Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

280 lines (208 sloc) 9.885 kb

gitolite install transcript

In this document:


about this document

This is a complete transcript of a full gitolite install, from scratch, using brand new userids ("sita" on the client, "git" on the server). Please note that you can use existing userids also, it is not necessary to use dedicated user IDs for this. In particular, people who have a single user hosting account can also use this method, as long as they have password access as a fallback if they screw up the keys somewhere. Also, you don't have to use some other server for all this, both server and client can be "localhost" if you like.

Please note that this entire transcript can be summarised as:

  • create users on client and server (optional)
  • get pubkey access to server from client (ssh-copy-id or manual eqvt)
  • run one command on client (gl-easy-install)

...and only that last step is actually gitolite. In fact, the bulk of the transcript is non-gitolite stuff :)

Please also note that this method will setup everything on the server, but you have to run it on your workstation, NOT on the server!


create userids on server and client (optional)

Client side: add user, give him a password

sita-lt:~ # useradd sita

sita-lt:~ # passwd sita
Changing password for user sita.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

Server side: (log on to server, then) add user, give it a password

sita-lt:~ # ssh sitaram@server
sitaram@server's password:
Last login: Fri Dec 18 20:25:06 2009
-bash-3.2$ su -
Password:

sita-sv:~ # useradd git

sita-sv:~ # passwd git
Changing password for user git.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

Server side: allow ssh access to "git" user

This is done by editing the sshd config file and adding "git" to the "AllowUsers" list (the grep command is just confirming the change we made, because I'm not showing the actual "vi" session):

sita-sv:~ # vim /etc/ssh/sshd_config

sita-sv:~ # grep -i allowusers /etc/ssh/sshd_config
AllowUsers sitaram git

sita-sv:~ # service sshd restart
Stopping sshd:                                                  [  OK  ]
Starting sshd:                                                  [  OK  ]

NOTE: if the AllowUsers setting is completely missing from the sshd config file, all users are allowed (see man sshd_config). You may prefer to leave it that way -- your choice. I prefer to make the usernames explicit because I'm paranoid ;-)


get pubkey access from client to server

This involves creating a keypair for yourself (using ssh-keygen), and copying the public part of that keypair to the ~/.ssh/authorized_keys file on the server (using ssh-copy-id, if you're on Linux, or the manual method described in the ssh-copy-id section in doc/3-faq-tips-etc.mkd).

sita-lt:~ $ su - sita
Password:

sita@sita-lt:~ $ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sita/.ssh/id_rsa):
Created directory '/home/sita/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sita/.ssh/id_rsa.
Your public key has been saved in /home/sita/.ssh/id_rsa.pub.
The key fingerprint is:
8a:e0:60:1b:04:58:68:50:a4:d7:d0:3a:a5:2d:bf:0a sita@sita-lt.atc.tcs.com
The key's randomart image is:
+--[ RSA 2048]----+
|===.             |
|+o oo            |
|o..=.            |
|..= .            |
|.o.+    S        |
|.oo... .         |
|E.. ...          |
| .  .            |
|  ..             |
+-----------------+

sita@sita-lt:~ $ ssh-copy-id -i ~/.ssh/id_rsa.pub git@server
git@server's password:
/usr/bin/xauth:  creating new authority file /home/git/.Xauthority
Now try logging into the machine, with "ssh 'git@server'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Double check to make sure you can log on to git@server without a password:

sita@sita-lt:~ $ ssh git@server pwd
/home/git

DO NOT PROCEED UNTIL THIS WORKS OK!


get gitolite source

sita@sita-lt:~ $ git clone git://github.com/sitaramc/gitolite gitolite-source
Initialized empty Git repository in /home/sita/gitolite-source/.git/
remote: Counting objects: 1157, done.
remote: Compressing objects: 100% (584/584), done.
remote: Total 1157 (delta 756), reused 912 (delta 562)
Receiving objects: 100% (1157/1157), 270.08 KiB | 61 KiB/s, done.
Resolving deltas: 100% (756/756), done.

install gitolite

Note that gitolite is installed from the client. The easy-install script runs on the client but installs gitolite on the server!

sita@sita-lt:~ $ cd gitolite-source/src

This is the only gitolite specific command in a typical install sequence. Run it without any arguments to see a usage message. Run it without the -q to get a more verbose, pause-at-every-step, install mode that allows you to change the defaults (for example, if you want a different UMASK setting, or you want the repos to be in a different place, etc.)

sita@sita-lt:src $ ./gl-easy-install -q git server sitaram
you are upgrading     (or installing first-time)     to v0.95-38-gb0ce84d
setting up keypair...
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sita/.ssh/sitaram.
Your public key has been saved in /home/sita/.ssh/sitaram.pub.
The key fingerprint is:
2a:8e:88:42:36:7e:71:e8:cc:ff:4c:54:64:8e:cf:19 sita@sita-lt.atc.tcs.com
The key's randomart image is:
+--[ RSA 2048]----+
|         o       |
|        =        |
|       . E       |
|        + o      |
|    .  .S+       |
| + o ...         |
|+ = + ..         |
|oo B .o          |
|+ o o..o         |
+-----------------+
creating gitolite para in ~/.ssh/config...
finding/creating gitolite rc...
installing/upgrading...
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
Pseudo-terminal will not be allocated because stdin is not a terminal.
fatal: No HEAD commit to compare with (yet)
[master (root-commit) 2f40d4b] start
 2 files changed, 13 insertions(+), 0 deletions(-)
 create mode 100644 conf/gitolite.conf
 create mode 100644 keydir/sitaram.pub
cloning gitolite-admin repo...
Initialized empty Git repository in /home/sita/gitolite-admin/.git/
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.


---------------------------------------------------------------

done!

Reminder:
    *Your* URL for cloning any repo on this server will be
        gitolite:reponame.git
    *Other* users you set up will have to use
        git@server:reponame.git

    If this is your first time installing gitolite, please also:
        tail -31 ./gl-easy-install
    for next steps.

VERY IMPORTANT...

Please read the text that the easy-install command produces as output when you run it. People who fail to read this get into trouble later. And I didn't write all that because I wanted to practice typing.

The text just above this section is an approximation; your version will contain the correct URLs for your install, including port numbers if non-standard ports were used).

Try out that tail -31 ./gl-easy-install too :)

examine what you have

The last step of the previous command creates a local clone of your gitolite-admin repo in ~/gitolite-admin.

sita@sita-lt:src $ cd ~/gitolite-admin/

sita@sita-lt:gitolite-admin $ git --no-pager log --stat
commit 2f40d4bb80d424dc39aae5d0973f8c1b2e395666
Author: git <git@sita-lt.atc.tcs.com>
Date:   Thu Dec 24 21:39:15 2009 +0530

    start

 conf/gitolite.conf |   12 ++++++++++++
 keydir/sitaram.pub |    1 +
 2 files changed, 13 insertions(+), 0 deletions(-)

And that's really all. Add keys to keydir here, edit conf/gitolite.conf as needed, then add, commit, and push the changes to the server.

emergency password access

If you lose your keys or the worst happens and you use the wrong key for the wrong thing and apparently lose all access, but you still know the password, this is what you do:

sita@sita-lt:~ $ ssh -o preferredauthentications=password git@server
git@server's password: 
Jump to Line
Something went wrong with that request. Please try again.