setup gerrit/git server in centos 7

gerrit_server_setup.txt
Longbin <beangr@163.com>
2014-10-23

+------------------------------------------------+
| Install mysql database and setup gerrit server |
+------------------------------------------------+

1. install git, openjdk-6-jdk, apache2(httpd), mysql-server, openssl

2. install postfix /* a mail server */

3. config database mysql;
    # install mariadb-server
    /* for CentOS 7 the mariadb had replaced the mysql as the default db */
    # systemctl enable mariadb.service
    # systemctl start mariadb.service
    first of all initialize root user's passwd;
    $ /usr/bin/mysqladmin -u root password 'new-password'
    then copy the file mysql_cfg_script.txt to the terminal to configure the mysql, note that replace the passwd of the real passwd phrase;
    $ mysql -u root -p
-----------------------------/*
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'Gerrit2_passwd';
CREATE DATABASE reviewdb;
ALTER DATABASE reviewdb charset = latin1;
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';
FLUSH PRIVILEGES;
exit;
-----------------------------*/
/*
To delete the database created by above step, can use command
> drop user 'gerrit2'@'localhost';
> drop database reviewdb;
OR delete the /var/lib/mysql, then initialize the mysql database again;
*/

4. setup gerrit server

A create a group and user for gerrit:
    #groupadd gerrit2
    #useradd -r -m -d /home/gerrit2 -s /bin/bash -g gerrit2 gerrit2
    ##passwd gerrit2 #please do not excute this line, or you will be regretful for what you have done.

B install gerrit server
    #sudo su gerrit2
    #cd
    /* download the installation source file gerrit-*.war */
    #wget http://gerrit.google.com/files/gerrit-full-2.5.2.war

可以到以下地址直接下载 http://pan.baidu.com/s/1qWr0wxA 密码:u5lz

直接将该文件复制到对应目录,并将bcprov-jdk16-144.jar和mysql-connector-java-5.1.10.jar复制到gerrit server将要安装的目录的lib文件夹

    #java -jar gerrit-full-2.5.2.war init -d /home/gerrit2/review_site

--------------------------------------------------------------------------------/*
*** Gerrit Code Review 2.9.1
***
*** Git Repositories
***
Location of Git repositories   [git]:
*** SQL Database
***
Database server type           [h2]: MYSQL
Server hostname                [localhost]:
Server port                    [(mysql default)]:
Database name                  [reviewdb]:
Database username              [gerrit2]:
gerrit2's password             :
              confirm password :
*** Index
***
Type                           [LUCENE/?]:
The index must be rebuilt before starting Gerrit:
  java -jar gerrit.war reindex -d site_path
*** User Authentication
***
Authentication method          [OPENID/?]: HTTP
Get username from custom HTTP header [y/N]?
SSO logout URL                 :
*** Review Labels
***
Install Verified label         [y/N]?
*** Email Delivery
***
SMTP server hostname           [localhost]:
SMTP server port               [(default)]:
SMTP encryption                [NONE/?]:
SMTP username                  :
*** Container Process
***
Run as                         [gerrit2]:
Java runtime
[/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre]:
Upgrade /home/gerrit2/review_site/bin/gerrit.war [Y/n]?
Copying gerrit-2.9.1.war to /home/gerrit2/review_site/bin/gerrit.war
*** SSH Daemon
***
Listen on address              [*]:
Listen on port                 [29418]:
Generating SSH host key ... rsa(simple)... done
*** HTTP Daemon
***
Behind reverse proxy           [y/N]? y
Proxy uses SSL (https://)      [y/N]?
Subdirectory on proxy server   [/]:
Listen on address              [*]:
Listen on port                 [8081]: 8080
Canonical URL                  [http://localhost/]:
*** Plugins
***
Install plugin commit-message-length-validator version v2.9.1 [y/N]?
Install plugin download-commands version v2.9.1 [y/N]?
Install plugin replication version v2.9.1 [y/N]?
Install plugin reviewnotes version v2.9.1 [y/N]?
Install plugin singleusergroup version v2.9.1 [y/N]?
Initialized /home/gerrit2/review_site
--------------------------------------------------------------------------------*/
    note that:
Database server type           [H2/?:]: MYSQL
gerrit2's password                       /* input the passwd created by mysql when creating reviewdb */
Authentication method          [OPENID/?:]: HTTP
Behind reverse proxy           [y/N]? Y /* set reverse proxy */
Proxy uses SSL (https:)        [y/N]?    /* select yes is not essential for us */
Canonical URL                  [http://localhost/]: /* not http://localhost:8080 */

------------/home/gerrit2/etc/gerrit.config------------------------------------------
[gerrit]
        basePath = git
        canonicalWebUrl=http://localhost/
[database]
        type = MYSQL
        hostname = localhost
        database = reviewdb
        username = gerrit2
[auth]
        type = HTTP
[sendemail]
        smtpServer = localhost
[container]
        user = gerrit2
        javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64/jre
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = proxy-http://*:8081/
[cache]
        directory = cache
-------------------------------------------------------------------------------------
    
then rebuild index of db for gerrit-2.9
    $ java -jar /home/gerrit2/review_site/bin/gerrit.war reindex -d /home/gerrit2/review_site/

