Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of how to use Gitosis to install and build Git Server under CentOS 6.3. in the operation of practical cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

As a distributed version control system, Git generally uses ssh protocol to communicate with the server when using git. The main advantage of using ssh is high speed (data will be compressed before transmission, faster than HTTP), safe and convenient to read and write.

There are generally two ways for the client to access the server through ssh, one is the user name and password, and the other is the use of public and private key authentication. It is convenient to use public and private keys, and there is no need to enter a password every time you log in.

The public key of a trusted client will be set in the server ~ /. Ssh/authorized_keys file, which can be formatted in sshd's user manual man sshd. One of the more powerful features of authorized_keys is to support the command parameter, which allows users to execute this later command every time they use this public key for authentication. In this way, some logical processing can be done.

In general, the management of git library needs permission control, so how to facilitate and simple permission management of the library? Authorized_keys is an idea that specifies specific command parameters and executes the relevant logic after verifying the user each time to detect whether the current user has a certain permission. So there is gitosis, gitosis is not so much a git rights management system as an authorized_keys file manager.

Solution:

Environmental deployment

Operating system: centos6.3 x64

Git: git-1.7.1

Gitosis: Gitosis

Gitweb: 1.7.1-3

OpenSSH Server: openssh-server-5.3p1

Apache: httpd-2.4.4

Python-setuptools: python-setuptools-0.6.10-3

Git server (centos6.3 x64): node2.example.com

Git client (centos6.3 x64): node1.example.com

Server side configuration:

one。 Close iptables and SELINUX

The code is as follows:

# service iptables stop

# setenforce 0

# vi / etc/sysconfig/selinux

-

SELINUX=disabled

-

two。 Synchronization time

The code is as follows:

# ntpdate cn.pool.ntp.org

three。 Install apache

Portal: https://www.yisu.com/article/54969.htm

four。 Install OpenSSH

1.yum installation OpenSSH:

The code is as follows:

# yum install openssh-server-y

two。 Modify the ssh server configuration:

The code is as follows:

# vi / etc/ssh/sshd_config

--

Change Port 22 # to the login port you want

PermitRootLogin no # forbids root users to log in

StrictModes yes # checks whether the user and permissions of the key are correct, which is turned on by default

RSAAuthentication yes # enable RSA authentication

PubkeyAuthentication yes # enable public key authentication

PasswordAuthentication yes # enables password authentication, which is turned on by default

ServerKeyBits 1024 # changed to this state, changing the ServerKey strength to 1024 bits

PermitEmptyPasswords no # changes to this state after modification, and an empty password is prohibited from logging in.

--

3. Restart the service:

The code is as follows:

# / etc/init.d/sshd restart

five。 Install Git

The code is as follows:

# yum install git-core-y

six。 Install Gitosis

1. Install Gitosis dependent python-setuptools package

The code is as follows:

# yum install python-setuptools-y

two。 Install Gitosis

The code is as follows:

# cd ~

# mkdir src

# cd src

# git clone https://github.com/tv42/gitosis.git

# cd gitosis

# python setup.py install

3. Create a system user for gitosis

The code is as follows:

# useradd-m git

# passwd git

4. Run gitosis

(1)。 Upload or copy the public key generated by the administrator to the server. The public key here needs to be created using the ssh-keygen command under the git server administrator

The code is as follows:

# su-git

Ensure that the web page has permission to display the contents of the warehouse

The code is as follows:

# chmod-R 755 / home/git

# ssh-keygen-t rsa

# cp ~ / .ssh/id_rsa.pub / tmp

(2)。 Initialize gitosis

Enter the directory where the copied id_rsa.pub is located.

The code is as follows:

