Ubuntu Server下安装Gerrit
- 基础配置
- 安装工具准备
- 安装配置Nginx,OpenJDK
- 安装配置MySQL
- 安装配置gerrit
- 设置gerrit开机自启动
- 添加用户邮箱
- 1. 管理员通过命令行添加
- 2. 用户在gerrit设置界面设置
- 高阶配置
- gerrit常用ssh命令
- 1. gerrit账户设置(create-account / set-account)
- 2. 工程设置(create-project / ls-projects / set-project / set-project-parent / delete-project)
- 3. 查询修改提交数据库(query)
- 接管github/bitbucket的提交
基础配置
安装工具准备
- Ubuntu Server 18.04.2
- openJDK 8
- Nginx
- MySQL
- gerrit
本文的gerrit就是以当前用户去安装,没有新建gerrit专用的用户,假如有需要用gerrit专用用户去运行gerrit的,可以先创建gerrit用户,然后切换为gerrit用户名再执行后续操作。
adduser gerrit
su geerit
安装配置Nginx,OpenJDK
sudo apt install -y nginx openjdk-8-jdk
安装配置MySQL
安装MySQL
sudo apt install -y mysql-server mysql-client libmysqlclient-dev
MySQL创建gerrit提交记录的数据库及创建gerrit用于访问数据库的用户名
# 刚安装完,MySQLroot的密码默认是空,直接回车即可进入MySQL终端
sudo mysql -u root -p
SELECT USER();
±---------------+
| USER() |
±---------------+
| root@localhost |
±---------------+
1 row in set (0.00 sec)
# 创建gerrit数据库
CREATE DATABASE gerrit;
# 创建gerrit用户
# CREATE USER '@' IDENTIFIED BY ''
CREATE USER 'gerrit@localhost' IDENTIFIED BY 'gerrit';
# 赋予gerrit用户对gerrit数据库的操作权限
GRANT ALL PRIVILEGES ON gerrit.* TO 'gerrit@localhost' IDENTIFIED BY 'gerrit';
# 设置时间戳以解决gerrit设置异常
SET GLOBAL explicit_defaults_for_timestamp=1;
FLUSH PRIVILEGES;
exit;
安装配置gerrit
# 安装Apache工具用于添加gerrit用户
sudo apt install -y apache2-utils
# 创建gerrit服务目录
mkdir ~/gerrit_server
cd ~/gerrit_server
wget https://gerrit-releases.storage.googleapis.com/gerrit-3.0.0.war
# 安装gerrit
# --batch 采用配置的默认值
# --dev 配置gerrit使用DEVELOPMENT_BECOME_ANY_ACCOUNT认证模式
# -d gerrit的安装目录,可以设置为gerrit的网址名字,如gerrit.mydomain.com
java -jar gerrit*.war init -d gerrit.mydomain.com
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2019-05-23 14:49:12,928] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/user/gerrit_server/gerrit.mydomain.com/etc/gerrit.config; assuming defaults*** Gerrit Code Review 3.0.0
****** Git Repositories
***
// 设置gerrit仓库目录
Location of Git repositories [git]: GerritRepositories*** Index
***Type [lucene/?]:
*** User Authentication
***
// 设置为http认证模式
Authentication method [openid/?]: httpGet username from custom HTTP header [y/N]?
SSO logout URL :
Enable signed push support [y/N]?*** Review Labels
***Install Verified label [y/N]? y
*** Email Delivery
***SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [none/?]:
SMTP username :*** Container Process
***Run as [user]:
Java runtime [/usr/lib/jvm/java-8-openjdk-amd64/jre]:
Copy gerrit-3.0.0.war to gerrit.mydomain.com/bin/gerrit.war [Y/n]?
Copying gerrit-3.0.0.war to gerrit.mydomain.com/bin/gerrit.war*** SSH Daemon
***Listen on address [*]:
Listen on port [29418]:
Generating SSH host key … rsa… ed25519… ecdsa 256… ecdsa 384… ecdsa 521… done*** HTTP Daemon
***Behind reverse proxy [y/N]?
Use SSL (https://) [y/N]? y
Listen on address [*]:
Listen on port [8443]:
Canonical URL [https://ubuntu:8443/]: https://gerrit.mydomain.com
Create new self-signed SSL certificate [Y/n]?
