Gitlab+Gerrit+Ldap+nginx+mysql 之Gerrit搭建與配置(一)
阿新 • • 發佈:2018-11-12
公司之前一直用gitlab來存放專案程式碼 ,目前因為業務需要(程式碼bug太多)需要引入gerrit來進行code review。
最初用的是centos 7.4,但是安裝完成後,GerritResource中沒有ALL_Project.git和All_Users.git生成,日誌中一直在報錯,反覆裝了幾次後發現,在centos7上的相容性不是太完美,所以採購了centos6.8 伺服器進行安裝,還是比較順利的完成了安裝。
另外本文采用LDAP認證,LDAP的配置本文不做講解,參考其他文章。
已經在用:
gitlab-ce-9.3.3-ce.0.el7.x86_64
最新部署:
centos 6.8 x64
gerrit 2.15.6
nginx 1.10.2
mysql 5.6
1、建立專有帳戶
$ useradd gerrit -m -s /bin/bash
$ passwd gerrit ##本文密碼與使用者同名
$ su - gerrit
2、配置 Java 環境
[[email protected] ~]# java -version
java version "1.8.0_151"
Java(TM) SE Runtime Environment (build 1.8.0_151-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode)
[[email protected] 3、從官網下載gerrit
https://www.gerritcodereview.com/
當前最新版本為 2.15.6。
4、安裝 MySQL
5、建立資料庫、使用者、授權
這裡選擇 MySQL 作為 Gerrit 的資料庫,其它選項全部採用預設配置。對於這種選擇,需要連上 MySQL,為 Gerrit 建立相應的資料庫,使用者,併為使用者授權:
$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 35
Server version: 5.7.20-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT USER();
+----------------+
| USER() |
+----------------+
| 6、安裝gerrit
把包傳到gerrit的家目錄,修改相關的許可權 。通過如下命令安裝 Gerrit:
[[email protected] ~]$ java -jar gerrit-2.15.6.war init -d review_site
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
*** Gerrit Code Review 2.15.6
***
*** Git Repositories
***
Location of Git repositories [GerritResource]:
**git 程式碼倉庫的位置, 預設會在之前敲的init -d 目錄下新建一個GerritResource資料夾,這個選項用於配置 Gerrit 的 Git 倉庫的儲存地址。上面的配置將建立 /home/gerrit/review_site/GerritResource 目錄用於儲存 Gerrit 的 Git 倉庫。
*** SQL Database
***
Database server type [mysql]: ##這裡使用Mysql資料,預設是H2不太會用。
Server hostname [localhost]: 10.81.232.115 ##資料庫地址
Server port [(mysql default)]: 3306 ##資料庫埠
Database name [reviewdb]: ##資料庫名稱
Database username [gerrit]: ##資料庫使用者
Change gerrit's password [y/N]?] ##資料庫使用者的密碼
*** Index
***
Type [lucene/?]: ##預設
*** User Authentication
***
Authentication method [http/?]: ##使用哪種認證方式,這裡使用ldap
Get username from custom HTTP header [y/N]? ##預設
SSO logout URL : ##預設
Enable signed push support [y/N]? ##預設
*** Review Labels
***
Install Verified label [y/N]? ##預設
*** Email Delivery
***
SMTP server hostname [smtp.exmail.qq.com]:
SMTP server port [465]:
SMTP encryption [tls/?]:
SMTP username [[email protected]]:
Change [email protected]'s password [y/N]?
*** Container Process
***
Run as [gerrit]:
Java runtime [/usr/share/jdk1.8.0_151/jre]:
Upgrade review_site/bin/gerrit.war [Y/n]? n
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
*** HTTP Daemon
***
Behind reverse proxy [Y/n]? Y ##是否使用反向代理 ,這是配置為是
Proxy uses SSL (https://) [y/N]?
Subdirectory on proxy server [/]:
Listen on address [*]:
Listen on port [8080]:
Canonical URL [http://gerrit.baidu.com/]:
*** Cache
***
*** Plugins
***
##以下這些外掛要全部安裝上,不然後續很麻煩。
##download-commands 尤其是這個外掛,不安裝的是沒有clone地址的
Installing plugins.
Install plugin commit-message-length-validator version v2.15.6 [y/N]?
Install plugin download-commands version v2.15.6 [y/N]?
Install plugin hooks version v2.15.6 [y/N]?
Install plugin replication version v2.15.6 [y/N]?
Install plugin reviewnotes version v2.15.6 [y/N]?
Install plugin singleusergroup version v2.15.6 [y/N]?
