---
layout: default
navsection: installguide
title: Install the Git server
...
{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.
SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
# "Introduction":#introduction
# "Install dependencies":#dependencies
# "Create "git" user and storage directory":#create
# "Install gitolite":#gitolite
# "Configure gitolite":#config-gitolite
# "Configure git synchronization":#sync
# "Update config.yml":#update-config
# "Update nginx configuration":#update-nginx
# "Install arvados-git-httpd package":#install-packages
# "Restart the API server and controller":#restart-api
# "Confirm working installation":#confirm-working
h2(#introduction). Introduction
Arvados support for git repository management enables using Arvados permissions to control access to git repositories. Users can create their own private and public git repositories and share them with others.
The git hosting setup involves three components.
* The "arvados-git-sync.rb" script polls the API server for the current list of repositories, creates bare repositories, and updates the local permission cache used by gitolite.
* Gitolite provides SSH access. Users authenticate by SSH keys.
* arvados-git-http provides HTTPS access. Users authenticate by Arvados tokens.
Git services must be installed on the same host as the Arvados Rails API server.
h2(#dependencies). Install dependencies
h3. Alma/CentOS/Red Hat/Rocky
# dnf install git perl-Data-Dumper openssh-server
# apt-get --no-install-recommends install git openssh-server
git@[...]:username/reponame.git
).
On Debian- or Red Hat-based systems:
gitserver:~$ sudo mkdir -p /var/lib/arvados/git
gitserver:~$ sudo useradd --comment git --home-dir /var/lib/arvados/git git
gitserver:~$ sudo chown -R git:git ~git
ssh git@localhost
from scripts.)
gitserver:~$ sudo -u git -i bash
git@gitserver:~$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
git@gitserver:~$ cp .ssh/id_rsa.pub .ssh/authorized_keys
git@gitserver:~$ ssh -o stricthostkeychecking=no localhost cat .ssh/id_rsa.pub
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aBIDAAgMQN16Pg6eHmvc+D+6TljwCGr4YGUBphSdVb25UyBCeAEgzqRiqy0IjQR2BLtSirXr+1SJAcQfBgI/jwR7FG+YIzJ4ND9JFEfcpq20FvWnMMQ6XD3y3xrZ1/h/RdBNwy4QCqjiXuxDpDB7VNP9/oeAzoATPZGhqjPfNS+RRVEQpC6BzZdsR+S838E53URguBOf9yrPwdHvosZn7VC0akeWQerHqaBIpSfDMtaM4+9s1Gdsz0iP85rtj/6U/K/XOuv2CZsuVZZ52nu3soHnEX2nx2IaXMS3L8Z+lfOXB2T6EaJgXF7Z9ME5K1tx9TSNTRcYCiKztXLNLSbp git@gitserver
git@gitserver:~$ rm .ssh/authorized_keys
$ sudo -u git -i bash
git@gitserver:~$ echo 'PATH=$HOME/bin:$PATH' >.profile
git@gitserver:~$ . .profile
git@gitserver:~$ git clone --branch v3.6.11 https://github.com/sitaramc/gitolite
...
Note: checking out '5d24ae666bfd2fa9093d67c840eb8d686992083f'.
...
git@gitserver:~$ mkdir bin
git@gitserver:~$ gitolite/install -ln ~git/bin
git@gitserver:~$ bin/gitolite setup -pk .ssh/id_rsa.pub
Initialized empty Git repository in /var/lib/arvados/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /var/lib/arvados/git/repositories/testing.git/
WARNING: /var/lib/arvados/git/.ssh/authorized_keys missing; creating a new one
(this is normal on a brand new install)
git@gitserver:~$ git clone git@localhost:gitolite-admin
Cloning into 'gitolite-admin'...
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.
Checking connectivity... done.
git@gitserver:~$ cd gitolite-admin
git@gitserver:~/gitolite-admin$ git config user.email arvados
git@gitserver:~/gitolite-admin$ git config user.name arvados
git@gitserver:~/gitolite-admin$ git config push.default simple
git@gitserver:~/gitolite-admin$ git push
Everything up-to-date
my $repo_aliases;
my $aliases_src = "$ENV{HOME}/.gitolite/arvadosaliases.pl";
if ($ENV{HOME} && (-e $aliases_src)) {
$repo_aliases = do $aliases_src;
}
$repo_aliases ||= {};
REPO_ALIASES => $repo_aliases,
UMASK => 022,
# access a repo by another (possibly legacy) name
'Alias',
production:
gitolite_url: /var/lib/arvados/git/repositories/gitolite-admin.git
gitolite_tmp: /var/lib/arvados/git
arvados_api_host: ClusterID.example.com
arvados_api_token: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
arvados_api_host_insecure: false
gitolite_arvados_git_user_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aBIDAAgMQN16Pg6eHmvc+D+6TljwCGr4YGUBphSdVb25UyBCeAEgzqRiqy0IjQR2BLtSirXr+1SJAcQfBgI/jwR7FG+YIzJ4ND9JFEfcpq20FvWnMMQ6XD3y3xrZ1/h/RdBNwy4QCqjiXuxDpDB7VNP9/oeAzoATPZGhqjPfNS+RRVEQpC6BzZdsR+S838E53URguBOf9yrPwdHvosZn7VC0akeWQerHqaBIpSfDMtaM4+9s1Gdsz0iP85rtj/6U/K/XOuv2CZsuVZZ52nu3soHnEX2nx2IaXMS3L8Z+lfOXB2T6EaJgXF7Z9ME5K1tx9TSNTRcYCiKztXLNLSbp git@gitserver"
$ sudo chown git:git /var/www/arvados-api/current/config/arvados-clients.yml $ sudo chmod og-rwx /var/www/arvados-api/current/config/arvados-clients.ymlh3. Test configuration notextile.
$ sudo -u git -i bash -c 'cd /var/www/arvados-api/current && bin/bundle exec script/arvados-git-sync.rb production'
h3. Enable the synchronization script
The API server package includes a script that retrieves the current set of repository names and permissions from the API, writes them to @arvadosaliases.pl@ in a format usable by gitolite, and triggers gitolite hooks which create new empty repositories if needed. This script should run every 2 to 5 minutes.
Create @/etc/cron.d/arvados-git-sync@ with the following content:
*/5 * * * * git cd /var/www/arvados-api/current && bin/bundle exec script/arvados-git-sync.rb production
Services:
GitSSH:
ExternalURL: "ssh://git@git.ClusterID.example.com"
GitHTTP:
ExternalURL: https://git.ClusterID.example.com/
InternalURLs:
"http://localhost:9001": {}
Git:
GitCommand: /var/lib/arvados/git/gitolite/src/gitolite-shell
GitoliteHome: /var/lib/arvados/git
Repositories: /var/lib/arvados/git/repositories
upstream arvados-git-httpd {
server 127.0.0.1:9001;
}
server {
listen 443 ssl;
server_name git.ClusterID.example.com;
proxy_connect_timeout 90s;
proxy_read_timeout 300s;
ssl_certificate /YOUR/PATH/TO/cert.pem;
ssl_certificate_key /YOUR/PATH/TO/cert.key;
# The server needs to accept potentially large refpacks from push clients.
client_max_body_size 128m;
location / {
proxy_pass http://arvados-git-httpd;
}
}
# dnf install arvados-git-httpd
# apt-get --no-install-recommends install arvados-git-httpd
# systemctl restart nginx arvados-controller
~$ arv --format=uuid repository create --repository '{"name":"myusername/testrepo"}'
~$ git clone git@git.ClusterID.example.com:username/testrepo.git
~$ git clone https://git.ClusterID.example.com/username/testrepo.git