Gerrit安裝
1.安裝gerrit
[sisi@pre-srv44 ~]$ su - gerrit2
Password:
[gerrit2@pre-srv44 ~]$ ll
total 83872
-rw-r--r-- 1 root root 85872756 Jun 6 09:58 gerrit-2.14.war
-rw-r--r-- 1 gerrit2 root 432 Jun 23 17:43 gerrit2.txt
drwxr-xr-x 14 gerrit2 root 4096 Jun 7 09:19 gerrit_site
[gerrit2@pre-srv44 ~]$ java -jar gerrit-2.14.war init -d ~/gerrit_site_http
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2018-06-23 23:48:49,385] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit2/gerrit_site_http/etc/gerrit.config; assuming defaults
*** Gerrit Code Review 2.14
***
Create ‘/home/gerrit2/gerrit_site_http‘ [Y/n]?
*** Git Repositories
***
Location of Git repositories [git]:
*** SQL Database
***
Database server type [h2]:
*** Index
***
Type [LUCENE/?]: ?
Supported options are:
lucene
elasticsearch
Type [LUCENE/?]:
*** User Authentication
***
Authentication method [OPENID/?]: ?
Supported options are:
openid
openid_sso
http
http_ldap
client_ssl_cert_ldap
ldap
ldap_bind
custom_extension
development_become_any_account
oauth
Authentication method [OPENID/?]: http
Get username from custom HTTP header [y/N]?
SSO logout URL :
Enable signed push support [y/N]?
*** Review Labels
***
Install Verified label [y/N]? y
*** Email Delivery
***
SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [NONE/?]:
SMTP username :
*** Container Process
***
Run as [gerrit2]:
Java runtime [/usr/mbb/install/jdk1.8.0_144/jre]:
Copy gerrit-2.14.war to /home/gerrit2/gerrit_site_http/bin/gerrit.war [Y/n]?
Copying gerrit-2.14.war to /home/gerrit2/gerrit_site_http/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Generating SSH host key ... rsa... dsa... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]?
Use SSL (https://) [y/N]?
Listen on address [*]:
Listen on port [8080]:
Canonical URL [http://iZ2zeajrmfwuxekm559go1Z:8080/]:
*** Cache
***
*** Plugins
***
Installing plugins.
Install plugin commit-message-length-validator version v2.14 [y/N]?
Install plugin download-commands version v2.14 [y/N]?
Install plugin hooks version v2.14 [y/N]?
Install plugin replication version v2.14 [y/N]?
Install plugin reviewnotes version v2.14 [y/N]?
Install plugin singleusergroup version v2.14 [y/N]?
Initializing plugins.
No plugins found with init steps.
Initialized /home/gerrit2/gerrit_site_http
Executing /home/gerrit2/gerrit_site_http/bin/gerrit.sh start
Starting Gerrit Code Review:
OK
Waiting for server on iZ2zeajrmfwuxekm559go1Z:8080 ... OK
Opening http://iZ2zeajrmfwuxekm559go1Z:8080/#/admin/projects/ ...FAILED
Open Gerrit with a JavaScript capable browser:
http://iZ2zeajrmfwuxekm559go1Z:8080/#/admin/projects/
[gerrit2@pre-srv44 ~]$
2.配置gerrit
修改/home/gerrit2/gerrit_site_http/etc/gerrit.config配置文件
註意下面兩個配置項,修改後如下:
[gerrit]
basePath = git
serverId = 6cab8d0c-5b1e-4a65-8696-0d038780b20d
#canonicalWebUrl = http://iZ2zeajrmfwuxekm559go1Z:8080/
canonicalWebUrl = http://172.16.181.80:8080/ #修改 nginx的代理端口
.........
[httpd]
listenUrl = http://*:8080/ # 未改
重啟gerrit
[root@pre-srv44 conf]# /home/gerrit2/gerrit_site_http/bin/gerrit.sh restart
Stopping Gerrit Code Review: OK
Starting Gerrit Code Review: OK
修改nginx
[root@pre-srv44 ~]# cd /usr/local/nginx/conf
[root@pre-srv44 conf]# ls
fastcgi.conf fastcgi_params koi-utf mime.types nginx.conf scgi_params uwsgi_params win-utf
fastcgi.conf.default fastcgi_params.default koi-win mime.types.default nginx.conf.default scgi_params.default uwsgi_params.default
[root@pre-srv44 conf]# cp nginx.conf nginx.conf.bak20180624
[root@pre-srv44 conf]# vi /usr/local/nginx/conf/nginx.conf
...
server {
listen 80;
...
location / {
auth_basic "Gerrit Code Review";
auth_basic_user_file /home/gerrit2/gerrit_site_http/etc/passwords;
proxy_pass http://172.16.181.80:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
...
創建認證權限(也就是登陸的時候輸入的權限)
註意:第一次加-c參數是為了創建密碼文件,默認第一個用戶是系統管理員
[root@pre-srv44 etc]# htpasswd -c /home/gerrit2/gerrit_site_http/etc/passwords gerrit2
-bash: htpasswd: command not found
[root@pre-srv44 etc]# yum install htpasswd
Loaded plugins: security
base | 3.7 kB 00:00
epel | 3.2 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Setting up Install Process
No package htpasswd available.
Error: Nothing to do
[root@pre-srv44 etc]# yum -y install httpd
....
Complete!
