ChiliProject is not maintained anymore. Please be advised that there will be no more updates.
We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.
HowTo configure ChiliProject for advanced git integration¶
This HowTo was written for Redmine and will need some adjustments to ChiliProject over time. For example, the perl module is still named Redmine.pm
but will be renamed to ChiliProject.pm
at a later time.
Scope¶
This HowTo explains how to serve git repositories on apache through the http-based git-smart-http protocol introduced in git 1.6.6. The git-smart-http offers various advantages over ssh or git-based access: you can use redmine access control as-is, no need for extra ssh keys or whatnot, you can secure it through SSL as needed, and there's generally less problems with firewalls and http/https ports than exist with ssh and git ports. git-smart-http also doesn't have some of the drawbacks of its "dumb" predecessor as it doesn't require any complex DAV setup.
This HowTo is mainly written from memory and was conducted on a setup which was already serving svn repositories integrated with redmine, it might be possible that I forgot some things or take them for granted. This is a wiki page, feel free to correct or amend anything you find lacking :-) You can also drop me a line.
Another option to integrate git-smart-http with redmine is the modified grack+redmine plugin or any other grack modified for redmine, though those ones lack documentation and I haven't tried them, so I can't say much about them.
Prerequisites¶
- Apache with mod_perl (for access control)
- git (version at least 1.6.6, 1.7.0 or later preferred)
- A way to serve git-smart-http
- mod_cgi (or mod_cgid) if you want to use the stock git-http-backend
- a rack server if you want to use grack (basically a rack wrapper around the right git commands)
You should already have a rack server to run redmine, that's why I chose grack as the backend and which I will describe in this tutorial. Using the stock git-http-backend should be quite straightforward though (skip the grack installation part and get your install with the git-http-backend going (the git-http-backend manpage has some examples), when that's done go on with the access control part).
Install grack¶
Get the sources¶
Fetch grack from its github repository, I checked out mine to /var/www/git.myhost.com
:
1git clone http://github.com/schacon/grack.git /var/www/git.myhost.com
Configuration¶
Edit the config.ru
file and adapt it to your local configuration. project_root
must contain the path to the directory containing your git repositories, git_path
must obviously contain the path to the git, mine looks like this (on gentoo):
1$LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__) + '/lib')
2
3use Rack::ShowExceptions
4
5require 'git_http'
6
7config = {
8 :project_root => "/var/git/git.myhost.com",
9 :git_path => '/usr/libexec/git-core/git',
10 :upload_pack => true,
11 :receive_pack => true,
12}
13
14run GitHttp::App.new(config)
Integrate with Apache¶
You could obviously use any rack server you like at this point, but the access control mechanism Redmine.pm
is written for apache with mod_perl, so you will at least need to reverse proxy your rack server through apache. My rack server of choice is passenger (solid performance, apache module, mostly simple configuration) and it is already configured on my system. As passenger installation and configuration is not within the scope of this HowTo, please refer to the passenger documentation or to the passenger installation guide from your distribution.
There's a little more work to do here to get passenger to work with this, you will need to create the directories public
and tmp
in the grack directory. Please also be aware that in the standard configuration, passenger will run the grack application with the same user and group owning the config.ru
file. This user must have read- and write-access as needed to the git repositories!
The last step is to configure an apache vhost to serve the application:
1<VirtualHost yo.ur.i.p:80>
2 ServerName git.myhost.com
3
4 ServerAdmin root@myhost.com
5 DocumentRoot "/var/www/git.myhost.com/public"
6
7 <Directory "/var/www/git.myhost.com/public">
8 Options None
9 AllowOverride None
10 Order allow,deny
11 Allow from all
12 </Directory>
13</VirtualHost>
At this point, if you have a repository in /var/git/git.myhost.com/myrepo
, you should be able to access it through http://git.myhost.com/myrepo
, for example git ls-remote http://git.myhost.com/myrepo
should show you some information about the repository.
Access control¶
You now have a working git-smart-http server, albeit with no access control. The shipped perl module for access control Redmine.pm
(in extra/svn/
in your ChiliProject directory) does support access control for the git-smart-http protocol from 1.2.0 (commit 9fe45cf to be exact) onwards.
Copy or link Redmine.pm
(from your extra/svn/
directory) to /usr/lib/perl5/Apache/Redmine.pm
or wherever your distribution puts its apache perl modules (e.g. gentoo puts them in /usr/lib64/perl5/vendor_perl/5.8.8/Apache/
) (this step obviously isn't needed if you have it installed for svn access control already). Having done that, reload apache to make sure everything in the patching phase went well and edit your vhost configuration to look somewhat like that (same as above but with more stuff):
1<VirtualHost yo.ur.i.p:80>
2 ServerName git.myhost.com
3
4 ServerAdmin root@myhost.com
5 DocumentRoot "/var/www/git.myhost.com/public"
6
7 PerlLoadModule Apache::Redmine
8
9 <Directory "/var/www/git.myhost.com/public">
10 Options None
11 AllowOverride None
12 Order allow,deny
13 Allow from all
14 </Directory>
15
16 <Location "/">
17 AuthType Basic
18 AuthName "ChiliProject git repositories"
19 Require valid-user
20
21 PerlAccessHandler Apache::Authn::Redmine::access_handler
22 PerlAuthenHandler Apache::Authn::Redmine::authen_handler
23
24 ## for mysql
25 RedmineDSN "DBI:mysql:database=databasename;host=my.db.server"
26 ## for postgres
27 # RedmineDSN "DBI:Pg:dbname=databasename;host=my.db.server"
28 ## for SQLite3
29 # RedmineDSN "DBI:SQLite:dbname=database.db"
30
31 RedmineDbUser "redmine"
32 RedmineDbPass "password"
33 RedmineGitSmartHttp yes
34 </Location>
35</VirtualHost>
Reload your apache, and everything should be good and well :-)
Add a repository¶
The repository has to be added by hand at /var/git/git.myhost.com/myrepo
It should belong to the user www-data (on debian). If the access rights are wrong no pushing is possible and you will
get
error: unpack failed: unpack-objects abnormal exiterrors if you try to push data.
There is a script called reposman.rb which can automatically create repositories if called periodically.
The repository has to be created or cloned with the --bare option.
cd /var/git/git.myhost.com/ mkdir myrepo cd myrepo git --bare init cd .. chown -R www-data:users myrepo
Configure your project to access the repository¶
In the project settings, select Repository. Then select GIT as the SCM and
enter the path /var/git/git.myhost.com/myrepo as the path to your repository directory.
The name "myrepo" has to correspond to the project identifier for access control to work correctly.
Also, the user needs repository access rights. These can be granted by giving the user a role in the project which provides repository read or write access.
Public projects have read access for everyone.
Access the repository remotely¶
git ls-remote http://git.myhost.com/myreposhould work without asking for the password for public projects. For private projects it should ask for the
login name and the password. All other git commands like
git clone http://git.myhost.com/myreposhould work as well.
If you have big files in your repository, it also makes sense to increase the http post buffer. Otherwise git hangs during the push process. This is how to set it to 500 MB:
git config http.postBuffer 524288000
Known issues¶
Currently none…