(文章來源: http://blog.csdn.net/ljchlx/article/details/22277311)
小注解:
本文所使用的關於apache的配置設置是基於apache2.2的,因此部分設置與apache 2.3/2.4稍有不同.
例如:
Order deny,allow
Allow from all
就應該改爲
Require all granted
進一步詳細的請查看apache說明文檔。
- 系統配置環境
- Gerrit 是一個基於 Web 的代碼評審和項目管理的工具,面向基於 Git 版本控制系統的項目。因此需要Apache、Mysql、GIT等相關軟件的支持
- 系統配置:
- 新裝的UBANTU LINUX系統請先更新自己的系統軟件包
- $sudo apt-get dist-upgrade
- $sudo adduser project
以新用戶身份操作 - $sudo su - project
$sudo apt-get install git-core apache2.2-bin apache2.2-common apache2-utils apache2-mpm-worker
安裝Gerrit
- 1.創建一個以項目名稱命名的新用戶,以project爲例(如以創建可省)
$sudo adduser project
以新用戶身份操作
$sudo su - project
- 2.創建安裝目錄,以項目名命令。(建議直接拷貝使用其它項目的gerrit安裝目錄)
- $mkdir -p gerrit_reviewsite
3.下載gerrit
http://code.google.com/p/gerrit/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount
- 4.安裝並配置初始化gerrit
java -jar gerrit-2.6.1.war init -d ~/gerrit_reviewsite/
reate '/home/gerrit2/review-site' [Y/n]? *** Git Repositories *** Location of Git repositories [git]: *** SQL Database *** Database server type [H2/?]: //改成MYSQL或者使用H2 *** User Authentication *** Authentication method [OPENID/?]: HTTP //注意這個不要按回車跳過去了,否則不是HTTP認證,是需要用google的OPENID Get username from custom HTTP header [y/N]? : SSO logout URL : *** Email Delivery *** SMTP server hostname [localhost]: smtp.126.com //自己改成自己的郵箱smtp SMTP server port [(default)]: 25 SMTP encryption [NONE/?]: SMTP username [?]: [email protected] //自己改成自己的郵箱
[email protected]'s password : xxxxxxx confirm password : xxxxxxx *** Container Process *** Run as [project]: Java runtime [/usr/lib/jvm/java-6-sun-1.6.0.24/jre]: Copy gerrit.war to /home/gerrit2/review-site/bin/gerrit.war [Y/n]? Copying gerrit.war to /home/gerrit2/review-site/bin/gerrit.war *** SSH Daemon *** Listen on address [*]: Listen on port [29418]: //如果同一個用戶下建多個gerrit,請不用都公用29418這個端口號 如39418 49418 Gerrit Code Review is not shipped with Bouncy Castle Crypto v144 If available, Gerrit can take advantage of features in the library, but will also function without it. Download and install it now [Y/n]?
//這裏如果選擇了y,則gerrit服務器上的fingerprint會有兩個,否則則只有一個Downloading http://www.bouncycastle.org/download/bcprov-jdk16-144.jar ... OKChecksum bcprov-jdk16-144.jar OKGenerating SSH host key ... rsa... dsa... done*** HTTP Daemon*** Behind reverse proxy [y/N]? y //使用反向代理的話必須選擇y來配置,默認是NProxy uses SSL (https://) [y/N]? n
Subdirectory on proxy server [/]: /project/ //可以選擇直接跳過,那樣你的gerrit最後的URL是http://192.168.11.73:80
Listen on address [*]:
Listen on port [8081]: //切記,此端口號一定不要和apache2佔用相同的端口號,多個gerrit可以8082 8083 8084 //否則就會Starting Gerrit Code Review:FailedCanonical URL [http://*/]:http://192.168.11.73/project/ //上一步Subdirectory on proxy server 跳過不填則是http://192.168.11.73:80 (80爲你將要在apache 給gerrit設置的端口)Initialized /home/gerrit2/review-siteExecuting
/home/gerrit2/review-site/bin/gerrit.sh start
Starting Gerrit Code Review: OK
=========================================QA=======================================================================================Q:Configuration ErrorCheck the HTTP server's authentication settings.The HTTP server did not provide the username in the Authorizationheader when it forwarded the request to Gerrit Code Review.If the HTTP server is Apache HTTPd, check the proxy configurationincludes an authorization directive with the proper location, ensuringit ends with '/':In error_log:ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unableto authenticate user by Authorization request header. Check containeror server configuration.A:You cannot run these on the same port. Your Apache NameVirtualHostshould be on a different port than the internal Jetty web sever thatGerrit is using.即gerrit和apache2佔用相同的端口號例如:cat review_site_project/etc/gerrit.config:
