Git应用

3.1 SSH远程访问Git仓库

1) Git仓库所在主机启动SSH服务 2) 克隆Git远程仓库 (1) 创建工作目录 [root@tsrv2 ~]# yum install git -y [root@tsrv2 ~]# su - snow [snow@tsrv2 ~]$ mkdir myrepos [snow@tsrv2 ~]$ cd myrepos/ [snow@tsrv2 myrepos]$ ls [snow@tsrv2 myrepos]$ (2) 克隆远程仓库 [snow@tsrv2 myrepos]$ git clone ssh://snow@tsrv1.1000cc.net/home/snow/1000cc Cloning into '1000cc'... The authenticity of host 'tsrv1.1000cc.net (192.168.10.21)' can't be established. ECDSA key fingerprint is SHA256:NV2D4a1Be3ggAhxKHsBLFYqIJt/Rq2FAKKGwrr4/fj4. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'tsrv1.1000cc.net,192.168.10.21' (ECDSA) to the list of known hosts. snow@tsrv1.1000cc.net's password: remote: Enumerating objects: 6, done. remote: Counting objects: 100% (6/6), done. remote: Compressing objects: 100% (3/3), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done. [snow@tsrv2 myrepos]$ ls 1000cc [snow@tsrv2 myrepos]$ ls 1000cc 1000cc-2.txt 1000cc.txt (3) 设定用户名及E-Mail [snow@tsrv2 1000cc]$ git config --global user.name "snowchuai" [snow@tsrv2 1000cc]$ git config --global user.email "snow@tsrv2.1000cc.net" (4) 测试 [snow@tsrv2 1000cc]$ echo "tsrv2 test" >> 1000cc.txt [snow@tsrv2 1000cc]$ git commit 1000cc.txt -m "Update 1000cc.txt" [master 6cb46ea] Update 1000cc.txt 1 file changed, 2 insertions(+) [snow@tsrv2 1000cc]$ git remote -v origin ssh://snow@tsrv1.1000cc.net/home/snow/1000cc (fetch) origin ssh://snow@tsrv1.1000cc.net/home/snow/1000cc (push) [snow@tsrv2 1000cc]$ git push origin master snow@tsrv1.1000cc.net's password: Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Delta compression using up to 2 threads. Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 299 bytes | 299.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To ssh://tsrv1.1000cc.net/home/snow/1000cc 45725e9..6cb46ea master -> master

3.2 git远程访问Git仓库

1) 于Git仓库所在主机安装并启动GIT Daemon [root@tsrv1 ~]# yum install git-daemon -y [root@tsrv1 ~]# systemctl enable --now git.socket [root@tsrv1 ~]# firewall-cmd --add-service=git --permanent success [root@tsrv1 ~]# firewall-cmd --reload success # git-socket默认指定的git仓库路径位于/var/lib/git/ [root@tsrv1 ~]# vim /usr/lib/systemd/system/git@.service [Unit] Description=Git Repositories Server Daemon Documentation=man:git-daemon(1) [Service] User=nobody ExecStart=-/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all \ --user-path=public_git --inetd --log-destination=stderr --verbose StandardInput=socket StandardError=journal [root@tsrv1 ~]# cd /var/lib/git/ [root@tsrv1 git]# mkdir qyy [root@tsrv1 git]# cd qyy/ [root@tsrv1 qyy]# git init --bare Initialized empty Git repository in /var/lib/git/qyy/ [root@tsrv1 qyy]# cd [root@tsrv1 ~]# 2) 使用Git访问远程仓库 [root@tsrv3 ~]# yum install git -y [root@tsrv3 ~]# su - snow [snow@tsrv3 ~]$ mkdir -v work mkdir: created directory 'work' [snow@tsrv3 ~]$ cd work/ [snow@tsrv3 work]$ git clone git://tsrv1.1000cc.net/qyy Cloning into 'qyy'... warning: You appear to have cloned an empty repository. 3) 测试(注意--本测试无法进行PUSH等写操作) [snow@tsrv3 work]$ cd qyy/ [snow@tsrv3 qyy]$ echo "qyy test" > qyy.txt [snow@tsrv3 qyy]$ git add qyy.txt [snow@tsrv3 qyy]$ git commit qyy.txt -m "Upload qyy.txt" [master (root-commit) 463b1e1] Upload qyy.txt 1 file changed, 1 insertion(+) create mode 100644 qyy.txt [snow@tsrv3 qyy]$ git remote -v origin git://tsrv1.1000cc.net/qyy (fetch) origin git://tsrv1.1000cc.net/qyy (push) [snow@tsrv3 qyy]$ git push origin master fatal: remote error: access denied or repository not exported: /qyy

