首页 > 系统服务 > 详细

linux服务器上搭建gitolite实现对git server的版本库的权限控制

时间:2018-03-30 23:02:57      阅读:288      评论:0      收藏:0      [点我收藏+]
一、环境介绍:

1.1Git账户管理机器manage
ip:10.0.0.56

[root@manage ~]# cat /etc/redhat-release 
CentOS release 6.7 (Final)
[root@manage ~]# hostname
manage
[root@manage ~]# tail -2 /etc/hosts
10.0.0.56 manage
10.0.0.11 git-server

1.2.git远程版本库git-server
git远程版本库ip:10.0.0.11

[root@git-server ~]# cat /etc/redhat-release 
CentOS release 6.7 (Final)
[root@git-server ~]# hostname
git-server
[root@git-server ~]# tail -2 /etc/hosts
10.0.0.11 git-server
10.0.0.56 server

二、安装部署

2.1在git账户管理机器上(10.0.0.56)操作:

2.1.1安装git
[root@manage ~]# yum install git –y

2.1.2创建公钥和私钥
Git账户管理员需要在自己机器(10.0.0.56)上创建SSH公钥/私钥对。

ssh-keygen -f ~/.ssh/git-admin

[root@manage ~]# ll .ssh/
git-admin git-admin.pub known_hosts
2.1.3配置config文件
为了方便管理和不至于和其他公钥私钥混淆,先配置下SSH客户端的文件 ~/.ssh/config,
可以通过创建主机别名,在连接主机时,使用特定的公钥。例如 ~/.ssh/config 文件中的下列配置

[root@manage ~]# cat .ssh/config 
host git-server
  user git
  hostname 10.0.0.11
  port 22
  identityfile ~/.ssh/git-admin

把10.0.0.56管理员机器上的公钥copy到git-server(10.0.0.11)服务器上,

[root@manage ~]# scp .ssh/git-admin.pub git-server:/tmp/

提示:
注意1.git-server机器的sshd端口是必须是22端口,否则在配置免秘钥进行git提交代码时,会提交失败的
注意2.Git账户管理机器manage(10.0.0.56)上的/root/.ssh/config文件权限必须是600,否则在后续添加公钥时,会报错,提示权限不允许

[root@manage ~]# ll /root/.ssh/config
-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config
[root@manage ~]# chmod 600 /root/.ssh/config
[root@manage ~]# ll /root/.ssh/config 
-rw------- 1 root root 99 Mar 29 11:28 /root/.ssh/config

2.2在git-server远程版本库机器上操作:

在git-server git远程版本库(ip:10.0.0.11)机器上安装gitolite软件来管理git版本库账户
在Git-server git远程版本库安装git
参考文档:
http://blog.sina.com.cn/s/blog_4b5039210102e3r3.html

说明:
Gitolite其实也是一个git repository,首先在git-server机器上安装好后,在client端manage机器上把server上的repository clone下来,在本地做一些更改,再push回server,server端的hooks会根据push上来的配置来更新权限。
在git-server 上操作:

2.2.1在git-server 机器上创建git用户

useradd git
passwd  git 
123456

2.2.2在git-server上安装git和下载gitolite

在git的用户目录下执行下载gitolite软件包:

[root@git-server ~]# yum install git -y
 [root@git-server ~]# su - git
[git@git-server ~]$ git clone https://github.com/sitaramc/gitolite
Initialized empty Git repository in /home/git/gitolite/.git/
 remote: Counting objects: 9385, done.
remote: Total 9385 (delta 0), reused 0 (delta 0), pack-reused 9385
Receiving objects: 100% (9385/9385), 2.96 MiB | 95 KiB/s, done.
Resolving deltas: 100% (5805/5805), done.

2.2.3安装gitolite

[git@git-server ~]$ mkdir bin
[git@git-server ~]$ gitolite/install -to $HOME/bin
[git@git-server ~]$ ls
bin  gitolite
[git@git-server ~]$ cd bin
[git@git-server bin]$ ls
commands  gitolite  gitolite-shell  lib  syntactic-sugar  triggers  VERSION  VREF

会在bin下生成一个gitolite可执行文件

必须先在10.0.0.56机器把git-admin.pub公钥先拷贝到git-server10.0.0.11机器上

[root@manage ~]# scp .ssh/git-admin.pub git-server:/tmp/git-admin.pub
[git@git-server bin]$ gitolite setup -pk /tmp/git-admin.pub
[git@git-server ~]$ cd bin/
[git@git-server bin]$ ls
gitolite
[git@git-server bin]$ gitolite setup -pk /tmp/git-admin.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
WARNING: /home/git/.ssh missing; creating a new one
    (this is normal on a brand new install)
WARNING: /home/git/.ssh/authorized_keys missing; creating a new one
    (this is normal on a brand new install)
[git@git-server bin]$

此命令会在你的~/repositories/目录生成两个repository:gitolite-admin.git和testing.git

[git@git-server ~]$ cd repositories/
[git@git-server repositories]$ ls
gitolite-admin.git  testing.git
[git@git-server bin]$ ll /home/git/repositories/
total 8
drwx------ 8 git git 4096 Jul 23 15:53 gitolite-admin.git
drwx------ 7 git git 4096 Jul 23 15:53 testing.git

用户目录下生成一个project.list,默认里面有一个testing的git的project

[git@git-server ~]$ more projects.list 
testing.git

到此处gitolite安装完毕!

