Moving a Gitosis Setup
We’ve done a server shuffle here and now that the dust has settled a bit, I’ve got to get out Gitosis repository back online.
To make things more interesting, I also changed the name of the user under which the whole setup is running. Long story short; create a user in cPanel to be your Gitosis user rather than creating just a unix user with useradd so that the user can be moved etc. using the handy cPanel tools. My original user almost got stranded on the old server since he didn’t show up in any of the cPanel tools I was using to move hosting accounts.
So, on the new server (as per the old post :
# cd /usr/local/src # git clone git://eagain.net/gitosis.git # cd gitosis # python setup.py install Traceback (most recent call last): File "setup.py", line 2, infrom setuptools import setup, find_packages ImportError: No module named setuptools
I downloaded ez_setup.py from the Peak website and rather than try to remember anything about how to set it up, I just took the two lines at the top of ez_setup.py and stuck’em into the gitosis setup.py per the instructions at the top of ez_setup.py and reran setup.py.
When I moved servers, I created a cPanel user with a new name, git_new, different from the one on the old server and copied all the Gitosis stuff into their home directory.
The trick is to get the gitosis setup to recognize everything in its new home and getting at it from my local machine. I’m not comfortable manually twiddling any of the files in the git setup since I’m not 100% sure what’s what so I’ll start by trying to checkout the Gitosis configuration to my local work area.
Since I’ve already created the user in cPanel, I’ll have to figure out how to make sure they’re not able to login by password but for now, I’m just going to get gitosis installed and initialized.
Before I do anything crazy, I’m going to make a quick copy of my original repositories. They’re in /home/git_new/repositories so I just quickly make a backup with:
# cp -r /home/git_new/repositories /home/git_new/repositories-2009-03-06.bak
I always put the date in backups so that I know when I was messing with something. File dates are unreliable since file changes change dates and it’s not easy to see when something was created. This keeps things straight with very little effort.
I copied my id_rsa.pub key from my main machine up to the /tmp directory on the new server and ran:
# sudo -H -u git gitosis-init < /tmp/id_rsa.pub
I got an error doing this because the /home/git_new/gitosis directory wasn't owned by the git_new user but after fixing that up with:
cd /home/git_new chown -R git_new:git_new gitosis repositories
everything went fine.
Now rerunning the gitosis-init works just fine printing out the "Reinitializing..." message twice as documented.
Unfortunately, the original instructions used the --disabled-password switch on adduser which can't be used here since the user was created through cPanel and neither cPanel's Password Modification or the command line passwd utility can set a disabled password.
After poking around for a while, I finally just dumped the contents of /etc/shadow and saw that, for all the usually disabled accounts, the shadow password was set to !!. I manually edited /etc/shadow, poked in that password, and off we went.
This leaves the user unable to login via password, but they can still login using an ssh key which is exactly what we want. According to shadow(5),
If the password field contains some string that is not valid result of
crypt(3), for instance ! or *, the user will not be able to use a unix
password to log in, subject to pam(7). There are some intricacies and stupidity in the exact configuration and who can login which way but we don't need to go there for this purpose.
NOTE: You can also globally disable password authentication in the ssh server but that's not what we needed here either.
The next step, following my own instructions, is to attempt to clone the configuration repository with:
# git clone git_new@my.hostname.com:gitosis-admin
resulting in:
fatal: protocol error: bad line length character
Fooey.
Googling around lead to the Git FAQ entry on that error.
Following the instructions there, I just tried ssh'ing in as the user to execute a simple command with:
# ssh git_new@my.hostname.com echo testing commands Shell access is not enabled on your account!
I had forgotten to enable shell access on the account (it's off by default in my cPanel setup since it's a security risk and so few hosting clients actually need it). If I had gotten stucker I would have used ssh's -v parameter to get verbose output to see where things were falling down.
I went into cPanel and enabled shell access for the account and voilĂ , out came my stuff!
Since I left my repositories in place in the /home/git_new/repositories directory I was hoping to just be able to check them out normally.
I always create a test repository, available to everyone who has any privileges on any repository, so that we can quickly establish connectivity to the server before messing around with specific privileges on any particular project.
So, the quickest test for a new repository is to just try:
# git clone git_new@my.hostname.com:test
And, since it hadn't clobbered any of my original settings when I reinitialized gitosis, I'm right back in business!
NOTE: Just for fun, I tried to use some of my checkouts from the old repositories, just to see how hard it would be. A simple git pull or git push didn't work and failed in a strange and not worth repeating sort of way.
Just edit the checkout's .git/config and change the [remote "origin"] section's url variable to the current user name and repository hostname and everything seems to work perfectly.