Staging gitolite (draft)

Jo-Philipp Wich jo at mein.io
Mon May 2 09:50:37 EDT 2016


Hi Ted,
> We cannot use the current 'git' user and /home/git on ff0 (git.lede-project.org)
> as currently configured. I can either create a new user for gitolite or re-work
> the current 'git' account to conform to gitolite requirements.

I'd favor reworking the existing account to meet the gitolite requirements.

> After switching over to gitolite, there will be SSH access to the 'git' user for
> purposes of gitolite management and repo access under gitolite ACLs. SSH access
> control to gitolite requires a gitolite user-id (not a system user-id) and a
> public key setup.
> 
> gitolite management is through the gitolite-admin git repo via git access to the
> admin acct/group (seems a bit recursive). If there is interest for the ability
> to create git repos remotely through gitolite, it is possible to grant that
> capability to selected users. 

Having that self-service capability would be great, considering the fact
that we wanted per-user staging repos.

> HTTP/HTTPS read-only access will continue to available via gitweb/nginx as now.

Great.

> Deployment plan:
> 
>    1. Install gitolite3 on ff0 from Ubuntu dist (or from source if necessary)
>    2. Import current LEDE git repos into gitolite3 (temp for testing only)
>    3. Setup gitolite members, users, notifications.
>    4. Enable gitweb/HTTP access
>    5. Test (volunteers?)
>    6. Schedule downtime to switch over to the live repos (re-import current
>       versions) and gitolite accounts.

That sounds good to me, what would be the best time for you to do the
switch? Can we somehow take an existing gitolite installation and switch
it to another uid or do we need to rebuild the setup from scratch?

> To Do:
>  * Investigate/setup HTTPS access with  authentication through gitolite
>    ACL control (if desired).

I don't think we need that - imho the HTTP/HTTPS transport should only
be used for anonymous and readonly cloning.

>  * Setup ability for sending automatically genererated emails per repo.

I suppose we need an SMTP smart host for that? There is none right now
but we could just use a gmail account.

>  * Enable and configure other desired gitolite features.

We'll see what features we could use once the base system has been set
up but I think the core feature set already covers most of our use cases.


Regards,
Jo




More information about the openwrt-adm mailing list