The tutorial of using gitosis to install and build git server in CentOS 6.3

Time:2021-6-20

Git is a distributed version control system. When Git is used, it usually uses SSH protocol to communicate with the server. The main advantages of Using SSH are fast speed (data will be compressed before transmission, faster than HTTP), security and easy reading and writing.
 
There are two ways for clients to access the server through SSH, one is user name and password, the other is public and private key authentication. It is convenient to use public and private key, and there is no need to input password every time.

The public key of a trusted client will be set to ~ /. SSH / authorized on the server_ For the format of this file, please refer to the user manual man sshd. Authorized of sshd_ A powerful function of keys is to support the command parameter, which enables users to execute the following commands every time they use the public key for verification. In this way, some logic processing can be done

Generally, the management of GIT library needs permission control. How to manage the permission easily? authorized_ Keys is an idea. It specifies a specific command parameter. After verifying the user, it first executes the relevant logic to detect whether the current user has a certain permission. So there is gitosis. It is not so much a git privilege management system as an authorized one_ Keys file manager

Solution:

Environment deployment

Operating system:               centos6.3 x64
Git:                         git-1.7.1
Gitosis:                   Gitosis
Gitweb:                   1.7.1-3        
OpenSSH Server:     openssh-server-5.3p1
apache:                  httpd-2.4.4
python-setuptools:   python-setuptools-0.6.10-3
        
Git server(centos6.3 x64): node2.example.com
Git client(centos6.3 x64): node1.example.com

Server configuration:

1、 Turn off iptables and SELinux

Copy code

The code is as follows:

# service iptables stop
# setenforce 0
# vi /etc/sysconfig/selinux
—————
SELINUX=disabled
—————

2、 Synchronization time

Copy code

The code is as follows:

# ntpdate cn.pool.ntp.org

3、 Install Apache

Portal: https://www.jb51.net/article/54969.htm

4、 Install openssh

1. Yum to install openssh:

Copy code

The code is as follows:

# yum install openssh-server -y

2. Modify ssh server configuration:

Copy code

The code is as follows:

# vi /etc/ssh/sshd_config
——————————————————————————————
Port 22 # change to the login port you want
Permitrootlogin no # forbid root login
Strictmodes yes # check whether the user and authority of the key are correct. It is opened by default
Rsaauthentication yes? Enable RSA authentication
Pubkeyauthentication yes? Enables public key authentication
Passwordauthentication yes? Enables password authentication, which is on by default
Serverkeybits 1024 # changes to this state after modification, and changes the serverkey strength to 1024 bits
Permittemptypasswords no # changes to this state after modification. Login with empty password is prohibited
——————————————————————————————

3. Restart the service:

Copy code

The code is as follows:

# /etc/init.d/sshd restart

5、 Install Git

Copy code

The code is as follows:

# yum install git-core -y

6、 Install gitosis

1. Installing gitosis depends on Python setuptools package

Copy code

The code is as follows:

# yum install python-setuptools -y

2. Install gitosis

Copy code

The code is as follows:

# cd ~
# mkdir src
# cd src
# git clone https://github.com/tv42/gitosis.git
# cd gitosis
# python setup.py install

3. Create system users for gitosis

Copy code

The code is as follows:

# useradd -m git
# passwd git

4. Run gitosis

(1) Upload or copy the public key generated by the administrator to the server. The public key here needs to be created by Using SSH keygen command under git server administrator

Copy code

The code is as follows:

# su – git

Ensure that the web page has permission to display the warehouse content

Copy code

The code is as follows:

# chmod -R 755 /home/git
# ssh-keygen -t rsa
# cp ~/.ssh/id_rsa.pub /tmp

(2) . initialize gitosis

Enter the copied ID_ Directory of rsa.pub

Copy code

The code is as follows:

# cd /tmp
# gitosis-init < id_rsa.pub

At this point, the gitosis repository and configuration directory will be generated in the / home / git directory

Copy code

The code is as follows:

# cd /home/git
# ll
—————————————————————-
drwxr-xr-x 2 git git 4096 Aug 12 13:39 gitosis
drwxr-xr-x 4 git git 4096 Aug 12 13:39 repositories
—————————————————————

(3) . switch back to the current (root) user

Copy code

The code is as follows:

# exit

(4) . configure permissions

If you want others to be able to clone gitosis-admin.git, you need to do the following:

Copy code

The code is as follows:

# chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update

So far, the installation of gitosis has been completed, and its configuration can be operated by the administrator, and then submitted to the server

(5) Now you can try to SSH login to the server as the owner of the public key initializing gitosis. You should see something like this:

Copy code

The code is as follows:

# su – git
$ ssh [email protected]
————————————————
PTY allocation request failed on channel 0
ERROR:gitosis.serve.main:Need SSH_ORIGINAL_COMMAND in environment.
Connection to gitserver closed.
————————————————

Note that gitosis recognizes the user, but it cuts off the connection because no git command is running. Now run an actual git command – Clone gitosis’s control repository:
Clone git repository on your local computer

