1.安装gerrit
[sisi@pre-srv44 ~]$ su - gerrit2
Password:
[gerrit2@pre-srv44 ~]$ ll
total 83872
-rw-r--r-- 1 root root 85872756 Jun 6 09:58 gerrit-2.14.war
-rw-r--r-- 1 gerrit2 root 432 Jun 23 17:43 gerrit2.txt
drwxr-xr-x 14 gerrit2 root 4096 Jun 7 09:19 gerrit_site
[gerrit2@pre-srv44 ~]$ java -jar gerrit-2.14.war init -d ~/gerrit_site_http
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2018-06-23 23:48:49,385] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit2/gerrit_site_http/etc/gerrit.config; assuming defaults
*** Gerrit Code Review 2.14
***
Create '/home/gerrit2/gerrit_site_http' [Y/n]?
*** Git Repositories
***
Location of Git repositories [git]:
*** SQL Database
***
Database server type [h2]:
*** Index
***
Type [LUCENE/?]: ?
Supported options are:
lucene
elasticsearch
Type [LUCENE/?]:
*** User Authentication
***
Authentication method [OPENID/?]: ?
Supported options are:
openid
openid_sso
http
http_ldap
client_ssl_cert_ldap
ldap
ldap_bind
custom_extension
development_become_any_account
oauth
Authentication method [OPENID/?]: http
Get username from custom HTTP header [y/N]?
SSO logout URL :
Enable signed push support [y/N]?
*** Review Labels
***
Install Verified label [y/N]? y
*** Email Delivery
***
SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [NONE/?]:
SMTP username :
*** Container Process
***
Run as [gerrit2]:
Java runtime [/usr/mbb/install/jdk1.8.0_144/jre]:
Copy gerrit-2.14.war to /home/gerrit2/gerrit_site_http/bin/gerrit.war [Y/n]?
Copying gerrit-2.14.war to /home/gerrit2/gerrit_site_http/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Generating SSH host key ... rsa... dsa... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]?
Use SSL (https://) [y/N]?
Listen on address [*]:
Listen on port [8080]:
Canonical URL [http://iZ2zeajrmfwuxekm559go1Z:8080/]:
*** Cache
***
*** Plugins
***
Installing plugins.
Install plugin commit-message-length-validator version v2.14 [y/N]?
Install plugin download-commands version v2.14 [y/N]?
Install plugin hooks version v2.14 [y/N]?
Install plugin replication version v2.14 [y/N]?
Install plugin reviewnotes version v2.14 [y/N]?
Install plugin singleusergroup version v2.14 [y/N]?
Initializing plugins.
No plugins found with init steps.
Initialized /home/gerrit2/gerrit_site_http
Executing /home/gerrit2/gerrit_site_http/bin/gerrit.sh start
Starting Gerrit Code Review:
OK
Waiting for server on iZ2zeajrmfwuxekm559go1Z:8080 ... OK
Opening http://iZ2zeajrmfwuxekm559go1Z:8080/#/admin/projects/ ...FAILED
Open Gerrit with a JavaScript capable browser:
http://iZ2zeajrmfwuxekm559go1Z:8080/#/admin/projects/
[gerrit2@pre-srv44 ~]$
2.配置gerrit
修改/home/gerrit2/gerrit_site_http/etc/gerrit.config配置文件
注意下面两个配置项,修改后如下:
[gerrit]
basePath = git
serverId = 6cab8d0c-5b1e-4a65-8696-0d038780b20d
#canonicalWebUrl = http://iZ2zeajrmfwuxekm559go1Z:8080/
canonicalWebUrl = http://172.16.181.80:8080/ #修改 nginx的代理端口
.........
[httpd]
listenUrl = http://*:8080/ # 未改
重启gerrit
[root@pre-srv44 conf]# /home/gerrit2/gerrit_site_http/bin/gerrit.sh restart
Stopping Gerrit Code Review: OK
Starting Gerrit Code Review: OK
修改nginx
[root@pre-srv44 ~]# cd /usr/local/nginx/conf
[root@pre-srv44 conf]# ls
fastcgi.conf fastcgi_params koi-utf mime.types nginx.conf scgi_params uwsgi_params win-utf
fastcgi.conf.default fastcgi_params.default koi-win mime.types.default nginx.conf.default scgi_params.default uwsgi_params.default
[root@pre-srv44 conf]# cp nginx.conf nginx.conf.bak20180624
[root@pre-srv44 conf]# vi /usr/local/nginx/conf/nginx.conf
...
server {
listen 80;
...
location / {
auth_basic "Gerrit Code Review";
auth_basic_user_file /home/gerrit2/gerrit_site_http/etc/passwords;
proxy_pass http://172.16.181.80:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
...
创建认证权限(也就是登陆的时候输入的权限)
注意:第一次加-c参数是为了创建密码文件,默认第一个用户是系统管理员
[root@pre-srv44 etc]# htpasswd -c /home/gerrit2/gerrit_site_http/etc/passwords gerrit2
-bash: htpasswd: command not found
[root@pre-srv44 etc]# yum install htpasswd
Loaded plugins: security
base | 3.7 kB 00:00
epel | 3.2 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Setting up Install Process
No package htpasswd available.
Error: Nothing to do
[root@pre-srv44 etc]# yum -y install httpd
....
Complete!
