[ARVADOS] created: 923dcaf9eb662f0ba616ae8245d9a5504d6be04b
git at public.curoverse.com
git at public.curoverse.com
Sun Jul 26 13:09:08 EDT 2015
at 923dcaf9eb662f0ba616ae8245d9a5504d6be04b (commit)
commit 923dcaf9eb662f0ba616ae8245d9a5504d6be04b
Author: Tom Clegg <tom at curoverse.com>
Date: Sun Jul 26 13:08:55 2015 -0400
6663: Document git setup.
diff --git a/doc/install/install-arv-git-httpd.html.textile.liquid b/doc/install/install-arv-git-httpd.html.textile.liquid
index 33b1124..11a9e6d 100644
--- a/doc/install/install-arv-git-httpd.html.textile.liquid
+++ b/doc/install/install-arv-git-httpd.html.textile.liquid
@@ -4,18 +4,126 @@ navsection: installguide
title: Install Git server
...
-The arvados-git-httpd server provides HTTP access to hosted git repositories, using Arvados authentication tokens instead of passwords. It is intended to be installed on the system where your git repositories are stored, and accessed through a web proxy that provides SSL support.
+Arvados allows users to create their own private and public git repositories, and clone/push them using SSH and HTTPS.
+
+The git hosting setup involves three components.
+* The "update-git.rb" script polls the API server for the current list of repositories, creates bare repositories, and updates the local permission cache used by gitolite.
+* Gitolite provides SSH access.
+* arvados-git-http provides HTTPS access.
+
+{% include 'notebox_begin' %}
+It is not strictly necessary to deploy _both_ SSH and HTTPS access, but we recommend both.
+* SSH is a more appropriate way to authenticate from a user's workstation because it does not require managing tokens on the client side;
+* HTTPS is a more appropriate way to authenticate from a shell VM because it does not depend on SSH agent forwarding (SSH clients' agent forwarding features tend to behave as if the remote machine is fully trusted).
+{% include 'notebox_end' %}
+
+h2. Set up DNS
By convention, we use the following hostname for the git service:
-<div class="offset1">
-table(table table-bordered table-condensed).
-|git. at uuid_prefix@.your.domain|
-</div>
+<notextile>
+<pre><code>git.<span class="userinput">uuid_prefix</span>.your.domain
+</code></pre>
+</notextile>
+
+In external DNS, this hostname should resolve to the public IP address of your HTTPS proxy.
+
+In internal DNS, it should resolve to the private IP address of the host where you install your git hosting services.
+
+{% include 'notebox_begin' %}
+Here, we show how to install the git hosting services *on the same host as your API server.* Using a different host is not yet fully supported.
+{% include 'notebox_end' %}
+
+h2. Generate an API token
+
+(TODO)
+
+h2. Install git
+
+On Debian-based systems:
+
+<notextile>
+<pre><code>gitserver:~$ <span class="userinput">sudo apt-get install git openssh-server</span>
+</code></pre>
+</notextile>
+
+On Red Hat-based systems:
+
+<notextile>
+<pre><code>gitserver:~$ <span class="userinput">sudo yum install git perl-Data-Dumper openssh-server</span>
+</code></pre>
+</notextile>
+
+h2. Create a "git" user and a storage directory
+
+Users' repository data will be stored in @/var/lib/gitolite/repositories/@. (We recommend using that path even if you're not planning to install gitolite. If you choose a different location, make sure to update the @git_repositories_dir@ setting in your API server's @config/application.yml@ file accordingly.)
+
+On Debian- or Red Hat-based systems:
+
+<notextile>
+<pre><code>gitserver:~$ <span class="userinput">sudo useradd --comment git --home-dir /var/lib/gitolite --create-home git</span>
+</code></pre>
+</notextile>
+
+h2. Install the synchronization script
+
+This is needed for both HTTPS and SSH systems.
+
+(TODO)
+
+h2. Install gitolite
+
+This is needed only for SSH access.
+
+First:
+* Store your own public key in a world-readable file on the git server, say @/tmp/admin.pub at . This will give you admin access to the gitolite setup (which you won't usually need to use) and make it easy to test that gitolite is functional.
+* Check https://github.com/sitaramc/gitolite/tags for the latest stable version (_e.g.,_ @v3.6.3@).
+
+Then:
+
+<notextile>
+<pre><code>gitserver:~$ <span class="userinput">sudo -u git -i git clone --branch v3.6.3 git://github.com/sitaramc/gitolite</span>
+...
+Note: checking out '5d24ae666bfd2fa9093d67c840eb8d686992083f'.
+...
+gitserver:~$ <span class="userinput">sudo -u git -i mkdir bin</span>
+gitserver:~$ <span class="userinput">sudo -u git -i gitolite/install -ln ~git/bin</span>
+gitserver:~$ <span class="userinput">sudo -u git -i gitolite setup -pk /tmp/admin.pub</span>
+Initialized empty Git repository in /var/lib/gitolite/repositories/gitolite-admin.git/
+Initialized empty Git repository in /var/lib/gitolite/repositories/testing.git/
+WARNING: /var/lib/gitolite/.ssh missing; creating a new one
+ (this is normal on a brand new install)
+WARNING: /var/lib/gitolite/.ssh/authorized_keys missing; creating a new one
+ (this is normal on a brand new install)
+</code></pre>
+</notextile>
+
+Confirm gitolite is working by authenticating with your own SSH key.
+
+<notextile>
+<pre><code>workstation:~$ <span class="userinput">ssh -T git at git.uuid_prefix.your.domain</span>
+hello admin, this is git at uuid_prefix.your.domain running gitolite3 v3.6.3-0-g5d24ae6 on git 1.9.1
+
+ R W gitolite-admin
+ R W testing
+</code></pre>
+</notextile>
+
+h2. Configure gitolite
+
+Set up gitolite in /var/lib/git/.
+
+(TODO)
+
+Configure gitolite to look up a repository name like @username/reponame.git@ and find the appropriate bare repository storage directory.
+
+(TODO)
+
+h2. Install the arvados-git-httpd package
-This hostname should resolve from anywhere on the internet.
+This is needed only for HTTPS access.
-h2. Install arvados-git-httpd
+The arvados-git-httpd package provides HTTP access, using Arvados authentication tokens instead of passwords. It is intended to be installed on the system where your git repositories are stored, and accessed through a web proxy that provides TLS/HTTPS support.
On Debian-based systems:
@@ -35,7 +143,7 @@ Verify that @arvados-git-httpd@ and @git-http-backend@ are functional:
<notextile>
<pre><code>~$ <span class="userinput">arvados-git-httpd -h</span>
-Usage of arv-git-httpd:
+Usage of arvados-git-httpd:
-address="0.0.0.0:80": Address to listen on, "host:port".
-git-command="/usr/bin/git": Path to git executable. Each authenticated request will execute this program with a single argument, "http-backend".
-repo-root="/path/to/cwd": Path to git repositories.
diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index 409dea6..5d1402d 100644
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -86,7 +86,7 @@ common:
# able to submit crunch jobs. To pass the test suites, put a clone
# of the arvados tree in {git_repositories_dir}/arvados.git or
# {git_repositories_dir}/arvados/.git
- git_repositories_dir: /var/lib/arvados/git
+ git_repositories_dir: /var/lib/gitolite/repositories
# This is a (bare) repository that stores commits used in jobs. When a job
# runs, the source commits are first fetched into this repository, then this
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list