3.3 使用HTTP远程访问Git仓库

1) 在仓库主机上安装HTTPD并设定SSL(可选) [root@tsrv1 ~]# yum install httpd mod_ssl -y [root@tsrv1 ~]# cd /etc/pki/tls/certs [root@tsrv1 certs]# openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus (2 primes) ...............................+++++ .......+++++ e is 65537 (0x010001) Enter pass phrase: Verifying - Enter pass phrase: [root@tsrv1 certs]# openssl rsa -in server.key -out server.key Enter pass phrase for server.key: writing RSA key [root@tsrv1 certs]# openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BeiJing Locality Name (eg, city) [Default City]:BeiJing Organization Name (eg, company) [Default Company Ltd]:1000cc.net Organizational Unit Name (eg, section) []:tech Common Name (eg, your name or your server's hostname) []:tsrv1.1000cc.net Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@tsrv1 certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key \ -days 3650 Signature ok subject=C = CN, ST = BeiJing, L = BeiJing, O = 1000cc.net.cn, OU = tech, CN = tsrv1.1000cc.net Getting Private key [root@tsrv1 certs]# chmod 600 server.key 2) 配置HTTP [root@tsrv1 ~]# vim /etc/httpd/conf.d/ssl.conf # 修改85行为以下内容 SSLCertificateFile /etc/pki/tls/certs/server.crt # 修改93行为以下内容 SSLCertificateKeyFile /etc/pki/tls/certs/server.key 3) 配置GIT [root@tsrv1 ~]# vim /etc/httpd/conf.d/git.conf SetEnv GIT_PROJECT_ROOT /var/lib/git SetEnv GIT_HTTP_EXPORT_ALL ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/ <Location /git> Options ExecCGI AuthName "Git for HTTP" AuthType Basic AuthUserFile /etc/httpd/conf/.htpasswd Require valid-user </Location> [root@tsrv1 ~]# htpasswd -c /etc/httpd/conf/.htpasswd snow New password: Re-type new password: Adding password for user snow [root@tsrv1 ~]# mkdir /var/lib/git [root@tsrv1 ~]# systemctl enable --now httpd 4) 创建Git仓库 [root@tsrv1 ~]# cd /var/lib/git [root@tsrv1 git]# mkdir 1000cc [root@tsrv1 git]# cd 1000cc/ [root@tsrv1 1000cc]# git init --bare --shared Initialized empty shared Git repository in /var/lib/git/1000cc/ [root@tsrv1 1000cc]# chgrp -R apache /var/lib/git/1000cc 5) SELinux设定 [root@tsrv1 ~]# setsebool -P domain_can_mmap_files on [root@tsrv1 ~]# vim smart-git.te # create new module smart-git 1.0; require { type httpd_t; type httpd_var_lib_t; type git_sys_content_t; class file { create link map rename setattr unlink write }; class dir { add_name create remove_name rmdir setattr write }; } #============= httpd_t ============== allow httpd_t git_sys_content_t:dir { add_name create remove_name rmdir setattr write }; allow httpd_t git_sys_content_t:file { create link rename setattr unlink write }; [root@tsrv1 ~]# checkmodule -m -M -o smart-git.mod smart-git.te [root@tsrv1 ~]# semodule_package --outfile smart-git.pp --module smart-git.mod [root@tsrv1 ~]# semodule -i smart-git.pp 6) 客户单测试 [root@tsrv4 ~]# yum install git -y [root@tsrv4 ~]# su - snow [snow@tsrv4 ~]$ mkdir -v work mkdir: created directory 'work' [snow@tsrv4 ~]$ cd work/ [snow@tsrv4 work]$ git clone http://snow@tsrv1.1000cc.net/git/1000cc Cloning into '1000cc'... Password for 'http://snow@tsrv1.1000cc.net': # 输入.htpasswd所设定的密码 warning: You appear to have cloned an empty repository. [snow@tsrv4 1000cc]$ git config --global user.name "snowchuai" [snow@tsrv4 1000cc]$ git config --global user.email "snow@tsrv4.1000cc.net" [snow@tsrv4 1000cc]$ echo "test" > test.txt [snow@tsrv4 1000cc]$ git add test.txt [snow@tsrv4 1000cc]$ git commit test.txt -m "upload test.txt" [master (root-commit) 803267c] upload test.txt 1 file changed, 1 insertion(+) create mode 100644 test.txt [snow@tsrv4 1000cc]$ git remote -v origin http://snow@tsrv1.1000cc.net/git/1000cc (fetch) origin http://snow@tsrv1.1000cc.net/git/1000cc (push) [snow@tsrv4 1000cc]$ git push origin master Password for 'http://snow@tsrv1.1000cc.net': Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Writing objects: 100% (3/3), 221 bytes | 221.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To http://tsrv1.1000cc.net/git/1000cc * [new branch] master -> master [snow@tsrv4 1000cc]$ git ls-files test.txt