# cd / tmp

# gitosis-init

< id_rsa.pub 此时，会在/home/git目录下生成gitosis仓库和配置目录 代码如下: # cd /home/git # ll ---------------------------------------------------------------- drwxr-xr-x 2 git git 4096 Aug 12 13:39 gitosis drwxr-xr-x 4 git git 4096 Aug 12 13:39 repositories --------------------------------------------------------------- (3).切换回当前(root)用户 代码如下: # exit (4).配置权限 如果想要别人能够clone gitosis-admin.git，需要执行以下操作： 代码如下: # chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update 至此，gitosis的安装工作已完成，其相关配置可以有管理员来操作，然后再提交到服务器上. (5)现在可以试一下用初始化 Gitosis 的公钥的拥有者身份 SSH 登录服务器，应该会看到类似下面这样： 代码如下: # su - git $ ssh git@127.0.0.1 ------------------------------------------------ PTY allocation request failed on channel 0 ERROR:gitosis.serve.main:Need SSH_ORIGINAL_COMMAND in environment. Connection to gitserver closed. ------------------------------------------------ 说明 Gitosis 认出了该用户的身份，但由于没有运行任何 Git 命令，所以它切断了连接。那么，现在运行一个实际的 Git 命令 — 克隆 Gitosis 的控制仓库： 在你本地计算机上克隆git仓库 代码如下: # cd /tmp # git clone git@gitserver:gitosis-admin.git 这会得到一个名为 gitosis-admin 的工作目录，主要由两部分组成： 红色为git仓库配置,蓝色为实际仓库保存的文件 代码如下: # cd gitosis-admin # ll -a ---------------------------------------------------------- total 20 drwxr-xr-x 4 git git 4096 Aug 12 13:21 . drwxr-xr-x 4 git git 4096 Aug 12 13:23 .. drwxr-xr-x 8 git git 4096 Aug 12 13:22 .git -rwxr-xr-x 1 git git 157 Aug 12 13:21 gitosis.conf drwxr-xr-x 2 git git 4096 Aug 12 13:20 keydir ----------------------------------------------------------- 以上操作相当于,系统git用户初始化并成为gitosis管理员,且利用其管理员权限将gitosis-admin仓库clone到本地. 5.添加本地用户john和仓库test到gitosis,并和管理员git合作管理gitosis 1. 用户john添加并发送id_rsa.pub给git 代码如下: # su - # useradd john & passwd john # su - john # ssh-keygen -t rsa ----------------------------------------------------------- Generating public/private rsa key pair. Enter file in which to save the key (/home/john/.ssh/id_rsa): Created directory '/home/john/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/john/.ssh/id_rsa. Your public key has been saved in /home/john/.ssh/id_rsa.pub. ----------------------------------------------------------- # cp /home/john/.ssh/id_rsa.pub /tmp 2. gitosis管理员git分配john权限 代码如下: # su - git # mkdir projects # cd ~/projects # git clone git@node2.example.com:gitosis-admin # cd gitosis-admin # cat gitosis.conf ------------------------------------------------ [gitosis] [group gitosis-admin] writable = gitosis-admin members = git@node2.example.com ------------------------------------------------ # ls keydir/ ------------------------- git@node2.example.com.pub ------------------------- # cp /tmp/id_rsa.pub keydir/john.pub # vi gitosis.conf ———————————————————————————————————— [gitosis] [group gitosis-admin] writable = gitosis-admin members = git@node2.example.com [group test] writable = test members = git@node2.example.com john ———————————————————————————————————— # git add . # git commit -am "add member john and project foo" # git push 3. 用户git添加项目test 代码如下: # su - git # cd ~/projects # mkdir test # cd test # git init # echo "Hello World." >

Hello.txt

# git add hello.txt

# git commit-am 'first commit'

# git remote add origin git@node2.example.com:test.git

# git push origin master

4. User john clone test and modify hello.txt

The code is as follows:

# su-john

# git clone git@node2.example.com:test.git

# cd test

# date > > hello.txt

# git commit-am 'add time to hello.txt' & & git push

The whole process is divided into:

1. By modifying gitosis-admin to manage gitosis user rights, it is necessary to clone locally, then modify the configuration file, and finally add push pushes the results to the remote to achieve permission modification.

two。 Add the system user, generate the user public key, and copy it to keydir, so that the user has the authority to carry out git and other related operations.

3. Log in to the user account for git-related operations, and after modification, commit,push to the server can complete the warehouse permissions configuration.

seven。 Install gitweb

1. First of all, we need the source code of Git with GitWeb and the ability to generate custom CGI scripts:

The code is as follows:

# git clone git://git.kernel.org/pub/scm/git/git.git

# cd git/

# make GITWEB_PROJECTROOT= "/ home/git/repositories" prefix=/usr gitweb

# cp-rf gitweb / usr/local/apache2/htdocs/

Note: tell the compilation command Git repository location by specifying the GITWEB_PROJECTROOT variable

two。 Set up Apache to run the script as CGI and add a VirtualHost configuration:

(1)。 Load the vhost configuration file for apache

The code is as follows:

# vi / usr/local/apache2/conf/httpd.conf

Search for the line that contains httpd-vhosts and remove the comment on that line.

(2)。 Load the cgid module to support the perl language.

The code is as follows:

# vi / usr/local/apache2/conf/httpd.conf

Search for the line that contains mod_cgid.so and remove the comment on that line.

(3)。 Configure VirtualHost

The code is as follows:

# vi / usr/local/apache2/conf/extra/httpd-vhosts.conf

Add the following configuration:

The code is as follows:

--

ServerName git.example.com

DocumentRoot / usr/local/apache2/htdocs/gitweb

Options + ExecCGI

AllowOverride All

Order allow,deny

Allow from all

AddHandler cgi-script cgi pl

DirectoryIndex gitweb.cgi

--

(4)。 Install the Time/HiRes.pm perl module

Open the web page Can't locate Time/HiRes.pm in @ INC for the first time. . Error

Solution:

The code is as follows:

# yum install perl-devel perl-CPAN-y

# perl-MCPAN-e shell

Cpan [2] > install Time::HiRes

Cpan [3] > exit

(5)。 Restart the apache service

The code is as follows:

# / usr/local/apache2/bin/apachectl restart

(6)。 Modify the native HOST and open the gitweb page

Http://git.example.com

This is the end of how to use Gitosis to install and build Git Server under CentOS 6.3.Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.