On Tue, Dec 16, 2014 at 04:13:07PM +0100, Pierre-Yves Chibon wrote: > On Fri, Sep 05, 2014 at 12:45:38PM +0200, Pierre-Yves Chibon wrote: > > Dear all, > > > > This morning Mathieu (bochecha) and I spent some time trying to get gitolite3 > > work on our pkgs01.stg. > > > > This is an overview of the situation. > > > > By design gitolite is meant to be installed with a dedicated user. Everyone uses > > that user. gitolite then maps the public ssh key to its user database and its > > configuration file to handle who is allowed to do what on which git repo. > > > > Our setup is quite different from this. We have a single configuration file at > > /etc/gitolite/conf/gitolite.conf that contains all the information about who > > is allowed to do what on which git repos. In addition we have a single > > /etc/gitolite/gitolite.rc configuration file that specifies to gitolite where > > are the git repositories located. > > > > Each user has then an account on the machine but by default no shell access. > > The access is restricted via ssh with in ~/.ssh/authorized_keys the instructions: > > `command="/usr/bin/gl-auth-command"` (people with shell access have a different > > command). > > > > That commands combines the info from /etc/gitolite/gitolite.rc and > > /etc/gitolite/conf/gitolite.conf and allow or deny the access/action. > > > > Now gitolite3 has changed quite a bit compared to our setup. > > Basically, gitolite3 expects the gitolite.rc file to be at ~/.gitolite.rc and > > the repositories to be at ~/repositories. Having symlink to these locations > > are fine, but they should be there. > > > > What we can do also is play on the $HOME variable. > > > > In pkgs01.stg we kept the configurations files (gitolite.conf and gitolite.rc) > > in /etc/gitolite as before, but we created a couple of symlink in /srv/git/ > > .gitolite -> /etc/gitolite/ > > repositories -> /srv/git/rpms/ > > The idea is to be able to set HOME=/srv/git and run the gitolite command. > > So Mathieu and I started to work on this again over the last couple of days. > > We fix the logging issue by simply asking gitolite to rely on syslog. This means > all logs from gitolite are now ending up in /var/log/messages (this has some > pros and some cons) > > We updated the configuration file gitolite.rc to the (completely) new one of > gitolite3. > > At that point we were able to clone and pull but pushing didn't work. Finally, > Mathieu realized that our setup in ~/.ssh/authorized_keys was incorrect. > With Gitolite2 we could specify the type of the user (user vs admin) while on > gitolite3 it requires the username of the user. > So we adjusted fasClient and the fas.conf configuration file to allow us to set > the username in the authorized_keys file > > Pull-request at: https://github.com/fedora-infra/fas/pull/97 > > So now, pkgs01.stg should work. > We should be able to clone, push, pull changes. > Email notifications are working as well, so beware which package you test > against :) > > Please take a stab at it and let us know if you see any problem with it. > Once fasClient is updated, we should rebuild the box and do some final testing > before we can consider moving this to prod. For the known issue list: Currently, the people that have shell access to pkgs01.stg, we currently cannot do a simple ssh pkgs01.stg... Hopefully, we'll be able to fix this. Pierre _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
