X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/d843787b4ece9952597d7814cbf10fb383c72625..3b63632698de9868a501191e8989f14c23e4e743:/doc/install/install-arv-git-httpd.html.textile.liquid diff --git a/doc/install/install-arv-git-httpd.html.textile.liquid b/doc/install/install-arv-git-httpd.html.textile.liquid index 85f643f1f8..3d70fc4de9 100644 --- a/doc/install/install-arv-git-httpd.html.textile.liquid +++ b/doc/install/install-arv-git-httpd.html.textile.liquid @@ -1,73 +1,298 @@ --- layout: default navsection: installguide -title: Install Git server +title: Install the Git server ... +{% comment %} +Copyright (C) The Arvados Authors. All rights reserved. -This installation guide assumes you are on a 64 bit Debian or Ubuntu system. +SPDX-License-Identifier: CC-BY-SA-3.0 +{% endcomment %} -The arv-git-httpd server provides HTTP access to hosted git repositories, using Arvados authentication tokens instead of passwords. It is intended to be installed on the system where your git repositories are stored, and accessed through a web proxy that provides SSL support. +# "Introduction":#introduction +# "Install dependencies":#dependencies +# "Create "git" user and storage directory":#create +# "Install gitolite":#gitolite +# "Configure gitolite":#config-gitolite +# "Configure git synchronization":#sync +# "Update config.yml":#update-config +# "Update nginx configuration":#update-nginx +# "Install arvados-git-httpd package":#install-packages +# "Restart the API server and controller":#restart-api +# "Confirm working installation":#confirm-working -By convention, we use the following hostname for the git service: +h2(#introduction). Introduction -
# yum install git perl-Data-Dumper openssh-server
+
+# apt-get --no-install-recommends install git openssh-server
+
+git@[...]:username/reponame.git
).
+
+On Debian- or Red Hat-based systems:
+
+gitserver:~$ sudo mkdir -p /var/lib/arvados/git
+gitserver:~$ sudo useradd --comment git --home-dir /var/lib/arvados/git git
+gitserver:~$ sudo chown -R git:git ~git
+
+ssh git@localhost
from scripts.)
+
+gitserver:~$ sudo -u git -i bash
+git@gitserver:~$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
+git@gitserver:~$ cp .ssh/id_rsa.pub .ssh/authorized_keys
+git@gitserver:~$ ssh -o stricthostkeychecking=no localhost cat .ssh/id_rsa.pub
+Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aBIDAAgMQN16Pg6eHmvc+D+6TljwCGr4YGUBphSdVb25UyBCeAEgzqRiqy0IjQR2BLtSirXr+1SJAcQfBgI/jwR7FG+YIzJ4ND9JFEfcpq20FvWnMMQ6XD3y3xrZ1/h/RdBNwy4QCqjiXuxDpDB7VNP9/oeAzoATPZGhqjPfNS+RRVEQpC6BzZdsR+S838E53URguBOf9yrPwdHvosZn7VC0akeWQerHqaBIpSfDMtaM4+9s1Gdsz0iP85rtj/6U/K/XOuv2CZsuVZZ52nu3soHnEX2nx2IaXMS3L8Z+lfOXB2T6EaJgXF7Z9ME5K1tx9TSNTRcYCiKztXLNLSbp git@gitserver
+git@gitserver:~$ rm .ssh/authorized_keys
+
+$ sudo -u git -i bash
+git@gitserver:~$ echo 'PATH=$HOME/bin:$PATH' >.profile
+git@gitserver:~$ . .profile
+git@gitserver:~$ git clone --branch v3.6.11 https://github.com/sitaramc/gitolite
+...
+Note: checking out '5d24ae666bfd2fa9093d67c840eb8d686992083f'.
+...
+git@gitserver:~$ mkdir bin
+git@gitserver:~$ gitolite/install -ln ~git/bin
+git@gitserver:~$ bin/gitolite setup -pk .ssh/id_rsa.pub
+Initialized empty Git repository in /var/lib/arvados/git/repositories/gitolite-admin.git/
+Initialized empty Git repository in /var/lib/arvados/git/repositories/testing.git/
+WARNING: /var/lib/arvados/git/.ssh/authorized_keys missing; creating a new one
+ (this is normal on a brand new install)
+
+git@gitserver:~$ git clone git@localhost:gitolite-admin
+Cloning into 'gitolite-admin'...
+remote: Counting objects: 6, done.
+remote: Compressing objects: 100% (4/4), done.
+remote: Total 6 (delta 0), reused 0 (delta 0)
+Receiving objects: 100% (6/6), done.
+Checking connectivity... done.