B generate a default configure file for gerrit and fullfill the information "GERRIT_SITE=/home/gerrit2";
    #vi /etc/default/gerritcodereview

--------------------------------------/*
GERRIT_SITE=/home/gerrit2/review_site/
--------------------------------------*/

C check the gerrit server
    gerrit2@localhost $ ./bin/gerrit.sh start
    Starting Gerrit Code Review: OK
    If you could see the message above, the gerrit server works correctly;

D check gerrit ssh port and gerrit web port
    #netstat -ltpn | grep -i gerrit
tcp    0   0 :::8080     :::*    LISTEN   3185/GerritCodeRevi
tcp    0   0 :::29418    :::*    LISTEN   3185/GerritCodeRevi

5.config web server apache

A install web server and set reverse proxy;

--------------ubuntu-----------------------------/*
$ sudo a2enmod ssl
$ sudo a2enmod proxy_http
$ sudo mkdir /etc/apache2/ssl
$ sudo openssl req -new -x509 -days 365 -nodes -out
/etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key

configure web server for gerrit
    modify the default file /etc/apache2/httpd.conf
-------------------------------------------------*/

---------------centos-----------------------/*
    # yum install httpd
    # touch /etc/httpd/conf.d/gerrit_proxy.conf
    # vim /etc/httpd/conf.d/gerrit_proxy.conf
******************************
ServerName localhost
<VirtualHost *:80>
    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>
<Location /login/>
    AuthType Basic
    AuthName "Gerrit Code Review"
    Require valid-user
    AuthBasicProvider file
    AuthUserFile /etc/httpd/.passwords
</Location>
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>
******************************
    then restart the apache, as CentOS 7 # systemctl restart httpd.service
    check the error_log file /etc/httpd/logs/error_log
    set the security level settings
    #/usr/sbin/setsebool -P httpd_can_network_connect 1
-------------------------------------------*/

B create accounts for http authentication, or we will see "Internal server error"
    $ sudo su gerrit2
    $ cd
    $ cd review_site
    /* create the /etc/httpd/.passwords file and create the first account */
    $ htpasswd -cb /etc/httpd/.passwords username userpasswd
    /* the -c optional means create a new file; */
    /* add a new account to the passwords file */
    $ htpasswd /etc/httpd/.passwords username
    /* the optional -b means Use the password from the command line rather than prompting for it; */
    OR
    $ htpasswd –b /etc/httpd/.passwords username userpasswd

C test web server
    http://localhost

D test web server for gerrit use the account created by step 5-B;

6. set email for user
    $ sudo su gerrit2
    $ cd
    $ cd review_site
    $ java -jar bin/gerrit.war gsql
    gerrit> select * from account_external_ids; /* get the information of gerrit database; */
    /* configure Admin's email */
    gerrit> update account_external_ids set email_address = 'email@xx.com' where account_id = your_acc_id ;

    /* configure Admin's passwd, this step can be ignored; bacause the
     * authencation could be NULL, and user login the web by the passwd
     * generated by htpasswd */
    gerrit> update account_external_ids set password = 'admin' where account_id = 1;
    gerrit> \d    /* display all table of the database */
    gerrit> insert into account_group_members (account_id, group_id) values (1, 1); /* add member to a group */
    gerrit> \q

7. use the account to login the website and fullfill information;
    the first login account is the http authentication account, then close the web brawser and open it again; the current account is the administrator account of the gerrit server;


+-----------------------+
| How to add a new user |
+-----------------------+

1. Admin user this command to generate passwd
    #htpasswd /etc/httpd/.passwords newuser

2. user uses the account created by above step to open http://localhost
    then fullfill fullname, and contact infomation, that is email;

3. Admin login mysql to add email to the database following step 6;


+-----------------------------+
| add ssl certificate support |
+-----------------------------+
These steps are not essential, if you select no when notice "Proxy uses SSL (https://)      [y/N]?";

1. install openssl

2. verify if the configure file /etc/httpd/conf/httpd.conf include mod_ssl.so module;
    # yum -y install mod_ssl mod_wsgi
    then verify the conf.d/ssl.conf file, if there exists the following sentence
    LoadModule ssl_module modules/mod_ssl.so

3. generate ithe key and ceriticate file
    # cd /etc/httpd/
    # mkdir ssl
    # cd ssl
A generate a key
    $ openssl genrsa 1024 > server.key
B create to request file
    $ openssl req -new -key server.key > server.csr
C generate a certificate file
    $ openssl req -x509 -days 365 -key server.key -in server.csr > server.crt

4. verify following sentences in /etc/httpd/conf.d/ssl.conf
-------------------------------------------------/*
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
-------------------------------------------------*/
    add following sentences to conf.d/ssl.conf file
-------------------------------------------------/*
<Location /login/>
    AuthType Basic
    AuthName "Gerrit Code Review"
    Require valid-user
    AuthBasicProvider file
    AuthUserFile /etc/httpd/.passwords
</Location>
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
-------------------------------------------------*/

notice
    Log file and "man" are very important for us working under Linux;


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值