6.1 安装Gitolite

1) 安装及生成秘钥 [root@tsrv1 ~]# yum --enablerepo=epel install gitolite3 -y [root@tsrv1 ~]# su - gitolite3 -sh-4.2$ ssh-keygen -f ~/.ssh/gitadmin -q -N '' -sh-4.2$ gitolite setup -pk ~/.ssh/gitadmin.pub Initialized empty Git repository in /var/lib/gitolite3/repositories/gitolite-admin.git/ Initialized empty Git repository in /var/lib/gitolite3/repositories/testing.git/ -sh-4.2$ vim ~/.ssh/config host GitServer user gitolite3 hostname 192.168.10.21 port 22 identityfile ~/.ssh/gitadmin -sh-4.2$ chmod 600 ~/.ssh/config 2) 配置Gitolite -sh-4.2$ git config --global user.name "gitolite3" -sh-4.2$ git config --global user.email "gitolite3@tsrv1.1000cc.net" -sh-4.2$ git config --global push.default simple -sh-4.2$ git clone ssh://GitServer/gitolite-admin Cloning into 'gitolite-admin'... The authenticity of host '192.168.10.21 (192.168.10.21)' can't be established. ECDSA key fingerprint is SHA256:NV2D4a1Be3ggAhxKHsBLFYqIJt/Rq2FAKKGwrr4/fj4. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.10.21' (ECDSA) to the list of known hosts. remote: Enumerating objects: 6, done. remote: Counting objects: 100% (6/6), done. remote: Compressing objects: 100% (4/4), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done.

