gerrit搭建

CentOS 7.2 安装Gerrit 2.16.8

1.环境

本文使用VMWare虚拟机进行实验。

  • IP:192.168.60.6

  • CentOS 7

  • mysql5.7数据库

  • http认证

  • nginx作为web服务器,提供反向代理

  • gitweb作为Repository Browser

3.安装

3.1 安装软件

yum -y install git gitweb vim wget httpd-tools gcc

 安装mysql5.7

wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql-community-server

 安装完成后删除yum安装源

yum -y remove mysql57-community-release-el7-10.noarch

 安装nginx

yum install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel
wget -c https://nginx.org/download/nginx-1.16.0.tar.gz
tar -zxvf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure
make
make install

 

3.2. 关闭selinux
[root@CentOS ~]# vim /etc/selinux/config //修改selinux
SELINUX=disabled
[root@CentOS ~]# reboot //
重启生效

3.3 配置数据库

设置数据库开机自启动并启动数据库

systemctl enable mysqld
systemctl start mysqld

设置免密登录

vim /etc/my.cnf

skip-grant-tables #添加这句话,这时候登入mysql就不需要密码

重启mysql

systemctl restart mysqld

mysql

flush privileges;

ALTER USER 'root'@'localhost' IDENTIFIED BY 'root';

flush privileges;

quit;

 

vim /etc/my.cfg

skip-grant-tables #删除这句话

使用密码登入

mysql -proot

CREATE USER 'gerrit'@'localhost' IDENTIFIED BY 'secret';
CREATE DATABASE reviewdb DEFAULT CHARACTER SET 'utf8';
GRANT ALL ON reviewdb.* TO 'gerrit'@'localhost';
FLUSH PRIVILEGES;

ALTER USER 'gerrit'@'localhost' IDENTIFIED BY 'secret' PASSWORD EXPIRE NEVER;
ALTER USER 'gerrit'@'localhost' IDENTIFIED WITH mysql_native_password BY 'secret';
FLUSH PRIVILEGES;
alter user 'gerrit'@'localhost' identified by 'secret';

use reviewdb;

CREATE TABLE account_group_by_id_aud (added_by INT DEFAULT 0 NOT NULL, removed_by INT, removed_on TIMESTAMP NULL DEFAULT NULL, group_id INT DEFAULT 0 NOT NULL, include_uuid VARCHAR(255) BINARY DEFAULT '' NOT NULL, added_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY(group_id,include_uuid,added_on));

CREATE TABLE account_group_members_audit (added_by INT DEFAULT 0 NOT NULL, removed_by INT, removed_on TIMESTAMP NULL DEFAULT NULL, account_id INT DEFAULT 0 NOT NULL, group_id INT DEFAULT 0 NOT NULL, added_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY(account_id,group_id,added_on));

CREATE TABLE changes (change_key VARCHAR(60) BINARY DEFAULT '' NOT NULL, created_on TIMESTAMP NOT NULL, last_updated_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, owner_account_id INT DEFAULT 0 NOT NULL, dest_project_name VARCHAR(255) BINARY DEFAULT '' NOT NULL, dest_branch_name VARCHAR(255) BINARY DEFAULT '' NOT NULL, status CHAR(1) DEFAULT ' ' NOT NULL, current_patch_set_id INT DEFAULT 0 NOT NULL, subject VARCHAR(255) BINARY DEFAULT '' NOT NULL, topic VARCHAR(255) BINARY, original_subject VARCHAR(255) BINARY, submission_id VARCHAR(255) BINARY, note_db_state TEXT, row_version INT DEFAULT 0 NOT NULL, change_id INT DEFAULT 0 NOT NULL ,PRIMARY KEY(change_id));

quit;

3.4 配置nginx反向代理

vim /usr/local/nginx/conf/nginx.conf

键入如下内容

server {
     listen *:80;
     server_name 192.168.60.6;
     allow   all;
     deny    all;

     auth_basic "Welcomme to Gerrit Code Review Site!";
     auth_basic_user_file /usr/local/nginx/gerrit.password;

     location / {
        proxy_pass  http://127.0.0.1:8081;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
     }
   }

配置好了之后,启动nginx

/usr/local/nginx/sbin/nginx

停止nginx命令

/usr/local/nginx/sbin/nginx -s stop

3.5 添加HTTP认证用户

touch /usr/local/nginx/gerrit.password
htpasswd /usr/local/nginx/gerrit.password "root"
New password: 
Re-type new password: 
Adding password for user root

这里添加了用户root,密码root(跟Linux本地用户没有关系!)

