I mirror a bunch of open source projects in a local GitLab instance which works well.
By default, GitLab only provides https and ssh access to repositories, which can be a pain for continuous integration (especially if you were to use self-signed certificates).
However, it’s relatively easy to configure your GitLab server to run a git daemon and provide read-only access to anyone on any repos that you choose.
On my CentOS box, I installed git-daemon which includes systemd git@.service and git.socket files. I copied these to make a new service called git-daemon, like so:
[root@gitlab ~]# cp /usr/lib/systemd/system/git@.service \
/etc/systemd/system/git-daemon@.service
[root@gitlab ~]# cp /usr/lib/systemd/system/git.socket \
/etc/systemd/system/git-daemon.socket
[root@gitlab ~]# systemctl daemon-reload
Then I edited the git-daemon.socket to point it to the git repositories, /var/opt/gitlab/git-data/repositories/, which is the default location when using the GitLab omnibus package.
[Unit]
Description=Git Repositories Server Daemon
Documentation=man:git-daemon(1)
[Service]
User=git
ExecStart=-/usr/libexec/git-core/git-daemon \
--base-path=/var/opt/gitlab/git-data/repositories/ \
--syslog --inetd --verbose
StandardInput=socket
Now start and enable the service:
[root@gitlab ~]# systemctl start git-daemon.socket
[root@gitlab ~]# systemctl enable git-daemon.socket
As per the git-daemon.service systemd file, you should now have git-daemon listening on port 9418, however you may need to open the port through the firewall:
[root@gitlab ~]# firewall-cmd --permanent --zone=public --add-port=9418/tcp
[root@gitlab ~]# systemctl reload firewalld
Now, to enable git:// access to any given repository, you need to touch a file called git-daemon-export-ok in that repo’s git dir (it should be owned by your gitlab user, which is probably git). For example, a mirror of the Linux kernel:
-sh-4.2$ touch /var/opt/gitlab/git-data/repositories/mirror/linux.git/git-daemon-export-ok
From your local machine, test your git:// access!
[12:15 chris ~]$ git ls-remote git://gitlab/mirror/linux.git |head -1
46e595a17dcf11404f713845ecb5b06b92a94e43 HEAD
Success!
If you wanted to, you could set up a cron job to make sure that any new mirrors that come along are exported without manual intervention.
First, create an executable script somewhere, like /usr/local/bin/export_git-daemon_repos.sh (note, this excludes any wiki git repos).
#!/bin/bash
set -eo pipefail
if [[ "$USER" != "git" ]]; then
echo "Only run this as the git user."
exit 1
fi
cd /var/opt/gitlab/git-data/repositories/mirror
for x in $(ls -d * |grep -v \.wiki\.git) ; do
pushd ${x}
if [[ ! -e "git-daemon-export-ok" ]]; then
touch git-daemon-export-ok
fi
popd
done
Then add it as a cron job for the git user on your gitlab server to run every two hours, or whatever suits you, e.g.:
-sh-4.2$ crontab -l
0 */2 * * * /usr/local/bin/export_git-daemon_repos.sh >/dev/null
4 thoughts on “Providing git:// (protocol) access to repos using GitLab”
I am trying to follow these instructions but on Ubuntu. Running GitLab 8.14. I installed the git-deamon-run package. /usr/lib/systemd/system folder does not exist. I am assuming that ubuntu put the files elsewhere. Any Ideas?
Can you get dpkg to list the contents of git-daemon-run? Maybe something like:
dpkg -L git-daemon-run
Hi, you need to edit the git-daemon@.service file, not the git-daemon.socket.
Thanks for the Article.
Can you list the contents of the deb file with dpkg? dpkg -L git-deamon-run or something?