10.1. Gitolite

Gitolite is used to control access to the Diamond Light Source internal Git repository.

10.1.1. Installing Gitolite

It’s important to refer to the comprehensive gitolite documentation when installing, follow the instructions, and not take shortcuts. Doing so will bring you grief. Here’s what I did:

Define environment variables:

gitolite_server=dasc-git.diamond.ac.uk                                  # the server that hosts gitolite
gitolite_server_dev=dasc-git-dev.diamond.ac.uk                          # the test server that hosts gitolite (just used for testing the install)
gitolite_hosting_user=dascgitolite                                      # the userid that gitolite runs under
gitolite_admin=bmn54829                                                 # a userid that administers gitolite

As ${gitolite_admin}:

Generate a public/private keypair (you can use an existing key pair, or generate a new one):

ssh-keygen -t rsa                                                      # generate a keypair
cp -vi ~/.ssh/id_rsa.pub /dls_sw/dasc/pub/${gitolite_admin}.pub        # copy public key somewhere accessible
                 OR
ssh-keygen -t rsa -f ~/.ssh/id_rsa-gitolite.pub                        # generate a keypair with a non-standard name
cp -vi ~/id_rsa-gitolite.pub /dls_sw/dasc/pub/${gitolite_admin}.pub    # copy public key somewhere accessible

As ${gitolite_hosting_user}:

The install needs to be done on the hosting server:

ssh ${gitolite_server} OR ${gitolite_server_dev}
sudo su - ${gitolite_hosting_user}                                     # switch user via whatever mechanism you have available

Ensure the following lines are in /localhome/dascgitolite/.bashrc (put there by cfengine):

PATH=${PATH}:~/bin
test -f /etc/bashrc && . /etc/bashrc && module load git

Install gitolite:

git --version                                                          # check that git is loaded
echo $PATH                                                             # check that /localhome/dascgitolite/bin is on the PATH

cd ~
git clone git://github.com/sitaramc/gitolite.git gitolite_source
cd gitolite_source/
git tag -l
git checkout v2.1                                                      # or whatever tag you want
src/gl-system-install                                                  # installs into ~/bin ~/share/gitolite/conf ~/share/gitolite/hooks

Configure gitolite. This writes into ~/.gitolite.rc and ~/.gitolite/ (locations cannot be changed):

gl-setup /dls_sw/dasc/pub/${gitolite_admin}.pub                        # configures gitolite with ${gitolite_admin} as the gitolite administrator

At this point, you are using the vi editor to edit the configuration file. Referring to the vi reference as required, set:

$REPO_BASE="/var/www/dascgitolite_repositories";                       # this is backed up
$GL_WILDREPOS = 1;                                                     # allow wildcard in repository names

Save your changes and exit (:wq). Gitolite will then be set up.

Set up access:

gl-tool add-shell-user /dls_sw/dasc/pub/${gitolite_admin}.pub               # allows ${gitolite_admin} to ssh and get shell access as the ${gitolite_hosting_user}

10.1.2. Administering Gitolite

To administer Gitolite, the normal basic idea is to check out a copy of the gitolite-admin repository from the gitolite server, modify the configuration information, commit locally, then push back. See administering and running gitolite for details.

Warning

Unless you know what you’re doing, do not do anything manually on the server (except when the documentation says you should, for example to add custom hooks). In particular, adding new repositories or users or changing the access control rules should not be done directly on the server.

If you enter the following in your ~/.ssh/config, you can reduce the amount of typing you need to do:

Host gitolite-dev
    User dascgitolite
    HostName dasc-git-dev.diamond.ac.uk

Host gitolite
    User dascgitolite
    HostName dasc-git.diamond.ac.uk

To clone the gitolite-admin repository:

# if you haven't previously cloned gitolite-admin, do so now:
git clone ${gitolite_hosting_user}@${gitolite_server}:gitolite-admin ~/gitolite-admin
git clone ${gitolite_hosting_user}@${gitolite_server_dev}:gitolite-admin ~/gitolite-admin-dev

# if you have previously cloned gitolite-admin, make sure it's up to date:
git pull

10.1.2.1. Add a new user

To add new user someoneid, they need to provide their public key:

# clone gitolite-admin as described above
# add key to gitolite-admin/keydir/
cp -iv /tmp/someoneid.pub ~/gitolite-admin/keydir/someoneid@diamond.pub
# push change back to server
cd ~/gitolite-admin/
git add -A
git commit -m "add new user someoneid firstname lastname"
git push

10.1.2.2. Add a new repository

If you have an existing repository that you want to add to gitolite:

# clone gitolite-admin as described above
# add a rule for the new repository to gitolite-admin/conf/<group>.conf
cd ~/gitolite-admin/
gedit conf/<group>.conf
# push change back to server
git add -A
git commit -m "add new repository"
git push
# this creates an empty, clonable repo on the gitolite server

# now push the new contents to the gitolite server
cd your-copy-of-the-new-repository
# make sure all the branches are correct and no extra stuff, "temp" branches, etc., are present
git remote add origin dascgitolite@dasc-git.diamond.ac.uk:${reponame}.git
git push origin master

10.1.2.3. Other tasks

At some point you will need to refer to Creating the training repositories.

10.1.2.4. If the Git server dies

(to be written)

See also

Gitolite
Gitolite project home page on Github
The access control file gitolite.conf
Look here for information on the syntax of configuration file entries