编者按:
近期项目需要进行gerrit的调研工作,于是才有了这篇整理性的文章,当然网络上面还有很多其他比较优秀的帖子值得借鉴,这里推荐几个:
Gerrit代码审核服务器搭建全过程
Jenkins+Ansible+Gitlab自动化部署三剑客
构建基于Jenkins + Github的持续集成环境
环境准备:
mysql -- yum install mysql* -y
java -- yum install java-1.8.0-openjdk* -y
gitweb-- yum install gitweb -y
1. 数据库设置:
mysql> create database reviewdb; Query OK, 1 row affected (0.01 sec) mysql> CREATE USER 'gerrit'@'localhost' IDENTIFIED BY 'gerrit'; Query OK, 0 rows affected (0.00 sec) mysql> CREATE USER 'gerrit'@'127.0.0.1' IDENTIFIED BY 'gerrit'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> grant all privileges on reviewdb.* to gerrit@localhost identified by 'gerrit'; Query OK, 0 rows affected (0.00 sec) mysql> grant all privileges on reviewdb.* to gerrit@'10.125.156.2' identified by 'gerrit'; #10.125.156.2为部署gerrit服务的内网地址 Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
2. 建立专有帐户
useradd gerrit -m -s /bin/bash passwd gerrit su - gerrit
3. 官网下载gerrit
#本文使用最新版本2.14
4. 安装gerrit
通过如下命令安装 Gerrit:
cd /home/gerrit && ava -jar gerrit-2.14.war init -d review_site
安装过程中信息如下:
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore [2018-03-19 14:16:08,115] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/review_site/etc/gerrit.config; assuming defaults *** Gerrit Code Review 2.14.6 *** Create '/home/gerrit/review_site' [Y/n]? Y *** Git Repositories *** Location of Git repositories [git]: GerritResource #默认创建的项目存放路径,本文路径为/home/gerrit/review_site/GerritResource,用于保存 Gerrit 的 Git 仓库 *** SQL Database *** Database server type [h2]: mysql #数据库采用mysql Gerrit Code Review is not shipped with MySQL Connector/J 5.1.41 ** This library is required for your configuration. ** Download and install it now [Y/n]? Y Downloading https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar ... OK Checksum mysql-connector-java-5.1.41.jar OK Server hostname [localhost]: gerrit.apicloud.com #gerrit服务器对应的域名,请根据自身情况设置 Server port [(mysql default)]: 33070 #数据库端口 Database name [reviewdb]: #reviewdb为第一步数据库设置环境创建的数据库名称 Database username [gerrit]: #gerrit为第一步数据库设置环境创建的数据库用户名 gerrit's password : #输入数据库密码两遍 confirm password : *** Index *** Type [lucene/?]: *** User Authentication *** Authentication method [openid/?]: Enable signed push support [y/N]? *** Review Labels *** Install Verified label [y/N]? *** Email Delivery *** SMTP server hostname [localhost]: smtp.apicloud-mail.com #配置邮件发送设置,gerrit默认是关闭支持smtp功能的,这里先暂时这样配置,后面请查看gerrit.conf文件的配置内容 SMTP server port [(default)]: 465 #默认是不开启ssl端口的,但是由于阿里云服务器全网禁25端口,这里配置使用ssl 465端口,详细配置请查看gerrit.conf文件的配置内容 SMTP encryption [none/?]: SMTP username [git@apicloud-mail.com]: gerrit's password : confirm password : *** Container Process *** Run as [gerrit]: Java runtime [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre]: Copy gerrit-2.14.6.war to review_site/bin/gerrit.war [Y/n]? Y Copying gerrit-2.14.6.war to review_site/bin/gerrit.war *** SSH Daemon *** Listen on address [*]: Listen on port [29418]: #gerrit服务默认ssh端口,可以根据需要自行修改设置 Generating SSH host key ... rsa... dsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done *** HTTP Daemon *** Behind reverse proxy [y/N]? y Proxy uses SSL (https://) [y/N]? y Subdirectory on proxy server [/]: proxy- #默认是监听代理到8080端口,为了避免与tomcat占用端口冲突,这里自定义8081,根据自身情况修改。 Listen on address [*]: Listen on port [8081]: *** Cache *** *** Plugins *** Installing plugins. Install plugin commit-message-length-validator version v2.14.6 [Y/n]? commit-message-length-validator v2.14.6 is already installed, overwrite it [Y/n]? Updated commit-message-length-validator to v2.14.6 Install plugin download-commands version v2.14.6 [Y/n]? download-commands v2.14.6 is already installed, overwrite it [Y/n]? Updated download-commands to v2.14.6 Install plugin hooks version v2.14.6 [Y/n]? hooks v2.14.6 is already installed, overwrite it [Y/n]? Updated hooks to v2.14.6 Install plugin replication version v2.14.6 [Y/n]? replication v2.14.6 is already installed, overwrite it [Y/n]? Updated replication to v2.14.6 Install plugin reviewnotes version v2.14.6 [Y/n]? reviewnotes v2.14.6 is already installed, overwrite it [Y/n]? Updated reviewnotes to v2.14.6 Install plugin singleusergroup version v2.14.6 [Y/n]? singleusergroup v2.14.6 is already installed, overwrite it [Y/n]? Updated singleusergroup to v2.14.6 Initializing plugins.
