gerrit_server_setup.txt
Longbin <beangr@163.com>
2014-10-23
+------------------------------------------------+
| Install mysql database and setup gerrit server |
+------------------------------------------------+
1. install git, openjdk-6-jdk, apache2(httpd), mysql-server, openssl
2. install postfix /* a mail server */
3. config database mysql;
# install mariadb-server
/* for CentOS 7 the mariadb had replaced the mysql as the default db */
# systemctl enable mariadb.service
# systemctl start mariadb.service
first of all initialize root user's passwd;
$ /usr/bin/mysqladmin -u root password 'new-password'
then copy the file mysql_cfg_script.txt to the terminal to configure the mysql, note that replace the passwd of the real passwd phrase;
$ mysql -u root -p
-----------------------------/*
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'Gerrit2_passwd';
CREATE DATABASE reviewdb;
ALTER DATABASE reviewdb charset = latin1;
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';
FLUSH PRIVILEGES;
exit;
-----------------------------*/
/*
To delete the database created by above step, can use command
> drop user 'gerrit2'@'localhost';
> drop database reviewdb;
OR delete the /var/lib/mysql, then initialize the mysql database again;
*/
4. setup gerrit server
A create a group and user for gerrit:
#groupadd gerrit2
#useradd -r -m -d /home/gerrit2 -s /bin/bash -g gerrit2 gerrit2
##passwd gerrit2 #please do not excute this line, or you will be regretful for what you have done.
B install gerrit server
#sudo su gerrit2
#cd
/* download the installation source file gerrit-*.war */
#wget http://gerrit.google.com/files/gerrit-full-2.5.2.war
可以到以下地址直接下载 http://pan.baidu.com/s/1qWr0wxA 密码:u5lz
直接将该文件复制到对应目录,并将bcprov-jdk16-144.jar和mysql-connector-java-5.1.10.jar复制到gerrit server将要安装的目录的lib文件夹
#java -jar gerrit-full-2.5.2.war init -d /home/gerrit2/review_site
--------------------------------------------------------------------------------/*
*** Gerrit Code Review 2.9.1
***
*** Git Repositories
***
Location of Git repositories [git]:
*** SQL Database
***
Database server type [h2]: MYSQL
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [reviewdb]:
Database username [gerrit2]:
gerrit2's password :
confirm password :
*** Index
***
Type [LUCENE/?]:
The index must be rebuilt before starting Gerrit:
java -jar gerrit.war reindex -d site_path
*** User Authentication
***
Authentication method [OPENID/?]: HTTP
Get username from custom HTTP header [y/N]?
SSO logout URL :
*** Review Labels
***
Install Verified label [y/N]?
*** Email Delivery
***
SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [NONE/?]:
SMTP username :
*** Container Process
***
Run as [gerrit2]:
Java runtime
[/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre]:
Upgrade /home/gerrit2/review_site/bin/gerrit.war [Y/n]?
Copying gerrit-2.9.1.war to /home/gerrit2/review_site/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Generating SSH host key ... rsa(simple)... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]?
Subdirectory on proxy server [/]:
Listen on address [*]:
Listen on port [8081]: 8080
Canonical URL [http://localhost/]:
*** Plugins
***
Install plugin commit-message-length-validator version v2.9.1 [y/N]?
Install plugin download-commands version v2.9.1 [y/N]?
Install plugin replication version v2.9.1 [y/N]?
Install plugin reviewnotes version v2.9.1 [y/N]?
Install plugin singleusergroup version v2.9.1 [y/N]?