6.2 添加用户账号

1) 生成ssh秘钥，并将公钥传至git仓库所在的服务器上 [root@tsrv5 ~]# yum install git -y [root@tsrv5 ~]# su - snow [snow@tsrv5 ~]$ ssh-keygen -f ~/.ssh/id_snow -q -N '' [snow@tsrv5 ~]$ scp .ssh/id_snow.pub root@tsrv1.1000cc.net:~ 2) 添加账户 [root@tsrv1 ~]# mv id_snow.pub /var/lib/gitolite3/ [root@tsrv1 ~]# chown gitolite3. /var/lib/gitolite3/id_snow.pub [root@tsrv1 ~]# su - gitolite3 -sh-4.2$ ll total 16 drwxrwxr-x 5 gitolite3 gitolite3 4096 Apr 21 23:33 gitolite-admin -rw-r--r-- 1 gitolite3 gitolite3 575 Apr 21 23:43 id_snow.pub -rw------- 1 gitolite3 gitolite3 12 Apr 21 23:30 projects.list drwx------ 4 gitolite3 gitolite3 4096 Apr 21 23:30 repositories -sh-4.2$ mv id_snow.pub gitolite-admin/keydir/ -sh-4.2$ cd gitolite-admin/keydir/ -sh-4.2$ git add id_snow.pub -sh-4.2$ git commit -m "Add User snow" [master f8807e7] Add User snow 1 file changed, 1 insertion(+) create mode 100644 keydir/id_snow.pub -sh-4.2$ git push origin master Enumerating objects: 6, done. Counting objects: 100% (6/6), done. Delta compression using up to 2 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 820 bytes | 820.00 KiB/s, done. Total 4 (delta 0), reused 0 (delta 0) To ssh://GitServer/gitolite-admin c475e71..f8807e7 master -> master 3) 客户端验证 [snow@tsrv5 ~]$ vim .ssh/config host GitServer user gitolite3 hostname 192.168.10.21 port 22 identityfile ~/.ssh/id_snow [snow@tsrv5 ~]$ chmod 600 .ssh/config [snow@tsrv5 ~]$ git config --global user.name "snow" [snow@tsrv5 ~]$ git config --global user.email "snow@tsrv5.1000cc.net" [snow@tsrv5 ~]$ mkdir work [snow@tsrv5 ~]$ cd work/ [snow@tsrv5 work]$ git clone ssh://GitServer/testing Cloning into 'testing'... warning: You appear to have cloned an empty repository. [snow@tsrv5 work]$ ll total 4 drwxrwxr-x 3 snow snow 4096 Apr 21 23:49 testing [snow@tsrv5 work]$ cd testing/ [snow@tsrv5 testing]$ echo "test" > test.txt [snow@tsrv5 testing]$ git add test.txt [snow@tsrv5 testing]$ git commit test.txt -m "upload test.txt" [master (root-commit) 09d7a3f] upload test.txt 1 file changed, 1 insertion(+) create mode 100644 test.txt [snow@tsrv5 testing]$ git remote -v origin ssh://GitServer/testing (fetch) origin ssh://GitServer/testing (push) [snow@tsrv5 testing]$ git push origin master Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Writing objects: 100% (3/3), 216 bytes | 216.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To ssh://GitServer/testing * [new branch] master -> master [snow@tsrv5 testing]$ git ls-files test.txt

6.3 添加仓库

1) 查看现有仓库 -sh-4.2$ ll repositories/ total 8 drwx------ 8 gitolite3 gitolite3 4096 Apr 21 23:46 gitolite-admin.git drwx------ 7 gitolite3 gitolite3 4096 Apr 21 23:52 testing.git 2) 添加1000cc仓库 -sh-4.2$ vim ~/gitolite-admin/conf/gitolite.conf ...... ...... ...... ...... ...... ...... # 于文件最后添加如下信息，创建1000cc仓库并允许所有人访问 # R读,W写,+回退修订 repo 1000cc RW = @all -sh-4.2$ cd ~/gitolite-admin -sh-4.2$ git commit -a -m "Add 1000cc repos" [master fd889e8] Add 1000ccc repos 1 file changed, 3 insertions(+) -sh-4.2$ git push Enumerating objects: 7, done. Counting objects: 100% (7/7), done. Delta compression using up to 2 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (4/4), 380 bytes | 380.00 KiB/s, done. Total 4 (delta 0), reused 0 (delta 0) remote: Initialized empty Git repository in /var/lib/gitolite3/repositories/1000cc.git/ To ssh://GitServer/gitolite-admin f8807e7..fd889e8 master -> master 3) 确认1000cc仓库生成 -sh-4.2$ ll ~/repositories/ total 12 drwx------ 7 gitolite3 gitolite3 4096 Apr 21 23:57 1000cc.git drwx------ 8 gitolite3 gitolite3 4096 Apr 21 23:57 gitolite-admin.git drwx------ 7 gitolite3 gitolite3 4096 Apr 21 23:57 testing.git 4) 验证1000cc仓库可用性 [snow@tsrv5 ~]$ ssh GitServer info hello id_snow, this is gitolite3@tsrv1 running gitolite3 3.6.11-5.el8 on git 2.18.2 R W 1000cc R W testing [snow@tsrv5 mywork]$ git config --global user.name "snow" [snow@tsrv5 mywork]$ git config --global user.email "snow@tsrv5.1000cc.net" [snow@tsrv5 mywork]$ git clone ssh://GitServer/1000cc Cloning into '1000cc'... warning: You appear to have cloned an empty repository. [snow@tsrv5 mywork]$ cd 1000cc/ [snow@tsrv5 1000cc]$ echo "test" > test.txt [snow@tsrv5 1000cc]$ git add test.txt [snow@tsrv5 1000cc]$ git commit test.txt -m "upload test.txt" [master (root-commit) 50c696e] upload test.txt 1 file changed, 1 insertion(+) create mode 100644 test.txt [snow@tsrv5 1000cc]$ git remote -v origin ssh://GitServer/1000cc (fetch) origin ssh://GitServer/1000cc (push) [snow@tsrv5 1000cc]$ git push origin master Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Writing objects: 100% (3/3), 217 bytes | 217.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To ssh://GitServer/1000cc * [new branch] master -> master [snow@tsrv5 1000cc]$ git ls-files test.txt

