搭建gerrit服務詳細步驟
搭建gerrit+openldap服務
作者:趙亮
歸檔:學習筆記
2017/9/4
搭建ldap略
下載gerrit-2.12.3.war包
配置好下載源
# apt-get update
下載gerrit安裝依賴包
#apt-get install default-jre daemon apache2-utils git
下載apache2
#apt-get install apache2
下載mysql數據庫
#apt-get install mysql-server
創建數據庫
Mysql>create database gerrit;
Mysql>grant all on gerrit.* to ‘FxFT‘@‘localhost‘ identified by ‘FoxitFT‘;
Mysql>flush privileges;
重啟mysql
#/etc/init.d/mysql restart
安裝gerrit
java -jar gerrit-2.12.3.war init -d /srv/gerrit/
// /srv/gerrit/是安裝目錄路徑
步驟如下:
root@debian:~#java -jar gerrit-2.12.3.war init -d /srv/gerrit/
*** Gerrit Code Review 2.12.3
***
Create ‘/srv/gerrit‘ [Y/n]? y
*** Git Repositories
***
Location of Git repositories [git]:
*** SQL Database
***
Database server type [h2]: mysql
Gerrit Code Review is not shipped with MySQL Connector/J 5.1.21
** This library is required for your configuration. **
Download and install it now [Y/n]? y
Downloading http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar ... OK
Checksum mysql-connector-java-5.1.21.jar OK
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [reviewdb]: gerrit
Database username [root]: FxFT
gerrituser‘s password :
confirm password :
*** User Authentication
***
Authentication method [OPENID/?]: http
Get username from custom HTTP header [y/N]? n
SSO logout URL :
*** Email Delivery
***
SMTP server hostname [localhost]: smtp.163.com
SMTP server port [(default)]: 587
SMTP encryption [NONE/?]: tls
SMTP username [root]: [email protected]
[email protected]‘s password :
confirm password :
*** Container Process
***
Run as [root]:
Java runtime [/usr/lib/jvm/java-7-openjdk-amd64/jre]:
Copy gerrit-2.8.war to /srv/gerrit/bin/gerrit.war [Y/n]? y
Copying gerrit-2.8.war to /srv/gerrit/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Gerrit Code Review is not shipped with Bouncy Castle Crypto v144
If available, Gerrit can take advantage of features
in the library, but will also function without it.
Download and install it now [Y/n]? y
Downloading http://www.bouncycastle.org/download/bcprov-jdk16-144.jar ... !! FAIL !!
error: http://www.bouncycastle.org/download/bcprov-jdk16-144.jar: 302 Found
Please download:
http://www.bouncycastle.org/download/bcprov-jdk16-144.jar
and save as:
/srv/gerrit/lib/bcprov-jdk16-144.jar
Press enter to continue
Continue without this library [Y/n]? y
Generating SSH host key ... rsa(simple)... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]? n
Subdirectory on proxy server [/]:
Listen on address [*]:
Listen on port [8081]: 8081
Canonical URL [http://debian.localhost/]:
*** Plugins
***
Install plugin reviewnotes version v2.8 [y/N]? y
Install plugin download-commands version v2.8 [y/N]? y
Install plugin replication version v2.8 [y/N]? y
Install plugin commit-message-length-validator version v2.8 [y/N]? y
Initialized /srv/gerrit
Executing /srv/gerrit/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on debian.localhost:80 ... OK
Opening http://debian.localhost/#/admin/projects/ ...FAILED
Open Gerrit with a JavaScript capable browser:
http://debian.localhost/#/admin/projects/
Gerrit啟動腳本
#cp /srv/gerrit/bin/gerrit.sh /etc/init.d/gerrit
# vim /etc/init.d/gerrit
大概在47行寫入,GERRIT_SITE=跟路徑
GERRIT_SITE=/srv/gerrit/
重啟gerrit服務
#/etc/init.d/gerrit restart
Gerrit配置
#vi /srv/gerrit/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://10.104.128.161/r/
[database]
type = mysql
hostname = localhost
database = gerrit
username = FxFT
[index]
type = LUCENE
[auth]
type = LDAP
[ldap]
server = ldap://10.104.128.163:389 //這是搭建好ldap的ip地址
accountBase = dc=foxitsoftware,dc=com
accountFullName = ${cn}
groupBase = dc=foxitsoftware,dc=com
[sendemail]
smtpServer = smtp.163.com
smtpServerPort = 587
