Posts

Install Gitolite To Manage Your Git Repositories

This post has been depreciated. A newer post is available.
Gitolite Installation Step-By-Step

Recently, netSIGN asked me to setup gitolite to give external developers controlled access to git repositories. Gitolite enables easy management of this access control. In this post I will detail how I set this up.

The first thing to note about the gitolite install is that the installer is run remotely. Therefore, you will want to download the gitolite installation code onto your local machine.

git clone git://github.com/sitaramc/gitolite

This will fetch the gitolite code from github.

Cloning into gitolite...
remote: Counting objects: 3156, done.
remote: Compressing objects: 100% (1438/1438), done.
remote: Total 3156 (delta 2149), reused 2479 (delta 1681)
Receiving objects: 100% (3156/3156), 699.61 KiB | 268 KiB/s, done.
Resolving deltas: 100% (2149/2149), done.

You will need to setup the git user account on the remote machine, under which gitolite will run, so login.

ssh gitbox

gitbox is the hostname of the remote machine I am using. You can replace this with your remote machine’s hostname or IP.

Now create the user. I’m calling my user “gitolite”, but you can use “git” or anything else.

sudo adduser \
  --system \
  --shell /bin/bash \
  --gecos 'git version control' \
  --group \
  --disabled-password \
  --home /home/gitolite gitolite

In this example above /home/gitolite is where gitolite and your code repositories will live.

Now you can return to your local machine.

exit

Notice that when we created the user, we used –disable-password, which prevents us logging into the machine using a password. Therefore we’ll need to upload a ssh key for running the installer. Here, I will create a public and private keypair with the name id\rsa_gitolite_.

cd ~/.ssh
ssh-keygen -t rsa -f id_rsa_gitolite
cd ~

Hit return at the prompts to create the key without passphrase authentication.

You public key can be found here.

~/.ssh/id_rsa_gitolite.pub

And the private key here.

~/.ssh/id_rsa_gitolite

Now you’ll need to upload the public key to gitolite user account, so that we can log into that account using our private key.

scp ~/.ssh/id_rsa_gitolite.pub gitbox

Now login to the remote machine

ssh gitbox

and copy the key to the gitolite account.

sudo cp id_rsa_gitolite.pub /home/gitolite
sudo chown gitolite:gitolite /home/gitolite/id_rsa_gitolite.pub

Become the gitolite user

sudo su - gitolite

and add the gitolite public key to the list of authorized keys that can be used to login as this user.

mkdir .ssh
chmod 700 .ssh
cat id_rsa_gitolite.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
rm id_rsa_gitolite.pub

Now it’s time to return to you local machine.

exit # from gitolite user
exit # from remote machine

To make things simple on ssh side I recommend adding the configuration for the gitolite account to you ssh config.

vim ~/.ssh/config
Host gitbox
   User gitolite
   Hostname gitbox
   Port 22
   IdentityFile ~/.ssh/id_rsa_gitolite

Now you should be able to login to the remote machine as the gitolite user using the following…

ssh gitbox
exit

The installer command gl-easy-install takes the following arguments

gl-easy-install <user> <host> [ <port> ] <admin name> <host nickname>

If port is not given it will default to 22.

Now you can run the gitolite installer using the gitolite code we downloaded.

cd gitolite/src
./gl-easy-install gitolite gitbox gitadmin

If all went well you should have a checked-out gitolite-admin git repository in your home directory.

cd ~/gitolite-admin

This will be used for managing your users and git repositories. By simply editing conf/gitolite.conf and pushing it to the gitolite server you can create new repositories. Adding new users will involve adding an ssh key to the keydir. I will cover more on these in a follow-up post.

Comments

  1. airtonix

    1. Instead of hardconding the customisable names you should use a step to customise them :

    $REMOTE_HOST=”gitbox”
    $REMOTE_USER=”Phil”

    2. you need to specify the home directory of the remote user when copying the public key to the remote host

    scp ~/.ssh/id_rsa_gitolite.pub gitbox

    needs to be

    scp ~/.ssh/id_rsa_gitolite.pub $REMOTE_HOST:/home/$REMOTE_USER

  2. Website design

    Nice fast tutorial. Thank you.

    One remark though. Regarding “cat id_rsa_gitolite.pub >> .ssh/authorized_keys” …

    In my case gitolite user’s authorized_keys file needs to have following format in them:

    command=”/usr/share/gitolite/gl-auth-command johndoe”,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAvwKWiIoF23S6TXMEr8H2U18hkpuPrt5nOsUhqvR7XB8Wpkf7Al5SKNpgpfb/4CGVrSSzDvwmTN/cO6SDO3td8h1NBVl0APaAmZ7x6RFyoN5NCco/raOfVK+0Ktwg1Yoq7S8TdUKRP1phDHnHnlSkwbhzk1TETOEiSZTboH6FMHs johndoe@hostname

    Only putting pub key file in it did not work.

  3. Pradeep Sharma

    it should be ssh gitbox and not ssh gitolite

  4. Tim Orph

    Does anyone know if it is posible to use server where gitolite is installed, as client and edit repository files ? i don’t know where does even gitolite save this files on server so i could try “git status” or smth.

  5. Tim Orph

    Of course.. this is what I should do :)
    Thank you for making me realize.

  6. ed

    i believe the steps:

    cd gitolite/src
    ./gl-easy-install gitolite gitbox gitadmin
    is initiated from the client side. but who is gitadmin? what privileges does it have and on where?

    for absolute beginner, it is not clear in the article. can you add more details? thanks

  7. dale

    If you open the gl-easy-install file line 143 has a comment that “this *must* be run as “src/gl-easy-install”, not by cd-ing to src and then running “./gl-easy-install. You may want to update your gl-easy-install instructions.

    Excellent article, I have been struggling with the gitolite install, there’s many docs on it, but your’s made the most sense.

  8. Michal

    Unfortunately the file gl-easy-install is no longer distributed with gitolite and this “remote” installation is no longer possible. In short – when you use non-root installation method, you create your git user, clone gitolite, run src/gl-system-install and later gl-setup YourName.pub (on the server), clone your gitolite-admin repo (to the workstation)

  9. Roger Ivy

    Phil, do you have updated instructions for the most recent versions of both Gotolite and Ubuntu (12.04LTS)?

    It seems that this command is no longer valid: gl-easy-install

    I’ve tried these instructions but hit permission issues: https://github.com/sitaramc/gitolite

  10. Charles Burns

    I second what Roger Ivy says above: Love to see an updated version of thbis how-to for the most recent version of gitolite, since gl-easy-install doesn’t exist anymore…