编者按:
近期项目需要进行gerrit的调研工作,于是才有了这篇整理性的文章,当然网络上面还有很多其他比较优秀的帖子值得借鉴,这里推荐几个:
Gerrit代码审核服务器搭建全过程
Jenkins+Ansible+Gitlab自动化部署三剑客
构建基于Jenkins + Github的持续集成环境
环境准备:
mysql -- yum install mysql* -y
java -- yum install java-1.8.0-openjdk* -y
gitweb-- yum install gitweb -y
1. 数据库设置:
mysql> create database reviewdb;
Query OK, 1 row affected (0.01 sec)
mysql> CREATE USER 'gerrit'@'localhost' IDENTIFIED BY 'gerrit';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'gerrit'@'127.0.0.1' IDENTIFIED BY 'gerrit';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on reviewdb.* to gerrit@localhost identified by 'gerrit';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on reviewdb.* to gerrit@'10.125.156.2' identified by 'gerrit'; #10.125.156.2为部署gerrit服务的内网地址
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
2. 建立专有帐户
useradd gerrit -m -s /bin/bash
passwd gerrit
su - gerrit
3. 官网下载gerrit
#本文使用最新版本2.14
4. 安装gerrit
通过如下命令安装 Gerrit:
cd /home/gerrit && ava -jar gerrit-2.14.war init -d review_site
安装过程中信息如下:
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2018-03-19 14:16:08,115] [main] INFO com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/review_site/etc/gerrit.config; assuming defaults
*** Gerrit Code Review 2.14.6
***
Create '/home/gerrit/review_site' [Y/n]? Y
*** Git Repositories
***
Location of Git repositories [git]: GerritResource #默认创建的项目存放路径,本文路径为/home/gerrit/review_site/GerritResource,用于保存 Gerrit 的 Git 仓库
*** SQL Database
***
Database server type [h2]: mysql #数据库采用mysql
Gerrit Code Review is not shipped with MySQL Connector/J 5.1.41
** This library is required for your configuration. **
Download and install it now [Y/n]? Y
Downloading https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar ... OK
Checksum mysql-connector-java-5.1.41.jar OK
Server hostname [localhost]: gerrit.apicloud.com #gerrit服务器对应的域名,请根据自身情况设置
Server port [(mysql default)]: 33070 #数据库端口
Database name [reviewdb]: #reviewdb为第一步数据库设置环境创建的数据库名称
Database username [gerrit]: #gerrit为第一步数据库设置环境创建的数据库用户名
gerrit's password : #输入数据库密码两遍
confirm password :
*** Index
***
Type [lucene/?]:
*** User Authentication
***
Authentication method [openid/?]:
Enable signed push support [y/N]?
*** Review Labels
***
Install Verified label [y/N]?
*** Email Delivery
***
SMTP server hostname [localhost]: smtp.apicloud-mail.com #配置邮件发送设置,gerrit默认是关闭支持smtp功能的,这里先暂时这样配置,后面请查看gerrit.conf文件的配置内容
SMTP server port [(default)]: 465 #默认是不开启ssl端口的,但是由于阿里云服务器全网禁25端口,这里配置使用ssl 465端口,详细配置请查看gerrit.conf文件的配置内容
SMTP encryption [none/?]:
SMTP username [git@apicloud-mail.com]:
gerrit's password :
confirm password :
*** Container Process
***
Run as [gerrit]:
Java runtime [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre]:
Copy gerrit-2.14.6.war to review_site/bin/gerrit.war [Y/n]? Y
Copying gerrit-2.14.6.war to review_site/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]: #gerrit服务默认ssh端口,可以根据需要自行修改设置
Generating SSH host key ... rsa... dsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]? y
Subdirectory on proxy server [/]: proxy- #默认是监听代理到8080端口,为了避免与tomcat占用端口冲突,这里自定义8081,根据自身情况修改。
Listen on address [*]:
Listen on port [8081]:
*** Cache
***
*** Plugins
***
Installing plugins.
Install plugin commit-message-length-validator version v2.14.6 [Y/n]?
commit-message-length-validator v2.14.6 is already installed, overwrite it [Y/n]?
Updated commit-message-length-validator to v2.14.6
Install plugin download-commands version v2.14.6 [Y/n]?
download-commands v2.14.6 is already installed, overwrite it [Y/n]?
Updated download-commands to v2.14.6
Install plugin hooks version v2.14.6 [Y/n]?
hooks v2.14.6 is already installed, overwrite it [Y/n]?
Updated hooks to v2.14.6
Install plugin replication version v2.14.6 [Y/n]?
replication v2.14.6 is already installed, overwrite it [Y/n]?
