Please excuse the frustrating undertones as I have attempted to get this set up correctly multiple times to no avail (possibly and most likely due to my ignorance, but also likely due to the lack of thorough and concise documentation).
I am trying to set up a git server so that I can share code amongst a small team of developers. Each developer may connect from multiple client PC's. I come from MS in the past so I am a bit spoiled in regards to development toolset, but it would be awesome if I could get something similar to TFS.
When trying to set up either gitosis (I understand this is deprecated for the git community per https://serverfault.com/questions/225495/ubuntu-server-gitosis-user-naming-convention) or gitolite, it seems as though as soon as I set it up I have to be extremely careful because it seems everything is balancing on toothpicks.
My latest attempt to set up a git server included moving my public key (benny.pub) from my laptop to the server, setting everything using that public key and pulling down the config to set up a repo and permissions. I then realized I want to develop on another PC so I created a new key (benny#desktop.pub) and renamed benny.pub to benny#laptop.pub which screwed things up obviously. This is where I know I was dumb by changing the name.
My question after a long-winded description is this: how can I set up a sturdy self-hosted git server with the ability to have multiple developers log in from multiple machines while maintaining security, etc? There has to be a proven technique (gitolite describes maybe 4-5 different ways...also frustrating) to do this as I'm sure I'm not the only one trying to do this exact same thing. Maybe git isn't right for my team?
Any help is greatly appreciated!
From my experience, all you need is a SSH server with a single git account/login that you are able to connect to using one of your public keys. Install gitolite using SSH (copies gitloite from your client to the server & does the basic setup) and have your developers send you their public keys. Add these keys to the gitolite-admin repository in your ~ and push.
Why does a developer need more than one keypair in the first place, even if multiple machines are used? Such cases will neither influence how SSH handles authentication nor how gitolite handles authorization: they're still SSH keys.
If a developer has to use several keypairs (one for git, another for some other server), let them handle the complexity and advise them to create an entry in ~/.ssh/config for each keypair/server combination they use.
If a developer has a different keypair on every machine used, gitolite groups can combine several public keys:
#agross = agross-1 agross-2
A couple of pointers:
The section about git on the server on Scott Chacon's pro git book
Gitorious is FOSS
I maintain a gitosis config at work, and when a developer has multiple ssh keys, all I have to do is put all these keys in the same keydir/user.pub file.
So concatenate all your keys into keydir/benny.pub and you shoud be all set.
There are a few open source git hosting solutions with a web-based UI for creating repositories and adding users (like GitHub:FI)... though I don't know about restricting access:
Gitorious (Ruby)
InDefero (PHP)
Girocco (Perl, shell scripts)
HTH
i am using debian with every developer having an account on the server. i use ssh with private key login. Finally a developer has to use a url like ssh://username#example.com/git-repo/repo.git to checkout or in any case interact with git on repo
I think the problem is that you ssh client (windows or linux version) is not finding the key file. I had the same problem and solved this way:
In my notebook, generated the key file (rafael.nicoletti#mycorporation) in ~/.ssh folder (where ~ is home folder. windows version is %HOME% env)
I added a file name config in ~/.ssh with following content:
IdentityFile ~/.ssh/rafael.nicoletti#corporation
In every location i want to access my git servers, i just copy those files in my %HOME% folder
You can also put the some things like this in config file:
IdentityFile /d/identity.key
IdentityFile /e/identity.key
IdentityFile /f/identity.key
IdentityFile /.../identity.key
So the config will look for keys in removable medias.
Related
I am tasked with monitoring the changes made to the source files of a website. I am not developing the website, just watching it. I am a firm believer in using version control, and am a fan of git, but the developer who is actually maintaining the site is not, and I have decided it is better to let him continue to work however he wants (don't ask). I do not want to have to give him any instructions whatsoever (except possibly telling him that I am adding files or directories that he can ignore).
I consider myself an intermediate-level user of git, so I want to run this by an expert or two.
