一. 什么是Gitolite
Gitolite is an authorization layer on top of Git, relying on sshd or httpd for authentication.
Gitolite allows you to specify permissions not just by repository, but also by branch or tag names within each repository. That is, you can specify that certain people (or groups of people) can only push certain "refs" (branches or tags) but not others.
二. 安装Git
|
[[email protected] ~]# yum install git -y [[email protected] ~]# git --version git version 1.8.3.1 |
三. 创建Git用户
|
[[email protected] ~]# useradd git [[email protected] ~]# passwd git # 根据提示设置密码 [[email protected] ~]# su - git [[email protected] ~]$ pwd /home/git [[email protected] ~]$ ls -a . .. .bash_logout .bash_profile .bashrc |
四. 安装Gitolite
克隆gitolite:
|
[[email protected] ~]$ git clone https://github.com/sitaramc/gitolite |
创建bin目录并安装gitolite到bin目录:
|
[[email protected] ~]$ mkdir $HOME/bin [[email protected] ~]$ gitolite/install -to $HOME/bin |
(如果执行gitolite/install时报错BEGIN failed--compilation aborted at /home/git/gitolite/src/lib/Gitolite/Common.pm line 67,则需要先回到root用户并yum install -y perl-Data-Dumper.x86_64)
|
[[email protected] ~]$ cd bin/ [[email protected] bin]$ ll total 24 drwxrwxr-x. 2 git git 4096 Jan 26 17:03 commands -rwxrwxr-x. 1 git git 3292 Jan 26 17:03 gitolite -rwxrwxr-x. 1 git git 9023 Jan 26 17:03 gitolite-shell drwxrwxr-x. 3 git git 22 Jan 26 17:03 lib drwxrwxr-x. 2 git git 92 Jan 26 17:03 syntactic-sugar drwxrwxr-x. 3 git git 166 Jan 26 17:03 triggers -rw-rw-r--. 1 git git 19 Jan 26 17:13 VERSION drwxrwxr-x. 2 git git 174 Jan 26 17:03 VREF |
五. 配置Gitolite管理员
gitolite使用特殊的版本库gitolite-admin来管理用户和版本库,所以需要创建一个管理员来管理所有的用户和版本库。
1. 用Git用户生成公钥
执行ssh-keygen并一路回车:
|
[[email protected] bin]$ cd [[email protected] ~]$ ssh-keygen -t rsa |
2. 修改.ssh/id_rsa.pub为admin.pub
改成admin.pub是gitolite的固定要求。
|
[[email protected] ~]$ mv .ssh/id_rsa.pub admin.pub [[email protected] ~]$ ll total 4 -rw-r--r--. 1 git git 400 Jan 26 17:19 admin.pub drwxrwxr-x. 7 git git 137 Jan 26 17:13 bin drwxrwxr-x. 6 git git 245 Jan 26 17:03 gitolite |
3. 使用管理员公钥配置Gitolite
|
[[email protected] ~]$ $HOME/bin/gitolite setup -pk admin.pub Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/ Initialized empty Git repository in /home/git/repositories/testing.git/ WARNING: /home/git/.ssh/authorized_keys missing; creating a new one (this is normal on a brand new install) |
4. 生成管理员管理仓库
|
[[email protected] ~]$ $HOME/bin/gitolite setup -pk admin.pub Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/ Initialized empty Git repository in /home/git/repositories/testing.git/ WARNING: /home/git/.ssh/authorized_keys missing; creating a new one (this is normal on a brand new install) [[email protected] ~]$ git clone [email protected]:gitolite-admin Cloning into ‘gitolite-admin‘... The authenticity of host ‘127.0.0.1 (127.0.0.1)‘ can‘t be established. ECDSA key fingerprint is SHA256:hrz8c27CZn4c/iIN0pFuC59qwheBUaUpszGP7if3oGs. ECDSA key fingerprint is MD5:59:bf:ad:49:4f:c6:26:d4:e6:dd:d6:f0:5b:9d:48:6a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘127.0.0.1‘ (ECDSA) to the list of known hosts. remote: Counting objects: 6, done. remote: Compressing objects: 100% (4/4), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done. |
进去看看:
|
[[email protected] ~]$ cd gitolite-admin/ [[email protected] gitolite-admin]$ ll total 0 drwxrwxr-x. 2 git git 27 Jan 26 17:29 conf drwxrwxr-x. 2 git git 23 Jan 26 17:29 keydir [[email protected] gitolite-admin]$ cd conf/ [[email protected] conf]$ ll total 4 -rw-rw-r--. 1 git git 77 Jan 26 17:29 gitolite.conf [[email protected] conf]$ cd .. [[email protected] gitolite-admin]$ cd keydir/ [[email protected] keydir]$ ll total 4 -rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub |
