centos部署配置gerrit+gitlab實現代碼的review與自動同步
阿新 • • 發佈:2018-03-21
gerrit gitlab 編者按:
近期項目需要進行gerrit的調研工作,於是才有了這篇整理性的文章,當然網絡上面還有很多其他比較優秀的帖子值得借鑒,這裏推薦幾個:
Gerrit代碼審核服務器搭建全過程
Jenkins+Ansible+Gitlab自動化部署三劍客
構建基於Jenkins + Github的持續集成環境
環境準備:
mysql -- yum install mysql* -y
java -- yum install java-1.8.0-openjdk* -y
gitweb-- yum install gitweb -y
1. 數據庫設置:
mysql> create database reviewdb; Query OK, 1 row affected (0.01 sec) mysql> CREATE USER 'gerrit'@'localhost' IDENTIFIED BY 'gerrit'; Query OK, 0 rows affected (0.00 sec) mysql> CREATE USER 'gerrit'@'127.0.0.1' IDENTIFIED BY 'gerrit'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> grant all privileges on reviewdb.* to gerrit@localhost identified by 'gerrit'; Query OK, 0 rows affected (0.00 sec) mysql> grant all privileges on reviewdb.* to gerrit@'10.125.156.2' identified by 'gerrit'; #10.125.156.2為部署gerrit服務的內網地址 Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
2. 建立專有帳戶
useradd gerrit -m -s /bin/bash passwd gerrit su - gerrit
3. 官網下載gerrit
#本文使用最新版本2.14
4. 安裝gerrit
通過如下命令安裝 Gerrit:
cd /home/gerrit && ava -jar gerrit-2.14.war init -d review_site
安裝過程中信息如下:
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2018-03-19 14:16:08,115] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/review_site/etc/gerrit.config; assuming defaults
*** Gerrit Code Review 2.14.6
***
Create '/home/gerrit/review_site' [Y/n]? Y
*** Git Repositories
***
Location of Git repositories [git]: GerritResource #默認創建的項目存放路徑,本文路徑為/home/gerrit/review_site/GerritResource,用於保存 Gerrit 的 Git 倉庫
*** SQL Database
***
Database server type [h2]: mysql #數據庫采用mysql
Gerrit Code Review is not shipped with MySQL Connector/J 5.1.41
** This library is required for your configuration. **
Download and install it now [Y/n]? Y
Downloading https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar ... OK
Checksum mysql-connector-java-5.1.41.jar OK
Server hostname [localhost]: gerrit.apicloud.com #gerrit服務器對應的域名,請根據自身情況設置
Server port [(mysql default)]: 33070 #數據庫端口
Database name [reviewdb]: #reviewdb為第一步數據庫設置環境創建的數據庫名稱
Database username [gerrit]: #gerrit為第一步數據庫設置環境創建的數據庫用戶名
gerrit's password : #輸入數據庫密碼兩遍
confirm password :
*** Index
***
Type [lucene/?]:
*** User Authentication
***
Authentication method [openid/?]:
Enable signed push support [y/N]?
*** Review Labels
***
Install Verified label [y/N]?
*** Email Delivery
***
SMTP server hostname [localhost]: smtp.apicloud-mail.com #配置郵件發送設置,gerrit默認是關閉支持smtp功能的,這裏先暫時這樣配置,後面請查看gerrit.conf文件的配置內容
SMTP server port [(default)]: 465 #默認是不開啟ssl端口的,但是由於阿裏雲服務器全網禁25端口,這裏配置使用ssl 465端口,詳細配置請查看gerrit.conf文件的配置內容
SMTP encryption [none/?]:
SMTP username [[email protected]]:
gerrit's password :
confirm password :
*** Container Process
***
Run as [gerrit]:
Java runtime [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre]:
Copy gerrit-2.14.6.war to review_site/bin/gerrit.war [Y/n]? Y
Copying gerrit-2.14.6.war to review_site/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]: #gerrit服務默認ssh端口,可以根據需要自行修改設置
Generating SSH host key ... rsa... dsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]? y
Subdirectory on proxy server [/]: proxy- #默認是監聽代理到8080端口,為了避免與tomcat占用端口沖突,這裏自定義8081,根據自身情況修改。
Listen on address [*]:
Listen on port [8081]:
*** Cache
***
*** Plugins
***
Installing plugins.
Install plugin commit-message-length-validator version v2.14.6 [Y/n]?
commit-message-length-validator v2.14.6 is already installed, overwrite it [Y/n]?
Updated commit-message-length-validator to v2.14.6
Install plugin download-commands version v2.14.6 [Y/n]?
download-commands v2.14.6 is already installed, overwrite it [Y/n]?
Updated download-commands to v2.14.6
Install plugin hooks version v2.14.6 [Y/n]?
hooks v2.14.6 is already installed, overwrite it [Y/n]?
