Google+ Followers

2013年1月23日 星期三

[Linux] 小型研發團隊 - NIS + Redmine + Gitolite + Dropbox @ Ubuntu 12.04 64Bit

最近正準備遷移工作環境,五人單位,大部份的人有還算不錯用的桌機,是 i3 等級的 CPU、4~8GB 記憶體,如此的環境中,大概個人研發可以用 VM 管理機器。因此,只需準備簡易的 Server 機器,管管大家的程式碼(git/gitolite/gitweb)、工作報告(redmine)、帳號登入(nis)。架設 NIS 的好處是可以在 VM 上使用,掛進帳號資訊就可以省下開帳號等瑣碎的事情了,至於 NFS  呢?很抱歉,小機器負擔不起 XDDD


故以下就在一台小主機上,裝好上述環境。


安裝 Ubuntu 12.04 64Bit server 後:


$ sudo vim /etc/apt/sources.list
:%s/\/\/us\./\/\/jp\./g
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade
$ sudo mkdir /data
$ sudo chmod 777 /data


安裝 Redmine:


$ sudo apt-get -y install apache2 libapache2-mod-passenger git subversion cvs mercurial build-essential apache2-prefork-dev libaprutil1-dev libapr1-dev libcurl4-openssl-dev ruby-rvm ruby-dev gem libmagickwand-dev sqlite3 sqlite3-doc libsqlite3-ruby libsqlite3-dev apache2-mpm-itk
$ sudo gem install rails bundler passenger
$ sudo passenger-install-apache2-module
$ sudo vim /etc/apache2/mods-available/passenger.load
#LoadModule passenger_module /usr/lib/apache2/modules/mod_passenger.so
LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-3.0.19/ext/apache2/mod_passenger.so
$ sudo vim /etc/apache2/mods-available/passenger.conf
<IfModule mod_passenger.c>
#PassengerRoot /usr
#PassengerRuby /usr/bin/ruby
PassengerRoot /var/lib/gems/1.8/gems/passenger-3.0.19
PassengerRuby /usr/bin/ruby1.8
</IfModule>


$ sudo adduser --quiet --gecos "" -disabled-login --home /data/redmine redmine
$ sudo chown -R redmine:redmine /data/redmine
$ sudo su - redmine
$ git clone git://github.com/redmine/redmine.git
$ cd redmine
$ git branch local-config
$ git checkout local-config
$ vim config/database.yml
production:
adapter: sqlite3
database: db/production.db

development:
adapter: sqlite3
database: db/development.db


$ bundle install --without development test --path vendor/bundle
$ ruby script/about
$ rake generate_secret_token
$ RAILS_ENV=production rake db:migrate
$ RAILS_ENV=production rake redmine:load_default_data
$ mkdir public/plugin_assets PassengerUploadBufferDir


$ sudo vim /etc/apache2/conf.d/redmine
<Virtualhost *>
  DocumentRoot /home/changyy/webapp
  AssignUserId redmine redmine
  RailsBaseURI /redmine
  <Directory /home/changyy/web/app/redmine>
    AllowOverride all
    Options -MultiViews
  </Directory>
</Virtualhost>


$ sudo vim /etc/apache2/conf.d/redmine
Alias /redmine "/data/redmine/redmine/public"
RailsBaseURI /redmine
<Directory /data/redmine/redmine/public>
    AssignUserId redmine redmine
    PassengerUploadBufferDir /data/redmine/redmine/PassengerUploadBufferDir
    AllowOverride all
    Options -MultiViews
</Directory>


$ sudo service apache2 restart


往後更新 Redmine:


$ sudo su - redmine
$ cd redmine
$ git checkout master
$ git pull
$ git checkout local-config
$ git merge master
$ bundle update
$ bundle install
$ rake db:migrate RAILS_ENV=production 
$ rake redmine:plugins:migrate RAILS_ENV=production
$ rake tmp:cache:clear
$ rake tmp:sessions:clear
$ exit
$ sudo service apache2 restart


強制使用 https:


