My research group uses gitlab to manage projects for which each researcher is working on. The projects server is accessible on https://gitlab.com/our-lab-name. My specific project as accessible on: https://gitlab.com/our-lab-name/my-project-name
I would like to remove unreferenced LFS files, so I proceeded as far GitLab documentation.
sudo gitlab-rake gitlab:cleanup:orphan_lfs_file_references PROJECT_PATH="https://gitlab.com/our-lab-name/my-project-name"
I, [2022-05-09T12:33:40.101636 #30556] INFO -- : Specify the project with PROJECT_ID={number} or PROJECT_PATH={namespace/project-name}
Then supplied my project ID (Project ID: 14xxxx41):
sudo gitlab-rake gitlab:cleanup:orphan_lfs_file_references PROJECT_ID=14xxxx41
I, [2022-05-09T12:45:23.865401 #32224] INFO -- : Specify the project with PROJECT_ID={number} or PROJECT_PATH={namespace/project-name}
None seems to work.
What is your suggestion?
gitlab-rake commands are intended for use by self-hosted GitLab administrators only. Since you are using gitlab.com, you cannot use gitlab-rake commands to administrate your GitLab projects.
These commands are intended to be run directly on the GitLab server, which you would only have access to as an administrator of the server. In the case of GitLab.com, only certain GitLab.com employees can perform console escalations.
You'll notice the documentation states this feature is for self-managed customers only (that is, you run your own gitlab instance on your own servers) and is not available in GitLab SaaS (gitlab.com).
git#domain already exists in my university network.
However, the Ubuntu 18.04 server that host git#domain is very unstable.
So I wished to set up a Debian server and install with Git.
Can I use hostname other than git to setup Git server?
It is necessary to create git user account for Git server to work?
Because I read many guides[1][2][3], all of them ask to run adduser git command.
It is recommended to create a dedicated account (for security reason as commented)
However, nothing in Git involves a specific user name.
And git#aserver can be seen as an SSH URL, which means there would not even be a "Git server", but simply an sshd (SSH daemon) listening for queries in order to access repositories owned by that account( be it named 'git' or any other name)
At my workplace we have some computer labs. In these laboratories each computer has the operating system windows and linux. Both systems are in our AD domain.
I did a lab of tests and I have a functional puppet server. I put some nodes/agents as root and Everything working perfectly when I run puppet agent -t.
The problem:
When I log in with a domain user (e.g: xiru) on linux machines and run the puppet agent -t command, a new certificate is generated, but an error occurs warning that it does not match the server's certificate.
For the domain users, the puppet creates the new certificate on the path: /home/<user>/.puppetlabs/etc/puppet/ssl
Linux machines names in the test:
mint-client.mycompany.intra
ubuntu-client.mycompany.intra
I try set certname variable on the puppet conf, but the error remains.
[main]
certname = mint-client.mycompany.intra
[agent]
server = puppet.mycompany.intra
How can I get around this and make it always with the same certificate that I configure via root user?
I think you must setup your environtment to accept non-root users.
When you run it, do you use sudo or the users are present on sudoers?
If its not, on puppet docs theres some tips to run it as non-root users...
Installation and configuration
To properly configure non-root agent access, you need to:
Install a monolithic PE master
Install and configure PE agents, disable the puppet service on all nodes, and create non-root users
Verify the non-root configuration
Install and configure a monolithic master
As a root user, install and configure a monolithic PE master. Use the web-based installer or the text-mode installer.
Use the PE console to make sure no new agents can get added to the MCollective group.
a. In the console, click Nodes > Classification, and in the PE Infrastructure group, select the PE MCollective group.
b. On the Rules tab, under Fact, locate aio_agent_version and click Remove.
c. Commit changes.
Install and configure PE agents and create non-root users
1. On each agent node, install a PE agent while logged in as a root user. Refer to the instructions for installing agents.
2. As a root user, log in to an agent node, and add the non-root user with puppet resource user <UNIQUE NON-ROOT USERNAME> ensure=present managehome=true.
Note: Each and every non-root user must have a unique name.