Certificate server name [gerrit.mydomain.com]:
Certificate expires in (days) [365]:*** Cache
***Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/oauth_tokens.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/web_sessions.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/mergeability.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/diff.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/pure_revert.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/conflicts.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/diff_summary.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/diff_intraline.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/git_tags.lock.db [y/N]?
Delete cache file /home/user/gerrit_server/gerrit.mydomain.com/cache/change_kind.lock.db [y/N]?*** Plugins
***Installing plugins.
Install plugin codemirror-editor version v3.0.0 [y/N]? y
Installed codemirror-editor v3.0.0
Install plugin commit-message-length-validator version v3.0.0 [y/N]? y
Installed commit-message-length-validator v3.0.0
Install plugin delete-project version v3.0.0 [y/N]? y
Installed delete-project v3.0.0
Install plugin download-commands version v3.0.0 [y/N]? y
Installed download-commands v3.0.0
Install plugin gitiles version v3.0.0 [y/N]? y
Installed gitiles v3.0.0
Install plugin hooks version v3.0.0 [y/N]? y
Installed hooks v3.0.0
Install plugin plugin-manager version v3.0.0 [y/N]? y
Installed plugin-manager v3.0.0
Install plugin replication version v3.0.0 [y/N]? y
Installed replication v3.0.0
Install plugin reviewnotes version v3.0.0 [y/N]? y
Installed reviewnotes v3.0.0
Install plugin singleusergroup version v3.0.0 [y/N]? y
Installed singleusergroup v3.0.0
Install plugin webhooks version v3.0.0 [y/N]? y
Installed webhooks v3.0.0
Initializing plugins.Initialized /home/user/gerrit_server/gerrit.mydomain.com
Reindexing projects: 100% (2/2) with: reindex --site-path gerrit.mydomain.com --threads 1 --index projects
Reindexed 2 documents in projects index in 2.1s (0.9/s)
添加gerrit第一个账号
touch ./gerrit.mydomain.com/etc/passwd
htpasswd -b ./gerrit.mydomain.com/etc/passwd admin admin
PS: 对于 Gerrit 来说,第一个成功登录的用户具有特殊意义 —— 它会直接被赋予管理员权限。
但是此时访问是存在问题的,因为当启用http方式验证的时候,gerrit禁止直接通过端口与gerrit相连,此时需要借助Nginx反向代理访问,因而需要配置Nginx反向代理。
首先修改配置里面的端口参数:
vim ./gerrit.mydomain.com/etc/gerrit.config
[gerrit]
basePath = GerritRepositories
canonicalWebUrl = https://gerrit.mydomain.com
serverId = d223f665-af4a-438a-869a-388554bddc6e
[container]
javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
user = user
javaHome = /usr/lib/jvm/java-8-openjdk-amd64/jre
[index]
type = LUCENE
[auth]
type = HTTP
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = https://*:8443/
[cache]
directory = cache
listenUrl端口号不能与已知的端口重复,如8080要留给Nginx,配置完gerrit后需要重启gerrit服务,然后修改Nginx的配置文件进行反向代理。
./gerrit.mydomain.com/bin/gerrit.sh restart
sudo vim /etc/nginx/nginx.conf
在http块中加入如下设置:
server {
listen 80;
server_name gerrit.mydomain.com;
location ^~ / {
auth_basic "Restricted";
auth_basic_user_file /home/user/gerrit_server/gerrit.mydomain.com/etc/passwd;
proxy_pass http://localhost:8443;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
然后重启Nginx
sudo nginx -s reload
设置gerrit开机自启动
- 取消./gerrit.mydomain.com/bin/gerrit.sh下面三行的注释
chkconfig: 3 99 99
description: Gerrit Code Review
processname: gerrit
- 加入gerrit.sh到开机脚本
sudo ln -snf /home/user/gerrit_server/gerrit.mydomain.com/bin/gerrit.sh /etc/init.d/gerrit
sudo ln -snf /etc/init.d/gerrit /etc/rc3.d/S09gerrit
添加用户邮箱
给用户添加邮箱有两种方式
1. 管理员通过命令行添加
ssh -p 29418 [email protected] gerrit set-account <username> --add-email <email>
2. 用户在gerrit设置界面设置
用户自主设置需要在etc/etc/gerrit.config中增加如下配置项
[oauth]
allowEditFullName = true
allowRegisterNewEmail = true
[sendemail]
enable = true
smtpServer = smtp.mydomain.com
smtpServerPort = 465
smtpEncryption = SSL
sslVerify = true
smtpUser = [email protected]
smtpPass = PasswordofEmail
from = [email protected]
然后重启服务
bin/gerrit.sh restart
然后登录用户,在设置界面填写邮箱,并发送验证即可。
高阶配置
gerrit常用ssh命令
直接执行如下命令可以查看所有默认的ssh命令
ssh -p 29418 [email protected] gerrit
fatal: Available commands of gerrit are:
apropos Search in Gerrit documentation
ban-commit Ban a commit from a project's repository
