Roadmap

This repository https://git.uis.cam.ac.uk/x/uis/git/gitcam.git contains system configuration files and custom source code for the git repository service. Here is a brief guide to the interesting parts.

Ansible

Server configuration is managed using Ansible. There are a number of more-or-less generic server setup roles for setting up mail, ssh, shell, network, and other stuff.

Most of the configuration specific to this service is in the git role which sets up the privileged users, git and gitolite, web server, and git daemon.

Accounts are managed by the gitolite role. There are separate files containing the master list of all accounts, and the basic requirements for each account. The accounts task runs the per-acct tasks for each account. There are also some special tasks for initial setup.

gitolite

The global gitolite configuration is held in a shared checkout of the etc directory. All accounts have a link to the global gitolite.rc and motd files. The gitolite setup uses a few custom plugins in the gitolite-local directory.

commands
extra commands for managing wild repos
hooks
git hooks shared by all repositories
syntactic-sugar
automatically define special public and ssh groups, and Lookup LDAP groups
triggers
ensure the web server can present the right information

By default, git relies on the presence or absence of hook scripts to control whether or not they run, but this requires shell access to the server. So instead we install a link to a generic wrapper post-receive hook in each repository; it runs one or more feature-specific hooks depending on git configuration settings. These can be controlled by an account admin editing their gitolite.conf, or a user invoking the config command on a wild repo; in both cases you can only use safe settings permitted by gitolite.

Business continuity

Git is configured to keep "reflogs", so that it retains details of how branches and tags have changed. This makes it possible to recover from accidental forced pushes, however it does not protect against accidentally deleted branches or tags. The gitolite logs also retain similar details, and do allow us to recover from accidentally deleted branches; however unlike reflogs the gitolite logs do not prevent git from garbage collecting dereferenced objects.

The primary git server is replicated to a different location hourly using rsync invoked by the mirror- scripts. The aim is to be able to restore service faster (without restoring from backups) if the primary server (or rather its VM host) has a hardware failure.

The git servers are backed up nightly to the UIS backup server.

git daemon

When an account is set up, it is also linked into the /home/gitdaemon directory of (potentially) exported repositories. The repositories that are actually exported are determined by gitolite creating or removing git-daemon-export-ok files depending on whether the "daemon" user has access to the repository. The global configuration is in the git-daemon.env service environment script.

Apache httpd

The Apache httpd.conf fragment sets up the /i/ authenticated and /x/ unauthenticated trees and arranges for the CGI scripts to run when appropriate.

As well as configuring gitweb, the gitweb.conf also does gitolite access control.

The git-http-bckend wrapper CGI does similar access control.

The server home page is generated by the account list CGI which gets the lists of account admins from the output of one of the gitolite triggers.

Web page templates

The pages are styled using the "Project Light" templates. You can view a copy of the Project Light guide on this server.

The Project Light CSS and Javascript are copied verbatim into subdirectories of www/light. The web pages use SSI to insert the header and footer, which are a stripped-down "web app" template based on what Raven and Hermes Webmail use. The header includes some monkey patching to disable some unwanted features of the full templates.

Copyright licence

Copyright © 2013-2017 University of Cambridge

The contents of this repository are free software; you can redistribute and/or modify them under the terms of the GNU General Public License version 2. (This is the same licence as git and gitolite.)

The Git logo that appears on these web pages was created by Jason Long and is licenced under CC BY 3.0, the Creative Commons Attribution 3.0 Unported License.