Funtoo:Metatools/Advanced Usage/Gitolite Setup

From Funtoo
< Funtoo:Metatools‎ | Advanced Usage
Revision as of 21:37, January 21, 2020 by Drobbins (talk | contribs) (Created page with " == Overview == For our local development setup, we will be using [http://gitolite.com gitolite]. Gitolite will make things quite a bit easier by managing git repositories fo...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Overview

For our local development setup, we will be using gitolite. Gitolite will make things quite a bit easier by managing git repositories for us. Think of gitolite as your own private GitHub that has no Web user interface (we modify its settings by pushing to its special gitolite-admin repo) and you'll have a pretty good idea of what gitolite does. We will be using the following systems in these examples:

  • repohost - this system will be running gitolite under the repos user account and will house git repositories for meta-repo and kits so that they are stored at a handy central location. If you are going to be using your dev workstation as your "repohost", you can simply replace all references to repohost with localhost below :)
  • ryzen - in these examples, this will be the primary development workstation, which will be used for editing cloned git code as well as generating custom kits. Once generated, the custom meta-repo and kits are pushed up to repohost.
   Note

When you follow this guide, it is certainly possible to have repohost and ryzen be the same computer. If you set things up this way, simply use localhost instead of repohost in all command-line steps and configuration files.

   Important

This document assumes you have basic knowledge of ssh-keygen and how to generate public/private SSH key pairs. If you don't know how to to this, see Generating SSH Keys for quick steps or OpenSSH Key Management, Part 1 for a more detailed introduction. For this article, you'll probably want to generate a private keys without a passphrase, which is more convenient but a much greater security risk if the private key gets compromised, or one with a passphrase but using keychain to manage ssh-agent for you.

Gitolite

Installation

To set up gitolite on your LAN, first choose a system that will be used to house your meta-repo and kits git repositories. You can do this on the same system you will be using for testing (and even development), or you can set it up on a dedicated system. It's actually fine to set this up anywhere on the Internet, as git will use ssh to access this repository, but for the purposes of this article, we're assuming you're setting it up somewhere on your LAN. We will refer to this system as repohost.

On this system, perform the following steps as root:

root # useradd -m repos

The repos user will be a dedicated user account on the system that will have gitolite enabled and will house our git repositories. Now, we are going to su to this new user on repohost and perform gitolite configuration:

root # su --login repos
user $ git clone https://github.com/sitaramc/gitolite
user $ install -d ~/bin

Now, as the repos user, add the following to the end of your ~/.bashrc file:

   ~/.bashrc
export PATH=$HOME/bin:$PATH

What we're doing is setting up a bin directory where the gitolite command will be installed, which will be in your path, so that you can use it more easily. With this done, perform the following steps:

user $ source ~/.bashrc
user $ gitolite/install -ln

Now, your repos account is almost ready to be used for hosting repositories. The way gitolite works is that it is going to basically take over ssh access to the account, so that when you connect via ssh with git, it will perform its own authentication. For this to work, you will need to enable your own "master key" to access gitolite. To do this, you'll want to decide from which account you'll want to administer gitolite itself. I prefer to use my "drobbins" account on my development workstation ryzen, so I will copy my ssh public key from ~/.ssh/id_rsa.pub to /var/tmp/ryzen-drobbins.pub on the gitolite system, and then perform the following steps to "prime" gitolite with this admin public key:

user $ gitolite setup -pk /var/tmp/ryzen-drobbins.pub

Gitolite will now be initialized to recognize the drobbins remote account as an administrator, which will allow this remote account to clone from repos@repohost:gitolite-admin and push any changes to this special git repository which contains the master configuration for gitolite. This is important because we will be performing the rest of gitolite setup over ssh, using this account.

   Note

OK, gitolite is installed on repohost! From this point forward, we will be using the drobbins (or equivalent) account on your development workstation to configure gitolite remotely.