close-connection Close the specified SSH connection
create-account Create a new batch/role account
create-branch Create a new branch
create-group Create a new account group
create-project Create a new project and associated Git repository
flush-caches Flush some/all server caches from memory
gc Run Git garbage collection
index
logging
ls-groups List groups visible to the caller
ls-members List the members of a given group
ls-projects List projects visible to the caller
ls-user-refs List refs visible to a specific user
plugin
query Query the change database
receive-pack Standard Git server side command for client side git push
reload-config Reloads the Gerrit configuration
rename-group Rename an account group
review Apply reviews to one or more patch sets
set-account Change an account's settings
set-head Change HEAD reference for a project
set-members Modify members of specific group or number of groups
set-project Change a project's settings
set-project-parent Change the project permissions are inherited from
set-reviewers Add or remove reviewers on a change
show-caches Display current cache statistics
show-connections Display active client SSH connections
show-queue Display the background work queues
stream-events Monitor events occurring in real time
test-submit
version Display gerrit version
See 'gerrit COMMAND --help' for more information.
1. gerrit账户设置(create-account / set-account)
- create-account
gerrit create-account USERNAME [--] [--email EMAIL] [--full-name NAME] [--group (-g) GROUP] [--help (-h)] [--http-password PASSWORD] [--ssh-key -|KEY] [--trace] [--trace-id VAL]
USERNAME : name of the user account
-- : end of options (default: false)
--email EMAIL : email address of the account
--full-name NAME : display name of the account
--group (-g) GROUP : groups to add account to
--help (-h) : display this help text (default: true)
--http-password PASSWORD : password for HTTP authentication
--ssh-key -|KEY : public key for SSH authentication
--trace : enable request tracing (default: false)
--trace-id VAL : trace ID (can only be set if --trace was set too)
对于新增的用户,可以不必通过htpasswd来添加,而通过create-account一步添加完成
ssh -p 29418 [email protected] gerrit create-account <username> --http-password <password> --full-name <full name> --email <email>
- set-account
gerrit set-account USER [--] [--active] [--add-email EMAIL] [--add-ssh-key -|KEY] [--clear-http-password] [--delete-email EMAIL] [--delete-ssh-key -|KEY] [--full-name NAME] [--generate-http-password] [--help (-h)] [--http-password PASSWORD] [--inactive] [--preferred-email EMAIL] [--trace] [--trace-id VAL]
USER : full name, email-address, ssh username or account id
-- : end of options (default: false)
--active : set account's state to active (default: false)
--add-email EMAIL : email addresses to add to the account
--add-ssh-key -|KEY : public keys to add to the account
--clear-http-password : clear HTTP password for the account (default: false)
--delete-email EMAIL : email addresses to delete from the account
--delete-ssh-key -|KEY : public keys to delete from the account
--full-name NAME : display name of the account
--generate-http-password : generate a new HTTP password for the account (default: false)
--help (-h) : display this help text (default: true)
--http-password PASSWORD : password for HTTP authentication for the account
--inactive : set account's state to inactive (default: false)
--preferred-email EMAIL : a registered email address from the account
--trace : enable request tracing (default: false)
--trace-id VAL : trace ID (can only be set if --trace was set too)
2. 工程设置(create-project / ls-projects / set-project / set-project-parent / delete-project)
- create-project
gerrit create-project [NAME] [--] [--branch (-b) BRANCH] [--change-id [TRUE | FALSE | INHERIT]] [--content-merge [TRUE | FALSE | INHERIT]] [--contributor-agreements [TRUE | FALSE | INHERIT]] [--create-new-change-for-all-not-in-target (--ncfa)] [--description (-d) DESCRIPTION] [--empty-commit] [--help (-h)] [--max-object-size-limit VAL] [--new-change-for-all-not-in-target [TRUE | FALSE | INHERIT]] [--owner (-o) GROUP] [--parent (-p) NAME] [--permissions-only] [--plugin-config VAL] [--reject-empty-commit [TRUE | FALSE | INHERIT]] [--require-change-id (--id)] [--signed-off-by [TRUE | FALSE | INHERIT]] [--submit-type (-t) [INHERIT | FAST_FORWARD_ONLY | MERGE_IF_NECESSARY | REBASE_IF_NECESSARY | REBASE_ALWAYS | MERGE_ALWAYS | CHERRY_PICK]] [--suggest-parents (-S)] [--trace] [--trace-id VAL] [--use-content-merge] [--use-contributor-agreements (--ca)] [--use-signed-off-by (--so)]