2.3再回到在manage端机器上操作:

克隆 git-server版本库上的gitolite-admin到manage账户管理端机器
!!!注意:

命令一定要是git clone git-server:gitolite-admin
而不是:git clone git-server:/home/git/repositories/gitolite-admin
更不是:git clone git-server:gitolite-admin.git

[root@manage ~]# git clone git-server:gitolite-admin

提示报错:

[root@manage ~]#  git clone git-server:gitolite-admin
Initialized empty Git repository in /root/gitolite-admin/.git/
Bad owner or permissions on /root/.ssh/config
fatal: The remote end hung up unexpectedly

权限不对,以下给600权限解决问题

[root@manage ~]# ll /root/.ssh/config
-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config
[root@manage ~]# chmod 600 /root/.ssh/config
[root@manage ~]#  git clone git-server:gitolite-admin
Initialized empty Git repository in /root/gitolite-admin/.git/
Warning: Permanently added ‘221.195.1.233‘ (RSA) to the list of known hosts.
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.

[root@manage ~]# ll gitolite-admin/
total 8
drwxrwxr-x 2 root root 4096 Mar 29 12:00 conf
drwxrwxr-x 2 root root 4096 Mar 29 12:00 keydir

clone完后会有个新的目录gitolite-admin,里面有两个文件夹conf和keydir,第一个目录中包含的是配置文件,里面就是记录权限配置的地方,第二个目录中则包含所有用户的pub key。

[root@manage ~]# ll gitolite-admin/*
gitolite-admin/conf:
total 4
-rw-r--r-- 1 root root 77 Jul 22 15:10 gitolite.conf
gitolite-admin/keydir:
total 4
-rw-r--r-- 1 root root 393 Jul 22 15:10 git-admin.pub
[root@manage ~]# cat gitolite-admin/conf/gitolite.conf 
repo gitolite-admin
    RW+     =   admin

repo testing
RW+     =   @all

首先 gitolite-admin只有admin有读写权限,其他人都不能读写
另外一个代码库testing是所有人都可以访问

2.4放置manage端机器的公钥文件git-admin.pub到gitolite-admin/keydir 目录下,然后提交到远程的版本库git-server上

[root@manage ~]# git add conf/ keydir/
[root@manage ~]# git status
[root@manage ~]# git push

在git-server 机器远程版本库上查看密钥文件:
[git@git-server ~]$ cat /home/git/.ssh/authorized_keys

#gitolite start
command="/home/git/gitolite/src/gitolite-shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzXc/2BPDIZ/3PnoXhgVEyZLdF5oiE+UuumBeOxcR2FGoGUVEaSWYOZ2zWYIk5RCzKNWb3d9Ur51l7DpQunmCUlvf4lOZ7UT68jnhAF/NNN9a6upEHBls5hpFvVp+DmqOYuVuWs+FQhShPvp70QJfsx/+gg14rw9A1/jN5GdgrrStYorNEE1Ut8/T1t9tNxsIlfwgd6pQPKpWJ11sANWx9U+DfUEAN4a0bCiZ/PQ+9aR+SJ1Y+H68pt2+iy4I8UXuhtgSqYTu5YmxsJlF3uoHypF4lOTqgiP0HYr8FNZ3KWg2ome8fUOnO2VbNvgAXafhLEfBd5zxd6YChDHwfIclvQ== root@manage
#gitolite end

此时你可以免秘钥在manage机器上进行克隆远程版本库上的代码:

[root@manage ~]# git clone git-server:gitolite-admin
Initialized empty Git repository in /tmp/gitolite-admin/.git/
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
[root@manage ~]# ll gitolite-admin
total 8
drwxrwxr-x 2 root root 4096 Mar 30 21:57 conf
drwxrwxr-x 2 root root 4096 Mar 30 21:57 keydir

如果注释掉[git@git-server ~]$ ll /home/git/.ssh/authorized_keys这个文件的内容,在你克隆的时候回提示让你输入密码,同事即使你输入密码,clone远程版本库的代码依旧会失败

[root@ tmp]# git clone git-server:gitolite-admin
Initialized empty Git repository in /tmp/gitolite-admin/.git/
zydrgit@221.195.1.233‘s password: 123456
fatal: ‘gitolite-admin‘ does not appear to be a git repository
fatal: The remote end hung up unexpectedly

linux服务器上搭建gitolite实现对git server的版本库的权限控制

原文:http://blog.51cto.com/wujianwei/2093199

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!