Copy code

The code is as follows:

# cd /tmp
# git clone [email protected]:gitosis-admin.git

This results in a working directory called gitosis admin, which consists of two parts:
Red is the GIT warehouse configuration, and blue is the file saved in the actual warehouse

Copy code

The code is as follows:

# cd gitosis-admin
# ll -a
———————————————————-
total 20
drwxr-xr-x 4 git git 4096 Aug 12 13:21 .
drwxr-xr-x 4 git git 4096 Aug 12 13:23 ..
drwxr-xr-x 8 git git 4096 Aug 12 13:22 .git
-rwxr-xr-x 1 git git 157 Aug 12 13:21 gitosis.conf
drwxr-xr-x 2 git git 4096 Aug 12 13:20 keydir
———————————————————–

The above operation is equivalent to that the GIT user of the system initializes and becomes the gitosis administrator, and uses its administrator authority to clone the gitosis admin warehouse locally

5. Add local user John and warehouse test to gitosis, and cooperate with git administrator to manage gitosis

1. User John adds and sends ID_ Rsa.pub to Git

Copy code

The code is as follows:

# su –
# useradd john & passwd john
# su – john
# ssh-keygen -t rsa
———————————————————–
Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
Created directory ‘/home/john/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
———————————————————–
# cp /home/john/.ssh/id_rsa.pub /tmp

2. Gitosis administrator git assigns John permission

Copy code

The code is as follows:

# su – git
# mkdir projects
# cd ~/projects
# git clone [email protected]:gitosis-admin
# cd gitosis-admin
# cat gitosis.conf
————————————————
[gitosis]
[group gitosis-admin]
writable = gitosis-admin
members = [email protected]
————————————————
# ls keydir/
————————-
[email protected]
————————-
# cp /tmp/id_rsa.pub keydir/john.pub
# vi gitosis.conf
————————————————————————————————————
[gitosis]
[group gitosis-admin]
writable = gitosis-admin
members = [email protected]
[group test]
writable = test
members = [email protected] john
————————————————————————————————————
# git add .
# git commit -am “add member john and project foo”
# git push

3. User git adds project test

Copy code

The code is as follows:

# su – git
# cd ~/projects
# mkdir test
# cd test
# git init
# echo “Hello World.” > hello.txt
# git add hello.txt
# git commit -am ‘first commit’
# git remote add origin [email protected]:test.git
# git push origin master

4. User John clone test and modify hello.txt

Copy code

The code is as follows:

# su – john
# git clone [email protected]:test.git
# cd test
# date >> hello.txt
# git commit -am ‘add time to hello.txt’ && git push

The whole process is divided into three parts

1. By modifying gitosis admin to manage the user permissions of gitosis, you need to clone to the local, then modify the configuration file, and finally add push to push the result to the remote to modify the permissions

2. Add the system user, generate the user’s public key, and copy it to keydir, so that the user has the authority to do GIT and other related operations

3. Log in to the user account for git related operations. After modification, commit and push to the server to complete the warehouse permission configuration

7、 Install gitweb

1. First of all, we need git source code with gitweb and can generate custom CGI scripts

Copy code

The code is as follows:

# git clone git://git.kernel.org/pub/scm/git/git.git
# cd git/
# make GITWEB_PROJECTROOT=”/home/git/repositories” prefix=/usr gitweb
# cp -rf gitweb /usr/local/apache2/htdocs/

Note: by specifying gitweb_ The projectroot variable tells the compiler the location of the GIT repository

2. Set Apache to run the script in CGI mode, and add a virtualhost configuration

(1) . load the Vhost configuration file of Apache

Copy code

The code is as follows:

# vi /usr/local/apache2/conf/httpd.conf

Search for the line containing httpd – vhosts and remove the comment
(2) Load CGID module to support Perl

Copy code

The code is as follows:

# vi /usr/local/apache2/conf/httpd.conf

Search contains Mod_ CGID. So line, and remove the line comment
(3) . configure virtualhost

Copy code

The code is as follows:

# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf

Add the following configuration:

Copy code

The code is as follows:

——————————————————————————————————————————
<VirtualHost *:80>
ServerName git.example.com
DocumentRoot /usr/local/apache2/htdocs/gitweb
<Directory /usr/local/apache2/htdocs/gitweb>
Options +ExecCGI
AllowOverride All
order allow,deny
Allow from all
AddHandler cgi-script cgi pl
DirectoryIndex gitweb.cgi
</Directory>
</VirtualHost>
——————————————————————————————————————————

(4) . install the time / hires.pm Perl module
Can’t locate time / hires.pm in @ Inc.. Error when opening web page for the first time
resolvent:

Copy code

The code is as follows:

# yum install perl-devel perl-CPAN -y
# perl -MCPAN -e shell
cpan[2]> install Time::HiRes
cpan[3]> exit

(5) . restart Apache service

Copy code

The code is as follows:

# /usr/local/apache2/bin/apachectl restart

(6) . modify native host and open git web page
http://git.example.com

be accomplished….