   Note

If you are setting up gitolite on a separate server, and assuming you have ssh properly configured, it would be prudent at this point to test the connection to the remote server from your local workstation . Perform ssh -T, or ssh test command appropriate to your setup, as shown below to verify you can connect:

user $ ssh -T repos@remote-server-name

You should receive confirmation message similar to:

hello repos, this is repos@remote-server-name running gitolite3 v3.6.11-3-g39293e6 on git 2.19.1

 R W	gitolite-admin
 R W	testing

If you receive the following message during testing:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
...

then localization settings for the remote server have not been completed. If remote server is Funtoo-based, complete the steps on the page Funtoo Linux Localization on the remote server.

gitolite-admin Clone

Now that gitolite is ready on repohost, we can do everything else remotely. I am going to use the drobbins account on my development workstation ryzen, and you will use whatever account is associated with the public key you loaded into gitolite. I like storing my development repos in /var/src on ryzen, so I'll go ahead and clone the gitolite-admin repo to that location so it can live along all my other git repos. Feel free to put this git repo wherever you like to store git repos that you develop on:

user $ cd /var/src
user $ git clone repos@repohost:gitolite-admin
user $ cd gitolite-admin

We are now ready to configure gitolite. We'll do this by modifying conf/gitolite.conf in the git repo and adding new ssh public keys to keydir/ as needed. You will see that the initial public key you used to "prime" gitolite already exists in keydir/. Once we change the configuration, and potentially add new public ssh keys that we want to grant access to gitolite-managed repositories, we'll perform a git commit and git push, and if gitolite doesn't complain about our changes, they'll take effect immediately. We'll go through our initial configuration steps below.

gitolite Configuration

Since I will be generating meta-repo and kits on ryzen, this system will need to have permissions to create repositories in gitolite. Although I do my regular development as the drobbins user, I will be running the meta-repo generating script on ryzen as root, so the root user on ryzen needs to be granted access to gitolite. I would typically do this on ryzen as follows. First, as root, grab root's public ssh key:

root # cp /root/.ssh/id_rsa.pub /var/tmp
   Note

If /root/.ssh/id_rsa.pub doesn't exist, you can create it by typing ssh-keygen -t rsa as root and specifying no passphrase for encryption.

Then, as my regular drobbins user that I typically use to perform development, I will install root's public key in my cloned gitolite repository. This is the first step to grant the ryzen root user direct access to gitolite:

user $ cd /var/src/gitolite-admin
user $ cp /var/tmp/id_rsa.pub keydir/ryzen-root.pub
user $ git add keydir/*
   Note

It's important to change the filename of the public keys you are adding to the gitolite-admin repository. I typically use the format host-user.pub.

Now, we're ready to edit conf/gitolite.conf so that it looks like this:

   gitolite.conf
# Group definitions below, starting with @. This makes it easy to associate multiple ssh keys with a particular person.

@drobbins = ryzen-drobbins
@repomgr = ryzen-root

# To enable read-only access to your meta-repo and kits, use this along with
# commented-out line under wildrepo. You will need to add box1-root.pub and
# box2-root.pub to keydir/ as well. This is good for boxes that will be testing
# your meta-repo and kits only but should not be able to modify them.

#@reporead = box1-root box2-root

# repositories:

# SPECIAL ADMIN REPO BELOW -- modify with care! I've switched over to using the @drobbins group instead of 
# referencing the individual ryzen-drobbins key directly.

repo gitolite-admin
    RW+     =   @drobbins

# AUTO-CREATED (wild) REPOS: gitolite will auto-create repos under wildrepo/ for us
# upon initial clone of any path within, if the repo doesn't already exist.

repo wildrepo/..*
    C       =   @repomgr
    RW+     =   @repomgr @drobbins
# NOTE: to enable read-only access for certain boxes, uncomment this line:
#   R       =   @reporead

Now, we will want to commit and push our changes in the gitolite repo so they take effect -- This is how gitolite configuration changes are applied:

user $ git add .
user $ git commit -a -m "Initial setup"
user $ git push
Enumerating objects: 10, done.
Counting objects: 100% (10/10), done.
Delta compression using up to 12 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 607 bytes