/Software Development

Setting up a GIT repository server with Gitolite for source control

There are lots of instructions for getting setup with git around on the web, however all of them seem very verbose and since this is the third time I’ve set up a git server I decided to write down a short version.

Setting up the Server

The machine I plan to use as the server has a 2TB RAID 1 hard disk configuration—I’d recommend at least RAID 1 for storing your valuable work.

I installed Ubuntu as the operating system.

Install SSH

After the OS is installed, I installed OpenSSH via the apt-get command at a Terminal window like so:

sudo apt-get install openssh-client openssh-server 

And, the suggested extras:

sudo apt-get install rssh molly-guard openssh-blacklist openssh-blacklist-extra

Configure OpenSSH

First, make a copy of the original settings just in case:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original

For security, I disable the root login via SSH for my git server by editing the config file:

sudo nano /etc/ssh/sshd_config

And then by updating the following setting to “no”:

PermitRootLogin no

Of course, since I also will be logging into SSH via different computers I will uncomment the following line:

AuthorizedKeysFile %h/.ssh/authorized_keys

I hit CTRL+O, then ENTER to save the file, then CTRL+X to exit nano.

Setting up the gitolite User

I’m going to be using a single account for handling the git repository through gitolite.

To do this, the first step is to create the group for the user:

sudo groupadd gitolite 

Then we create the user (obviously type a real password when you do it, and type an appropriate home path):

sudo useradd -ggitolite -d/home/gitolite -m -pPASSWORD gitolite

I’m going to switch over to the gitolite user for the next set of configurations:

sudo su gitolite

First I will generate an SSH key:

ssh-keygen -f ~/.ssh/id_rsa -N "" 

I will copy the public portion of the SSH key into my authorized\_keys file:

cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Granting users access to repositories

I don’t plan on using the gitolite user to actually do my work (and expect to work from various machines). In order to have access to the repositories the gitolite user will store, we must update the authorized\_keys file with an SSH key for the “work user”.

The first step is to log in as that work user, and generate an SSH key just as we did with the gitolite user (see above).

Once I’ve done that, I need to copy the public key and name it as the username I would like to use for the gitolite administrator:

cp ~/.ssh/id_rsa.pub /tmp/YOUR_ADMIN_NAME.pub

Installing Gitolite

While logged on as the gitolite user (gitolite in my case), I will clone the gitolite repository and install:

cd ~ git clone git://github.com/sitaramc/gitolite gitolite/src/gl-system-install gl-setup -q /tmp/YOUR_ADMIN_NAME.pub 

At this point switch back to the work user (or the user who’s name you used the .pub file in /tmp/

To make sure everything is setup correctly, we will clone the testing.git repository that was created during install:

cd ~ mkdir src cd src git clone gitolite:testing.git 

This will create a new directory called “testing”. Let’s create a testing file to make sure we are able to commit:

cd testing touch tmp git add tmp git commit -a -m "adding test file" git push origin master

Success at this point indicates everything is setup and ready to use…locally at least :)

Configuring the Firewall

Until now I can clone my git repositories on my computer through the user account where I do my work.

Now I need to configure the server so that I can clone the repositories from another computer and use them from there.

Enable the firewall:

sudo ufw enable

Enable ssh access from my private LAN (obviously substitute port and IP mask as appropriate for your network):

sudo ufw allow from 10.10.10.0/24 to any port 22

The next step is to make sure these changes have worked. To do this, you must go to another computer and open up a terminal there.

We will generate an SSH key same as we’ve been doing all along on this different computer, and we will need to copy it into the authorized_keys for gitolite:

sudo gedit /home/gitolite/.ssh/authotized_keys

I paste the SSH public key on a new line and add an authentication command on the same line right in front of the SSH key portion (obviously using the proper user name instead of WORK_USER_NAME):

 command="/home/gitolite/.gitolite/src/gl-auth-command WORK_USER_NAME",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty (pub key starting with "ssh-rsa" is here)

Save and close the file.

Test for ssh access:

 ssh gitolite@SERVER pwd 

If you get the home directory for the gitolite user returned, the firewall settings are correct and your second computer is now able to access the repositories.

NOTE: you might need to use the IP address of your server at this point if hostname resolution fails.

Bogdan Varlamov

Bogdan Varlamov

I believe technology makes life more worthwhile :)

Read More