git gitolite

gitolite简介

gitolite是一款perl语言开发的git服务管理工具,通过公钥对用户进行认证,并能够通过配置文件对写操作进行基于分之和路径的精细授权
gitolite采用SSH协议并且使用SSH公钥认证

Git使用SSH协议:

SSH协议用于为Git提供远程读写操作,是远程写操作的标准服务,在智能HTTP协议出现之前,甚至是写操作的唯一标准服务.

SSH协议有两种方式来实现Git服务:
方式一: 使用标准的SSH账号访问版本库
方式二: 所有用户使用同一个专用的SSH账号访问版本库,访问时通过公钥认证的方式.通过在建立连接时所用的不同公钥来区分不同的用户身份.

1.指定创建公钥/私钥:
ssh-keygen -f ~/.ssh/test

2.拷贝公钥到服务端:
ssh-copy-id -i ~/.ssh/test.pub user@server

3.连接测试:
ssh user@server 默认使用的是~/.ssh/id_rsa.pub公钥

4.通过创建主机别名,在连接主机时选择特定的公钥: ~/.ssh/config
host bj              //定义的别名
  user git           //表示登录时使用的用户名
  hostname bj.com    //表示登录主机的主机名
  port 22
  identityfile ~/.ssh/beijing   //认证时使用的公钥文件

5.测试
ssh bj
git clone bj:path/to/repos/myrepo.git

---

gitolite安装

1.创建用户(Server)

[root@localhost ~]# useradd git
[root@localhost ~]# echo 'y+{3InfLAz' | passwd --stdin git

2.下载gitolite

[root@localhost ~]# su - git
[git@localhost ~]$ git clone https://github.com/sitaramc/gitolite.git
[git@localhost ~]$ mkdir -p $HOME/bin
[git@localhost ~]$ gitolite/install -to $HOME/bin

3.创建密钥对(Client)

[root@localhost ~]# ssh-keygen
[root@localhost ~]# cp ~/.ssh/id_rsa.pub /tmp/admin.pub

[root@localhost ~]# su - git
[git@localhost ~]$ bin/gitolite setup -pk /tmp/admin.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
WARNING: /home/git/.ssh/authorized_keys missing; creating a new one
    (this is normal on a brand new install)

4.克隆git管理

[root@localhost ~]# git clone git@192.168.10.75:gitolite-admin
Cloning into 'gitolite-admin'...
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.

5.客户提供ssh public key

$ ssh-keygen -t rsa -f ~/.ssh/liupeng

6.让客户将生成的liupeng.pub放到gitolite-admin/keydir目录下

[root@localhost keydir]# pwd
/root/gitolite-admin/keydir

[root@localhost keydir]# ls -l liupeng.pub
-rw-r--r-- 1 root root 403 Nov 24 19:48 liupeng.pub

7.设置用户权限

[root@localhost conf]# pwd
/root/gitolite-admin/conf
[root@localhost conf]# vim gitolite.conf
repo gitolite-admin
    RW+     =   admin
repo devops
    RW+     =   liupeng
    R       =   @all

8.将配置上传

[root@localhost gitolite-admin]# pwd
/root/gitolite-admin
[root@localhost gitolite-admin]# git config --global user.email "liu_p@jointwisdom.cn"
[root@localhost gitolite-admin]# git config --global user.name "liu_p"
[root@localhost gitolite-admin]# git config --global push.default simple

[root@localhost gitolite-admin]# git add .
[root@localhost gitolite-admin]# git commit -m "add repo devops"
[root@localhost gitolite-admin]# git push

9.客户端设置别名

$vim ~/.ssh/config
host devops
  user git
  hostname 124.27.242.3
  port 520
  identityfile ~/.ssh/liupeng

10.客户端克隆

$git clone git@devops:devops.git

$git config --global user.email "liu_p@jointwisdom.cn"
$git config --global user.name "liu_p"
$git config --global push.default simple

$git add .
$git commit -m "update"
$git push

---

添加新用户(在gitserver上):

1.生成ssh-key

[root@localhost ~]# ssh-keygen -t rsa -C "test" -f ~/.ssh/test
[root@localhost ~]# cp ~/.ssh/genghongyu.pub gitolite-admin/keydir/genghongyu.pub

2.修改gitolite配置文件

[root@localhost ~]# vim gitolite-admin/conf/gitolite.conf
@devssp  = test
repo test
    RW+     =   @devssp
    R       =   @all
[root@localhost ~]# cd gitolite-admin/
[root@localhost gitolite-admin]# git add .
[root@localhost gitolite-admin]# git commit -m "add genghongyu to devssp"
[root@localhost gitolite-admin]# git push

3.客户端将私钥(test)保存到本地,同时修改”.ssh/config”配置文件

$ ls -l ~/.ssh/genghongyu
-rw-r--r-- 1 admin 197121 1675 11月 25 14:50 /c/Users/admin/.ssh/genghongyu
$ cat ~/.ssh/config
host test
  user git
  hostname 192.168.10.75
  port 22
  identityfile ~/.ssh/test

4.客户端克隆

$git clone git@test:test.git

---

apt-get install gitolite3

opsys@ubuntu:~$ sudo apt-get -y install openssh-server openssh-client
opsys@ubuntu:~$ sudo apt-get -y install git
opsys@ubuntu:~$ sudo adduser --system --shell /bin/sh --group --disabled-password --home /home/git git
opsys@ubuntu:~$ sudo apt-get -y install gitolite3

opsys@ubuntu:~$ ssh-keygen
opsys@ubuntu:~$ vim .ssh/config
host gitserver
  user git
  hostname 192.168.10.19
  port 22
  identityfile ~/.ssh/id_rsa
opsys@ubuntu:~$ cp .ssh/id_rsa.pub /tmp/opsys.pub

opsys@ubuntu:~$ sudo su -
root@ubuntu:~# su - git
$ gitolite setup -pk /tmp/opsys.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
WARNING: /home/git/.ssh missing; creating a new one
    (this is normal on a brand new install)
WARNING: /home/git/.ssh/authorized_keys missing; creating a new one
    (this is normal on a brand new install)
$ exit
root@ubuntu:~# exit
logout

opsys@ubuntu:~$ git clone git@gitserver:gitolite-admin.git
Cloning into 'gitolite-admin'...
The authenticity of host '192.168.10.19 (192.168.10.19)' can't be established.
ECDSA key fingerprint is SHA256:HgWObuliUUy72v/lIm9ZF4KviIDzEkABmsanW+H9dJU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.19' (ECDSA) to the list of known hosts.
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
Receiving objects: 100% (6/6), 737 bytes | 0 bytes/s, done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Checking connectivity... done.

opsys@ubuntu:~$ cd gitolite-admin/
opsys@ubuntu:~/gitolite-admin$ cat conf/gitolite.conf
@devops = penn admin
repo gitolite-admin
    RW+     =   opsys penn
repo devops
    RW      = @devops
opsys@ubuntu:~/gitolite-admin$ ls keydir/
admin.pub  opsys.pub  penn.pub
opsys@ubuntu:~/gitolite-admin$ git config --global user.email "smallasa@sina.com"
opsys@ubuntu:~/gitolite-admin$ git config --global user.name "penn"
opsys@ubuntu:~/gitolite-admin$ git config --global push.default simple
opsys@ubuntu:~/gitolite-admin$ git add conf keydir
opsys@ubuntu:~/gitolite-admin$ git commit -m "create new repo: devops"
opsys@ubuntu:~/gitolite-admin$ git push

客户端直接下载文件:
git clone git@gitserver:devops.git