[httpd] listenUrl = http://x.x.x.x:8081/
cat /etc/apache2/apache2.conf :
NameVirtualHost x.x.x.x:8081
<VirtualHost x.x.x.x:8081>
5. 啓動gerrit時失敗,查看gerrit_reviewsite/log/error_log中的錯誤信息如下:[2016-07-29 02:56:56,387] [main] WARN com.google.gerrit.sshd.SshDaemon : Disabling cipher aes192-cbc: Illegal key size; try installing unlimited cryptography extension
[2016-07-29 02:56:56,388] [main] WARN com.google.gerrit.sshd.SshDaemon : Disabling cipher aes256-cbc: Illegal key size; try installing unlimited cryptography extension
[2016-07-29 02:56:56,390] [main] WARN com.google.gerrit.sshd.SshDaemon : Disabling cipher aes256-ctr: Illegal key size; try installing unlimited cryptography extension
[2016-07-29 02:56:56,393] [main] WARN com.google.gerrit.sshd.SshDaemon : Disabling cipher arcfour256: Illegal key size or default parameters; try installing unlimited cryptography extension
[2016-07-29 02:56:56,425] [main] WARN com.google.gerrit.server.config.GitwebCgiConfig : gitweb not installed (no /usr/lib/cgi-bin/gitweb.cgi found)
[2016-07-29 02:56:56,882] [main] INFO org.eclipse.jetty.util.log : Logging initialized @14808ms
[2016-07-29 02:56:56,950] [main] INFO com.google.gerrit.server.git.LocalDiskRepositoryManager : Defaulting core.streamFileThreshold to 45m
[2016-07-29 02:56:56,999] [main] ERROR com.google.gerrit.pgm.Daemon : Unable to start daemon
com.google.inject.ProvisionException: Unable to provision, see the following errors:
1) Schema not yet initialized. Run init to initialize the schema:
$ java -jar gerrit.war init -d /home/watasianata/gerrit_review
1 error
at com.google.gerrit.server.schema.SchemaVersionCheck.start(SchemaVersionCheck.java:56)
at com.google.gerrit.lifecycle.LifecycleManager.start(LifecycleManager.java:74)
at com.google.gerrit.pgm.Daemon.start(Daemon.java:302)
at com.google.gerrit.pgm.Daemon.run(Daemon.java:203)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:159)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:100)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:56)
at Main.main(Main.java:25)
1)原因1,google搜素到有如下可能,就是我們在新的gerrit的gerrit.config中增加了如下索引的配置[index] type = LUCENE
而我們的系統中,並未安裝Lucene,因此參照網上的例子安裝下Lucene(http://keping.me/ubuntu%E4%B8%8Blucene%E7%8E%AF%E5%A2%83%E6%90%AD%E9%85%8D/)。
2)Lucene安裝完畢了,試一下,發現仍然報上述錯誤。
萬般無奈之下,只能按照提示重新跑了一遍
java -jar gerrit.war init -d /home/watasianata/gerrit_review逐個參數檢查,終於發現原來是在安裝Lucene時,將原本jkd1.7的環境改爲了jdk1.8,而gerrit卻仍然採用了jdk1.7的配置,能不出錯嗎?
趕緊將
user = watasianata
javaHome = /usr/local/devtools/jdk1.8.0_45/jre
改好。
再次試,這次仍然出錯:
[2016-07-29 03:24:10,152] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin reviewnotes, version v2.12.3
[2016-07-29 03:24:10,214] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin singleusergroup, version v2.12.3
[2016-07-29 03:24:10,216] [main] ERROR com.google.gerrit.pgm.Daemon : Unable to start daemon
com.google.inject.ProvisionException: Unable to provision, see the following errors:
1) No index versions ready; run Reindex
1 error
at com.google.gerrit.lucene.LuceneVersionManager.start(LuceneVersionManager.java:124)
at com.google.gerrit.lifecycle.LifecycleManager.start(LifecycleManager.java:74)
at com.google.gerrit.pgm.Daemon.start(Daemon.java:302)
at com.google.gerrit.pgm.Daemon.run(Daemon.java:203)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:159)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:100)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:56)
at Main.main(Main.java:25)
這次的信息明確多了,直接重新reindex一次,
java -jar ~/tool/gerrit-2.12.3.war reindex
好啦!