Initialized /home/gerrit2/review_site
--------------------------------------------------------------------------------*/
note that:
Database server type [H2/?:]: MYSQL
gerrit2's password /* input the passwd created by mysql when creating reviewdb */
Authentication method [OPENID/?:]: HTTP
Behind reverse proxy [y/N]? Y /* set reverse proxy */
Proxy uses SSL (https:) [y/N]? /* select yes is not essential for us */
Canonical URL [http://localhost/]: /* not http://localhost:8080 */
------------/home/gerrit2/etc/gerrit.config------------------------------------------
[gerrit]
basePath = git
canonicalWebUrl=http://localhost/
[database]
type = MYSQL
hostname = localhost
database = reviewdb
username = gerrit2
[auth]
type = HTTP
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/
[cache]
directory = cache
-------------------------------------------------------------------------------------
then rebuild index of db for gerrit-2.9
$ java -jar /home/gerrit2/review_site/bin/gerrit.war reindex -d /home/gerrit2/review_site/
B generate a default configure file for gerrit and fullfill the information "GERRIT_SITE=/home/gerrit2";
#vi /etc/default/gerritcodereview
--------------------------------------/*
GERRIT_SITE=/home/gerrit2/review_site/
--------------------------------------*/
C check the gerrit server
gerrit2@localhost $ ./bin/gerrit.sh start
Starting Gerrit Code Review: OK
If you could see the message above, the gerrit server works correctly;
D check gerrit ssh port and gerrit web port
#netstat -ltpn | grep -i gerrit
tcp 0 0 :::8080 :::* LISTEN 3185/GerritCodeRevi
tcp 0 0 :::29418 :::* LISTEN 3185/GerritCodeRevi
5.config web server apache
A install web server and set reverse proxy;
--------------ubuntu-----------------------------/*
$ sudo a2enmod ssl
$ sudo a2enmod proxy_http
$ sudo mkdir /etc/apache2/ssl
$ sudo openssl req -new -x509 -days 365 -nodes -out
/etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
configure web server for gerrit
modify the default file /etc/apache2/httpd.conf
-------------------------------------------------*/
---------------centos-----------------------/*
# yum install httpd
# touch /etc/httpd/conf.d/gerrit_proxy.conf
# vim /etc/httpd/conf.d/gerrit_proxy.conf
******************************
ServerName localhost
<VirtualHost *:80>
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /login/>
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
AuthBasicProvider file
AuthUserFile /etc/httpd/.passwords
</Location>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
******************************
then restart the apache, as CentOS 7 # systemctl restart httpd.service
check the error_log file /etc/httpd/logs/error_log
set the security level settings
#/usr/sbin/setsebool -P httpd_can_network_connect 1
-------------------------------------------*/
B create accounts for http authentication, or we will see "Internal server error"
$ sudo su gerrit2
$ cd
$ cd review_site
/* create the /etc/httpd/.passwords file and create the first account */
$ htpasswd -cb /etc/httpd/.passwords username userpasswd
/* the -c optional means create a new file; */
/* add a new account to the passwords file */
$ htpasswd /etc/httpd/.passwords username
/* the optional -b means Use the password from the command line rather than prompting for it; */
OR
$ htpasswd –b /etc/httpd/.passwords username userpasswd
C test web server
http://localhost
D test web server for gerrit use the account created by step 5-B;
6. set email for user
$ sudo su gerrit2
$ cd
$ cd review_site
$ java -jar bin/gerrit.war gsql
gerrit> select * from account_external_ids; /* get the information of gerrit database; */
/* configure Admin's email */
gerrit> update account_external_ids set email_address = 'email@xx.com' where account_id = your_acc_id ;
/* configure Admin's passwd, this step can be ignored; bacause the
* authencation could be NULL, and user login the web by the passwd
* generated by htpasswd */
gerrit> update account_external_ids set password = 'admin' where account_id = 1;
gerrit> \d /* display all table of the database */
gerrit> insert into account_group_members (account_id, group_id) values (1, 1); /* add member to a group */
gerrit> \q
7. use the account to login the website and fullfill information;
the first login account is the http authentication account, then close the web brawser and open it again; the current account is the administrator account of the gerrit server;
+-----------------------+
| How to add a new user |
+-----------------------+
1. Admin user this command to generate passwd
#htpasswd /etc/httpd/.passwords newuser
2. user uses the account created by above step to open http://localhost
then fullfill fullname, and contact infomation, that is email;
3. Admin login mysql to add email to the database following step 6;
+-----------------------------+
| add ssl certificate support |
+-----------------------------+
These steps are not essential, if you select no when notice "Proxy uses SSL (https://) [y/N]?";
1. install openssl
2. verify if the configure file /etc/httpd/conf/httpd.conf include mod_ssl.so module;
# yum -y install mod_ssl mod_wsgi
then verify the conf.d/ssl.conf file, if there exists the following sentence
LoadModule ssl_module modules/mod_ssl.so
3. generate ithe key and ceriticate file
# cd /etc/httpd/
# mkdir ssl
# cd ssl
A generate a key
$ openssl genrsa 1024 > server.key
B create to request file
$ openssl req -new -key server.key > server.csr
C generate a certificate file
$ openssl req -x509 -days 365 -key server.key -in server.csr > server.crt
4. verify following sentences in /etc/httpd/conf.d/ssl.conf
-------------------------------------------------/*
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
-------------------------------------------------*/
add following sentences to conf.d/ssl.conf file
-------------------------------------------------/*
<Location /login/>
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
AuthBasicProvider file
AuthUserFile /etc/httpd/.passwords
</Location>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
-------------------------------------------------*/
notice
Log file and "man" are very important for us working under Linux;