conf/gitolite.conf是添加用户/仓库的配置,keydir存放客户端的公钥。现有的这个admin.pub可以删除了。
六. 配置用户和仓库
打开gitolite.conf可以看到:
|
[[email protected] ~]$ vim gitolite-admin/conf/gitolite.conf repo gitolite-admin RW+ = admin repo testing RW+ = @all |
可以看到现有两个仓库gitolite-admin和testing,gitolite-admin只有admin用户有读写权限,testing则对所有人有读写权限。改一下:
|
@user = admin aaa_nb repo gitolite-admin RW+ = admin repo edsserver RW+ = @user |
上述修改的意思是仓库edsserver对用户组user有读写权限。用户组user中有一个用户aaa_nb,其对应的密钥为在某git客户端上用“ssh-keygen -t rsa -C “用户邮箱名””命令生成的密钥id_rsa.pub改名为aaa_nb.pub(改名是为了和用户名一致,便于分辨管理),然后用Filezilla之类的客户端上传到/home/git/gitolite-admin/keydir目录下。
好了,改了gitolite.conf并上传了aaa_nb.pub后,提交吧:
|
[[email protected] gitolite-admin]$ git add keydir/aaa_nb.pub conf/gitolite.conf [[email protected] gitolite-admin]$ git status # On branch master # Changes to be committed: # (use "git reset HEAD <file>..." to unstage) # # modified: conf/gitolite.conf # new file: keydir/aaa_nb.pub # [[email protected] gitolite-admin]$ git commit -m "new project and user" [master 3ea654d] new project and user 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 keydir/aaa_nb.pub [[email protected] gitolite-admin]$ git push origin master Counting objects: 10, done. Delta compression using up to 6 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (6/6), 821 bytes | 0 bytes/s, done. Total 6 (delta 0), reused 0 (delta 0) remote: Initialized empty Git repository in /home/git/repositories/edsserver.git/ To [email protected]:gitolite-admin bb5c5f1..3ea654d master -> master |
注意,第一次使用git commit等指令之前,记得先配置user.name和user.email:
|
[[email protected] gitolite-admin]$ git config --global user.email "[email protected]" [[email protected] gitolite-admin]$ git config --global user.name "admin" |
现在进入respositoeries,可以看到刚才配置的仓库edsserver.git了:
|
[[email protected] ~]$ cd repositories/ [[email protected] repositories]$ ll total 0 drwx------. 7 git git 134 Jan 26 18:19 edsserver.git drwx------. 8 git git 181 Jan 26 18:19 gitolite-admin.git drwx------. 7 git git 134 Jan 26 18:19 testing.git [[email protected] repositories]$ |
总结:以后增加用户或仓库就是用git用户登录服务器后,修改配置文件/home/gitolite-admin/conf/gitolite.conf,添加用户名或仓库名,同时将用户所使用机器上生成的密钥拷贝到/home/gitolite-admin/keydir目录下,然后git add、commit、push等一系列动作即可。
七. Windows上测试Git客户端
从 https://www.git-scm.com/download/win 下载git客户端windows版本,一步步缺省安装即可。
在windows资源管理器中想克隆仓库的目录下点击鼠标右键,选择Git Bash Here,弹出的命令行窗口中仍然是首先配置user.name和user.email:
|
$ git config --global user.email = "[email protected]" $ git config --global user.name = "aaa_nb" |
好了,现在可以clone了:
|
$ git clone [email protected]:edsserver.git |
任何本地修改后依此执行git add .、git commit -m “***”、git push origin master即可。
八. CentOS7.x上测试Git客户端
同样是先生成公钥:
|
[[email protected] ~]$ ssh-keygen -t rsa -C "[email protected]" |
改名:
|
[[email protected] ~]$ cd .ssh/ [[email protected] .ssh]$ cp id_rsa.pub aaa_server202.pub |
将此pub拷贝到git服务器的/home/gitolite-admin/keydir目录下:
|
[[email protected] keydir]$ ll total 12 -rw-rw-r--. 1 git git 400 Jan 26 17:29 admin.pub -rw-rw-r--. 1 git git 402 Jan 26 18:05 aaa_nb.pub -rw-rw-r--. 1 git git 402 Jan 26 19:17 aaa_server202.pub |
修改gitolite.conf,用户组user中添加aaa_server202。
然后git add .、git commit -m “***”、git push origin master。
好了,回到server202上clone吧:
|
[[email protected] ~]$ git clone [email protected]:edsserver.git |
原文地址:https://www.cnblogs.com/zjd1396/p/10324766.html