X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/465cb9225cce74600349239a295b1360ce2b0fa6..fc6b3cd79ba9e07810330d0d47a0ab89ad8857f7:/doc/install/install-arv-git-httpd.html.textile.liquid diff --git a/doc/install/install-arv-git-httpd.html.textile.liquid b/doc/install/install-arv-git-httpd.html.textile.liquid index 33b112489e..b758903256 100644 --- a/doc/install/install-arv-git-httpd.html.textile.liquid +++ b/doc/install/install-arv-git-httpd.html.textile.liquid @@ -1,75 +1,298 @@ --- layout: default navsection: installguide -title: Install Git server +title: Install the Git server ... +{% comment %} +Copyright (C) The Arvados Authors. All rights reserved. -The arvados-git-httpd server provides HTTP access to hosted git repositories, using Arvados authentication tokens instead of passwords. It is intended to be installed on the system where your git repositories are stored, and accessed through a web proxy that provides SSL support. +SPDX-License-Identifier: CC-BY-SA-3.0 +{% endcomment %} -By convention, we use the following hostname for the git service: +# "Introduction":#introduction +# "Install dependencies":#dependencies +# "Create "git" user and storage directory":#create +# "Install gitolite":#gitolite +# "Configure gitolite":#config-gitolite +# "Configure git synchronization":#sync +# "Update config.yml":#update-config +# "Update nginx configuration":#update-nginx +# "Install arvados-git-httpd package":#install-packages +# "Restart the API server and controller":#restart-api +# "Confirm working installation":#confirm-working -
# yum install git perl-Data-Dumper openssh-server
+
+# apt-get --no-install-recommends install git openssh-server
+
+git@[...]:username/reponame.git
).
+
+On Debian- or Red Hat-based systems:
+
+gitserver:~$ sudo mkdir -p /var/lib/arvados/git
+gitserver:~$ sudo useradd --comment git --home-dir /var/lib/arvados/git git
+gitserver:~$ sudo chown -R git:git ~git
+
+ssh git@localhost
from scripts.)
+
+gitserver:~$ sudo -u git -i bash
+git@gitserver:~$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
+git@gitserver:~$ cp .ssh/id_rsa.pub .ssh/authorized_keys
+git@gitserver:~$ ssh -o stricthostkeychecking=no localhost cat .ssh/id_rsa.pub
+Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aBIDAAgMQN16Pg6eHmvc+D+6TljwCGr4YGUBphSdVb25UyBCeAEgzqRiqy0IjQR2BLtSirXr+1SJAcQfBgI/jwR7FG+YIzJ4ND9JFEfcpq20FvWnMMQ6XD3y3xrZ1/h/RdBNwy4QCqjiXuxDpDB7VNP9/oeAzoATPZGhqjPfNS+RRVEQpC6BzZdsR+S838E53URguBOf9yrPwdHvosZn7VC0akeWQerHqaBIpSfDMtaM4+9s1Gdsz0iP85rtj/6U/K/XOuv2CZsuVZZ52nu3soHnEX2nx2IaXMS3L8Z+lfOXB2T6EaJgXF7Z9ME5K1tx9TSNTRcYCiKztXLNLSbp git@gitserver
+git@gitserver:~$ rm .ssh/authorized_keys
+
+$ sudo -u git -i bash
+git@gitserver:~$ echo 'PATH=$HOME/bin:$PATH' >.profile
+git@gitserver:~$ . .profile
+git@gitserver:~$ git clone --branch v3.6.11 https://github.com/sitaramc/gitolite
+...
+Note: checking out '5d24ae666bfd2fa9093d67c840eb8d686992083f'.
+...
+git@gitserver:~$ mkdir bin
+git@gitserver:~$ gitolite/install -ln ~git/bin
+git@gitserver:~$ bin/gitolite setup -pk .ssh/id_rsa.pub
+Initialized empty Git repository in /var/lib/arvados/git/repositories/gitolite-admin.git/
+Initialized empty Git repository in /var/lib/arvados/git/repositories/testing.git/
+WARNING: /var/lib/arvados/git/.ssh/authorized_keys missing; creating a new one
+ (this is normal on a brand new install)
+
+git@gitserver:~$ git clone git@localhost:gitolite-admin
+Cloning into 'gitolite-admin'...
+remote: Counting objects: 6, done.
+remote: Compressing objects: 100% (4/4), done.
+remote: Total 6 (delta 0), reused 0 (delta 0)
+Receiving objects: 100% (6/6), done.
+Checking connectivity... done.