[gerrit]
basePath = git //指定被gerrit管理的所有git庫存放位置,即review_site_project/git/
canonicalWebUrl = http://42.62.42.75:8090/project
//指定web訪問gerrit的網址//填自己的ip和端口號,勿完全抄
[database]
type = h2 //指定gerrit所默認數據庫類型,可以選用mysql
database = db/ReviewDB
[auth]
type = HTTP //指定瀏覽器登錄gerrit時的認證方式
[sendemail]
enable = true
smtpServer = smtp.126.com
smtpServerPort = 25
smtpUser = [email protected]
smtpPass = xxxxxxxx
sslVerify = false
from = CodeReview<[email protected]>
[container]
user = gerritserver //指定gerrit所在機器的用戶身份與上文創建的用戶對應一致
javaHome = /usr/lib/jvm/jdk7/jre //系統本身自帶
[sshd]
listenAddress = *:29418 //指定sshd服務監聽的端口號
[httpd]
listenUrl = http://*:8081/project //指定http代理地址
[cache]
directory = cache //緩存位置
配置Apache
$sudo apt-get install apache2.2-bin apache2.2-common apache2-utils apache2-mpm-worker1.創建編輯apache配置文件,添加如下內容(下面以Ubuntu系統爲例請注意不同操作系統apache配置文件的區別)也可配置 apache2.conf httpd.conf,我們這裏配置的是/etc/apache2/sites-available/gerrit
$sudo vi /etc/apache2/sites-available/defalt
<VirtualHost 192.168.134.59:8090>
ServerName 192.168.134.59
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location "/project/login/">
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider file
AuthUserFile ../../../etc/apache2/passwords
//指定http登錄認證的的paassword文件所在位置,放哪都行,根據後來 sudo htpasswd -cb /etc/apache2/passwords admin pwxxx 來定。Require valid-user
</Location>
AllowEncodedSlashes On
RedirectMatch ^/project$ /project/
ProxyPass /project/ http://127.0.0.1:8081/project/
ProxyPassReverse /project/ http://127.0.0.1:8081/project/
</VirtualHost>
保存退出
$cd /etc/apache2/sites-enabled/
$sudo ln ../sites-available/gerrit .
2.創建passwd文件,添加gerrit登錄用戶,-c參數爲創建,僅限第一次添加用戶時使用$sudo htpasswd -cb /etc/apache2/passwords admin passwordxxx
第二次添加其他用戶時,不要加-c了:
$sudo htpasswd -b /etc/apache2/passwords test test3繼續配置apache2
- $sudo vi /etc/apache2/http.conf //在文件中加入以下內容
ServerName localhost$cd /etc/apache2/mods-enabled
$sudo ln -s /etc/apache2/mods-available/proxy.conf proxy.conf
$sudo ln -s /etc/apache2/mods-available/proxy.load proxy.load
$sudo ln -s /etc/apache2/mods-available/proxy_http.load proxy_http.load配置apache2的監聽端口:
/etc/apache2$sudo vi ports.conf
NameVirtualHost *:80
Listen 80
Listen 8080 //不要給gerrit!
Listen 8000 //不要給gerrit!
添加apache2的tcp端口號,切記不要把gerrit的,即Listen on port [8081]: 不要輸入上面配置給apache2的端口號,切記!!!
可以用sudo netstat -lnp | grep 80 查看相關80的所有端口使用情況否則gerrit 起不來的 搭建多個gerrit 時Listen on port [8081]:可以用8082 8083 8084 等
Apache2 配置安裝 FQA:
Q:啓動apache報錯
Syntax error on line 300 of /etc/apache2/apache2.conf:Invalid command 'ProxyPass', perhaps misspelled or defined by a module not included in the server configuration ...fail!
- A:配置了反向代理,但是沒有打開module,執行下面操作
cd /etc/apache2/mods-enabled ln -s /etc/apache2/mods-available/proxy.conf proxy.conf ln -s /etc/apache2/mods-available/proxy.load proxy.load ln -s /etc/apache2/mods-available/proxy_http.load proxy_http.load
- Q:啓動Apache報錯
No apache MPM package installed
- A:安裝apache2-mpm-worker軟件包
$sudo apt-get install apache2-mpm-worker
- Q:啓動Apache報錯
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
- A:修改/etc/apache2/http.conf文件,在文件中加入以下內容
ServerName localhost 啓動服務
- 1.啓動apache
sudo /etc/init.d/apache2 restart
- 2.啓動gerrit服務
$review_site_project/bin/gerrit.sh start
登錄gerrit
在瀏覽器地址欄中輸入
192.168.11.73/project/
注:Subdirectory on proxy server [/]:選擇直接跳過 則192.168.11.73:80
在顯示的登錄框中輸入用戶名/密碼,
即之前配置passwords
$sudo htpasswd -cb /etc/apache2/passwords admin passwordxxadminpasswordxx
Note: 請注意第一個登入的用戶,Gerrit會自動將其定義爲管理員
3. 接入企業內部域賬號
<Location "/project/login">
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://192.168.xx.x:xxx/OU=xxxxx,OU=_BJKS(xxx),DC=xxxxx,DC=cn?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN [email protected]
AuthLDAPBindPassword xxxx
Require valid-user
</Location>