搭建gerrit服務詳細步驟

搭建gerrit+openldap服務

作者：趙亮

歸檔：學習筆記

2017/9/4

搭建ldap略

下載gerrit-2.12.3.war包

配置好下載源

# apt-get update

下載gerrit安裝依賴包

#apt-get install default-jre daemon apache2-utils git

下載apache2

#apt-get install apache2

下載mysql數據庫

#apt-get install mysql-server

創建數據庫

Mysql>create database gerrit;

Mysql>grant all on gerrit.* to 'FxFT'@'localhost' identified by 'FoxitFT';

Mysql>flush privileges;

重啓mysql

#/etc/init.d/mysql restart

安裝gerrit

java -jar gerrit-2.12.3.war init -d /srv/gerrit/

// /srv/gerrit/是安裝目錄路徑

步驟如下：

root@debian:~#java -jar gerrit-2.12.3.war init -d /srv/gerrit/

*** Gerrit Code Review 2.12.3

***

Create '/srv/gerrit' [Y/n]? y

*** Git Repositories

***

Location of Git repositories [git]:

*** SQL Database

***

Database server type [h2]: mysql

Gerrit Code Review is not shipped with MySQL Connector/J 5.1.21

** This library is required for your configuration. **

Download and install it now [Y/n]? y

Downloading http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar ... OK

Checksum mysql-connector-java-5.1.21.jar OK

Server hostname [localhost]:

Server port [(mysql default)]:

Database name [reviewdb]: gerrit

Database username [root]: FxFT

gerrituser's password :

confirm password :

*** User Authentication

***

Authentication method [OPENID/?]: http

Get username from custom HTTP header [y/N]? n

SSO logout URL :

*** Email Delivery

***

SMTP server hostname [localhost]: smtp.163.com

SMTP server port [(default)]: 587

SMTP encryption [NONE/?]: tls

SMTP username [root]: [email protected]

[email protected]'s password :

confirm password :

*** Container Process

***

Run as [root]:

Java runtime [/usr/lib/jvm/java-7-openjdk-amd64/jre]:

Copy gerrit-2.8.war to /srv/gerrit/bin/gerrit.war [Y/n]? y

Copying gerrit-2.8.war to /srv/gerrit/bin/gerrit.war

*** SSH Daemon

***

Listen on address [*]:

Listen on port [29418]:

Gerrit Code Review is not shipped with Bouncy Castle Crypto v144

If available, Gerrit can take advantage of features

in the library, but will also function without it.

Download and install it now [Y/n]? y

Downloading http://www.bouncycastle.org/download/bcprov-jdk16-144.jar ... !! FAIL !!

error: http://www.bouncycastle.org/download/bcprov-jdk16-144.jar: 302 Found

Please download:

http://www.bouncycastle.org/download/bcprov-jdk16-144.jar

and save as:

/srv/gerrit/lib/bcprov-jdk16-144.jar

Press enter to continue

Continue without this library [Y/n]? y

Generating SSH host key ... rsa(simple)... done

*** HTTP Daemon

***

Behind reverse proxy [y/N]? y

Proxy uses SSL (https://) [y/N]? n

Subdirectory on proxy server [/]:

Listen on address [*]:

Listen on port [8081]: 8081

Canonical URL [http://debian.localhost/]:

*** Plugins

***

Install plugin reviewnotes version v2.8 [y/N]? y

Install plugin download-commands version v2.8 [y/N]? y

Install plugin replication version v2.8 [y/N]? y

Install plugin commit-message-length-validator version v2.8 [y/N]? y

Initialized /srv/gerrit

Executing /srv/gerrit/bin/gerrit.sh start

Starting Gerrit Code Review: OK

Waiting for server on debian.localhost:80 ... OK

Opening http://debian.localhost/#/admin/projects/ ...FAILED

Open Gerrit with a JavaScript capable browser:

http://debian.localhost/#/admin/projects/

Gerrit啓動腳本

#cp /srv/gerrit/bin/gerrit.sh /etc/init.d/gerrit

# vim /etc/init.d/gerrit

大概在47行寫入，GERRIT_SITE=跟路徑

GERRIT_SITE=/srv/gerrit/

重啓gerrit服務

#/etc/init.d/gerrit restart

Gerrit配置

#vi /srv/gerrit/etc/gerrit.config

[gerrit]

basePath = git

canonicalWebUrl = http://10.104.128.161/r/

[database]

type = mysql

hostname = localhost

database = gerrit

username = FxFT

[index]

type = LUCENE

[auth]

type = LDAP

[ldap]

server = ldap://10.104.128.163:389 //這是搭建好ldap的ip地址

accountBase = dc=foxitsoftware,dc=com

accountFullName = ${cn}

groupBase = dc=foxitsoftware,dc=com

[sendemail]

smtpServer = smtp.163.com

smtpServerPort = 587

smtpEncryption = TLS

smtpUser = [email protected]

[container]

