Gitblit on CentOS 7

     

Preamble

If you need a reliable yet versatile Git server, Gitblit is for you. It’s super easy to setup, to upgrade, to migrate, to customize, to modify. It uses JGit so your server doesn’t even have to have Git installed. The configuration file’s options are well documented. It has LDAP authentication built-in. It provides you with Groovy scripts for the Git hook mechanism. It allows you to create tickets, a service very similar to GitHub’s pull requests. The maintainer’s one of the most helpful guys I’ve ever met and is super responsive when it comes to bugs. The list goes on and on, I recommend you to just check it out and see if it fits your needs. So without further ado, let’s get into it!

CentOS

As always, perform a minimal install. I recommend using the following partitions:

  • /boot: 1GB, standard
  • swap: 500MB, LVM
  • /: rest, LVM

I recommend ext4. After the installaltion’s complete, perform an initial update:

yum update

Verify your timezone and correct it if needed (change path according to your location):

timedatectl
timedatectl set-timezone Your_Continent/Your_City

Then reboot.

Certificates

Get a Windows workstation (of course, you can do this on Linux, too, but YMMV then). Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 and copy the 2 JARs to jre7\lib\security in your JAVA_HOME (overwrite the existing JARs).

Download the Gitblit GO ZIP and start a cmd in the extracted root directory.

set PATH=%PATH%;c:\Program Files (x86)\Java\jre7\bin
java -cp gitblit.jar com.gitblit.authority.Launcher --baseFolder data

Provide data for defaults, Site name and Validity will suffice. Press OK, then create a new server SSL certificate as well. Make sure the expirity date is long enough. Copy the generated files to the CentOS server (you’ll put them in place later):

  • data\certs\authority.conf
  • data\certs\ca.cer
  • data\certs\caKeyStore.p12
  • data\certs\caRevocationList.crl
  • data\serverKeyStore.jks
  • data\serverTrustStore.jks

Gitblit

Install the JRE:

yum install java-1.7.0-openjdk-headless

Download and install Gitblit GO, then separate the data directory from the install path for easier upgrades:

export GITBLIT_VERSION=1.6.2
wget http://dl.bintray.com/gitblit/releases/gitblit-${GITBLIT_VERSION}.tar.gz
mkdir /opt/gitblit-${GITBLIT_VERSION}
tar xf gitblit-${GITBLIT_VERSION}.tar.gz -C /opt/gitblit-${GITBLIT_VERSION}
cd /opt
ln -s gitblit-${GITBLIT_VERSION} gitblit
mv /opt/gitblit-${GITBLIT_VERSION}/data /opt/gitblit-config
cd /opt/gitblit
ln -s ../gitblit-config data

Also copy the 6 files you generated in the previous step to their appropriate directories under /opt/gitblit-config.

Temporarily enable port 8443 (the default Gitblit HTTPS port) to be accessible through the firewall:

firewall-cmd --add-port=8443/tcp

Test the installation:

java -jar gitblit.jar --baseFolder data

If it works correctly, enable port 80 (the regular HTTP port) to be accessible through the firewall:

firewall-cmd --add-service http --permanent
systemctl restart firewalld.service

Or if you need something other than port 80:

firewall-cmd --add-port 12345 --permanent
systemctl restart firewalld.service

Now set up and customize the installation via gitblit.properties – the options are well documented. Once done, install the Gitblit systemd unit.

Note: if you’re using anything below Gitblit 1.7, use the Git version of install-service-fedora.sh coz it contains crucial fixes.

/opt/gitblit/install-service-fedora.sh

Open /etc/sysconfig/gitblit and modify the GITBLIT_HTTP_PORT and/or GITBLIT_HTTPS_PORT settings according to your needs. If you’re willing to run Gitblit on a port lower than 1024, also open /etc/systemd/system/gitblit and modify it like this:

[Service]
User=root
Group=root

Otherwise create the gitblit user and group:

useradd --home-dir /opt/gitblit --shell /sbin/nologin --user-group --system gitblit

Then reload the unit file and restart Gitblit:

systemctl daemon-reload
systemctl restart gitblit.service

At this point, your Gitblit installation should be complete.

Repo export

In case you need to export the Git repos via NFS (so that Redmine can integrate with them, for example), you’ll have to install the NFS server:

yum install nfs-utils

Then create a new folder for the exports:

mkdir -p /nfs/git

Now the actual repos need to be available here, so make a bind mount:

mount --bind /opt/gitblit-config/git /nfs/git

Also make sure that anonymous users (i.e. NFS clients) will be able to read it (this will change the permissions on the actual repos):

chmod -R 0775 /nfs/git

Add the mount to /etc/fstab so that it will be mounted automatically upon boot:

/opt/gitblit-config/git /nfs/git none bind 0 0

Set up the NFS exports via /etc/exports:

/nfs/git redmine.foo.bar(ro,insecure,sync,wdelay,no_subtree_check,nohide,all_squash)

Open the required ports on the firewall:

firewall-cmd --add-port=111/tcp --permanent
firewall-cmd --add-port=111/udp --permanent
firewall-cmd --add-port=2049/tcp --permanent
firewall-cmd --add-port=2049/udp --permanent
systemctl restart firewalld.service

Finally, restart the NFS server so that the changes get applied. Also, start it automatically upon boot:

systemctl restart nfs-server.service
systemctl enable nfs-server.service

And that’s it, now you should be able to mount the export on the other end with an fstab entry like this:

scm.foo.bar:/nfs/git /opt/git nfs4 auto 0 0

Upgrade

Upgrading Gitblit is rather simple. Check out the new and removed settings in gitblit.properties (these should be mentioned in the release notes) and update your own file accordingly. Then

  • Download the new Gitblit tarball and extract it to /opt/gitblit-VERSION.
  • Remove the stock data folder and create a symlink to ../gitblit-config.
  • Stop the Gitblit service with systemctl stop gitblit.service.
  • Replace gitblit.properties with your new, updated file.
  • Modify the /opt/gitblit symlink to point to the new release.
  • Start the Gitblit service with systemctl start gitblit.service.