[root@pre-srv44 etc]# htpasswd -c /home/gerrit2/gerrit_site_http/etc/passwords gerrit2
New password:
Re-type new password:
Adding password for user gerrit2
[root@pre-srv44 etc]# ls
gerrit.config mail passwords secure.config ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub
[root@pre-srv44 etc]# htpasswd /home/gerrit2/gerrit_site_http/etc/passwords sisi
New password:
Re-type new password:
Adding password for user sisi
3.重启nginx
[root@pre-srv44 etc]# /usr/local/nginx/sbin/nginx -s reload
浏览器登录 http://172.16.181.80/
弹出认证对话框,填写gerrit2登录
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.
[root@pre-srv44 logs]# pwd
/usr/local/nginx/logs
[root@pre-srv44 logs]# ls
access.log error.log nginx.pid
[root@pre-srv44 logs]# vi error.log
2018/06/24 08:50:23 [crit] 27123#0: *51 open() "/home/gerrit2/gerrit_site2/etc/passwords" failed (13: Permission denied), client: 172.16.200.188, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "172.16.181.80"
[root@pre-srv44 conf]# ps -ef|grep nginx
root 14711 1 0 Jun23 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 27123 14711 0 08:44 ? 00:00:00 nginx: worker process
工作进程用户是nobody
[root@pre-srv44 conf]# setfacl -R -m u:nobody:rx /home/gerrit2
Question:
Sign Out Failure
也许你会发现用gerrit+HTTP认证,通过web登陆后,点击右上角的Sign Out无法登出。要么是依然保持登陆的状态,要么就是直接出错。
不要以为怎么了,其实这是正常现象,以下这段话是从网上看到的:
You are using HTTP Basic authentication. There is no way to tell a browser to quit sending basic authentication credentials, to logout with basicauthentication is to close the Webbrowser.
More info, go to https://stackoverflow.com/questions/4154187/how-to-logout-user-for-basic-http-authentication
增加几个用户
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords newalan newalan
Adding password for user newalan
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords dev1 dev1
Adding password for user dev1
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords dev2 dev2
Adding password for user dev2
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords mgr1 mgr1
Adding password for user mgr1
[gerrit2@pre-srv44 etc]$ sudo htpasswd -b passwords mgr2 mgr2
4.配置邮箱
htpasswd /home/gerrit2/gerrit_site_http/etc/passwords newalan
配置gerrit.config
登录gerrit注册邮箱
邮箱收到注册链接,http://172.16.181.80:8080/#/VE/fPhKd27E0+4hfHzLSaH5Sp1RCuhou853CdvP2Q==$MTAwMDAwMjp6aGFuZmVuZy56aGFuZ0AxNjMuY29t
去掉链接中的8080端口号,再粘贴到地址栏可用
5.安装gitweb
[gerrit2@pre-srv44 ~]$ sudo yum install -y gitweb
gitweb安装后的目录路径是/var/www/git
git config --file /home/gerrit2/gerrit_site_http/etc/gerrit.config gitweb.cgi /var/www/git/gitweb.cgi
git config --file /home/gerrit2/gerrit_site_http/etc/gerrit.config --unset gitweb.url
6.公私钥
在gerrit本机上使用下面的命令生成管理员账号(这里将gerrit作为管理员)的公私钥
[gerrit2@pre-srv44 .ssh]$ ssh-keygen -t rsa -C "GerritAdmin" -f ~/.ssh/gerritadmin
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gerrit2/.ssh/gerritadmin.
Your public key has been saved in /home/gerrit2/.ssh/gerritadmin.pub.
The key fingerprint is:
0a:e4:ed:c8:13:68:b3:dc:f5:0a:7e:64:86:78:34:ad GerritAdmin
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| .. |
| +o.. |
| +o++o S |
| o.=E*+o |
| o.*+o . |
| . o.. |
| ... |
+-----------------+
[gerrit2@pre-srv44 .ssh]$ ls
admin admin.pub gerritadmin gerritadmin.pub known_hosts
接下来可以设置别名,方便使用ssh连接gerrit
可以直接在gerrit用户家目录(/home/gerrit)下的.bashrc文件里设置
如下别名是登陆gerrit的admin账号下的操作:
alias ssh-gerrit='ssh -p 29418 -i ~/.ssh/gerritadmin 172.16.181.80 -l gerrit2' 【公钥已拷贝到gerrit里,这里用私钥去连】
然后source /home/gerrit2/.bashrc使其生效
[gerrit2@pre-srv44 ~]$ ssh -p 29418 -i ~/.ssh/gerritadmin 172.16.181.80 -l gerrit2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
34:b8:66:84:01:26:96:0a:77:ab:60:0f:07:84:6a:2c.
Please contact your system administrator.
Add correct host key in /home/gerrit2/.ssh/known_hosts to get rid of this message.
Offending key in /home/gerrit2/.ssh/known_hosts:1
RSA host key for [172.16.181.80]:29418 has changed and you have requested strict checking.
Host key verification failed.
删除/home/gerrit2/.ssh/known_hosts 重试
[gerrit2@pre-srv44 ~]$ ssh-gerrit gerrit gsql
fatal: gerrit2 does not have "Access Database" capability.
异常:admin does not have "Access Database" capability
解决:使用Administrator登陆,在Projects/Access中Global Capabilities Add Group(Access Database)添加Administrators组,然后点击页面最下的“Save Changes”按钮即可