这样首次访问gerrit时的用户将成为gerrit的管理员,若想再添加用户,需要先在/gerrit.passwd中添加,再登录gerrit。

3.6 安装JDK

yum -y install java-1.8.0-openjdk

3.7 安装gerrit

3.7.1 添加用户

sudo adduser gerrit
sudo passwd gerrit

编辑sudoers文件
vim /etc/sudoers
找到这行 root ALL=(ALL) ALL,在他下面添加

gerrit ALL=(ALL) ALL

切换用户

sudo su gerrit

 

3.7.2 下载 gerrit.war

回到gerrit根目录,下载gerrit-2.16.8.war

https://www.gerritcodereview.com/releases-readme.html

3.7.3 安装

进入交互命令,蓝色粗体表示输入的内容

[gerrit@localhost ~]$ java -jar gerrit-2.16.8.war init -d gerrit-work/

Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore

[2019-06-21 11:11:56,900] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/gerrit-work/etc/gerrit.config; assuming defaults

*** Gerrit Code Review 2.16.8

***

Create '/home/gerrit/gerrit-work' [Y/n]? y

*** Git Repositories

***

Location of Git repositories [git]: #回车

*** SQL Database

***

Database server type [h2]: mysql

Gerrit Code Review is not shipped with MySQL Connector/J 5.1.43

** This library is required for your configuration. **

Download and install it now [Y/n]? y

Downloading https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.43/mysql-connector-java-5.1.43.jar ... OK

Checksum mysql-connector-java-5.1.43.jar OK

Server hostname [localhost]: #回车

Server port [(mysql default)]: #回车

Database name [reviewdb]: #回车

Database username [gerrit]: #回车

gerrit's password : secret

confirm password : secret

*** NoteDb Database

***

Use NoteDb for change metadata?

See documentation:

https://gerrit-review.googlesource.com/Documentation/note-db.html

Enable [Y/n]? #回车

*** Index

***

Type [lucene/?]: #回车

*** User Authentication

***

Authentication method [openid/?]: http

Get username from custom HTTP header [y/N]? #回车

SSO logout URL :

Enable signed push support [y/N]? #回车

*** Review Labels

***

Install Verified label [y/N]? #回车

*** Email Delivery

***

SMTP server hostname [localhost]: #回车

SMTP server port [(default)]: #回车

SMTP encryption [none/?]: #回车

SMTP username : #回车

*** Container Process

***

Run as [gerrit]: #回车

Java runtime [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/jre]: #回车

Copy gerrit-2.16.8.war to gerrit-work/bin/gerrit.war [Y/n]? #回车

Copying gerrit-2.16.8.war to gerrit-work/bin/gerrit.war

*** SSH Daemon

***

Listen on address [*]: #回车

Listen on port [29418]: #回车

Generating SSH host key ... rsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done

*** HTTP Daemon

***

Behind reverse proxy [y/N]? y

Proxy uses SSL (https://) [y/N]? #回车

Subdirectory on proxy server [/]: #回车

Listen on address [*]: 127.0.0.1

Listen on port [8081]: #回车

Canonical URL [http://127.0.0.1/]: http://192.168.60.6

*** Cache

***

*** Plugins

***

Installing plugins.

Install plugin codemirror-editor version v2.16.8 [y/N]? y

Installed codemirror-editor v2.16.8

Install plugin commit-message-length-validator version v2.16.8 [y/N]? y

Installed commit-message-length-validator v2.16.8

Install plugin download-commands version v2.16.8 [y/N]? y

Installed download-commands v2.16.8

Install plugin hooks version v2.16.8 [y/N]? y

Installed hooks v2.16.8

Install plugin replication version v2.16.8 [y/N]? y

Installed replication v2.16.8

Install plugin reviewnotes version v2.16.8 [y/N]? y

Installed reviewnotes v2.16.8

Install plugin singleusergroup version v2.16.8 [y/N]? y

Installed singleusergroup v2.16.8

Initializing plugins.

Fri Jun 21 11:13:51 CST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

Fri Jun 21 11:13:52 CST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

Initialized /home/gerrit/gerrit-work

Init complete, reindexing projects with: reindex --site-path gerrit-work --threads 1 --index projectsFri Jun 21 11:13:56 CST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

Reindexing projects: 100% (2/2)

Reindexed 2 documents in projects index in 0.5s (4.4/s)

Executing /home/gerrit/gerrit-work/bin/gerrit.sh start

Starting Gerrit Code Review: WARNING: Could not adjust Gerrit's process for the kernel's out-of-memory killer.