#user = root

user = www-data //以www-data運行，不然Apache調用的時候會報權限問題

javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = proxy-http://*:8081/r/

listenUrl = proxy-https://*:8081/r/

requestLog = true

[cache]

directory = cache

[user]

anonymousCoward = Unregistered User

[change]

submitWholeTopic = true

[receive]

enableSignedPush = false

設置主和組的權限

# chown -R www-data:www-data /srv/gerrit

配置web

#vi /etc/apache2/sites-available/gerrit.conf

ServerName 10.104.128.161

ProxyRequests Off

ProxyVia Off

ProxyPreserveHost On

ErrorLog /var/log/apache2/testlink_foxitsoftware_com_error.log

CustomLog /var/log/apache2/testlink_foxitsoftware_com_access.log combined

Order deny,allow

Allow from all

</Proxy>

AuthType Basic

AuthName "Gerrit”

Require valid-user

AuthUserFile /srv/gerrit/etc/password

</Location>

AllowEncodedSlashes On

ProxyPass / http://127.0.0.1:8082/ nocanon

</VirtualHost>

設置一個gerrit授權用戶的賬號和密碼

#htpasswd -c /srv/gerrit/etc/password gerrit kevinstar

配置默認網站路徑index.html

vi /var/www/index.html

<html>

<head>

window.location.href='/r/';

</script>

</head>

<body><h1>It works!</h1>

<p>This is the default web page for this server.</p>

<p>The web server software is running but no content has been added, yet.</p>

</body></html>

加載proxy模塊

#a2enmod proxy

軟連接

#/cd /etc/apache2/mods-enabled

# ln -s ../mods-available/proxy_http.load proxy_http.load

重啓apache2和gerrit服務

#/etc/init.d/gerrit restart

#/etc/init.d/apache2 restart

現在就可以登陸web界面做測試了

啓用443端口配置：

#apt-get install ssl-cert

# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/apache2.pem

#openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/apache2.pem -out /etc/ssl/private/apache2.pem -nodes -days 999

Generating a 1024 bit RSA private key

..............++++++

.........................++++++

writing new private key to '/etc/ssl/private/apache2.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:BEIJING

Locality Name (eg, city) []:BEIJING

Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit

Organizational Unit Name (eg, section) []:it

Common Name (e.g. server FQDN or YOUR name) []:localhost

Email Address []:[email protected]

#openssl genrsa 1024 >server.key

#openssl req -new -key server.key > server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:BEIJING

Locality Name (eg, city) []:BEIJING

Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit

Organizational Unit Name (eg, section) []:it

Common Name (e.g. server FQDN or YOUR name) []:localhost

Email Address []:[email protected]

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:kevinstar

An optional company name []:foxit

開啓ssl模塊

#a2enmod ssl

配置Apache站點配置：

# vi /etc/apache2/sites-availble/gerrit.conf

ServerName 10.104.128.161

ProxyRequests Off

ProxyVia Off

ProxyPreserveHost On

Order deny,allow

Allow from all

</Proxy>

AllowEncodedSlashes On

ProxyPass /r/ http://127.0.0.1:8081/r/ nocanon

</VirtualHost>

SSLEngine on

SSLProxyEngine on

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem

SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

ServerName 10.104.128.161

ProxyRequests Off

ProxyVia Off

ProxyPreserveHost On

Order deny,allow

Allow from all

</Proxy>

AuthType Basic

AuthName "Gerrit"

Require valid-user

AuthUserFile /etc/gerrit/etc/.password

</Location>

AuthType Basic

AuthName "Gerrit Code Review"

</Location>

AllowEncodedSlashes On

ProxyPass /r/ http://127.0.0.1:8082/r/ nocanon

ProxyPass /p/ http://127.0.0.1:8082/p/ nocanon

</VirtualHost>

修改gerrit配置：

vi /etc/gerrit/etc/gerrit.config

[gerrit]

basePath = git

canonicalWebUrl = http://10.104.128.161/r/

[database]

type = mysql

hostname = localhost

database = gerritdb

username = gerrituser

[auth]

type = LDAP

[ldap]

server = ldap://10.104.128.163:389

accountBase = dc=foxitsoftware,dc=com

accountFullName = ${cn}

groupBase = dc=foxitsoftware,dc=com

[sendemail]

smtpServer = smtp.163.com

smtpServerPort = 587

smtpEncryption = TLS

smtpUser = [email protected]

[container]

user = root

javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = proxy-http://*:8081/r/

listenUrl = proxy-https://*:8082/r/

requestLog = true

[cache]

directory = cache

[user]

anonymousCoward = Unregistered User

[change]

submitWholeTopic = true

[receive]

enableSignedPush = false

重啓Apache和gerrit：

#/etc/init.d/apache restart

#/etc/init.d/gerrit restart

測試！！！！！

搭建完成

搭建gerrit服務詳細步驟

.NET有哪些好用的定時任務調度框架

Python 將PDF轉爲PDF/A、PDF/X，以及PDF/A轉回PDF

elk3

Kafka存儲機制

aws語音呼叫調用，告警電話

深度學習框架火焰圖pprof和CUDA Nsys配置指南

爬蟲兩種繞過5s盾的方法

【轉】[C#] WebAPI 防止併發調用二（冥等性）

【轉】[SQL Server]關掉 SSMS 的 IntelliSense

號稱能打敗MLP的KAN到底行不行？數學核心原理全面解析

搭建gerrit服務詳細步驟

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結