1. 程式人生 > >搭建gerrit服務詳細步驟

搭建gerrit服務詳細步驟

debian下搭建gerrit服務的詳細步驟

搭建gerrit+openldap服務

作者:趙亮

歸檔:學習筆記

2017/9/4

搭建ldap

下載gerrit-2.12.3.war

配置好下載源

# apt-get update

下載gerrit安裝依賴包

#apt-get install default-jre daemon apache2-utils git

下載apache2

#apt-get install apache2

下載mysql數據庫

#apt-get install mysql-server

創建數據庫

Mysql>create database gerrit;

Mysql>grant all on gerrit.* to ‘FxFT‘@‘localhost‘ identified by ‘FoxitFT‘;

Mysql>flush privileges;

重啟mysql

#/etc/init.d/mysql restart

安裝gerrit

java -jar gerrit-2.12.3.war init -d /srv/gerrit/

// /srv/gerrit/是安裝目錄路徑

步驟如下:

root@debian:~#java -jar gerrit-2.12.3.war init -d /srv/gerrit/

*** Gerrit Code Review 2.12.3

***

Create ‘/srv/gerrit‘ [Y/n]? y

*** Git Repositories

***

Location of Git repositories [git]:

*** SQL Database

***

Database server type [h2]: mysql

Gerrit Code Review is not shipped with MySQL Connector/J 5.1.21

** This library is required for your configuration. **

Download and install it now [Y/n]? y

Downloading http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar ... OK

Checksum mysql-connector-java-5.1.21.jar OK

Server hostname [localhost]:

Server port [(mysql default)]:

Database name [reviewdb]: gerrit

Database username [root]: FxFT

gerrituser‘s password :

confirm password :

*** User Authentication

***

Authentication method [OPENID/?]: http

Get username from custom HTTP header [y/N]? n

SSO logout URL :

*** Email Delivery

***

SMTP server hostname [localhost]: smtp.163.com

SMTP server port [(default)]: 587

SMTP encryption [NONE/?]: tls

SMTP username [root]: [email protected]

[email protected]‘s password :

confirm password :

*** Container Process

***

Run as [root]:

Java runtime [/usr/lib/jvm/java-7-openjdk-amd64/jre]:

Copy gerrit-2.8.war to /srv/gerrit/bin/gerrit.war [Y/n]? y

Copying gerrit-2.8.war to /srv/gerrit/bin/gerrit.war

*** SSH Daemon

***

Listen on address [*]:

Listen on port [29418]:

Gerrit Code Review is not shipped with Bouncy Castle Crypto v144

If available, Gerrit can take advantage of features

in the library, but will also function without it.

Download and install it now [Y/n]? y

Downloading http://www.bouncycastle.org/download/bcprov-jdk16-144.jar ... !! FAIL !!

error: http://www.bouncycastle.org/download/bcprov-jdk16-144.jar: 302 Found

Please download:

http://www.bouncycastle.org/download/bcprov-jdk16-144.jar

and save as:

/srv/gerrit/lib/bcprov-jdk16-144.jar

Press enter to continue

Continue without this library [Y/n]? y

Generating SSH host key ... rsa(simple)... done

*** HTTP Daemon

***

Behind reverse proxy [y/N]? y

Proxy uses SSL (https://) [y/N]? n

Subdirectory on proxy server [/]:

Listen on address [*]:

Listen on port [8081]: 8081

Canonical URL [http://debian.localhost/]:

*** Plugins

***

Install plugin reviewnotes version v2.8 [y/N]? y

Install plugin download-commands version v2.8 [y/N]? y

Install plugin replication version v2.8 [y/N]? y

Install plugin commit-message-length-validator version v2.8 [y/N]? y

Initialized /srv/gerrit

Executing /srv/gerrit/bin/gerrit.sh start

Starting Gerrit Code Review: OK

Waiting for server on debian.localhost:80 ... OK

Opening http://debian.localhost/#/admin/projects/ ...FAILED

Open Gerrit with a JavaScript capable browser:

http://debian.localhost/#/admin/projects/

Gerrit啟動腳本

#cp /srv/gerrit/bin/gerrit.sh /etc/init.d/gerrit

# vim /etc/init.d/gerrit

大概在47寫入GERRIT_SITE=跟路徑

GERRIT_SITE=/srv/gerrit/


重啟gerrit服務

#/etc/init.d/gerrit restart


Gerrit配置

#vi /srv/gerrit/etc/gerrit.config

[gerrit]

basePath = git

canonicalWebUrl = http://10.104.128.161/r/

[database]

type = mysql

hostname = localhost

database = gerrit

username = FxFT

[index]

type = LUCENE

[auth]

type = LDAP

[ldap]

server = ldap://10.104.128.163:389 //這是搭建好ldapip地址

accountBase = dc=foxitsoftware,dc=com

accountFullName = ${cn}

groupBase = dc=foxitsoftware,dc=com

[sendemail]

smtpServer = smtp.163.com

smtpServerPort = 587

smtpEncryption = TLS

smtpUser = [email protected]

[container]

