查看“Git勾子githook”的源代码


== 角色 ==

测试的一共用三台机器 角色如下&nbsp;<br/> pc（代码提交,my debian ） 192.168.1.158<br/> git 服务器 gogs &nbsp;120.76.209.8<br/> game &nbsp;120.76.247.53 &nbsp; user mgame

== pc(git client) ==

这个没什么说的 就是 下面这个命令触发hook&nbsp;<br/> git push origin master&nbsp;

 ssh-keygen -C "test git key";
 #ssh-keygen -f gitpull &nbsp; -C "test git key"

== game 120.76.247.53 ==
<pre>
 #adduser "$1"  #echo "$2" | passwd "$1" --stdin
useradd mgame&nbsp;; echo "ops#$%e24@125" |passwd mgame --stdin #evan1234

su - mgame

 生成key &nbsp;;
 ssh-keygen  -C  "git key"

 # 可以先生成 

[root@game .ssh]# cat /home/mgame/.ssh/wrapper.sh;
#!/bin/bash
# 这个是调用的脚本 其实流程很简单 ssh用密钥方式 在远程执行
#进入相关目录执行git pull 命令
#cat /home/mgame/.ssh/wrapper.sh  这个秘钥只能和这个命令先关联

#example: ssh -i key evan@192.168.100.36 website
#~/.ssh/authorized_keys  on servcer   git server只有那个hook和对应的key 其它啥也没有了

#command="~/.ssh/wrapper.sh",no-port-forwarding,no-x11-

#网站根目录
documentroot=/data/www
#获取SSH发过来的命令
args="$SSH_ORIGINAL_COMMAND"
[ -z "args" ] && echo "args is none" && exit 

#更新
updatesite(){
      [ "$#" -ne 1 ] && echo "error args num" && exit 
	  local www="$1"
	  local wwwroot=/data/www/$www
	  #local wwwroot=${documenmtroot}/$www

    [&nbsp;! -d "${wwwroot}" ] && echo -e "\033[31m更新失败,网站不存在:\033[0m\033[33m$www\033[0m" && exit
    #cd $wwwroot && git pull
    cd $wwwroot && sudo git pull
     sudo chown -R www:www $wwwroot
	  }
echo -e "updatesite: \033[32m$args\033[0m"
updatesite $args

chmod +x /home/mgame/.ssh/wrapper.sh


&nbsp;

 #  also on game vm 

 #game
 command="~/.ssh/wrapper.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty 

 [mgame@iZwz9ct3cbrxx8f4og9nazZ .ssh]$ cat /home/mgame/.ssh/authorized_keys 

command="~/.ssh/wrapper.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwG9rdQ//94aIkejb6oGnb+R0IgXs11X11u9o2qbUqEoRDOYsS7Xlx4chEgtWquOMcjLWqzPw71DXaWIxdVxmY3/bQIc8FHQuT5FfjES35qsz7wml/gQJGuadxJ2MuR/auamj6JZgmBy5vwyJ+cSSx= test git key

&nbsp;
[root@-web-01 ~]# cat /root/.ssh/config 
host gitserver_web
     user git
     hostname 120.76.209.8
     port 22
     identityfile ~/.ssh/gitpull
[root@-web-01 ~]# cat /root/.ssh/gitpull


#git@10.76.209.8:evan/mygit.git
git clone gitserver_web:evan/mygit.git a.com 

ssh -i ~/.ssh/gitpull mgame@${Host} "${Website}"

sudo: sorry, you must have a tty to run sudo sudo: sorry, you must have a tty to run sudo

解决办法
[root@web-01 ~]# cat /etc/sudoers.d/mgame 
Defaults  &nbsp;!visiblepw
Defaults:mgame  &nbsp;!requiretty
mgame ALL=(ALL)   ALL
mgame ALL=NOPASSWD: /usr/bin/git
mgame ALL=NOPASSWD: /bin/chown 

&nbsp;
#echo 'mgame  ALL=(ALL) NOPASSWD:NOPASSWD:ALL' >/etc/sudoers.d/mgame

chmod -R 700 .ssh/
cd /home/mgame/.ssh
chmod  600 authorized_keys 

&nbsp;

&nbsp;

Q:

 remote: error: cannot open .git/FETCH_HEAD: Permission denied

A:

 可以为false 

filemode = true 或者 sudo

&nbsp;

 ssh-keygen -f gitpull   -C "test git key"

从game git clone use git use 是因为放了 pub key 在 gogs /home/git/.ssh/authorized_keys


##测试 git clinet 和 git server 的连接

#记得后面要在 game机器上试一下 on root user mark   20170519
#这样是  成功了的 
[root@aweb1 ~]# ssh  gitserver_web
PTY allocation request failed on channel 0
Hi there, You've successfully authenticated, but Gogs does not provide shell access.
                                                                                    If this is unexpected, please log in with password and setup Gogs under another user.
                                                          Connection to 4.88.14.10 closed.

