gitserver:~$ cd /var/www/arvados-api/current
-gitserver:/var/www/arvados-api/current$ sudo -u www-data RAILS_ENV=production `which rvm-exec` default bundle exec ./script/create_superuser_token.rb
+gitserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production `which rvm-exec` default bundle exec ./script/create_superuser_token.rb
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
gitserver:~$ cd /var/www/arvados-api/current
-gitserver:/var/www/arvados-api/current$ sudo -u www-data RAILS_ENV=production bundle exec ./script/create_superuser_token.rb
+gitserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production bundle exec ./script/create_superuser_token.rb
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
git@[...]:username/reponame.git
).
@@ -100,7 +104,7 @@ git@gitserver:~$ rm .ssh/authorized_keys
h2. Install gitolite
-Check "https://github.com/sitaramc/gitolite/tags":https://github.com/sitaramc/gitolite/tags for the latest stable version (_e.g.,_ @v3.6.3@).
+Check "https://github.com/sitaramc/gitolite/tags":https://github.com/sitaramc/gitolite/tags for the latest stable version. This guide was tested with @v3.6.3@. _Versions below 3.0 are missing some features needed by Arvados, and should not be used._
Download and install the version you selected.
@@ -121,6 +125,8 @@ WARNING: /var/lib/arvados/git/.ssh/authorized_keys missing; creating a new one
+_If this didn't go well, more detail about installing gitolite, and information about how it works, can be found on the "gitolite home page":http://gitolite.com/._
+
Clone the gitolite-admin repository. The arvados-git-sync.rb script works by editing the files in this working directory and pushing them to gitolite. Here we make sure "git push" won't produce any errors or warnings.
UMASK => 022,
+
+git_repo_ssh_base: git@git.uuid_prefix.your.domain:
+git_repo_ssh_base: "git@git.uuid_prefix.your.domain:"
~$ sudo apt-get install runit
-~$ cd /etc/sv
+
+~$ cd /etc/sv
/etc/sv$ sudo mkdir arvados-git-httpd; cd arvados-git-httpd
/etc/sv/arvados-git-httpd$ sudo mkdir log
/etc/sv/arvados-git-httpd$ sudo sh -c 'cat >log/run' <<'EOF'
@@ -274,19 +295,34 @@ EOF
#!/bin/sh
export ARVADOS_API_HOST=uuid_prefix.your.domain
export GITOLITE_HTTP_HOME=/var/lib/arvados/git
+export GL_BYPASS_ACCESS_CHECKS=1
export PATH="$PATH:/var/lib/arvados/git/bin"
-exec chpst -u git:git arvados-git-httpd -address=:9001 -git-command="$(which git)" -repo-root=/var/lib/arvados/git/repositories 2>&1
+exec chpst -u git:git arvados-git-httpd -address=:9001 -git-command=/var/lib/arvados/git/gitolite/src/gitolite-shell -repo-root=/var/lib/arvados/git/repositories 2>&1
EOF
/etc/sv/arvados-git-httpd$ sudo chmod +x run log/run
sudo -u git \
+ ARVADOS_API_HOST=uuid_prefix.your.domain \
+ GITOLITE_HTTP_HOME=/var/lib/arvados/git \
+ GL_BYPASS_ACCESS_CHECKS=1 \
+ PATH="$PATH:/var/lib/arvados/git/bin" \
+ arvados-git-httpd -address=:9001 -git-command=/var/lib/arvados/git/gitolite/src/gitolite-shell -repo-root=/var/lib/arvados/git/repositories 2>&1
+
+
upstream arvados-git-httpd {
@@ -295,6 +331,8 @@ upstream arvados-git-httpd {
server {
listen [your public IP address]:443 ssl;
server_name git.uuid_prefix.your.domain;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
@@ -302,15 +340,6 @@ server {
location / {
proxy_pass http://arvados-git-httpd;
- proxy_redirect off;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
-
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
- proxy_set_header X-External-Client $external_client;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
@@ -318,7 +347,7 @@ server {
h3. Configure the API server to advertise the correct HTTPS URLs
-In your API server's @config/application.yml@ file, add the following entry:
+In your API server's @application.yml@ file, add the following entry:
git_repo_http_base: https://git.uuid_prefix.your.domain/
@@ -326,3 +355,12 @@ In your API server's @config/application.yml@ file, add the following entry:
gitserver:~$ sudo nginx -s reload
+
+