Private GIT server on AWS

Source code control is essential for LDC and something we have to keep up to date on, GIT is currently the ‘IN’ flavor of source control , and while places like GITHUB make it very easy, quite a few of our clients simply wont allow their source code on a none dedicated/personally secured OS instance (also once you start to get in to LDC’s number of current and previous projects/repositories, a dedicated server is cheaper) . so it was time to build a new dedicated GIT server on AWS (using their “Amazon Linux” base build, which is built off CentOS)

NOTE: this is a document in progress
TODO: create a persistent data area and mount point for storing the repositories (in case the instance gets terminated)
TODO: store this back as a AMI in case of loss of instance

1) we build a new instance via the “Launch Instance” wizard at https://console.aws.amazon.com/ec2 using the following options ( I’m only stipulating options that might need changing)

AIM: Quick Start – “Basic 32-bit Amazon Linux AMI”
Instance Type: “micro” (no need for power for this and we want to keep it cheap)
Termination Protection: YES (goodness knows when this is not set as default)
TAG: NAME – “LDC GIT Server”
Key Pair: “LDCdev” ( we already have a key pair for dev work, but you might need to create on, if you do, remember where you put your private key file (*.pem) as you’ll be screwed if you loose it)
Firewall: create a new “security group” containing: SSH, HTTP, HTTPS and TCPIP: 9148

2) Now we have a launched EC2 instance, lets log on via SSH (linux and Mac boys will find this bit easy, windows users, may I recommend PuTTY)

ssh -i LDCdev.pem ec2-user@xxx.xxx.xxx.xxx

you note, you have to provide a user of “ec2-user” rather than “root” as root wont work, and you have to provide the private key file you stipulated when you launched the instance. with the xxx.xxx.xxx.xxx, we use an ip address as we use the elastic IP address function, if you are not using that then you will need to use the public DNS that amazon provides ( select your running instance and on the “description” tab below, you will find it near the bottom, it will look something like “ec2-50-55-94-157.compute-1.amazonaws.com”)

if you get an error on log-on regarding your private key being too open, you have to secure it better at file level on your client machine, in Linux you do it like this

chmod 400 LDCdev.pem

3) now we start to install git, thankfully amazon Linux has a version of git built into our repository, so all you need to do it enter

sudo yum install git

next create the user that will store the repositories

sudo useradd -m -d /home/git -u 1005 git

and set its password

sudo passwd git

4) and a second user so we can create RSA key pair (GIT uses security keys rather than passwords)

sudo useradd -d /home/gitolite-admin gitolite-admin

sudo passwd gitolite-admin

su – gitolite-admin

ssh-keygen

follow the instructions and remember to pick a good password

Copy this key somewhere public on the server so we can get to it later

cp ~/.ssh/id_rsa.pub /tmp/gitlite-admin.pub

exit

5) next install gitolite(which I prefer to gitosis) to handle the repository management, we cant use yum for this as its not in the amazon repositories

git clone git://github.com/sitaramc/gitolite
cd gitolite
src/gl-system-install

now as the git user

su – git
gl-setup /tmp/gitlite-admin.pub

6) Now you will be taken take to the config document in vi, just exit

exit

7) At this point the oddities of git on AWs should be done and we can move over to the formal gitolite documentation at http://sitaramc.github.com/gitolite/doc/2-admin.html

Old Comments
————

##### Mark Myers(30/05/2011 23:27:55 GDT)
i expect we will be using the SSL, as we often provide the client direct access to their source code it will be better, i will keep updating this document to make it a good guide so if you have any updates you want let me know (ill try integrating egit with domino eclipse and see what happens

##### Nathan T. Freeman(30/05/2011 23:09:10 GDT)
Mark, thanks for this. GIT is a killer SCM, and we’ve been working to get an internal implementation running with gitolite as well.

Are you using the simple strategy of creating SSH accounts for each user, or have you tried using gitolite’s more elaborate identity control techniques with SSL?

Also, if you want to integrate git control with Domino projects, you might find this handy: { Link }

Leave a Reply

Your email address will not be published. Required fields are marked *