#user = root

user = www-data //www-data運行,不然Apache調用的時候會報權限問題

javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = proxy-http://*:8081/r/

listenUrl = proxy-https://*:8081/r/

requestLog = true

[cache]

directory = cache

[user]

anonymousCoward = Unregistered User

[change]

submitWholeTopic = true

[receive]

enableSignedPush = false

設置主和組的權限

# chown -R www-data:www-data /srv/gerrit

配置web

#vi /etc/apache2/sites-available/gerrit.conf

<VirtualHost *:80>

ServerName 10.104.128.161

ProxyRequests Off

ProxyVia Off

ProxyPreserveHost On

ErrorLog /var/log/apache2/testlink_foxitsoftware_com_error.log

CustomLog /var/log/apache2/testlink_foxitsoftware_com_access.log combined

<Proxy *:80>

Order deny,allow

Allow from all

</Proxy>

<Location "/login/">

AuthType Basic

AuthName "Gerrit

Require valid-user

AuthUserFile /srv/gerrit/etc/password

</Location>

AllowEncodedSlashes On

ProxyPass / http://127.0.0.1:8082/ nocanon

</VirtualHost>

設置一個gerrit授權用戶的賬號和密碼

#htpasswd -c /srv/gerrit/etc/password gerrit kevinstar

配置默認網站路徑index.html

vi /var/www/index.html

<html>

<head>

<script type="text/javascript">

window.location.href=‘/r/‘;

</script>

</head>

<body><h1>It works!</h1>

<p>This is the default web page for this server.</p>

<p>The web server software is running but no content has been added, yet.</p>

</body></html>

加載proxy模塊

#a2enmod proxy

軟連接

#/cd /etc/apache2/mods-enabled

# ln -s ../mods-available/proxy_http.load proxy_http.load

重啟apache2gerrit服務

#/etc/init.d/gerrit restart

#/etc/init.d/apache2 restart

現在就可以登陸web界面做測試了

啟用443端口配置:

#apt-get install ssl-cert

# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/apache2.pem

#openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/apache2.pem -out /etc/ssl/private/apache2.pem -nodes -days 999

Generating a 1024 bit RSA private key

..............++++++

.........................++++++

writing new private key to ‘/etc/ssl/private/apache2.pem‘

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.‘, the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:BEIJING

Locality Name (eg, city) []:BEIJING

Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit

Organizational Unit Name (eg, section) []:it

Common Name (e.g. server FQDN or YOUR name) []:localhost

Email Address []:[email protected]

#openssl genrsa 1024 >server.key

#openssl req -new -key server.key > server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.‘, the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:BEIJING

Locality Name (eg, city) []:BEIJING

Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit

Organizational Unit Name (eg, section) []:it

Common Name (e.g. server FQDN or YOUR name) []:localhost

Email Address []:[email protected]

Please enter the following ‘extra‘ attributes

to be sent with your certificate request

A challenge password []:kevinstar

An optional company name []:foxit

開啟ssl模塊

#a2enmod ssl

配置Apache站點配置:

# vi /etc/apache2/sites-availble/gerrit.conf

<VirtualHost *:80>

ServerName 10.104.128.161

ProxyRequests Off

ProxyVia Off

ProxyPreserveHost On

<Proxy *:80>

Order deny,allow

Allow from all

</Proxy>

AllowEncodedSlashes On

ProxyPass /r/ http://127.0.0.1:8081/r/ nocanon

</VirtualHost>

<VirtualHost *:443>

SSLEngine on

SSLProxyEngine on

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem

SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

ServerName 10.104.128.161

ProxyRequests Off

ProxyVia Off

ProxyPreserveHost On

<Proxy *:443>

Order deny,allow

Allow from all

</Proxy>

<Location "/r/login/">

AuthType Basic

AuthName "Gerrit"

Require valid-user

AuthUserFile /etc/gerrit/etc/.password

</Location>

<Location "/p/">

AuthType Basic

AuthName "Gerrit Code Review"

</Location>

AllowEncodedSlashes On

ProxyPass /r/ http://127.0.0.1:8082/r/ nocanon

ProxyPass /p/ http://127.0.0.1:8082/p/ nocanon

</VirtualHost>

修改gerrit配置:

vi /etc/gerrit/etc/gerrit.config

[gerrit]

basePath = git

canonicalWebUrl = http://10.104.128.161/r/

[database]

type = mysql

hostname = localhost

database = gerritdb

username = gerrituser

[auth]

type = LDAP

[ldap]

server = ldap://10.104.128.163:389

accountBase = dc=foxitsoftware,dc=com

accountFullName = ${cn}

groupBase = dc=foxitsoftware,dc=com

[sendemail]

smtpServer = smtp.163.com

smtpServerPort = 587

smtpEncryption = TLS

smtpUser = [email protected]

[container]

user = root

javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = proxy-http://*:8081/r/

listenUrl = proxy-https://*:8082/r/

requestLog = true

[cache]

directory = cache

[user]

anonymousCoward = Unregistered User

[change]

submitWholeTopic = true

[receive]

enableSignedPush = false

重啟Apachegerrit

#/etc/init.d/apache restart

#/etc/init.d/gerrit restart

測試 !!!!!

搭建完成


本文出自 “12506531” 博客,轉載請與作者聯系!

搭建gerrit服務詳細步驟