$ sudo a2enmode rewrite
$ sudo vim /etc/apache2/sites-available/default
DocumentRoot /var/www
<Directory />
  Options FollowSymLinks
  AllowOverride None
  
  RewriteEngine on
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Directory>
<Directory /var/www/>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride None
  Order allow,deny
  allow from all

  RewriteEngine on
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Directory>


安裝 Gitolite:


$ sudo mkdir -p /data/gitolite
$ sudo adduser --quiet --gecos "" -disabled-login --home /data/gitolite gitolite
$ sudo chown -R gitolite:gitolite /data/gitolite
$ sudo su - gitolite
$ whoami
gitolite
$ git clone https://github.com/sitaramc/gitolite.git
$ mkdir ~/.ssh ~/bin
$ chmod 700 ~/.ssh
$ ssh-keygen -t rsa -P '' -f ~/.ssh/gitolite
$ ls ~/.ssh
gitolite gitolite.pub
$ mv ~/.ssh/gitolite ~/.ssh/id_rsa
$ gitolite/install -to $HOME/bin
$ ~/bin/gitolite setup -pk ~/.ssh/gitolite.pub
$ ls ~/
bin gitolite projects.list repositories
$ vim ~/.gitolite.rc
...
UMASK => 0027, # = 0750
...
COMMANDS =>
{
'D' => 1,
},

$REPOPATT_PATT = qr(^\@?[[0-9a-zA-Z\(^][-0-9a-zA-Z._\@/+\\^$|()[\]*?!={},]*$);


$ ssh localhost help
hello gitolite, this is gitolite3 v3.3-4-gd8fe757 on git 1.7.9.5


list of remote commands available:


D
desc
help
info
perms
writable


$ git clone ssh://localhost/gitolite-admin.git
$ cd ~/gitolite-admin
$ vim conf/gitolite.conf
@admin = gitolite changyy
@rd = changyy


repo gitolite-admin
RW+ = @admin


repo testing
RW+ = @all


repo priv/CREATOR/[a-zA-Z0-9].*
C = @rd
RW+D = CREATOR
RW = WRITERS
R = READERS


repo CREATOR/[0-9a-zA-Z].*
C = @rd
RW+D = CREATOR
RW = WRITERS
R = @all


repo ^(?!priv/)[0-9a-zA-Z].*
RW+D = CREATOR
RW = WRITERS
R = @all


其他用法:


可以先由個人先在 priv 慢慢開發程式,等到程式發展差不多後,就用 link 到外頭


$ cd ~/repositories
$ ln -s priv/changyy/my.git public-link-from-priv.git


非擁有者:
$ ssh [email protected]
PTY allocation request failed on channel 0
hello user, this is [email protected] running gitolite3 v3.3-4-gd8fe757 on git 1.7.9.5


R gitolite-admin
R public-link-from-priv
R W testing
Connection to localhost closed.


擁有者:
$ ssh [email protected]
PTY allocation request failed on channel 0
hello changyy, this is [email protected] running gitolite3 v3.3-4-gd8fe757 on git 1.7.9.5


R W gitolite-admin
R W priv/changyy/my
R W public-link-from-priv
R W testing
Connection to localhost closed.


安裝 Gitweb:


$ sudo apt-get install gitweb
$ sudo vim /etc/gitweb.conf
$projectroot = "/data/gitolite/repositories";
$feature{'highlight'}{'default'} = [1];
$ sudo vim /etc/apache2/conf.d/gitweb
Alias /gitweb /usr/share/gitweb


<Directory /usr/share/gitweb>
  AssignUserId gitolite gitolite
  Options FollowSymLinks +ExecCGI
  AddHandler cgi-script .cgi


  AuthUserFile /etc/apache2/gitweb.htpasswd
  AuthName "GitWeb"
  AuthType Basic
  require valid-user
  Order allow,deny
  Allow from 127.0.0.0/255.0.0.0 10.0.0.0/8 192.168.0.0/16 ::1/128
  satisfy any
</Directory>