I am thinking I can install git on the (Linux) server, and then ask for status, and do commits, via SSH. Will this work without jeopardizing the normal operation of the web server?
Yes, using Git on a server should not interfere with the normal operation of the server (as mentioned in the comments, doing this on a production server is dodgy but I'll leave that to one side.)
Note that using Git normally will create a .git directory at the root of whatever you're tracking. If that is your web server root directory, you might want to consider whether this is a risk as far as external access to the contents of the .git directory (depending on your server setup, this may or may not be a concern).
If you want to create the .git directory somewhere else outside your working tree, see the GIT_DIR environment variable.
Is there any way to say to GIT to stop copying file group and owner settings? My situation is as followed:
I am developing on home server where I need to use my users permissions (not root) in order to develop in Eclipse IDE (Eclipse crying if files are in root owner and group as it cannot work with them).
Once I am done, I am using GIT to synchronize with remote server which is running on Red Hat and file/folders groups and owners are server specific. However when I will synchronize it will copy my home servers permissions as well and apache on remote server throwing errors as it cannot read files so I need to reset it myself after every commit on new/changed files.
Any thoughts how to change my workflow?
P.S: I am using Linux/Debian on home server
Check the answer here: How do you deal with file ownership in git?
You're not doing anything wrong, this is just basic git behavior. You can change the permissions locally to what they need to be on the server and do a new commit. Or you can create a script to fix all of the ownerships/permissions on the server when you do your sync.
If you are using a git push to push the changes to your server via a git repository on the server, you can create a post-receive hook to call this script.
http://git-scm.com/book/en/Customizing-Git-Git-Hooks
One other thing did occur to me. A lot of Linux distros set the default umask as 0077 or 0007. Since I'm the only one using my laptop, I changed mine to 0002 since it just makes many things easier (plus my home directory is still 700). So all files I create will be rwxrwxr-x. Changing your umask would keep you from needing to think about setting the permissions later.
I found my answer to my question after a while and though I will answer just for the record.
User/group ownership is not shared (and therefore stored) through the repository. Only numeric file permissions are transferred (e.g. 644).
The file which is updated/created will adapt user and group ownership from the current user that is running Git commands.
Environment : Eclipse Indigo, Ubuntu 11.04, Subclipse 1.6
SVN Clients : Subclipse, RabbitVCS
I'm connecting via svn+ssh. My URL looks like :
svn+ssh://[MY NAME]#[MY DOMAIN]/[PATH]
I can connect to the repo just fine. The problem is that every time I try to communicate with the repo, it prompts me for a password. Really annoying!
I get the impression that SVN has the ability to cache passwords -- I've read that's what the ./subversion/auth folder is for. However, my ./subversion/auth folder contains four empty folders.
I've experienced this behavior with both Subclipse and RabbitVCS.
Is there any way to force SVN to cache my credentials?
You need to use Public Key Authentication with SSH:
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
It will enable you to used svn over ssh without entering a password every single time, with help of a common SSH agent.
Subversion itself caches credentials only to servers using HTTP/DAV.
Maybe this may help to someone. Check whether ~/.subversion folder is owned by wrong user, so it may be read-only to user who is using it.
sudo chown -R your_username:your_group ~/.subversion
I have a web dev. client using a shared host that doesn't allow shell access, and thus no access to SVN, Git, etc. I've tried to convince him to move to one of the many cheap options that allow it, but he won't do it. If I use version control on my staging server, are there any tools that will allow me to replicate the changes to production via ftp? Locally I have both mac & windows, the staging server is linux, so something that works on any of those platforms....
Using your Linux staging server you could keep a separate checked out copy that you use specifically for that host and then use a utility to mirror that directory with the host server.
LFTP is useful for this kind of thing. Its available for most Linux distributions and includes a 'mirror' function:
Mirror specified source directory to
local target directory. If target
directory ends with a slash, the source base name is appended to
target
directory name. Source and/or target can be URLs pointing to
directories.