NAME : name of project to be created
-- : end of options (default: false)
--branch (-b) BRANCH : initial branch name (default: master)
--change-id [TRUE | FALSE | INHERIT] : if change-id is required (default: INHERIT)
--content-merge [TRUE | FALSE | INHERIT] : allow automatic conflict resolving within files (default: INHERIT)
--contributor-agreements [TRUE | FALSE | INHERIT] : if contributor agreement is required (default: INHERIT)
--create-new-change-for-all-not-in-target (--ncfa) : if a new change will be created for every commit not in target branch
--description (-d) DESCRIPTION : description of project (default: )
--empty-commit : to create initial empty commit (default: false)
--help (-h) : display this help text (default: true)
--max-object-size-limit VAL : max Git object size for this project
--new-change-for-all-not-in-target [TRUE | FALSE | INHERIT] : if a new change will be created for every commit not in target branch (default: INHERIT)
--owner (-o) GROUP : owner(s) of project
--parent (-p) NAME : parent project
--permissions-only : create project for use only as parent (default: false)
--plugin-config VAL : plugin configuration parameter with format '.='
--reject-empty-commit [TRUE | FALSE | INHERIT] : if empty commits should be rejected on submit (default: INHERIT)
--require-change-id (--id) : if change-id is required
--signed-off-by [TRUE | FALSE | INHERIT] : if signed-off-by is required (default: INHERIT)
--submit-type (-t) [INHERIT | FAST_FORWARD_ONLY | MERGE_IF_NECESSARY | REBASE_IF_NECESSARY | REBASE_ALWAYS | MERGE_ALWAYS | CHERRY_PICK] : project submit type
--suggest-parents (-S) : suggest parent candidates, if this option is used all other options and arguments are ignored (default: false)
--trace : enable request tracing (default: false)
--trace-id VAL : trace ID (can only be set if --trace was set too)
--use-content-merge : allow automatic conflict resolving within files
--use-contributor-agreements (--ca) : if contributor agreement is required
--use-signed-off-by (--so) : if signed-off-by is required
- ls-projects
gerrit ls-projects [--] [--help (-h)] [--trace] [--trace-id VAL] [--state (-s) [ACTIVE | READ_ONLY | HIDDEN]] [--has-acl-for GROUP] [--start (-S) CNT] [--limit (-n) CNT] [--match (-m) MATCH] [-r REGEX] [--prefix (-p) PREFIX] [--description (-d)] [--tree (-t)] [--show-branch (-b) VAL] [--type [CODE | PERMISSIONS | ALL]] [--all] [--format [TEXT | JSON | JSON_COMPACT]]
-- : end of options (default: false)
--help (-h) : display this help text (default: true)
--trace : enable request tracing (default: false)
--trace-id VAL : trace ID (can only be set if --trace was set too)
--state (-s) [ACTIVE | READ_ONLY | HIDDEN] : filter by project state
--has-acl-for GROUP : displays only projects on which access rights for this group are directly assigned
--start (-S) CNT : number of projects to skip
--limit (-n) CNT : maximum number of projects to list
--match (-m) MATCH : match project substring
-r REGEX : match project regex
--prefix (-p) PREFIX : match project prefix
--description (-d) : include description of project in list
--tree (-t) : displays project inheritance in a tree-like format this option does not work together with the show-branch option
--show-branch (-b) VAL : displays the sha of each project in the specified branch
--type [CODE | PERMISSIONS | ALL] : type of project
--all : display all projects that are accessible by the calling user
--format [TEXT | JSON | JSON_COMPACT] : (deprecated) output format (default: TEXT)
- set-project