This may be caused by /home/gerrit/gerrit-work/bin/gerrit.sh not being run as root.

Consider changing the OOM score adjustment manually for Gerrit's PID=14103 with e.g.:

echo '-1000' | sudo tee /proc/14103/oom_score_adj

OK

Waiting for server on 172.16.60.3:80 ... OK

Opening http://172.16.60.3/#/admin/projects/ ...FAILED#(因为还没有用户,所以failed,不影响)

Open Gerrit with a JavaScript capable browser:

http://172.16.60.3/#/admin/projects/

[gerrit@localhost ~]$
 

完成后切换到root查看端口情况

[root@localhost gerrit]# netstat -ltnp

Active Internet connections (only servers)

Proto        Recv-Q        Send-Q        Local Address        Foreign Address        State        PID/Program   name

tcp            0                   0                    0.0.0.0:80                0.0.0.0:*                       LISTEN   14491/nginx: master

tcp            0                   0                    0.0.0.0:22                0.0.0.0:*                       LISTEN   9210/sshd

tcp            0                   0                    127.0.0.1:25            0.0.0.0:*                       LISTEN   9296/master

tcp6          0                   0                    :::29418                    :::*                                 LISTEN   32320/GerritCodeRev

tcp6          0                   0                    :::3306                      :::*                                 LISTEN   12793/mysqld

tcp6          0                   0                    127.0.0.1:8081       :::*                                 LISTEN   32320/GerritCodeRev

tcp6          0                   0                    :::22                          :::*                                 LISTEN   9210/sshd

tcp6          0                   0                    ::1:25                        :::*                                 LISTEN   9296/master

[root@localhost gerrit]#

这样初始化好后,gerrit的配置文件(gerrit-work/etc/gerrit.config)

[gerrit]
        basePath = git
        serverId = 8f15b523-781f-43c5-bf08-938021330099
        canonicalWebUrl = http://192.168.60.6
[database]
        type = mysql
        hostname = localhost
        database = reviewdb
        username = gerrit
[noteDb "changes"]
        disableReviewDb = true
        primaryStorage = note db
        read = true
        sequence = true
        write = true
[container]
        javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
        javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
        user = gerrit
        javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/jre
[index]
        type = LUCENE
[auth]
        type = HTTP
[receive]
        enableSignedPush = false
[sendemail]
        smtpServerPort = localhost
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = proxy-http://127.0.0.1:8081/
[cache]
        directory = cache

配置邮箱和gitweb

vim gerrit-work/etc/gerrit.config

修改后的配置文件如下

[gerrit]
        basePath = git
        serverId = 8f15b523-781f-43c5-bf08-938021330099
        canonicalWebUrl = http://192.168.60.6
[database]
        type = mysql
        hostname = localhost
        database = reviewdb
        username = gerrit
[noteDb "changes"]
        disableReviewDb = true
        primaryStorage = note db
        read = true
        sequence = true
        write = true
[container]
        javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
        javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
        user = gerrit
        javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/jre
[index]
        type = LUCENE
[auth]
        type = HTTP
[receive]
        enableSignedPush = false
[sendemail]
        smtpServer = smtp.mxhichina.com
        smtpServerPort = 465
        smtpEncryption = ssl
        sslVerify = false
        smtpUser = [email protected]
        smtpPass = 4V0d3EBi9BpM
        from = [email protected]
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = proxy-http://127.0.0.1:8081/
[cache]
        directory = cache
[gitweb]
        cgi = /var/www/git/gitweb.cgi
        type = gitweb

3.8.防火墙放行端口

切换到root用户

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=29418/tcp --permanent
firewall-cmd --reload //重新加载防火墙策略

3.9.重新启动

/gerrit-test/bin/gerrit.sh restart //启动gerrit

/usr/local/nginx/sbin/nginx -s stop

/usr/local/nginx/sbin/nginx


 

4.测试

使用浏览器访问

http://192.168.60.6

输入用户户名:root

密码:root

登录后进入设置中添加邮箱

管理命令如下

/home/gerrit/gerrit-work/bin/gerrit.sh start
/home/gerrit/gerrit-work/bin/gerrit.sh stop
/home/gerrit/gerrit-work/bin/gerrit.sh status

你可能感兴趣的:(gerrit搭建)