本文使用VMWare虚拟机进行实验。
IP:192.168.60.6
CentOS 7
mysql5.7数据库
http认证
nginx作为web服务器,提供反向代理
gitweb作为Repository Browser
yum -y install git gitweb vim wget httpd-tools gcc
安装mysql5.7
wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql-community-server
安装完成后删除yum安装源
yum -y remove mysql57-community-release-el7-10.noarch
安装nginx
yum install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel
wget -c https://nginx.org/download/nginx-1.16.0.tar.gz
tar -zxvf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure
make
make install
3.
2
.
关闭
selinux
[root@CentOS ~]# vim /etc/selinux/config //
修改
selinux
SELINUX=disabled
[root@CentOS ~]# reboot //重启生效
设置数据库开机自启动并启动数据库
systemctl enable mysqld
systemctl start mysqld
设置免密登录
vim /etc/my.cnf
skip-grant-tables #添加这句话,这时候登入mysql就不需要密码
重启mysql
systemctl
restart mysqld
mysql
flush privileges;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'root';
flush privileges;
quit;
vim /etc/my.cfg
skip-grant-tables #
删除这句话
使用密码登入
mysql -proot
CREATE USER 'gerrit'@'localhost' IDENTIFIED BY 'secret';
CREATE DATABASE reviewdb DEFAULT CHARACTER SET 'utf8';
GRANT ALL ON reviewdb.* TO 'gerrit'@'localhost';
FLUSH PRIVILEGES;
ALTER USER 'gerrit'@'localhost' IDENTIFIED BY 'secret' PASSWORD EXPIRE NEVER;
ALTER USER 'gerrit'@'localhost' IDENTIFIED WITH mysql_native_password BY 'secret';
FLUSH PRIVILEGES;
alter user 'gerrit'@'localhost' identified by 'secret';
use reviewdb;
CREATE TABLE account_group_by_id_aud (added_by INT DEFAULT 0 NOT NULL, removed_by INT, removed_on TIMESTAMP NULL DEFAULT NULL, group_id INT DEFAULT 0 NOT NULL, include_uuid VARCHAR(255) BINARY DEFAULT '' NOT NULL, added_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY(group_id,include_uuid,added_on));
CREATE TABLE account_group_members_audit (added_by INT DEFAULT 0 NOT NULL, removed_by INT, removed_on TIMESTAMP NULL DEFAULT NULL, account_id INT DEFAULT 0 NOT NULL, group_id INT DEFAULT 0 NOT NULL, added_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY(account_id,group_id,added_on));
CREATE TABLE changes (change_key VARCHAR(60) BINARY DEFAULT '' NOT NULL, created_on TIMESTAMP NOT NULL, last_updated_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, owner_account_id INT DEFAULT 0 NOT NULL, dest_project_name VARCHAR(255) BINARY DEFAULT '' NOT NULL, dest_branch_name VARCHAR(255) BINARY DEFAULT '' NOT NULL, status CHAR(1) DEFAULT ' ' NOT NULL, current_patch_set_id INT DEFAULT 0 NOT NULL, subject VARCHAR(255) BINARY DEFAULT '' NOT NULL, topic VARCHAR(255) BINARY, original_subject VARCHAR(255) BINARY, submission_id VARCHAR(255) BINARY, note_db_state TEXT, row_version INT DEFAULT 0 NOT NULL, change_id INT DEFAULT 0 NOT NULL ,PRIMARY KEY(change_id));
quit;
3.4 配置nginx反向代理
vim /usr/local/nginx/conf/nginx.conf
键入如下内容
server {
listen *:80;
server_name 192.168.60.6;
allow all;
deny all;
auth_basic "Welcomme to Gerrit Code Review Site!";
auth_basic_user_file /usr/local/nginx/gerrit.password;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
配置好了之后,启动nginx
/usr/local/nginx/sbin/nginx
停止
nginx
命令
/usr/local/nginx/sbin/nginx -s stop
touch /usr/local/nginx/gerrit.password
htpasswd /usr/local/nginx/gerrit.password "root"
New password:
Re-type new password:
Adding password for user root
这里添加了用户root,密码root(跟Linux本地用户没有关系!)