[root@pre-srv44 etc]# htpasswd -c /home/gerrit2/gerrit_site_http/etc/passwords gerrit2
New password:
Re-type new password:
Adding password for user gerrit2
[root@pre-srv44 etc]# ls
gerrit.config mail passwords secure.config ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub
[root@pre-srv44 etc]# htpasswd /home/gerrit2/gerrit_site_http/etc/passwords sisi
New password:
Re-type new password:
Adding password for user sisi
3.重啟nginx
[root@pre-srv44 etc]# /usr/local/nginx/sbin/nginx -s reload
瀏覽器登錄 http://172.16.181.80/
彈出認證對話框,填寫gerrit2登錄
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.
[root@pre-srv44 logs]# pwd
/usr/local/nginx/logs
[root@pre-srv44 logs]# ls
access.log error.log nginx.pid
[root@pre-srv44 logs]# vi error.log
2018/06/24 08:50:23 [crit] 27123#0: *51 open() "/home/gerrit2/gerrit_site2/etc/passwords" failed (13: Permission denied), client: 172.16.200.188, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "172.16.181.80"
[root@pre-srv44 conf]# ps -ef|grep nginx
root 14711 1 0 Jun23 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 27123 14711 0 08:44 ? 00:00:00 nginx: worker process
工作進程用戶是nobody
[root@pre-srv44 conf]# setfacl -R -m u:nobody:rx /home/gerrit2
Question:
Sign Out Failure
也許你會發現用gerrit+HTTP認證,通過web登陸後,點擊右上角的Sign Out無法登出。要麽是依然保持登陸的狀態,要麽就是直接出錯。
不要以為怎麽了,其實這是正常現象,以下這段話是從網上看到的:
You are using HTTP Basic authentication. There is no way to tell a browser to quit sending basic authentication credentials, to logout with basicauthentication is to close the Webbrowser.
More info, go to https://stackoverflow.com/questions/4154187/how-to-logout-user-for-basic-http-authentication
增加幾個用戶
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords newalan newalan
Adding password for user newalan
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords dev1 dev1
Adding password for user dev1
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords dev2 dev2
Adding password for user dev2
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords mgr1 mgr1
Adding password for user mgr1
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords mgr2 mgr2
4.配置郵箱
htpasswd /home/gerrit2/gerrit_site_http/etc/passwords newalan
配置gerrit.config
登錄gerrit註冊郵箱
郵箱收到註冊鏈接,http://172.16.181.80:8080/#/VE/fPhKd27E0+4hfHzLSaH5Sp1RCuhou853CdvP2Q==$MTAwMDAwMjp6aGFuZmVuZy56aGFuZ0AxNjMuY29t
去掉鏈接中的8080端口號,再粘貼到地址欄可用
5.安裝gitweb
[gerrit2@pre-srv44 ~]$ sudo yum install -y gitweb
gitweb安裝後的目錄路徑是/var/www/git
git config --file /home/gerrit2/gerrit_site_http/etc/gerrit.config gitweb.cgi /var/www/git/gitweb.cgi
git config --file /home/gerrit2/gerrit_site_http/etc/gerrit.config --unset gitweb.url
6.公私鑰
在gerrit本機上使用下面的命令生成管理員賬號(這裏將gerrit作為管理員)的公私鑰
[gerrit2@pre-srv44 .ssh]$ ssh-keygen -t rsa -C "GerritAdmin" -f ~/.ssh/gerritadmin
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gerrit2/.ssh/gerritadmin.
Your public key has been saved in /home/gerrit2/.ssh/gerritadmin.pub.
The key fingerprint is:
0a:e4:ed:c8:13:68:b3:dc:f5:0a:7e:64:86:78:34:ad GerritAdmin
The key‘s randomart image is:
+--[ RSA 2048]----+
| |
| |
| .. |
| +o.. |
| +o++o S |
| o.=E*+o |
| o.*+o . |
| . o.. |
| ... |
+-----------------+
[gerrit2@pre-srv44 .ssh]$ ls
admin admin.pub gerritadmin gerritadmin.pub known_hosts
接下來可以設置別名,方便使用ssh連接gerrit
可以直接在gerrit用戶家目錄(/home/gerrit)下的.bashrc文件裏設置
如下別名是登陸gerrit的admin賬號下的操作:
alias ssh-gerrit=‘ssh -p 29418 -i ~/.ssh/gerritadmin 172.16.181.80 -l gerrit2‘ 【公鑰已拷貝到gerrit裏,這裏用私鑰去連】
然後source /home/gerrit2/.bashrc使其生效
[gerrit2@pre-srv44 ~]$ ssh -p 29418 -i ~/.ssh/gerritadmin 172.16.181.80 -l gerrit2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
34:b8:66:84:01:26:96:0a:77:ab:60:0f:07:84:6a:2c.
Please contact your system administrator.
Add correct host key in /home/gerrit2/.ssh/known_hosts to get rid of this message.
Offending key in /home/gerrit2/.ssh/known_hosts:1
RSA host key for [172.16.181.80]:29418 has changed and you have requested strict checking.
Host key verification failed.
刪除/home/gerrit2/.ssh/known_hosts 重試
[gerrit2@pre-srv44 ~]$ ssh-gerrit gerrit gsql
fatal: gerrit2 does not have "Access Database" capability.
異常:admin does not have "Access Database" capability
解決:使用Administrator登陸,在Projects/Access中Global Capabilities Add Group(Access Database)添加Administrators組,然後點擊頁面最下的“Save Changes”按鈕即可
Gerrit安裝