ssh/authorized_keys missing; creating a new one

    (this is normal on a brand new install)

4. 生成管理员管理仓库

[[email protected] ~]$ $HOME/bin/gitolite setup -pk admin.pub

Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/

Initialized empty Git repository in /home/git/repositories/testing.git/

WARNING: /home/git/.ssh/authorized_keys missing; creating a new one

    (this is normal on a brand new install)

[[email protected] ~]$ git clone [email protected]:gitolite-admin

Cloning into ‘gitolite-admin‘...

The authenticity of host ‘127.0.0.1 (127.0.0.1)‘ can‘t be established.

ECDSA key fingerprint is SHA256:hrz8c27CZn4c/iIN0pFuC59qwheBUaUpszGP7if3oGs.

ECDSA key fingerprint is MD5:59:bf:ad:49:4f:c6:26:d4:e6:dd:d6:f0:5b:9d:48:6a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘127.0.0.1‘ (ECDSA) to the list of known hosts.

remote: Counting objects: 6, done.

remote: Compressing objects: 100% (4/4), done.

remote: Total 6 (delta 0), reused 0 (delta 0)

Receiving objects: 100% (6/6), done.

进去看看:

[[email protected] ~]$ cd gitolite-admin/

[[email protected] gitolite-admin]$ ll

total 0

drwxrwxr-x. 2 git git 27 Jan 26 17:29 conf

drwxrwxr-x. 2 git git 23 Jan 26 17:29 keydir

[[email protected] gitolite-admin]$ cd conf/

[[email protected] conf]$ ll

total 4

-rw-rw-r--. 1 git git 77 Jan 26 17:29 gitolite.conf

[[email protected] conf]$ cd ..

[[email protected] gitolite-admin]$ cd keydir/

[[email protected] keydir]$ ll

total 4

-rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub

conf/gitolite.conf是添加用户/仓库的配置,keydir存放客户端的公钥。现有的这个admin.pub可以删除了。

六.     配置用户和仓库

打开gitolite.conf可以看到:

[[email protected] ~]$ vim gitolite-admin/conf/gitolite.conf

repo gitolite-admin

    RW+     =   admin

 

repo testing

    RW+     =   @all

可以看到现有两个仓库gitolite-admin和testing,gitolite-admin只有admin用户有读写权限,testing则对所有人有读写权限。改一下:

@user = admin aaa_nb

repo gitolite-admin

    RW+     =   admin

 

repo edsserver

    RW+     =   @user

上述修改的意思是仓库edsserver对用户组user有读写权限。用户组user中有一个用户aaa_nb,其对应的密钥为在某git客户端上用“ssh-keygen -t rsa -C “用户邮箱名””命令生成的密钥id_rsa.pub改名为aaa_nb.pub(改名是为了和用户名一致,便于分辨管理),然后用Filezilla之类的客户端上传到/home/git/gitolite-admin/keydir目录下。

好了,改了gitolite.conf并上传了aaa_nb.pub后,提交吧:

[[email protected] gitolite-admin]$ git add keydir/aaa_nb.pub conf/gitolite.conf

[[email protected] gitolite-admin]$ git status

# On branch master

# Changes to be committed:

#   (use "git reset HEAD <file>..." to unstage)

#

#       modified:   conf/gitolite.conf

#       new file:   keydir/aaa_nb.pub

#

[[email protected] gitolite-admin]$ git commit -m "new project and user"

[master 3ea654d] new project and user

 2 files changed, 4 insertions(+), 2 deletions(-)

 create mode 100644 keydir/aaa_nb.pub

[[email protected] gitolite-admin]$ git push origin master

Counting objects: 10, done.

Delta compression using up to 6 threads.

Compressing objects: 100% (5/5), done.

Writing objects: 100% (6/6), 821 bytes | 0 bytes/s, done.

Total 6 (delta 0), reused 0 (delta 0)

remote: Initialized empty Git repository in /home/git/repositories/edsserver.git/

To [email protected]:gitolite-admin

   bb5c5f1..3ea654d  master -> master

注意,第一次使用git commit等指令之前,记得先配置user.name和user.email:

[[email protected] gitolite-admin]$ git config --global user.email "[email protected]"

[[email protected] gitolite-admin]$ git config --global user.name "admin"

现在进入respositoeries,可以看到刚才配置的仓库edsserver.git了:

[[email protected] ~]$ cd repositories/

[[email protected] repositories]$ ll

total 0

drwx------. 7 git git 134 Jan 26 18:19 edsserver.git

drwx------. 8 git git 181 Jan 26 18:19 gitolite-admin.git

drwx------. 7 git git 134 Jan 26 18:19 testing.git

[[email protected] repositories]$

总结:以后增加用户或仓库就是用git用户登录服务器后,修改配置文件/home/gitolite-admin/conf/gitolite.conf,添加用户名或仓库名,同时将用户所使用机器上生成的密钥拷贝到/home/gitolite-admin/keydir目录下,然后git add、commit、push等一系列动作即可。

七.     Windows上测试Git客户端

https://www.git-scm.com/download/win 下载git客户端windows版本,一步步缺省安装即可。

在windows资源管理器中想克隆仓库的目录下点击鼠标右键,选择Git Bash Here,弹出的命令行窗口中仍然是首先配置user.name和user.email:

$ git config --global user.email = "[email protected]"

$ git config --global user.name = "aaa_nb"

好了,现在可以clone了:

$ git clone [email protected]:edsserver.git

任何本地修改后依此执行git add .、git commit -m “***”、git push origin master即可。

八.     CentOS7.x上测试Git客户端

同样是先生成公钥:

[[email protected] ~]$ ssh-keygen -t rsa -C "[email protected]"

改名:

[[email protected] ~]$ cd .ssh/

[[email protected] .ssh]$ cp id_rsa.pub aaa_server202.pub

将此pub拷贝到git服务器的/home/gitolite-admin/keydir目录下:

[[email protected] keydir]$ ll

total 12

-rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub

-rw-rw-r--. 1 git git 402 Jan 26 18:05 aaa_nb.pub

-rw-rw-r--. 1 git git 402 Jan 26 19:17 aaa_server202.pub

修改gitolite.conf,用户组user中添加aaa_server202。

然后git add .、git commit -m “***”、git push origin master。

好了,回到server202上clone吧:

[[email protected] ~]$ git clone [email protected]:edsserver.git

以上是关于centos7.x+git+gitolite的主要内容,如果未能解决你的问题,请参考以下文章

Git如何克隆Gitlab?Git本地仓库如何上传Gitlab?

如何在Centos 7.x上以源码包安装最新版Git

CentOS搭建Git服务器及权限管理

CentOS搭建Git服务器及权限管理

CentOS搭建Git服务器及权限管理

在CentOS 7中搭建Git服务器