这样首次访问gerrit时的用户将成为gerrit的管理员,若想再添加用户,需要先在/gerrit.passwd中添加,再登录gerrit。
yum -y install java-1.8.0-openjdk
3.7.1 添加用户
sudo adduser gerrit
sudo passwd gerrit
编辑sudoers文件
vim /etc/sudoers
找到这行 root ALL=(ALL) ALL,在他下面添加
gerrit ALL=(ALL) ALL
切换用户
sudo su gerrit
3.7.2 下载 gerrit.war
回到gerrit根目录,下载gerrit-2.16.8.war
https://www.gerritcodereview.com/releases-readme.html
3.7.3 安装
进入交互命令,蓝色粗体表示输入的内容
[gerrit@localhost ~]$ java -jar gerrit-2.16.8.war init -d gerrit-work/
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2019-06-21 11:11:56,900] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/gerrit-work/etc/gerrit.config; assuming defaults
*** Gerrit Code Review 2.16.8
***
Create '/home/gerrit/gerrit-work' [Y/n]? y
*** Git Repositories
***
Location of Git repositories [git]: #回车
*** SQL Database
***
Database server type [h2]: mysql
Gerrit Code Review is not shipped with MySQL Connector/J 5.1.43
** This library is required for your configuration. **
Download and install it now [Y/n]? y
Downloading https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.43/mysql-connector-java-5.1.43.jar ... OK
Checksum mysql-connector-java-5.1.43.jar OK
Server hostname [localhost]: #回车
Server port [(mysql default)]: #回车
Database name [reviewdb]: #回车
Database username [gerrit]: #回车
gerrit's password : secret
confirm password : secret
*** NoteDb Database
***
Use NoteDb for change metadata?
See documentation:
https://gerrit-review.googlesource.com/Documentation/note-db.html
Enable [Y/n]? #回车
*** Index
***
Type [lucene/?]: #回车
*** User Authentication
***
Authentication method [openid/?]: http
Get username from custom HTTP header [y/N]? #回车
SSO logout URL :
Enable signed push support [y/N]? #回车
*** Review Labels
***
Install Verified label [y/N]? #回车
*** Email Delivery
***
SMTP server hostname [localhost]: #回车
SMTP server port [(default)]: #回车
SMTP encryption [none/?]: #回车
SMTP username : #回车
*** Container Process
***
Run as [gerrit]: #回车
Java runtime [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/jre]: #回车
Copy gerrit-2.16.8.war to gerrit-work/bin/gerrit.war [Y/n]? #回车
Copying gerrit-2.16.8.war to gerrit-work/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]: #回车
Listen on port [29418]: #回车
Generating SSH host key ... rsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]? #回车
Subdirectory on proxy server [/]: #回车
Listen on address [*]: 127.0.0.1
Listen on port [8081]: #回车
Canonical URL [http://127.0.0.1/]: http://192.168.60.6
*** Cache
***
*** Plugins
***
Installing plugins.
Install plugin codemirror-editor version v2.16.8 [y/N]? y
Installed codemirror-editor v2.16.8
Install plugin commit-message-length-validator version v2.16.8 [y/N]? y
Installed commit-message-length-validator v2.16.8
Install plugin download-commands version v2.16.8 [y/N]? y
Installed download-commands v2.16.8
Install plugin hooks version v2.16.8 [y/N]? y
Installed hooks v2.16.8
Install plugin replication version v2.16.8 [y/N]? y
Installed replication v2.16.8
Install plugin reviewnotes version v2.16.8 [y/N]? y
Installed reviewnotes v2.16.8
Install plugin singleusergroup version v2.16.8 [y/N]? y
Installed singleusergroup v2.16.8
Initializing plugins.