$ sudo htpasswd -cb /etc/apache2/gitweb.htpasswd account password


有興趣的可以再改 code : /usr/share/gitweb/gitweb.cgi ,把網頁上顯示的擁有者改成 gitolite creator:


sub git_get_project_owner {
  my $project = shift;
  my $owner;


  return undef unless $project;
  $git_dir = "$projectroot/$project";


  if (!defined $gitweb_project_owner) {
    git_get_project_list_from_file();
  }


  if (exists $gitweb_project_owner->{$project}) {
    $owner = $gitweb_project_owner->{$project};
  }
  if (!defined $owner){
    $owner = git_get_project_config('owner');
  }
  if (!defined $owner) {
    if( open(GLCreator, "$git_dir/gl-creator" ) ) {
      $owner = '';
      while(<GLCreator>) {
        $owner .= $_;
      }
      close(GLCreator);
    }
  }
  if (!defined $owner) {
    $owner = get_file_owner("$git_dir");
  }


  return $owner;
}


另外還可以調整哪些 repos 不顯示,如 gitolite-admin.git 等


安裝 NIS Server:


$ sudo apt-get install nis
$ sudo vim /etc/default/nis
NISSERVER = master
$ sudo vim /etc/defaultdomain
$ sudo service portmap start ; sudo service ypbind start ; sudo service ypserv start ; sudo service yppasswdd start ; sudo service ypxfrd start
$ sudo /usr/lib/yp/ypinit -m
$ sudo make -C /var/yp


每次更新 /etc/passwd, /etc/group, …
需執行 $ sudo make -C /var/yp


註:Ubuntu sudoers 預設有開放 admin group 使用,所以只須建立 admin group 後,把管理者加進去即可在各台 NIS Client 使用。 另外,嚴謹的 NIS Master 也該限制到底誰可以來用 XD 此處先不管


安裝 Dropbox:


$ sudo mkdir -p /data/dropbox
$ sudo adduser --quiet --gecos "" -disabled-login --home /data/dropbox dropbox
$ sudo chown -R dropbox:dropbox /data/dropbox
$ sudo su - dropbox
$ whoami
dropbox
$ wget -O dropbox.tar.gz "http://www.dropbox.com/download?plat=lnx.x86_64"
$ tar -xvf dropbox.tar.gz
~/.dropbox-dist/dropboxd
This client is not linked to any account...
Please visit https://www.dropbox.com/cli_link?host_id=########################## to link this machine.
...
Client successfully linked, Welcome Developer!
$ exit


$ groups
xxxx admin
$ wget -O /tmp/dropbox-script https://gist.github.com/raw/861875/c9a585ec7da42ca9a857ef0987f1ccf765431d70/dropbox
$ sudo mv /tmp/dropbox-script /etc/init.d/dropbox
$ sudo chmod +x /etc/init.d/dropbox
$ sudo update-rc.d dropbox defaults
$ sudo vim /etc/group
dropbox:x:1006:dropbox
$ sudo /etc/init.d/dropbox start
$ sudo /etc/init.d/dropbox status
dropboxd for USER dropbox: running (pid 32693)
$ sudo su - dropbox
$ mkdir -p ~/Dropbox/service/redmine ~/Dropbox/service/gitolite
$ ln -s /data/gitolite/repositories ~/Dropbox/service/gitolite/repositories
$ ln -s /data/redmine/redmine/db ~/Dropbox/service/redmine/db
$ ln -s /data/redmine/redmine/files ~/Dropbox/service/redmine/files


如此下來的心得嘛...這個 dropbox 備份只是剛好玩玩而已 XD 設定完就永遠都不會碰它了吧 :P


1 則留言:

  1. 站長你好!
    請問一下安裝Redmine 後 網頁無法顯示 Forbidden , 試了 a+x , www-data.www-data 等等 , 還是出現
    apache2 Log
    [Mon Oct 13 19:16:58 2014] [notice] Apache/2.2.22 (Ubuntu) Phusion_Passenger/4.0.53 PHP/5.3.10-1ubuntu3.14 with Suhosin-Patch configured -- resuming normal operations
    [Mon Oct 13 19:17:14 2014] [error] [client 192.168.6.54] Directory index forbidden by Options directive: /data/redmine/public/

    回覆刪除