6.4 访问控制

1) 设定snow具有qyy仓库的RW+权限 -sh-4.2$ cd ~/gitolite-admin/conf -sh-4.2$ vim gitolite.conf ...... ...... ...... ...... ...... ...... # 于文件最后追加如下内容 repo qyy RW+ = id_snow -sh-4.2$ git commit -a -m "Add qyy repos" [master 8f8cc92] Add qyy repos 1 file changed, 3 insertions(+) -sh-4.2$ git push Enumerating objects: 7, done. Counting objects: 100% (7/7), done. Delta compression using up to 2 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (4/4), 375 bytes | 375.00 KiB/s, done. Total 4 (delta 1), reused 0 (delta 0) remote: Initialized empty Git repository in /var/lib/gitolite3/repositories/qyy.git/ To ssh://GitServer/gitolite-admin fd889e8..8f8cc92 master -> master 2) 设定tech组对project仓库具有RW+权限 -sh-4.2$ cd ~/gitolite-admin/conf -sh-4.2$ vim gitolite.conf ...... ...... ...... ...... ...... ...... # 于文件最后追加如下内容 # 定义tech组的成员 @tech = id_snow id_lisa id_gzliu repo project RW = @tech -sh-4.2$ git commit -a -m "Change Permission for project" [master 8b67ee4] Change Permission for project 1 file changed, 5 insertions(+) -sh-4.2$ git push Enumerating objects: 7, done. Counting objects: 100% (7/7), done. Delta compression using up to 4 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (4/4), 438 bytes | 219.00 KiB/s, done. Total 4 (delta 0), reused 0 (delta 0) remote: Initialized empty Git repository in /var/lib/gitolite3/repositories/project.git/ To ssh://GitServer/gitolite-admin dd760cb..8b67ee4 master -> master 3) 设定相关的账户或组对应project2仓库的相关分支 -sh-4.2$ cd ~/gitolite-admin/conf -sh-4.2$ vim gitolite.conf ...... ...... ...... ...... ...... ...... # 于文件最后追加如下内容 # 定义tech组成员资格 @tech = id_snow id_lisa @tech2 = id_gzliu id_lily repo project2 //* 所有账户均有R权限 R = @all //* 账户lynn对project2仓库具有RW权限 RW = id_lynn //* tech2组对project2仓库的develop分支具有RW权限 RW develop = @tech2 //* tech组对project2仓库的ops分支具有RW权限 RW ops = @tech -sh-4.2$ git commit -a -m "Change Permission for project2" [master 70da8b7] Change Permission for project2 1 file changed, 8 insertions(+) -sh-4.2$ git push Enumerating objects: 7, done. Counting objects: 100% (7/7), done. Delta compression using up to 4 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (4/4), 494 bytes | 494.00 KiB/s, done. Total 4 (delta 0), reused 0 (delta 0) remote: WARNING: syntax error, ignoring: 'R+ = id_lynn' remote: Initialized empty Git repository in /var/lib/gitolite3/repositories/project2.git/ To ssh://GitServer/gitolite-admin 39e981a..70da8b7 master -> master