So now the Slice is setup and ready for our Ruby on Rails with Capistrano stack.
Let's get straight on and install git and set up a repository.
What we're going to do is securely setup a git repository under it's own user account. Then we will secure the shell on this account, allowing us to give others access to the repository using standard SSH keys without them having full shell access to the Slice.
The only assumptions made for these articles are:
1: You are running Ubuntu Hardy (The instructions may work on other distros but it has not been tested and is not guaranteed)
First things first, let's install git on our Slice.
sudo aptitude install git-core
Setting up the git user
Now we will set up a special user account to hold the git repository.
sudo adduser git
Let's setup SSH keys for the new git user. If you followed along with page 1 and page 2 of our Ubuntu Hardy articles, this step will be very familiar to you. Since our public key is already on the Slice though, we can just copy it over.
Switch to our git user, create the necessary SSH directories and set the proper permissions.
sudo su git cd /home/git mkdir .ssh chmod 700 .ssh exit
Copy our authorized_keys file from our user account to our git user account and ensure that it's owned by the git user.
sudo cp /home/demo/.ssh/authorized_keys /home/git/.ssh/ sudo chown git.git /home/git/.ssh/authorized_keys
If you followed along with page 1 and page 2 of the Hardy articles, you'll recall that we disallowed SSH access to all but our main user in our sshd_config. We'll need to add the git to the list of allowed users, as our repository will be using SSH to communicate with our client.
Open up your sshd config.
sudo nano -w /etc/ssh/sshd_config
Find the "AllowUsers" line and add our git user to the list.
AllowUsers demo git
Reload the SSH config.
sudo /etc/init.d/ssh reload
Let's make sure that we can properly establish an SSH connection using the git user now. From your local machine:
ssh -p 30000 git@YOUR-SLICE-IP
Change the "30000" to whatever port you're using for ssh and YOUR-SLICE-IP to, well, your slice's IP address. The default SSH port, if you haven't changed it, is 22, but you should have changed it to something else if you followed our tutorials to set up your slice.
You should connect fine at this point.
Great! Now that the git user is set up, we want to create our first repository.
Creating a Repository
We are going to do this work as the git user so that we don't have to fiddle with permissions when we are done.
Now we want to create a directory in the git users home, this will be the name of the repository. For the sake of example, I will just call this repo "project1"
cd /home/git mkdir project1 cd project1
Let's initialize that directory to be a bare git repo and exit out of the git user.
git --bare init exit
We just created our first git repository! Easy, huh?
Restricting shell access for the git user
In the future, we may want to add more keys to our authorized_keys file to grant access to the repo for others. However, we don't want these users to have SSH access to our server - so we are going to use a special tool called "git-shell" to restrict the access that the git user has.
First, open up /etc/passwd in your favorite text editor.
sudo nano /etc/passwd
Find the line the git user we added is on, it should read something like this (note that the user ID and group ID numbers may differ on your Slice, you should not touch those values):
Note that the "/bin/bash" means that this user gets a bash shell when SSH'ing into the Slice. This is generally the default shell for most distributions and is the heart of your interactions with the command line.
Let's change the "/bin/bash" to "/usr/bin/git-shell"
Now it should read something like this:
Now, if someone successfully SSH's into your Slice as the git user, they will be forced to use the git-shell. The git shell is specially designed to restrict access. Let's see what happens when we attempt to SSH in as the git user now.
From your local machine:
ssh -p 30000 git@YOUR-SLICE-IP
You should see the following output.
fatal: What do you think I am? A shell? connection to [YOUR-SLICE-IP] closed.
Excellent! Now the git user we created is secured and will not be able to SSH into your Slice.
Let's move on.
Making your first commit
Now that we've got our repository setup and our git user secured, we want to make our first commit to the repository. The first commit requires a bit of work, but you only need to do this once. After that, committing and pushing to the repository is a breeze.
At this point you will want to make sure that you have git installed on your client machine, as that is where we will be running the following commands from.
Make a new folder on your system wherever you'd like to keep your project files. Again, I will call this "project1"
Initialize the new folder as a git repository.
cd project1 git init
Create a new file or files to add to the repo.
Add all files in this folder to the repo.
git add .
Commit the files we just added.
git commit -m "added hello.txt"
Note that the -m and the text that follows is simply the message that gets logged about that commit. Generally you will want that to relate to what you just committed in some way in case you ever need to go searching for when a particular change was made.
Add the remote origin.
git remote add origin ssh://git@YOUR-SLICE-IP:30000/path/to/project1
Again you'll want to substitute your SSH port number and slice IP address above. You'll also need to specify the full path to your git project repository at the end of the line there.
Now, let's push our changes to the repo.
git push origin master
Wow! We have accomplished quite a bit so far.
Now our repo is set up and ready to be cloned. Let's delete the "project1" folder we made on our local machine (as that was just temporary) but required to complete some of the work. Then we will 'clone' our remote repo back down to our workstation.
On your local machine:
rm -rf project1 git clone ssh://git@YOUR-SLICE-IP:30000/path/to/project1
That's it! We now have a fully functioning git repository on our Slice and we've pulled a clone of it down to our local machine.
For a list of the common git commands you'll want to familiarize yourself with, run this command on your local machine.