smtpEncryption = TLS
smtpUser = [email protected]
[container]
#user = root
user = www-data //以www-data運行,不然Apache調用的時候會報權限問題
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/r/
listenUrl = proxy-https://*:8081/r/
requestLog = true
[cache]
directory = cache
[user]
anonymousCoward = Unregistered User
[change]
submitWholeTopic = true
[receive]
enableSignedPush = false
設置主和組的權限
# chown -R www-data:www-data /srv/gerrit
配置web
#vi /etc/apache2/sites-available/gerrit.conf
<VirtualHost *:80>
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
ErrorLog /var/log/apache2/testlink_foxitsoftware_com_error.log
CustomLog /var/log/apache2/testlink_foxitsoftware_com_access.log combined
<Proxy *:80>
Order deny,allow
Allow from all
</Proxy>
<Location "/login/">
AuthType Basic
AuthName "Gerrit”
Require valid-user
AuthUserFile /srv/gerrit/etc/password
</Location>
AllowEncodedSlashes On
ProxyPass / http://127.0.0.1:8082/ nocanon
</VirtualHost>
設置一個gerrit授權用戶的賬號和密碼
#htpasswd -c /srv/gerrit/etc/password gerrit kevinstar
配置默認網站路徑index.html
vi /var/www/index.html
<html>
<head>
<script type="text/javascript">
window.location.href=‘/r/‘;
</script>
</head>
<body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>
加載proxy模塊
#a2enmod proxy
軟連接
#/cd /etc/apache2/mods-enabled
# ln -s ../mods-available/proxy_http.load proxy_http.load
重啟apache2和gerrit服務
#/etc/init.d/gerrit restart
#/etc/init.d/apache2 restart
現在就可以登陸web界面做測試了
啟用443端口配置:
#apt-get install ssl-cert
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/apache2.pem
#openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/apache2.pem -out /etc/ssl/private/apache2.pem -nodes -days 999
Generating a 1024 bit RSA private key
..............++++++
.........................++++++
writing new private key to ‘/etc/ssl/private/apache2.pem‘
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:[email protected]
#openssl genrsa 1024 >server.key
#openssl req -new -key server.key > server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:[email protected]
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:kevinstar
An optional company name []:foxit
開啟ssl模塊
#a2enmod ssl
配置Apache站點配置:
# vi /etc/apache2/sites-availble/gerrit.conf
<VirtualHost *:80>
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *:80>
Order deny,allow
Allow from all
</Proxy>
AllowEncodedSlashes On
ProxyPass /r/ http://127.0.0.1:8081/r/ nocanon
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *:443>
Order deny,allow
Allow from all
</Proxy>
<Location "/r/login/">
AuthType Basic
AuthName "Gerrit"
Require valid-user
AuthUserFile /etc/gerrit/etc/.password
</Location>
<Location "/p/">
AuthType Basic
AuthName "Gerrit Code Review"
</Location>
AllowEncodedSlashes On
ProxyPass /r/ http://127.0.0.1:8082/r/ nocanon
ProxyPass /p/ http://127.0.0.1:8082/p/ nocanon
</VirtualHost>
修改gerrit配置:
vi /etc/gerrit/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://10.104.128.161/r/
[database]
type = mysql
hostname = localhost
database = gerritdb
username = gerrituser
[auth]
type = LDAP
[ldap]
server = ldap://10.104.128.163:389
accountBase = dc=foxitsoftware,dc=com
accountFullName = ${cn}
groupBase = dc=foxitsoftware,dc=com
[sendemail]
smtpServer = smtp.163.com
smtpServerPort = 587
smtpEncryption = TLS
smtpUser = [email protected]
[container]
user = root
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/r/
listenUrl = proxy-https://*:8082/r/
requestLog = true
[cache]
directory = cache
[user]
anonymousCoward = Unregistered User
[change]
submitWholeTopic = true
[receive]
enableSignedPush = false
重啟Apache和gerrit:
#/etc/init.d/apache restart
#/etc/init.d/gerrit restart
測試 !!!!!
搭建完成
本文出自 “12506531” 博客,轉載請與作者聯系!
搭建gerrit服務詳細步驟