</pre>

== git 服务器 gogs ==
<pre>
useradd git &nbsp;; echo "dopsgit#$evan2@1" |passwd git --stdin

添加一个 pri key not [root@dk-server .ssh]# cat /home/git/.ssh/gitpull

----

BEGIN RSA PRIVATE KEY-----

chmod 600 /home/git/.ssh/gitpull

在web界面添加 hook

1.打开你要设置的仓库--》右上 仓库设置 --》 管理git 勾子 --》post-receive --》
#!/bin/sh
#
# An example hook script for the "post-receive" event.
#
# The "post-receive" script is run after receive-pack has accepted a pack
# and the repository has been updated.  It is passed arguments in through
# stdin in the form
#  <oldrev> <newrev> <refname>
# For example:
#  aa453216d1b3e49e7f6f98441fa56946ddcd6a20 68f7abf4e6f922807889f52bc043ecd31b79f814 refs/heads/master
#
# see contrib/hooks/ for a sample, or uncomment the next line and
# rename the file to "post-receive".

#. /usr/share/git-core/contrib/hooks/post-receive-email



# 读取标准输入 新的 hook for gzweb1 and gzweb2
read refname
branch="${refname##*/}"
 
# 网站地址及网站目录  website 网站目录 和以前是一样的 
Host="192.168.1.119"
Website=a.com
 
# master分支更新线上环境 
#for Host in ${Hosts}
#do
    if [ "$branch" = "master" ]; then
        echo -e "start host: \033[33m${Host}\033[0m"
        ssh -i ~/.ssh/gitpull mgame@${Host} "${Website}"
        echo -e "end host: \033[33m${Host}\033[0m"
    fi
#done

就是 game root目录下的 pub key

&nbsp;

仓库设置 --》 管理部署密钥 添加pub key game mgame pubkey

不要这个 权限太大了 帐户设置-->管理 SSH 密钥 --> -->

&nbsp;

cat /home/git/.ssh/authorized_keys

 git clone gitserver_web:shi/e.com.git a.com

&nbsp;

Q：

ssh -i ~/.ssh/gitpull mgame@${Host} "${Website}"

sudo: sorry, you must have a tty to run sudo

&nbsp;

A: [root@01 ~]# cat /etc/sudoers.d/mgame
Defaults   !visiblepw
Defaults:dkmgame   !requiretty
dkmgame ALL=(ALL)   ALL
dkmgame ALL=NOPASSWD: /usr/bin/git
dkmgame ALL=NOPASSWD: /bin/chown 

#
##写错 key file   

[root@ ~]# cat ~/.ssh/gitpull cat: /root/.ssh/gitpull: 没有那个文件或目录


问题 之一 
evan@evanpc:~/test/mygit$ git push Username for '[http://120.7.0.64:3000' http://120.7.0.64:3000']: evan Password for '[http://evan@120.77.0.64:3000' http://evan@120.77.0.64:3000']: 对象计数中: 2, 完成. Delta compression using up to 4 threads. 压缩对象中: 100% (2/2), 完成. 写入对象中: 100% (2/2), 281 bytes | 0 bytes/s, 完成. Total 2 (delta 0), reused 0 (delta 0) remote: start host: 120.76.209.8 remote: bash: a.com: command not found remote: end host: 120.76.209.8 To [http://120.77.0.64:3000/evan/mygit.git http://120.77.0.64:3000/evan/mygit.git]

   5b4c2b6..f8aced1  master -> master

解决办法

dkmgame ~/.ssh/authorized_keys 只可以运行 git 相关

command="~/.ssh/wrapper.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa




&nbsp;
username=evan
grep -q git /etc/sudoers.d/${username} || cat >> /etc/sudoers.d/${username} << EOF
Defaults  &nbsp;!visiblepw
Defaults:${username}  &nbsp;!requiretty
${username} ALL=NOPASSWD: /usr/bin/git
EOF



最后是 hook 测试 
 on gogs 
 
 su - git 
Host="36.89.169.4"
Website=cron

ssh -i ~/.ssh/pull mgame@${Host} "${Website}"
 
 ssh_exchange_identification: Connection closed by remote host

on git client ip  add  gogs ip   
</pre>

&nbsp;

== 错误处理 ==

===1.===

[root@aweb1 test]# git clone itserver_web:huang/sgame.com.git &nbsp;sdk-admin.yahgame<br/> Initialized empty Git repository in /data/evan/test/sdk-admin.yahgame/.git/<br/> ssh_exchange_identification: Connection closed by remote host<br/> fatal: The remote end hung up unexpectedly

这个提示是典型的tcp_wrapper配置了不允许你这个ip登录ssh

<br/> 
===2. Host key verification failed ===
然后不能自动推是 要在 git 用户下执行一下 hook file&nbsp;

有时可能是在虚拟机上key 不能用 我就试过 换了虚拟器就好了 20170314pm


=== 3 bad owner  ===
gitserver_abroad 改为  gitserver 就好了 
 
#配置文件 小伙伴改为 600:root  然后老是提示bad owner  什么的
解决办法 chown  -R  root:root /root/.ssh/config

===4 clone  Connection closed by remote host === 
 
 [root@]#  git clone gitserver:ops/yah_cron.git  cron 
Initialized empty Git repository in ydd_cron/.git/
ssh_exchange_identification: Connection closed by remote host


解决办法   sshd:git_client_ip 
 

[[Category:Git]]