Some kind of ftp mirror software is what you need. Not tested it but a quick search gave me this Java application. You could run that over your up-to-date checked out repository.
Good thing for keeping SVN repo and FTP copy in sync is svn2web. May I suggest creating separate branch for production copy and do merges to that branch for uploading to production server.
You probably need to write a batch file that is able to
Export the SVN repository
Upload the exported files to your Linux server via FTP
Short of finding / implementing some FUSE based CoW file system that supports immutable versions .. I'd just find another (more developer friendly) host. As far as I know, no FTP server supports this natively, nor can I think of any elegant means of putting it in place with script hackery.
I could be wrong.
This question (and answer) really helped me just now as I implemented version control via gitolite on a separate server and lftp.
Here’s what I did:
Set up gitolite on my ubuntu staging server
created base repo (i.e. foo.git) on staging server
cloned foo.git into working directory on staging server
cloned foo.git into working directory on local development machine
Developed locally
Pushed changes to foo.git repo on staging server
On staging server, logged into working directory, and pulled in changes from foo.git
lftp-ed into shared host (like you mention above)
Once in shared host, ran:
mirror -R --only-newer --delete --parallel=10 /source/directory/ /target/directory
Notes on the mirror command options:
-R - this pushes the source/directory to the target/directory. (mirror pulls in from target to source without this, think reverse)
—only-newer - without this option, even if you only changed one file, the mirror command will send all the files in the source directory over to the target directory. with this option only the changed (newer) files are transferred over the wire.
—delete - deletes files that are no longer in the source directory but still in the target directory. one of my pushes involved deleting expired assets. without this option, the same files would have stayed put on my shared host after executing the mirror command.
—parallel=10 - transfers 10 files at once (instead of 1 by default). this made the process much faster
While this is what worked for me, I’m sure there are ways to improve on this. I was grateful for this question and thought i’d share my experience.
Rsync will do this over an FTP connection. You probably already have it installed if you’re on a Unix-like system.
Here's the situation:
subversion is already installed in the server and I have access to one of the shared accounts in the server (not the root), and this shared hosting account has SSH access.
I want to create a repository where I can commit the PHP files i'm working on, and when I commit it should be viewable in a browser that is why I was thinking of creating the repository folders inside public_html is this a correct way to do this? How about the security of the server? If not what is the correct and proper way to do this?
I would also need help in creating the repository via SSH with Putty. Is there a step-by-step guide online for this?
Server information is as follows:
cat /proc/version - output this:
Linux version 2.6.9-89.0.3.ELsmp (mockbuild#x86-005.build.bos.redhat.com) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-11))
svn --version - output this:
svn, version 1.1.4 (r13838)
compiled Aug 10 2009, 23:17:10
ra_dav : Module for accessing a repository via WebDAV (DeltaV) protocol.
handles 'http' schema
handles 'https' schema
ra_local : Module for accessing a repository on local disk.
handles 'file' schema
ra_svn : Module for accessing a repository using the svn network protocol.
handles 'svn' schema
The correct way to do this is to use a web bridge to SVN, such as websvn or viewsvn (there are several). You can set these up to expose any repository as a website.
As to creating a new repository, see the SVN "Red-Bean" reference at http://svnbook.red-bean.com/
I want to create a repository where I can commit the PHP files i'm working on, and when I commit it should be viewable in a browser.
I'm not sure I understand your question. Do you mean that the repository should execute your PHP, i.e. that your Subversion repository should also be your PHP server? I strongly recommend against it.
A source control repository and an application server are completely different things. They serve different roles; should be accessed by different people (developers vs. end-users); should have different monitoring and SLA policies; different hardware, and whatnot. You also probably don't want every committed change to be automatically deployed to your production environment.
The Red Bean book also has a number of sections on integrating SVN with apache, etc. But before you start working on a solution, you need to define what you're trying to do more thoroughly. What is your usage model?
For example, will you commit to SVN repository via svn+ssh, or via svnserve, etc?
Do you want to see full revisions, history, changesets from the web interface? Or just the head?