gerrit set-project NAME [--] [--change-id [TRUE | FALSE | INHERIT]] [--content-merge [TRUE | FALSE | INHERIT]] [--contributor-agreements [TRUE | FALSE | INHERIT]] [--description (-d) DESCRIPTION] [--help (-h)] [--max-object-size-limit VAL] [--no-change-id (--nid)] [--no-content-merge] [--no-contributor-agreements (--nca)] [--no-signed-off-by (--nso)] [--project-state (--ps) [ACTIVE | READ_ONLY | HIDDEN]] [--require-change-id (--id)] [--signed-off-by [TRUE | FALSE | INHERIT]] [--submit-type (-t) [INHERIT | FAST_FORWARD_ONLY | MERGE_IF_NECESSARY | REBASE_IF_NECESSARY | REBASE_ALWAYS | MERGE_ALWAYS | CHERRY_PICK]] [--trace] [--trace-id VAL] [--use-content-merge] [--use-contributor-agreements (--ca)] [--use-signed-off-by (--so)]
NAME : name of the project
-- : end of options (default: false)
--change-id [TRUE | FALSE | INHERIT] : if change-id is required
--content-merge [TRUE | FALSE | INHERIT] : allow automatic conflict resolving within files
--contributor-agreements [TRUE | FALSE | INHERIT] : if contributor agreement is required
--description (-d) DESCRIPTION : description of project
--help (-h) : display this help text (default: true)
--max-object-size-limit VAL : max Git object size for this project
--no-change-id (--nid) : if change-id is not required
--no-content-merge : don't allow automatic conflict resolving within files
--no-contributor-agreements (--nca) : if contributor agreement is not required
--no-signed-off-by (--nso) : if signed-off-by is not required
--project-state (--ps) [ACTIVE | READ_ONLY | HIDDEN] : project's visibility state
--require-change-id (--id) : if change-id is required
--signed-off-by [TRUE | FALSE | INHERIT] : if signed-off-by is required
--submit-type (-t) [INHERIT | FAST_FORWARD_ONLY | MERGE_IF_NECESSARY | REBASE_IF_NECESSARY | REBASE_ALWAYS | MERGE_ALWAYS | CHERRY_PICK] : project submit type (default: MERGE_IF_NECESSARY)
--trace : enable request tracing (default: false)
--trace-id VAL : trace ID (can only be set if --trace was set too)
--use-content-merge : allow automatic conflict resolving within files
--use-contributor-agreements (--ca) : if contributor agreement is required
--use-signed-off-by (--so) : if signed-off-by is required
- set-project-parent
gerrit set-project-parent [NAME ...] [--] [--children-of NAME] [--exclude NAME] [--help (-h)] [--parent (-p) NAME] [--trace] [--trace-id VAL]
NAME : projects to modify
-- : end of options (default: false)
--children-of NAME : parent project for which the child projects should be reparented
--exclude NAME : child project of old parent project which should not be reparented
--help (-h) : display this help text (default: true)
--parent (-p) NAME : new parent project
--trace : enable request tracing (default: false)
--trace-id VAL : trace ID (can only be set if --trace was set too)
- delete-project
delete-project delete [--yes-really-delete] [--force] [--preserve-git-repository]
--yes-really-delete : Actually perform the deletion. If omitted, the command will just output information about the deletion and then exit.
--force : Delete project even if it has open changes.
--preserve-git-repository : Don’t delete git repository directory.
3. 查询修改提交数据库(query)
gerrit query QUERY ... [--] [--all-approvals] [--all-reviewers] [--comments] [--commit-message] [--current-patch-set] [--dependencies] [--files] [--format [TEXT | JSON]] [--help (-h)] [--no-limit] [--patch-sets] [--start (-S) N] [--submit-records] [--trace] [--trace-id VAL]
QUERY : Query to execute
-- : end of options (default: false)
--all-approvals : Include information about all patch sets and approvals
--all-reviewers : Include all reviewers
--comments : Include patch set and inline comments
--commit-message : Include the full commit message for a change
--current-patch-set : Include information about current patch set
--dependencies : Include depends-on and needed-by information
--files : Include file list on patch sets
--format [TEXT | JSON] : Output display format
--help (-h) : display this help text (default: true)
--no-limit : Return all results, overriding the default limit
--patch-sets : Include information about all patch sets
--start (-S) N : Number of changes to skip
--submit-records : Include submit and label status
--trace : enable request tracing (default: false)
--trace-id VAL : trace ID (can only be set if --trace was set too)
接管github/bitbucket的提交
// 待续…