Friday, February 3, 2017

Gitolite

Requirement

We need private git repositories for internally use in our project so we use Gitolite for this requirement. Our client has a lot of consultants, partners and short term employees working with their code so they needed a good way of controlling access to the repos and preferably without giving each of them a unix user on the server where the repo is hosted.

What is Gitolite?

Gitolite is basically an access layer on top of Git. Users are granted access to repos via a simple config file and we as an admin only needs the users public SSH key and a username from the user. Gitolite uses this to grant or deny access to our Git repositories. And it does this via a git repository named gitolite-admin.


Installation


We need a public key and a Gitolite user through which we will setup the Gitolite.

In this case I have used my base machine(Ubuntu) public key so that only my machine can manage Gitolite.

Now we will copy this public key to a virtual machine

 
$ scp ~/.ssh/gitolite.pub git@192.168.0.20:/home/git


where vagrant is the user of my virtual machine & its IP is 192.168.0.20

Now we will install & create a gitolite user on remote machine which will be hosting gitolite.

root@git:~# apt-get install gitolite3

root@git:~# adduser gitolite
Now we need to remove password of gitolite user from below command

root@git:~# passwd -d gitolite

Let's move & change the ownership of this public key.

root@git:~# mv gitolite.pub /home/gitolite/
root@git:~# chown gitolite:gitolite /home/gitolite/gitolite.pub

Become the gitolite user

root@git:~# su - gitolite

Now setup the gitolite with the public key

gitolite@git:~# gitolite setup -pk gitolite.pub

Now to manage the repositories, users and access-rights we will download the gitolite-admin(git repository) to our base machine.

$ git clone gitolite@192.168.0.20:gitolite-admin
$ cd gitolite-admin
$ ls -l
total
8
drwxr-xr-x
2 nitin nitin 4096 Jan 10 17:52 conf/
drwxr-xr-x
2 nitin nitin 4096 Jan  9 13:43 keydir/

where “keydir” is the directory where we store our user’s keys and that key name must be same as existing username on the system.
In conf directory there is a “gitolite.conf” file which controls which repositories are available on the system and who has which rights to those repositories.
We just need to add new repository name & users who will access it and this file will create the repo & grant the permission on it accordingly.

Let us explore my gitolite.conf file in which I have added a new repository called “opstreeblog

$ cat conf/gitolite.conf

# Group name & members

@admin = nitin
@staff    = jatin james

# Gitolite admin repository

repo gitolite-admin
   RW+   = gitolite @admin

# Read-Write permission to all the users on testing repo

repo testing
   RW+    = @all

# Read-Write permission to user sandy & the admin group. And Read-Only access to staff group

repo opstreeblog
   RW+   = sandy @admin
   R         = @staff





where '@' denotes the user group i.e @staff is a group & jatin, james are the users of this group and these names must be similar to the key name stored in keydir directory.
For example "jatin" user must have the public key named "jatin.pub"

Let's have a quick test of our setup

$ git commit conf/gitolite.conf -m “added opstreeblog repo”

[master 357bbc8] added "opstreeblog" repo

1 files changed, 9 insertions(+), 1 deletions(-)

nitin@Latitude-3460:~/gitolite-admin$ git push origin master

Counting objects: 7, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 428 bytes, done.
Total
4 (delta 0), reused 0 (delta 0)
remote: Initialized empty Git repository in /home/gitolite/repositories/opstreeblog.git/
To gitbox:gitolite-admin d595439..357bbc8
master -> master

I hope that gives you a good overview of how to install and manage Gitolite.


EmotionsEmoticon