+git@gitserver:~$ cd gitolite-admin
+git@gitserver:~/gitolite-admin$ git config user.email arvados
+git@gitserver:~/gitolite-admin$ git config user.name arvados
+git@gitserver:~/gitolite-admin$ git config push.default simple
+git@gitserver:~/gitolite-admin$ git push
+Everything up-to-date
+
+my $repo_aliases;
+my $aliases_src = "$ENV{HOME}/.gitolite/arvadosaliases.pl";
+if ($ENV{HOME} && (-e $aliases_src)) {
+ $repo_aliases = do $aliases_src;
+}
+$repo_aliases ||= {};
+
+ REPO_ALIASES => $repo_aliases,
+
+~$ sudo apt-get install git arvados-git-httpd
+ UMASK => 022,
# access a repo by another (possibly legacy) name
+ 'Alias',
+
+~$ sudo yum install git arvados-git-httpd
+production:
+ gitolite_url: /var/lib/arvados/git/repositories/gitolite-admin.git
+ gitolite_tmp: /var/lib/arvados/git
+ arvados_api_host: ClusterID.example.com
+ arvados_api_token: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
+ arvados_api_host_insecure: false
+ gitolite_arvados_git_user_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aBIDAAgMQN16Pg6eHmvc+D+6TljwCGr4YGUBphSdVb25UyBCeAEgzqRiqy0IjQR2BLtSirXr+1SJAcQfBgI/jwR7FG+YIzJ4ND9JFEfcpq20FvWnMMQ6XD3y3xrZ1/h/RdBNwy4QCqjiXuxDpDB7VNP9/oeAzoATPZGhqjPfNS+RRVEQpC6BzZdsR+S838E53URguBOf9yrPwdHvosZn7VC0akeWQerHqaBIpSfDMtaM4+9s1Gdsz0iP85rtj/6U/K/XOuv2CZsuVZZ52nu3soHnEX2nx2IaXMS3L8Z+lfOXB2T6EaJgXF7Z9ME5K1tx9TSNTRcYCiKztXLNLSbp git@gitserver"
+$ sudo chown git:git /var/www/arvados-api/current/config/arvados-clients.yml +$ sudo chmod og-rwx /var/www/arvados-api/current/config/arvados-clients.yml ++ +h3. Test configuration + +notextile.
$ sudo -u git -i bash -c 'cd /var/www/arvados-api/current && bin/bundle exec script/arvados-git-sync.rb production'
+
+h3. Enable the synchronization script
+
+The API server package includes a script that retrieves the current set of repository names and permissions from the API, writes them to @arvadosaliases.pl@ in a format usable by gitolite, and triggers gitolite hooks which create new empty repositories if needed. This script should run every 2 to 5 minutes.
+
+Create @/etc/cron.d/arvados-git-sync@ with the following content:
~$ arvados-git-httpd -h
-Usage of arv-git-httpd:
- -address="0.0.0.0:80": Address to listen on, "host:port".
- -git-command="/usr/bin/git": Path to git executable. Each authenticated request will execute this program with a single argument, "http-backend".
- -repo-root="/path/to/cwd": Path to git repositories.
-~$ git http-backend
-Status: 500 Internal Server Error
-Expires: Fri, 01 Jan 1980 00:00:00 GMT
-Pragma: no-cache
-Cache-Control: no-cache, max-age=0, must-revalidate
+*/5 * * * * git cd /var/www/arvados-api/current && bin/bundle exec script/arvados-git-sync.rb production
+
+
Services:
+ GitSSH:
+ ExternalURL: "ssh://git@git.ClusterID.example.com"
+ GitHTTP:
+ ExternalURL: https://git.ClusterID.example.com/
+ InternalURLs:
+ "http://localhost:9001": {}
+ Git:
+ GitCommand: /var/lib/arvados/git/gitolite/src/gitolite-shell
+ GitoliteHome: /var/lib/arvados/git
+ Repositories: /var/lib/arvados/git/repositories
export ARVADOS_API_HOST=uuid_prefix.your.domain
-exec sudo -u git arvados-git-httpd -address=:9001 -git-command="$(which git)" -repo-root=/var/lib/arvados/git 2>&1
+upstream arvados-git-httpd {
+ server 127.0.0.1:9001;
+}
+server {
+ listen 443 ssl;
+ server_name git.ClusterID.example.com;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+
+ ssl_certificate /YOUR/PATH/TO/cert.pem;
+ ssl_certificate_key /YOUR/PATH/TO/cert.key;
+
+ # The server needs to accept potentially large refpacks from push clients.
+ client_max_body_size 128m;
+
+ location / {
+ proxy_pass http://arvados-git-httpd;
+ }
+}
# yum install arvados-git-httpd
+
+# apt-get --no-install-recommends install arvados-git-httpd
+
+# systemctl restart nginx arvados-controller
+
+~$ arv --format=uuid repository create --repository '{"name":"myusername/testrepo"}'
+
~$ git clone git@git.ClusterID.example.com:username/testrepo.git
+
+git_http_base: git.uuid_prefix.your.domain
+~$ git clone https://git.ClusterID.example.com/username/testrepo.git