3. As a root user, still on the agent node, set the non-root user’s password. For example, on most *nix systems run passwd
4. By default, the puppet service runs automatically as a root user, so it needs to be disabled. As a root user on the agent node, stop the service by running puppet resource service puppet ensure=stopped enable=false.
5. Disable the MCollective service on the agent node. As a root user, run puppet resource service mcollective ensure=stopped enable=false.
6. Disable the PXP agent.
a. In the console, click Nodes > Classification* and in the PE Infrastructure group, select the PE Agent group.
b. On the Classes tab, select the puppet_enterprise::profile::agent class, and set the parameter pxp_enabled to false.
7. Change to the non-root user.
Tip: If you wish to use su - <NON-ROOT USERNAME> to switch between accounts, make sure to use the - (-l in some unix variants) argument so that full login privileges are correctly granted. Otherwise you may see “permission denied” errors when trying to apply a catalog.
8. As the non-root user, generate and submit the cert for the agent node. From the agent node, execute the following command:
puppet agent -t --certname "<UNIQUE NON-ROOT USERNAME.HOSTNAME>" --server "<PUPPET MASTER HOSTNAME>"
This Puppet run submits a cert request to the master and creates a ~/.puppet directory structure in the non-root user’s home directory.
9. As an admin user, log into the console, navigate to the pending node requests, and accept the requests from non-root user agents.
Note: It is possible to also sign the root user certificate in order to allow that user to also manage the node. However, you should do so only with great caution as this introduces the possibility of unwanted behavior and potential security issues. For example, if your site.pp has no default node configuration, running agent as non-admin could lead to unwanted node definitions getting generated using alt hostnames, which is a potential security issue. In general, if you deploy this scenario, you should ensure that the root and non-root users never try to manage the same resources,ensure that they have clear-cut node definitions, and ensure that classes scope correctly. As the non-root user, run puppet config set certname <UNIQUE NON-ROOT USERNAME.HOSTNAME> --section agent.
10. As the non-root user, run puppet config set server <PUPPET MASTER HOSTNAME> --section agent. Steps 7 and 8 create and set the configuration for the non-root agent’s puppet.conf, created in /.puppetlabs/etc/puppet/ in the non-root user’s home directory.
[main]
certname = <UNIQUE NON-ROOT USERNAME.HOSTNAME>
server = <PUPPET MASTER HOSTNAME>
11. You can now connect the non-root agent node to the master and get PE to configure it. Log into the agent node as the non-root user and run puppet agent -t.
Source: https://puppet.com/docs/pe/2017.1/deploy_nonroot-agent.html
Check the permissions. To make it work, you can provide relevant permissions to the folder where certificates are stored, so that domain user has permissions on the certificates.
I have a Plan , I am create some user on my server but I want give them restrict for access our Server like
that user can use git like (push,pull,clone,ect)
that user cannot login ssh
that user can be use sftp for manage project using ftp or sftp client, and cannot access(read,write,execute) filesystem directory . only project folder can they accesed.
I know git need ssh for do it git system.it's look weird question, it's possible using git like I mean ?
Well, you may use git-shell as a shell for git-only user (see man git-shell). Regarding sftp newer OpenSSH has ChrootDirectory directive, see http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP#Chrooted_SFTP-only_Accounts
We have Redhat Linux server, GIT was already installed on this server and we need to create a local repository.
We have TFS-GIT project in TFS 2015, we need to clone the TFS-GIT repository to the GIT repository on Linux by using GIT commands.
For this task, we created a empty local repository on Linux, and configured the basic authentication and configured the SSL certification by using server manager.
Still getting "Fatal: authentication error" to connecting TFS-GIT repository on windows server 2012 . We tried in different ways but still we are getting same error.
Am using my basic credentials like which I used for server logins and I have only id and password for everything.
Is there any specific kind of passsord I need to use for this?
Please advise me on this
Thanks in advance
You have done all as it should be.
You need to copy your public key of the desired user to the Unix server as well so it will work.
How to setup ssh-key?
# generate the key (local machine)
ssh-keygen -t rsa
# copy the generated key to your unix machine (server)
# the key is in : %HOME%/.ssh/id_rsa.pub
# In widows its under your user account: Users/<user_name>
Other ways
If you have only username and password you might need to use http/https.
Read here how to set it up/