Tag Archives: debian

Ansible: Installing and configuring Gitolite using Ansible for secure Git repository management

Reply
Rate this post

Gitolite provides a way to manage Git repositories, control access to those repositories, and maintain a central configuration using simple configuration files and SSH keys.

Automating Gitolite Installation with Ansible

The Ansible tasks outlined in this article are designed to simplify the installation and configuration of Gitolite on your server. These tasks can automatically handle the entire setup process, including prerequisites like installing necessary packages and configuring system users and groups.

This automation significantly reduces the risk of human error and ensures a consistent setup across different environments.

The Ansible tasks:

---
# Automating Gitolite Installation with Ansible
# License: MIT
# Author: James Cherti
# URL: https://www.jamescherti.com/ansible-install-gitolite-linux/

- name: Install Gitolite
  block:
    - name: Check if the Operating System is supported
      fail:
        msg: "Operating System family is not supported: {{ ansible_os_family }}"
      when: ansible_os_family not in ["Debian", "RedHat"]

    - name: Install Gitolite on Debian-based Systems
      apt:
        name: gitolite3
      when: ansible_os_family == "Debian"

    - name: Install Gitolite on RedHat-based Systems
      yum: name=gitolite3
      when: ansible_os_family == "RedHat"

    - name: Create Gitolite system group
      group:
        name: "{{ gitolite_group }}"
        system: true

    - name: Create Gitolite system user
      user:
        name: "{{ gitolite_user }}"
        group: "{{ gitolite_group }}"
        home: "{{ gitolite_home }}"
        shell: "{{ gitolite_shell }}"
        create_home: true
        system: true

    - name: Ensure Gitolite home directory exists with proper permissions
      file:
        state: directory
        path: "{{ gitolite_home }}"
        owner: "{{ gitolite_user }}"
        group: "{{ gitolite_group }}"
        mode: 0700

- name: Configure Gitolite SSH key
  block:
    - name: Generate Gitolite SSH key pair if it does not exist
      become: true
      become_user: "{{ gitolite_user }}"
      command: ssh-keygen -t rsa -b 4096 -f {{ gitolite_ssh_key_path | quote }} -N ""
      args:
        creates: "{{ gitolite_ssh_key_path }}"

    - name: Set permissions for the Gitolite .ssh directory
      file:
        path: "{{ gitolite_ssh_directory }}"
        owner: "{{ gitolite_user }}"
        group: "{{ gitolite_user }}"
        mode: 0700

    - name: Set permissions for the SSH public key
      file:
        path: "{{ gitolite_ssh_key_path }}.pub"
        owner: "{{ gitolite_user }}"
        group: "{{ gitolite_user }}"
        mode: 0644

    - name: Set permissions for the SSH private key
      file:
        path: "{{ gitolite_ssh_key_path }}"
        owner: "{{ gitolite_user }}"
        group: "{{ gitolite_user }}"
        mode: 0600

- name: Setup Gitolite
  block:
    - name: Initialize Gitolite with the admin public key
      become: true
      become_user: "{{ gitolite_user }}"
      command:
        argv:
          - "gitolite"
          - "setup"
          - "-pk"
          - "{{ gitolite_ssh_public_key_path }}"
      args:
        creates: /var/lib/gitolite/repositories/gitolite-admin.gitCode language: YAML (yaml)

The required Ansible variables: 

---
# Automating Gitolite Installation with Ansible
# License: MIT
# Author: James Cherti
# URL: https://www.jamescherti.com/ansible-install-gitolite-linux/

gitolite_user: gitolite
gitolite_group: gitolite
gitolite_shell: /bin/bash
gitolite_home: "/var/lib/{{ gitolite_user }}"
gitolite_ssh_directory: "{{ gitolite_home }}/.ssh"
gitolite_ssh_key_path: "{{ gitolite_ssh_directory }}/id_rsa"
gitolite_ssh_public_key_path: "{{ gitolite_ssh_directory }}/id_rsa.pub"Code language: YAML (yaml)

Related links

Installing Debian from another Linux Distribution such as Gentoo or Arch Linux

Reply
Rate this post

There are various scenarios in which one might need to install a Debian-based system (e.g., Debian, Ubuntu, etc.) from another distribution (e.g., Arch Linux, Gentoo, etc.). One common reason is when a user wants to set up a Debian-based system alongside an existing distribution. This could be for the purpose of testing software compatibility, development, or simply to have a dual-boot.