Updated replication to v2.14.6
Install plugin reviewnotes version v2.14.6 [Y/n]?
reviewnotes v2.14.6 is already installed, overwrite it [Y/n]?
Updated reviewnotes to v2.14.6
Install plugin singleusergroup version v2.14.6 [Y/n]?
singleusergroup v2.14.6 is already installed, overwrite it [Y/n]?
Updated singleusergroup to v2.14.6
Initializing plugins.
安装完成后,gerrit会默认启动,先不用管它,我们继续配置gerrit。如果在安装过程中报错,请参考文章开头推荐的几篇文章。
5.配置gerrit
/home/gerrit/review_site/etc/gerrit.conf
[gerrit]
basePath = GerritResource
serverId = f600a067-aa9b-4738-b393-cceb329ffb62
canonicalWebUrl = http://gerrit.apicloud.com/
useSSL = false
[database]
type = mysql
hostname = gerrit.apicloud.com
port = 33070
database = reviewdb
username = gerrit
[index]
type = LUCENE
[auth]
type = HTTP
[receive]
enableSignedPush = false
[sendemail]
enable = true
smtpServer = smtp.apicloud-mail.com
smtpServerPort = 465
smtpUser = git@apicloud-mail.com
smtpEncryption = ssl
sslVerify = false
smtpPass = xxx
from = APICloud-CodeReview<git@apicloud-mail.com>
[container]
user = gerrit
javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre
[sshd]
listenAddress = *:29418
[download]
scheme = ssh
scheme = http
[httpd]
listenUrl = proxy-http://127.0.0.1:8081/
[cache]
directory = cache
[gitweb]
cgi = /var/www/git/gitweb.cgi
type = gitweb
/home/gerrit/review_site/etc/secure.config
[database]
password = gerrit
[auth]
registerEmailPrivateKey = Q48ihZ5krcBule7qnG/txuhTiwi5FXGks/w=
[sendemail]
smtpPass = XXX #与gerrit.conf配置一样
6. nginx配置
/usr/local/nginx/conf/servers/gerrit.conf
server {
listen 80;
server_name gerrit.apicloud.com;
charset utf8;
keepalive_timeout 600;
send_timeout 10m;
client_header_buffer_size 2m;
client_max_body_size 1000m;
client_body_timeout 10m;
client_header_timeout 10m;
large_client_header_buffers 8 32k;
proxy_buffer_size 128k;
proxy_buffers 32 256k;
proxy_busy_buffers_size 256k;
location / {
auth_basic "Gerrit Code Review";
auth_basic_user_file htpasswd/gerrit.passwd;
proxy_pass http://127.0.0.1:8081/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
chunked_transfer_encoding off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
}
}配置htpassd文件
mkdir /usr/local/nginx/conf/htpasswd/ && touch /usr/local/nginx/conf/htpasswd/gerrit.passwd && chown nginx:nginx /usr/local/nginx/conf/htpasswd/gerrit.passwd && chmod 600 /usr/local/nginx/conf/htpasswd/gerrit.passwd
htpasswd -b /usr/local/nginx/conf/htpasswd/gerrit.passwd UserName PassWord
7. Replication 配置
所谓的 replication,是 Gerrit 的一个插件,它可以自动地将 Gerrit Code Review 对它所管理的 Git 仓库创建的任何 changes push 到另外一个系统里。Gerrit 本身提供了两大功能:一是 Code Review;二是 Git 仓库。Replication 插件通常用于提供 changes 的镜像,或热备份。
此外,许多现有的项目可能是用另外一套系统来管理 Git 代码仓库的,比如 GitLab,或者 GitHub。需要引入 Gerrit 做 Code Review,同时对接这些已有的 Git 仓库系统时,replication 插件比较有用。
配置 replication 将代码同步到 GitLab 的方法如下。
如果通过 SSH 来从 Gerrit 同步代码到 GitLab,需要确保远程系统,也就是 GitLab 服务器的主机密钥已经在 Gerrit 用户的 ~/.ssh/known_hosts 文件中了。
gerrit@haier-test ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/gerrit/.ssh/id_rsa):
Created directory '/home/gerrit/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gerrit/.ssh/id_rsa.