安装完成后,gerrit会默认启动,先不用管它,我们继续配置gerrit。如果在安装过程中报错,请参考文章开头推荐的几篇文章。
5.配置gerrit
/home/gerrit/review_site/etc/gerrit.conf
[gerrit] basePath = GerritResource serverId = f600a067-aa9b-4738-b393-cceb329ffb62 canonicalWebUrl = http://gerrit.apicloud.com/ useSSL = false [database] type = mysql hostname = gerrit.apicloud.com port = 33070 database = reviewdb username = gerrit [index] type = LUCENE [auth] type = HTTP [receive] enableSignedPush = false [sendemail] enable = true smtpServer = smtp.apicloud-mail.com smtpServerPort = 465 smtpUser = git@apicloud-mail.com smtpEncryption = ssl sslVerify = false smtpPass = xxx from = APICloud-CodeReview[container] user = gerrit javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre [sshd] listenAddress = *:29418 [download] scheme = ssh scheme = http [httpd] listenUrl = proxy-http://127.0.0.1:8081/ [cache] directory = cache [gitweb] cgi = /var/www/git/gitweb.cgi type = gitweb
/home/gerrit/review_site/etc/secure.config
[database] password = gerrit [auth] registerEmailPrivateKey = Q48ihZ5krcBule7qnG/txuhTiwi5FXGks/w= [sendemail] smtpPass = XXX #与gerrit.conf配置一样
6. nginx配置
/usr/local/nginx/conf/servers/gerrit.conf
server { listen 80; server_name gerrit.apicloud.com; charset utf8; keepalive_timeout 600; send_timeout 10m; client_header_buffer_size 2m; client_max_body_size 1000m; client_body_timeout 10m; client_header_timeout 10m; large_client_header_buffers 8 32k; proxy_buffer_size 128k; proxy_buffers 32 256k; proxy_busy_buffers_size 256k; location / { auth_basic "Gerrit Code Review"; auth_basic_user_file htpasswd/gerrit.passwd; proxy_pass http://127.0.0.1:8081/; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Cookie $http_cookie; chunked_transfer_encoding off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; } }
配置htpassd文件
mkdir /usr/local/nginx/conf/htpasswd/ && touch /usr/local/nginx/conf/htpasswd/gerrit.passwd && chown nginx:nginx /usr/local/nginx/conf/htpasswd/gerrit.passwd && chmod 600 /usr/local/nginx/conf/htpasswd/gerrit.passwd htpasswd -b /usr/local/nginx/conf/htpasswd/gerrit.passwd UserName PassWord
7. Replication 配置
所谓的 replication,是 Gerrit 的一个插件,它可以自动地将 Gerrit Code Review 对它所管理的 Git 仓库创建的任何 changes push 到另外一个系统里。Gerrit 本身提供了两大功能:一是 Code Review;二是 Git 仓库。Replication 插件通常用于提供 changes 的镜像,或热备份。
此外,许多现有的项目可能是用另外一套系统来管理 Git 代码仓库的,比如 GitLab,或者 GitHub。需要引入 Gerrit 做 Code Review,同时对接这些已有的 Git 仓库系统时,replication 插件比较有用。
配置 replication 将代码同步到 GitLab 的方法如下。
如果通过 SSH 来从 Gerrit 同步代码到 GitLab,需要确保远程系统,也就是 GitLab 服务器的主机密钥已经在 Gerrit 用户的 ~/.ssh/known_hosts
文件中了。
gerrit@haier-test ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/gerrit/.ssh/id_rsa): Created directory '/home/gerrit/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/gerrit/.ssh/id_rsa. Your public key has been saved in /home/gerrit/.ssh/id_rsa.pub. The key fingerprint is: SHA256:wXsgOH2yJh+awLBGiaNHxOKKuZbDOQAhdaCYrCE+xrE gerrit@haier-test The key's randomart image is: +---[RSA 2048]----+ | o+.. | |B+o. o . | |%B. o + = | |OOo . = + | |BE+ . + S . | |B... * . . | |o.o o . | |.B | |. o | +----[SHA256]-----+
复制/home/gerrit/.ssh/id_rsa.pub内容添加到gitlab账户ssh-key内。
/home/gerrit/review_site/etc/replication.config
[remote "gitlab.apicloud.com"] url = ssh://git@gitlab.apicloud.com:19850/gerrit_dev/${name}.git push = +refs/heads/*:refs/heads/* push = +refs/tags/*:refs/tags/* push = +refs/changes/*:refs/changes/* timtout = 30 threads = 3