Initializing plugins.
No plugins found with init steps.
*** Experimental features
***
Enable any experimental features [y/N]?
Initialized /data/gerrit/review_site
[[email protected] ~]$ ##預設安裝完後服務是會啟動的。
##這裡因為有調整,所以手工啟動服務了。
[[email protected] bin]# ./gerrit.sh start
Starting Gerrit Code Review: OK
[[email protected] bin]#
[[email protected] bin]# netstat -antlop | grep 8082
tcp 0 0 0.0.0.0:8082 0.0.0.0:* LISTEN 16538/GerritCodeRev off (0.00/0/0)
[[email protected] bin]# 監控日誌輸出:
[[email protected] logs]$ pwd
/home/gerrit/review_site/logs
[[email protected] logs]$ tail -f error_log排錯過程:
1、Gerrit 安裝過程中,可能會報出如下的 Exception:
Exception in thread "main" com.google.gwtorm.server.OrmException: Cannot apply SQL
CREATE TABLE account_group_members_audit (
added_by INT DEFAULT 0 NOT NULL,
removed_by INT,
removed_on TIMESTAMP NULL DEFAULT NULL,
account_id INT DEFAULT 0 NOT NULL,
group_id INT DEFAULT 0 NOT NULL,
added_on TIMESTAMP NOT NULL
,PRIMARY KEY(account_id,group_id,added_on)
)
at com.google.gwtorm.jdbc.JdbcExecutor.execute(JdbcExecutor.java:44)
at com.google.gwtorm.jdbc.JdbcSchema.createRelations(JdbcSchema.java:134)
at com.google.gwtorm.jdbc.JdbcSchema.updateSchema(JdbcSchema.java:104)
at com.google.gerrit.server.schema.SchemaCreator.create(SchemaCreator.java:81)
at com.google.gerrit.server.schema.SchemaUpdater.update(SchemaUpdater.java:108)
at com.google.gerrit.pgm.init.BaseInit$SiteRun.upgradeSchema(BaseInit.java:386)
at com.google.gerrit.pgm.init.BaseInit.run(BaseInit.java:143)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:204)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:108)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:63)
at Main.main(Main.java:24)
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Invalid default value for 'added_on'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.Util.getInstance(Util.java:408)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:943)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2527)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2680)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2497)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2455)
at com.mysql.jdbc.StatementImpl.executeInternal(StatementImpl.java:839)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:739)
at com.google.gwtorm.jdbc.JdbcExecutor.execute(JdbcExecutor.java:42)
... 15 more這個異常可通過如下方式解決:使用 MySQL root 使用者登入,設定
set global explicit_defaults_for_timestamp=1;像下面這樣:
$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 76
Server version: 5.7.20-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set global explicit_defaults_for_timestamp=1;
Query OK, 0 rows affected (0.00 sec)
mysql> exit;
Bye如果資料庫是主從,一定要在主庫上建立庫、使用者、授權。否則會報錯:
Enable any experimental features [y/N]?
Exception in thread "main" com.google.gwtorm.server.OrmException: Cannot apply SQL
CREATE TABLE account_group_id(s SERIAL)
at com.google.gwtorm.jdbc.JdbcExecutor.execute(JdbcExecutor.java:44)
at com.google.gwtorm.jdbc.JdbcSchema.createSequences(JdbcSchema.java:122)
at com.google.gwtorm.jdbc.JdbcSchema.updateSchema(JdbcSchema.java:103)
at com.google.gerrit.server.schema.SchemaCreator.create(SchemaCreator.java:84)
at com.google.gerrit.server.schema.SchemaUpdater.update(SchemaUpdater.java:111)
at com.google.gerrit.pgm.init.BaseInit$SiteRun.upgradeSchema(BaseInit.java:389)
at com.google.gerrit.pgm.init.BaseInit.run(BaseInit.java:146)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:223)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:119)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:63)
at Main.main(Main.java:24)
Caused by: java.sql.SQLException: The MySQL server is running with the --read-only option so it cannot execute this statement