A Debian-based distribution can be installed from any other distribution (e.g. Arch Linux, Gentoo…) using debootstrap. The debootstrap command-line tool allows installing a Debian or Ubuntu base system within a subdirectory of an existing, installed system. Unlike traditional installation methods using a CD or a USB Key, debootstrap only requires access to a Debian repository.

Step 1: Create a new LVM partition, format it, and mount it

# Create the root LVM partition
lvcreate  -L 20G -n debian_root VOL_NAME

# Format the partition
mkfs.ext4 /dev/VOL_NAME/debian_root

# Mount the partition
mkdir /mnt/debian_root
mount /dev/VOL_NAME/debian_root /mnt/debian_rootCode language: plaintext (plaintext)

Step 2: Install the debootstrap command-line tool

On Arch Linux, debootstrap can be installed using:

sudo pacman -Sy debian-archive-keyring debootstrapCode language: plaintext (plaintext)

On Gentoo, it can be installed using:

sudo emerge -a dev-util/debootstrapCode language: plaintext (plaintext)

Step 3: Install the Debian base system

Use the debootstrap command to install Debian into the target directory:

debootstrap  --arch=amd64 stable /mnt/debian_root http://deb.debian.org/debianCode language: plaintext (plaintext)

You can replace stable with another Debian release like testing or unstable if desired. You can also add the flag --force-check-gpg to force checking Release file signatures.

In the above example, it will install the Debian-based system from the repository http://deb.debian.org/debian into the local directory /mnt/debian_root.

Step 4: Chroot into the Debian system

Since you are installing a Debian-based system inside another distribution (Arch Linux, Gentoo, etc.), you’ll need to ensure that the directory where the Debian system is mounted is ready. You can achieve this by mounting certain directories and chrooting into the Debian system:

sudo mount --bind /dev /mnt/debian_root/dev
sudo mount --bind /proc /mnt/debian_root/proc
sudo mount --bind /sys /mnt/debian_root/sys
sudo mount --bind /boot /mnt/debian_root/boot
sudo cp /etc/resolv.conf /mnt/debian_root/etc/resolv.conf
sudo cp /etc/fstab /mnt/debian_root/etc/fstab
sudo chroot /mnt/debian_root /bin/bash -lCode language: plaintext (plaintext)

The chroot command will open a new shell in the Debian environment.

Step 5: Configure the Debian-based system

Now that you’re inside the Debian-based system, you can configure it as desired. You can install packages, modify configurations, set up users, etc.

Here is an example:

apt-get update

# Install the Linux Kernel
apt-get install linux-image-amd64 firmware-linux-free firmware-misc-nonfree 

# Install cryptsetup if you are using a LUKS encrypted partition
apt-get install cryptsetup cryptsetup-initramfs

# Install misc packages
apt-get install console-setup vim lvm2 sudo

# Reconfigure locales
dpkg-reconfigure locales

# Configure the host name and the time zone
echo yourhostname > /etc/hostname
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
Code language: plaintext (plaintext)

Do not forget to:

  • Modify /mnt/debian_root/etc/fstab (The mount point “/” has to point to the Debian system)
  • Modify /mnt/debian_root/etc/crypttab (If you are using a LUKS encrypted partition)
  • Configure the bootloader (Grub, Syslinux, etc.).

Congratulations! You have successfully installed a Debian-based system using debootstrap from another distribution such as Arch Linux, Gentoo, etc.