Updated hooks to v2.14.6
Install plugin replication version v2.14.6 [Y/n]?
replication v2.14.6 is already installed, overwrite it [Y/n]?
Updated replication to v2.14.6
Install plugin reviewnotes version v2.14.6 [Y/n]?
reviewnotes v2.14.6 is already installed, overwrite it [Y/n]?
Updated reviewnotes to v2.14.6
Install plugin singleusergroup version v2.14.6 [Y/n]?
singleusergroup v2.14.6 is already installed, overwrite it [Y/n]?
Updated singleusergroup to v2.14.6
Initializing plugins.安裝完成後,gerrit會默認啟動,先不用管它,我們繼續配置gerrit。如果在安裝過程中報錯,請參考文章開頭推薦的幾篇文章。
5.配置gerrit
/home/gerrit/review_site/etc/gerrit.conf
[gerrit] basePath = GerritResource serverId = f600a067-aa9b-4738-b393-cceb329ffb62 canonicalWebUrl = http://gerrit.apicloud.com/ useSSL = false [database] type = mysql hostname = gerrit.apicloud.com port = 33070 database = reviewdb username = gerrit [index] type = LUCENE [auth] type = HTTP [receive] enableSignedPush = false [sendemail] enable = true smtpServer = smtp.apicloud-mail.com smtpServerPort = 465 smtpUser = [email protected] smtpEncryption = ssl sslVerify = false smtpPass = xxx from = APICloud-CodeReview<[email protected]> [container] user = gerrit javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre [sshd] listenAddress = *:29418 [download] scheme = ssh scheme = http [httpd] listenUrl = proxy-http://127.0.0.1:8081/ [cache] directory = cache [gitweb] cgi = /var/www/git/gitweb.cgi type = gitweb
/home/gerrit/review_site/etc/secure.config
[database] password = gerrit [auth] registerEmailPrivateKey = Q48ihZ5krcBule7qnG/txuhTiwi5FXGks/w= [sendemail] smtpPass = XXX #與gerrit.conf配置一樣
6. nginx配置
/usr/local/nginx/conf/servers/gerrit.conf
server {
listen 80;
server_name gerrit.apicloud.com;
charset utf8;
keepalive_timeout 600;
send_timeout 10m;
client_header_buffer_size 2m;
client_max_body_size 1000m;
client_body_timeout 10m;
client_header_timeout 10m;
large_client_header_buffers 8 32k;
proxy_buffer_size 128k;
proxy_buffers 32 256k;
proxy_busy_buffers_size 256k;
location / {
auth_basic "Gerrit Code Review";
auth_basic_user_file htpasswd/gerrit.passwd;
proxy_pass http://127.0.0.1:8081/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
chunked_transfer_encoding off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
}
}配置htpassd文件
mkdir /usr/local/nginx/conf/htpasswd/ && touch /usr/local/nginx/conf/htpasswd/gerrit.passwd && chown nginx:nginx /usr/local/nginx/conf/htpasswd/gerrit.passwd && chmod 600 /usr/local/nginx/conf/htpasswd/gerrit.passwd htpasswd -b /usr/local/nginx/conf/htpasswd/gerrit.passwd UserName PassWord
7. Replication 配置
所謂的 replication,是 Gerrit 的一個插件,它可以自動地將 Gerrit Code Review 對它所管理的 Git 倉庫創建的任何 changes push 到另外一個系統裏。Gerrit 本身提供了兩大功能:一是 Code Review;二是 Git 倉庫。Replication 插件通常用於提供 changes 的鏡像,或熱備份。
此外,許多現有的項目可能是用另外一套系統來管理 Git 代碼倉庫的,比如 GitLab,或者 GitHub。需要引入 Gerrit 做 Code Review,同時對接這些已有的 Git 倉庫系統時,replication 插件比較有用。
配置 replication 將代碼同步到 GitLab 的方法如下。
如果通過 SSH 來從 Gerrit 同步代碼到 GitLab,需要確保遠程系統,也就是 GitLab 服務器的主機密鑰已經在 Gerrit 用戶的 ~/.ssh/known_hosts 文件中了。
gerrit@haier-test ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/gerrit/.ssh/id_rsa): Created directory '/home/gerrit/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/gerrit/.ssh/id_rsa. Your public key has been saved in /home/gerrit/.ssh/id_rsa.pub. The key fingerprint is: SHA256:wXsgOH2yJh+awLBGiaNHxOKKuZbDOQAhdaCYrCE+xrE gerrit@haier-test The key's randomart image is: +---[RSA 2048]----+ | o+.. | |B+o. o . | |%B. o + = | |OOo . = + | |BE+ . + S . | |B... * . . | |o.o o . | |.B | |. o | +----[SHA256]-----+