这个配置文件支持的全部选项如下:
* Host
* Hostname
* User
* Port
* IdentityFile
* PreferredAuthentications
* StrictHostKeyChecking
需要注意的是这个文件的权限,文件的 “其它” 用户访问权限,不能可读写。
/home/gerrit/.ssh/config
Host gitlab.apicloud.com User git Port 19850 IdentityFile ~/.ssh/id_rsa StrictHostKeyChecking no UserKnownHostsFile /dev/null PreferredAuthentications publickey
8. 启动gerrit、nginx
sh /home/gerrit/review_site/bin/gerrit.sh start|restart|stop service nginx start|stop|restart|reload
9. 测试并创建项目:
htpassd配置的第一个用户默认会在登录gerrit系统的时候获取gerrit的超级管理员权限。
创建项目:
gerrit创建的项目名称必须跟gitlab账户下面的项目名称一致:
8.项目代码管理流程:
1)首先,普通用户拉取项目代码,注意拉取的项目代码来源于gerrit系统:
git clone ssh://gerrit@gerrit.apicloud.com:29418/test01 && scp -p -P 29418 gerrit@gerrit.apicloud.com:hooks/commit-msg test01/.git/hooks/ Cloning into 'test01'... The authenticity of host '[gerrit.apicloud.com]:29418 ([10.125.156.2]:29418)' can't be established. ECDSA key fingerprint is SHA256:cDRO/yI6SHMcU7A9mJOmlqMzNPYxzMu/j3ibxDB73dM. ECDSA key fingerprint is MD5:27:a1:41:1a:aa:1d:37:60:6b:57:8b:6c:9f:0b:6d:89. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[gerrit.apicloud.com]:29418,[10.125.156.2]:29418' (ECDSA) to the list of known hosts. remote: Counting objects: 9, done remote: Finding sources: 100% (9/9) remote: Total 9 (delta 1), reused 9 (delta 1) Receiving objects: 100% (9/9), done. Resolving deltas: 100% (1/1), done. commit-msg
2)然后,根据需要,像使用普通的 Git 工程那样,修改代码,commit,然后通过如下命令 push 代码到 Gerrit 进行 Code Review:
git push 远程地址 本地分支:refs/for/远程分支
通过ssh进行push,需要将本地~/.ssh/id_rsa.pub内容添加到gerrit ssh-key配置。
例如:
[gerrit@haier-test test01]$ ls Readme.txt [gerrit@haier-test test01]$ touch swht.txt [gerrit@haier-test test01]$ touch test.md [gerrit@haier-test test01]$ ls Readme.txt swht.txt test.md [gerrit@haier-test test01]$ git add . [gerrit@haier-test test01]$ git commit -m "add the test file" *** Please tell me who you are. Run git config --global user.email "you@example.com" git config --global user.name "Your Name" to set your account's default identity. Omit --global to set the identity only in this repository. fatal: empty ident name (for <(null)>) not allowed [gerrit@haier-test test01]$ git config --global user.email "qingbo.song@apiclloud-mail.com" [gerrit@haier-test test01]$ git config --global user.name "gerrit" [gerrit@haier-test test01]$ git commit -m "add the test file" [master 8911253] add the test file 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 swht.txt create mode 100644 test.md [gerrit@haier-test test01]$ git branch * master [gerrit@haier-test test01]$ git push origin master:refs/for/master Counting objects: 2, done. Delta compression using up to 2 threads. Compressing objects: 100% (2/2), done. Writing objects: 100% (2/2), 364 bytes | 0 bytes/s, done. Total 2 (delta 0), reused 0 (delta 0) remote: Processing changes: new: 1, refs: 1, done remote: remote: New Changes: remote: http://gerrit.apicloud.com/1 add the test file remote: To ssh://gerrit.apicloud.com:29418/test01 * [new branch] master -> refs/for/master
3)再然后,登录gerrit进行代码review,并且submit提交,代码后台会自动推送到远端gitlab对应项目库
至此,基于gerrit进行代码review+自动推送到gitlab代码拖管的部署配置已经完毕。当然部署过程中有一些坎坷,完全按照文章中的配置进行配置, 应该是可以规避我遇到的一些问题。如果还有问题,可以通过文章回复一起沟通交流。
预告:
本文章后续还会进行更新,增加Jenkins的完美接入配置。敬请期待。