Fri Jun 21 11:13:51 CST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Fri Jun 21 11:13:52 CST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Initialized /home/gerrit/gerrit-work
Init complete, reindexing projects with: reindex --site-path gerrit-work --threads 1 --index projectsFri Jun 21 11:13:56 CST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Reindexing projects: 100% (2/2)
Reindexed 2 documents in projects index in 0.5s (4.4/s)
Executing /home/gerrit/gerrit-work/bin/gerrit.sh start
Starting Gerrit Code Review: WARNING: Could not adjust Gerrit's process for the kernel's out-of-memory killer.
This may be caused by /home/gerrit/gerrit-work/bin/gerrit.sh not being run as root.
Consider changing the OOM score adjustment manually for Gerrit's PID=14103 with e.g.:
echo '-1000' | sudo tee /proc/14103/oom_score_adj
OK
Waiting for server on 172.16.60.3:80 ... OK
Opening http://172.16.60.3/#/admin/projects/ ...FAILED#(因为还没有用户,所以failed,不影响)
Open Gerrit with a JavaScript capable browser:
http://172.16.60.3/#/admin/projects/
[gerrit@localhost ~]$
完成后切换到root查看端口情况
[root@localhost gerrit]# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14491/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9210/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9296/master
tcp6 0 0 :::29418 :::* LISTEN 32320/GerritCodeRev
tcp6 0 0 :::3306 :::* LISTEN 12793/mysqld
tcp6 0 0 127.0.0.1:8081 :::* LISTEN 32320/GerritCodeRev
tcp6 0 0 :::22 :::* LISTEN 9210/sshd
tcp6 0 0 ::1:25 :::* LISTEN 9296/master
[root@localhost gerrit]#
这样初始化好后,gerrit的配置文件(gerrit-work/etc/gerrit.config)
[gerrit]
basePath = git
serverId = 8f15b523-781f-43c5-bf08-938021330099
canonicalWebUrl = http://192.168.60.6
[database]
type = mysql
hostname = localhost
database = reviewdb
username = gerrit
[noteDb "changes"]
disableReviewDb = true
primaryStorage = note db
read = true
sequence = true
write = true
[container]
javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
user = gerrit
javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/jre
[index]
type = LUCENE
[auth]
type = HTTP
[receive]
enableSignedPush = false
[sendemail]
smtpServerPort = localhost
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://127.0.0.1:8081/
[cache]
directory = cache
配置邮箱和gitweb
vim gerrit-work/etc/gerrit.config
修改后的配置文件如下
[gerrit]
basePath = git
serverId = 8f15b523-781f-43c5-bf08-938021330099
canonicalWebUrl = http://192.168.60.6
[database]
type = mysql
hostname = localhost
database = reviewdb
username = gerrit
[noteDb "changes"]
disableReviewDb = true
primaryStorage = note db
read = true
sequence = true
write = true
[container]
javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
user = gerrit
javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/jre
[index]
type = LUCENE
[auth]
type = HTTP
[receive]
enableSignedPush = false
[sendemail]
smtpServer = smtp.mxhichina.com
smtpServerPort = 465
smtpEncryption = ssl
sslVerify = false
smtpUser = [email protected]
smtpPass = 4V0d3EBi9BpM
from = [email protected]
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://127.0.0.1:8081/
[cache]
directory = cache
[gitweb]
cgi = /var/www/git/gitweb.cgi
type = gitweb
3.8.防火墙放行端口
切换到root用户
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=29418/tcp --permanent
firewall-cmd --reload //重新加载防火墙策略
3.9.重新启动
/gerrit-test/bin/gerrit.sh restart //启动gerrit
/usr/local/nginx/sbin/nginx -s stop
/usr/local/nginx/sbin/nginx
使用浏览器访问
http://192.168.60.6
输入用户户名:root
密码:root
登录后进入设置中添加邮箱
管理命令如下
/home/gerrit/gerrit-work/bin/gerrit.sh start
/home/gerrit/gerrit-work/bin/gerrit.sh stop
/home/gerrit/gerrit-work/bin/gerrit.sh status