Your public key has been saved in /home/gerrit/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wXsgOH2yJh+awLBGiaNHxOKKuZbDOQAhdaCYrCE+xrE gerrit@haier-test
The key's randomart image is:
+---[RSA 2048]----+
| o+.. |
|B+o. o . |
|%B. o + = |
|OOo . = + |
|BE+ . + S . |
|B... * . . |
|o.o o . |
|.B |
|. o |
+----[SHA256]-----+
复制/home/gerrit/.ssh/id_rsa.pub内容添加到gitlab账户ssh-key内。
/home/gerrit/review_site/etc/replication.config
[remote "gitlab.apicloud.com"]
url = ssh://git@gitlab.apicloud.com:19850/gerrit_dev/${name}.git
push = +refs/heads/*:refs/heads/*
push = +refs/tags/*:refs/tags/*
push = +refs/changes/*:refs/changes/*
timtout = 30
threads = 3这个配置文件支持的全部选项如下:
* Host
* Hostname
* User
* Port
* IdentityFile
* PreferredAuthentications
* StrictHostKeyChecking
需要注意的是这个文件的权限,文件的 “其它” 用户访问权限,不能可读写。
/home/gerrit/.ssh/config
Host gitlab.apicloud.com
User git
Port 19850
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
PreferredAuthentications publickey
8. 启动gerrit、nginx
sh /home/gerrit/review_site/bin/gerrit.sh start|restart|stop
service nginx start|stop|restart|reload
9. 测试并创建项目:
htpassd配置的第一个用户默认会在登录gerrit系统的时候获取gerrit的超级管理员权限。
创建项目:
gerrit创建的项目名称必须跟gitlab账户下面的项目名称一致:
8.项目代码管理流程:
1)首先,普通用户拉取项目代码,注意拉取的项目代码来源于gerrit系统:
git clone ssh://gerrit@gerrit.apicloud.com:29418/test01 && scp -p -P 29418 gerrit@gerrit.apicloud.com:hooks/commit-msg test01/.git/hooks/
Cloning into 'test01'...
The authenticity of host '[gerrit.apicloud.com]:29418 ([10.125.156.2]:29418)' can't be established.
ECDSA key fingerprint is SHA256:cDRO/yI6SHMcU7A9mJOmlqMzNPYxzMu/j3ibxDB73dM.
ECDSA key fingerprint is MD5:27:a1:41:1a:aa:1d:37:60:6b:57:8b:6c:9f:0b:6d:89.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[gerrit.apicloud.com]:29418,[10.125.156.2]:29418' (ECDSA) to the list of known hosts.
remote: Counting objects: 9, done
remote: Finding sources: 100% (9/9)
remote: Total 9 (delta 1), reused 9 (delta 1)
Receiving objects: 100% (9/9), done.
Resolving deltas: 100% (1/1), done.
commit-msg
2)然后,根据需要,像使用普通的 Git 工程那样,修改代码,commit,然后通过如下命令 push 代码到 Gerrit 进行 Code Review:
git push 远程地址 本地分支:refs/for/远程分支
通过ssh进行push,需要将本地~/.ssh/id_rsa.pub内容添加到gerrit ssh-key配置。
例如:
[gerrit@haier-test test01]$ ls
Readme.txt
[gerrit@haier-test test01]$ touch swht.txt
[gerrit@haier-test test01]$ touch test.md
[gerrit@haier-test test01]$ ls
Readme.txt swht.txt test.md
[gerrit@haier-test test01]$ git add .
[gerrit@haier-test test01]$ git commit -m "add the test file"
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: empty ident name (for <(null)>) not allowed
[gerrit@haier-test test01]$ git config --global user.email "qingbo.song@apiclloud-mail.com"
[gerrit@haier-test test01]$ git config --global user.name "gerrit"
[gerrit@haier-test test01]$ git commit -m "add the test file"
[master 8911253] add the test file
2 files changed, 0 insertions(+), 0 deletions(-)
create mode 100644 swht.txt
create mode 100644 test.md
[gerrit@haier-test test01]$ git branch
* master
[gerrit@haier-test test01]$ git push origin master:refs/for/master
Counting objects: 2, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 364 bytes | 0 bytes/s, done.
Total 2 (delta 0), reused 0 (delta 0)
remote: Processing changes: new: 1, refs: 1, done
remote:
remote: New Changes:
remote: http://gerrit.apicloud.com/1 add the test file
remote:
To ssh://gerrit.apicloud.com:29418/test01
* [new branch] master -> refs/for/master
3)再然后,登录gerrit进行代码review,并且submit提交,代码后台会自动推送到远端gitlab对应项目库
至此,基于gerrit进行代码review+自动推送到gitlab代码拖管的部署配置已经完毕。当然部署过程中有一些坎坷,完全按照文章中的配置进行配置, 应该是可以规避我遇到的一些问题。如果还有问题,可以通过文章回复一起沟通交流。
预告:
本文章后续还会进行更新,增加Jenkins的完美接入配置。敬请期待。
Ctrl+Enter 发布
发布
取消