復制/home/gerrit/.ssh/id_rsa.pub內容添加到gitlab賬戶ssh-key內。
/home/gerrit/review_site/etc/replication.config
[remote "gitlab.apicloud.com"]
url = ssh://[email protected]:19850/gerrit_dev/${name}.git
push = +refs/heads/*:refs/heads/*
push = +refs/tags/*:refs/tags/*
push = +refs/changes/*:refs/changes/*
timtout = 30
threads = 3這個配置文件支持的全部選項如下:
* Host
* Hostname
* User
* Port
* IdentityFile
* PreferredAuthentications
* StrictHostKeyChecking
需要註意的是這個文件的權限,文件的 “其它” 用戶訪問權限,不能可讀寫。
/home/gerrit/.ssh/config
Host gitlab.apicloud.com
User git
Port 19850
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
PreferredAuthentications publickey8. 啟動gerrit、nginx
sh /home/gerrit/review_site/bin/gerrit.sh start|restart|stop service nginx start|stop|restart|reload
9. 測試並創建項目:
htpassd配置的第一個用戶默認會在登錄gerrit系統的時候獲取gerrit的超級管理員權限。
創建項目:
gerrit創建的項目名稱必須跟gitlab賬戶下面的項目名稱一致:
8.項目代碼管理流程:
1)首先,普通用戶拉取項目代碼,註意拉取的項目代碼來源於gerrit系統:
git clone ssh://[email protected]:29418/test01 && scp -p -P 29418 [email protected]:hooks/commit-msg test01/.git/hooks/ Cloning into 'test01'... The authenticity of host '[gerrit.apicloud.com]:29418 ([10.125.156.2]:29418)' can't be established. ECDSA key fingerprint is SHA256:cDRO/yI6SHMcU7A9mJOmlqMzNPYxzMu/j3ibxDB73dM. ECDSA key fingerprint is MD5:27:a1:41:1a:aa:1d:37:60:6b:57:8b:6c:9f:0b:6d:89. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[gerrit.apicloud.com]:29418,[10.125.156.2]:29418' (ECDSA) to the list of known hosts. remote: Counting objects: 9, done remote: Finding sources: 100% (9/9) remote: Total 9 (delta 1), reused 9 (delta 1) Receiving objects: 100% (9/9), done. Resolving deltas: 100% (1/1), done. commit-msg
2)然後,根據需要,像使用普通的 Git 工程那樣,修改代碼,commit,然後通過如下命令 push 代碼到 Gerrit 進行 Code Review:
git push 遠程地址 本地分支:refs/for/遠程分支
通過ssh進行push,需要將本地~/.ssh/id_rsa.pub內容添加到gerrit ssh-key配置。
例如:
[gerrit@haier-test test01]$ ls Readme.txt [gerrit@haier-test test01]$ touch swht.txt [gerrit@haier-test test01]$ touch test.md [gerrit@haier-test test01]$ ls Readme.txt swht.txt test.md [gerrit@haier-test test01]$ git add . [gerrit@haier-test test01]$ git commit -m "add the test file" *** Please tell me who you are. Run git config --global user.email "[email protected]" git config --global user.name "Your Name" to set your account's default identity. Omit --global to set the identity only in this repository. fatal: empty ident name (for <(null)>) not allowed [gerrit@haier-test test01]$ git config --global user.email "[email protected]" [gerrit@haier-test test01]$ git config --global user.name "gerrit" [gerrit@haier-test test01]$ git commit -m "add the test file" [master 8911253] add the test file 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 swht.txt create mode 100644 test.md [gerrit@haier-test test01]$ git branch * master [gerrit@haier-test test01]$ git push origin master:refs/for/master Counting objects: 2, done. Delta compression using up to 2 threads. Compressing objects: 100% (2/2), done. Writing objects: 100% (2/2), 364 bytes | 0 bytes/s, done. Total 2 (delta 0), reused 0 (delta 0) remote: Processing changes: new: 1, refs: 1, done remote: remote: New Changes: remote: http://gerrit.apicloud.com/1 add the test file remote: To ssh://gerrit.apicloud.com:29418/test01 * [new branch] master -> refs/for/master
3)再然後,登錄gerrit進行代碼review,並且submit提交,代碼後臺會自動推送到遠端gitlab對應項目庫
至此,基於gerrit進行代碼review+自動推送到gitlab代碼拖管的部署配置已經完畢。當然部署過程中有一些坎坷,完全按照文章中的配置進行配置, 應該是可以規避我遇到的一些問題。如果還有問題,可以通過文章回復一起溝通交流。
預告:
本文章後續還會進行更新,增加Jenkins的完美接入配置。敬請期待。
centos部署配置gerrit+gitlab實現代碼的review與自動同步