+git@gitserver:~$ cd gitolite-admin
+git@gitserver:~/gitolite-admin$ git config user.email arvados
+git@gitserver:~/gitolite-admin$ git config user.name arvados
+git@gitserver:~/gitolite-admin$ git config push.default simple
+git@gitserver:~/gitolite-admin$ git push
+Everything up-to-date
+
+my $repo_aliases;
+my $aliases_src = "$ENV{HOME}/.gitolite/arvadosaliases.pl";
+if ($ENV{HOME} && (-e $aliases_src)) {
+ $repo_aliases = do $aliases_src;
+}
+$repo_aliases ||= {};
+
+ REPO_ALIASES => $repo_aliases,
+
+~$ echo "deb http://apt.arvados.org/ wheezy main" | sudo tee /etc/apt/sources.list.d/apt.arvados.org.list
-~$ sudo /usr/bin/apt-key adv --keyserver pool.sks-keyservers.net --recv 1078ECD7
-~$ sudo /usr/bin/apt-get update
-~$ sudo /usr/bin/apt-get install arv-git-httpd
+ UMASK => 022,
~$ arv-git-httpd -h
-Usage of arv-git-httpd:
- -address="0.0.0.0:80": Address to listen on, "host:port".
- -git-command="/usr/bin/git": Path to git executable. Each authenticated request will execute this program with a single argument, "http-backend".
- -repo-root="/path/to/cwd": Path to git repositories.
-~$ git http-backend
-Status: 500 Internal Server Error
-Expires: Fri, 01 Jan 1980 00:00:00 GMT
-Pragma: no-cache
-Cache-Control: no-cache, max-age=0, must-revalidate
+ # access a repo by another (possibly legacy) name
+ 'Alias',
+
+
production:
+ gitolite_url: /var/lib/arvados/git/repositories/gitolite-admin.git
+ gitolite_tmp: /var/lib/arvados/git
+ arvados_api_host: ClusterID.example.com
+ arvados_api_token: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
+ arvados_api_host_insecure: false
+ gitolite_arvados_git_user_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aBIDAAgMQN16Pg6eHmvc+D+6TljwCGr4YGUBphSdVb25UyBCeAEgzqRiqy0IjQR2BLtSirXr+1SJAcQfBgI/jwR7FG+YIzJ4ND9JFEfcpq20FvWnMMQ6XD3y3xrZ1/h/RdBNwy4QCqjiXuxDpDB7VNP9/oeAzoATPZGhqjPfNS+RRVEQpC6BzZdsR+S838E53URguBOf9yrPwdHvosZn7VC0akeWQerHqaBIpSfDMtaM4+9s1Gdsz0iP85rtj/6U/K/XOuv2CZsuVZZ52nu3soHnEX2nx2IaXMS3L8Z+lfOXB2T6EaJgXF7Z9ME5K1tx9TSNTRcYCiKztXLNLSbp git@gitserver"
+$ sudo chown git:git /var/www/arvados-api/current/config/arvados-clients.yml +$ sudo chmod og-rwx /var/www/arvados-api/current/config/arvados-clients.yml ++ +h3. Test configuration + +notextile.
$ sudo -u git -i bash -c 'cd /var/www/arvados-api/current && bundle exec script/arvados-git-sync.rb production'
+
+h3. Enable the synchronization script
-Your @run@ script should look something like this:
+The API server package includes a script that retrieves the current set of repository names and permissions from the API, writes them to @arvadosaliases.pl@ in a format usable by gitolite, and triggers gitolite hooks which create new empty repositories if needed. This script should run every 2 to 5 minutes.
+
+Create @/etc/cron.d/arvados-git-sync@ with the following content:
export ARVADOS_API_HOST=uuid_prefix.your.domain
-exec sudo -u git arv-git-httpd -address=:9001 -git-command="$(which git)" -repo-root=/var/lib/arvados/git 2>&1
+*/5 * * * * git cd /var/www/arvados-api/current && bundle exec script/arvados-git-sync.rb production
Services:
+ GitSSH:
+ ExternalURL: "ssh://git@git.ClusterID.example.com"
+ GitHTTP:
+ ExternalURL: https://git.ClusterID.example.com/
+ InternalURLs:
+ "http://localhost:9001": {}
+ Git:
+ GitCommand: /var/lib/arvados/git/gitolite/src/gitolite-shell
+ GitoliteHome: /var/lib/arvados/git
+ Repositories: /var/lib/arvados/git/repositories
+
+upstream arvados-git-httpd {
+ server 127.0.0.1:9001;
+}
+server {
+ listen 443 ssl;
+ server_name git.ClusterID.example.com;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+
+ ssl_certificate /YOUR/PATH/TO/cert.pem;
+ ssl_certificate_key /YOUR/PATH/TO/cert.key;
+
+ # The server needs to accept potentially large refpacks from push clients.
+ client_max_body_size 128m;
+
+ location / {
+ proxy_pass http://arvados-git-httpd;
+ }
+}
+
+# yum install arvados-git-httpd
+
+# apt-get --no-install-recommends install arvados-git-httpd
+
+# systemctl restart nginx arvados-controller
+
+~$ arv --format=uuid repository create --repository '{"name":"myusername/testrepo"}'
+
~$ git clone git@git.ClusterID.example.com:username/testrepo.git
+
+git_http_base: git.uuid_prefix.your.domain
+~$ git clone https://git.ClusterID.example.com/username/testrepo.git