[PATCH] g2: Mirroring enhancements - support redirected pushes from http frontends
33 views
Skip to first unread message
mebrown
Apr 30, 2012, 4:44:08 PM4/30/12
to gito...@googlegroups.com
Problem statement:
I have the following setup:
Master GIT --(ssh mirror)--> slave server --(gitolite smart htttp)--> clients
I would like to enable redirected pushes from clients to the slave server to automatically redirect to the master. With current G2 gitolite, this is not possible due to a very small oversight in the mirroring code. Essentially what happens currently is that clients hit the smart http mirror with a push, gitolite ssh's to the master, and then runs the wrong shell (git shell) instead of the git http-backend. Additionally, git http-backend requires a small handful of environment variables to be set.
The attached patches add these environment variables and run the correct shell.
Additionally, due to a lack of trust with the remote sites (they are 3rd-party vendors), I would like to squash any and all writes from the remote site down to a single user id, so that I am guaranteed to be able to control what they have access to. (This gets around the spoofing issue with the current 'authorization' vs 'authentication' split in the mirroring code). This adds an additional configuration option "gitolite.mirror.squash-to-user-$slave", which lets you set the user ID to squash to on a per-slave basis.
And, finally, to simplify configuration, I simply run 'git http-backend', which git can find, rather than relying on setting an additional configuration option.
--
Michael
I have the following setup:
Master GIT --(ssh mirror)--> slave server --(gitolite smart htttp)--> clients
I would like to enable redirected pushes from clients to the slave server to automatically redirect to the master. With current G2 gitolite, this is not possible due to a very small oversight in the mirroring code. Essentially what happens currently is that clients hit the smart http mirror with a push, gitolite ssh's to the master, and then runs the wrong shell (git shell) instead of the git http-backend. Additionally, git http-backend requires a small handful of environment variables to be set.
The attached patches add these environment variables and run the correct shell.
Additionally, due to a lack of trust with the remote sites (they are 3rd-party vendors), I would like to squash any and all writes from the remote site down to a single user id, so that I am guaranteed to be able to control what they have access to. (This gets around the spoofing issue with the current 'authorization' vs 'authentication' split in the mirroring code). This adds an additional configuration option "gitolite.mirror.squash-to-user-$slave", which lets you set the user ID to squash to on a per-slave basis.
And, finally, to simplify configuration, I simply run 'git http-backend', which git can find, rather than relying on setting an additional configuration option.
--
Michael
Reply all
Reply to author
Forward
0 new messages