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:964)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2527)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2680)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2490)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2448)
at com.mysql.jdbc.StatementImpl.executeInternal(StatementImpl.java:845)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:745)
at com.google.gwtorm.jdbc.JdbcExecutor.execute(JdbcExecutor.java:42)
... 15 more解決辦法: 在主庫上建庫、使用者、授權。
最終配置檔案:
[[email protected] etc]$ more gerrit.config
[gerrit]
basePath = GerritResource
serverId = 5ae3e303-92dc-4823-8284-e21a14034f75
canonicalWebUrl = http://gerrit.baidu.com/
[database]
type = mysql
hostname = localhost
database = reviewdb
username = gerrit
[noteDb "changes"]
disableReviewDb = true
primaryStorage = note db
read = true
sequence = true
write = true
[index]
type = LUCENE
[auth]
type = LDAP
gitBasicAuthPolicy = LDAP
[ldap]
server = ldap://101.11.23.191:389
username = cn=Manager,dc=baidu,dc=com
accountBase = dc=baidu,dc=com
groupBase = dc=baidu,dc=com
[receive]
enableSignedPush = false
[sendemail]
enable = true
smtpServer = smtp.exmail.qq.com
smtpServerPort = 587
smtpEncryption = TLS
smtpUser = [email protected]
smtpPass = 123456
from = [email protected]
[container]
user = gerrit
javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8080/
[cache]
directory = cache
[gitweb]
cgi = /var/www/git/gitweb.cgi
type = gitweb
[plugins]
# allow install plugin
allowRemoteAdmin = true
[[email protected] etc]$ 後續配置:
1、在/review_gerrit/bin/gerrit.sh中實際程式碼第一行加入GERRIT_SITE=/home/gerrit/review_site
例如:
[[email protected] logs]# vim /review_gerrit/bin/gerrit.sh
GERRIT_SITE=/home/gerrit/review_site
#!/bin/sh
GERRIT_SITE = /home/gerrit/review_site2、全域性使用gerrit:[[email protected] logs]# ln -s /home/gerrit/review_site/bin/gerrit.sh /usr/bin/gerrit
安裝外掛:
[[email protected] ~]$ ssh -i .ssh/id_rsa -p 29418 [email protected] gerrit plugin install -n replication.jar - < gerrit-2.15.6/WEB-INF/plugins/replication.jar
fatal: remote installation is disabled
[[email protected] ~]$3、# 安裝複製外掛
unzip gerrit-2.14.1.war
ssh -p 29418 [email protected] gerrit plugin install -n replication.jar - < ./WEB-INF/plugins/replication.jar#如果安裝時提示許可權問題,要在gerrit.config 上新增 allowRemoteAdmin 引數,檔案見下面
[plugins]
# allow install plugin
allowRemoteAdmin = true重啟一下服務
[[email protected] ~]$ gerrit restart
Stopping Gerrit Code Review: OK
Starting Gerrit Code Review: WARNING: Could not adjust Gerrit's process for the kernel's out-of-memory killer.
This may be caused by /usr/bin/gerrit not being run as root.
Consider changing the OOM score adjustment manually for Gerrit's PID=6302 with e.g.:
echo '-1000' | sudo tee /proc/6302/oom_score_adj
OK
[[email protected] ~]$安裝replication
[[email protected] ~]$ ssh -i .ssh/id_rsa -p 29418 [email protected] gerrit plugin install -n replication.jar - < gerrit-2.15.6/WEB-INF/plugins/replication.jar
[[email protected] ~]$
檢視
[[email protected] etc]$ ssh -i .ssh/id_rsa -p 29418 [email protected] gerrit plugin ls
Warning: Identity file .ssh/id_rsa not accessible: No such file or directory.
Name Version Status File
-------------------------------------------------------------------------------
replication v2.15.6 ENABLED replication.jar
[[email protected] etc]$ 4、Gerrit部署成功後建立專案看不到clone地址
在gerrit部署成功後使用admin賬號登入,完成管理員註冊流程,然後嘗試建立第一個專案。建立專案test,許可權繼承ALL project,然後進入test,但是看不到clone地址。如下圖:
解決辦法:
安裝外掛download-commands
5、新增key的時候報504
解決辦法:
確保gerrit.config中,郵箱配置是正確的。另外你的gerrit所在的機器是可以傳送郵件的。我這裡用的是postfix。配置完後,通過以下命令能收到郵件,即為正常
echo testmail| mail -s "testmail" [email protected]
6、程式碼同步到gerrit後,開發者diff不了,一點就報錯,很憂傷 。如下圖:
解決辦法 :
nginx配置檔案的配置問題:
將
proxy_pass http://gerrit_server/;
修改為
proxy_pass http://gerrit_server;
重啟nginx服務7、
配置/home/gerrit/review_site/etc/replication.config,沒有的話新建:
URL這裡目前只能寫多個了,嘗試使用了namespace無效。
就是倉庫沒辦法使用變數,當有新增的話 維護起來比較麻煩,
目前還沒有更好的解決辦法,哪位大佬給予指導。