搭建gerrit+openldap服务
作者:赵亮
归档:学习笔记
2017/9/4
搭建ldap略
下载gerrit-2.12.3.war包
配置好下载源
# apt-get update
下载gerrit安装依赖包
#apt-get install default-jre daemon apache2-utils git
下载apache2
#apt-get install apache2
下载mysql数据库
#apt-get install mysql-server
创建数据库
Mysql>create database gerrit;
Mysql>grant all on gerrit.* to ‘FxFT‘@‘localhost‘ identified by ‘FoxitFT‘;
Mysql>flush privileges;
重启mysql
#/etc/init.d/mysql restart
安装gerrit
java -jar gerrit-2.12.3.war init -d /srv/gerrit/
// /srv/gerrit/是安装目录路径
步骤如下:
root@debian:~#java -jar gerrit-2.12.3.war init -d /srv/gerrit/
*** Gerrit Code Review 2.12.3
***
Create ‘/srv/gerrit‘ [Y/n]? y
*** Git Repositories
***
Location of Git repositories [git]:
*** SQL Database
***
Database server type [h2]: mysql
Gerrit Code Review is not shipped with MySQL Connector/J 5.1.21
** This library is required for your configuration. **
Download and install it now [Y/n]? y
Downloading http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar ... OK
Checksum mysql-connector-java-5.1.21.jar OK
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [reviewdb]: gerrit
Database username [root]: FxFT
gerrituser‘s password :
confirm password :
*** User Authentication
***
Authentication method [OPENID/?]: http
Get username from custom HTTP header [y/N]? n
SSO logout URL :
*** Email Delivery
***
SMTP server hostname [localhost]: smtp.163.com
SMTP server port [(default)]: 587
SMTP encryption [NONE/?]: tls
SMTP username [root]: liang_mailbox@163.com
liang_mailbox@163.com‘s password :
confirm password :
*** Container Process
***
Run as [root]:
Java runtime [/usr/lib/jvm/java-7-openjdk-amd64/jre]:
Copy gerrit-2.8.war to /srv/gerrit/bin/gerrit.war [Y/n]? y
Copying gerrit-2.8.war to /srv/gerrit/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Gerrit Code Review is not shipped with Bouncy Castle Crypto v144
If available, Gerrit can take advantage of features
in the library, but will also function without it.
Download and install it now [Y/n]? y
Downloading http://www.bouncycastle.org/download/bcprov-jdk16-144.jar ... !! FAIL !!
error: http://www.bouncycastle.org/download/bcprov-jdk16-144.jar: 302 Found
Please download:
http://www.bouncycastle.org/download/bcprov-jdk16-144.jar
and save as:
/srv/gerrit/lib/bcprov-jdk16-144.jar
Press enter to continue
Continue without this library [Y/n]? y
Generating SSH host key ... rsa(simple)... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]? n
Subdirectory on proxy server [/]:
Listen on address [*]:
Listen on port [8081]: 8081
Canonical URL [http://debian.localhost/]:
*** Plugins
***
Install plugin reviewnotes version v2.8 [y/N]? y
Install plugin download-commands version v2.8 [y/N]? y
Install plugin replication version v2.8 [y/N]? y
Install plugin commit-message-length-validator version v2.8 [y/N]? y
Initialized /srv/gerrit
Executing /srv/gerrit/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on debian.localhost:80 ... OK
Opening http://debian.localhost/#/admin/projects/ ...FAILED
Open Gerrit with a JavaScript capable browser:
http://debian.localhost/#/admin/projects/
Gerrit启动脚本
#cp /srv/gerrit/bin/gerrit.sh /etc/init.d/gerrit
# vim /etc/init.d/gerrit
大概在47行写入,GERRIT_SITE=跟路径
GERRIT_SITE=/srv/gerrit/
重启gerrit服务
#/etc/init.d/gerrit restart
Gerrit配置
#vi /srv/gerrit/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://10.104.128.161/r/
[database]
type = mysql
hostname = localhost
database = gerrit
username = FxFT
[index]
type = LUCENE
[auth]
type = LDAP
[ldap]
server = ldap://10.104.128.163:389 //这是搭建好ldap的ip地址
accountBase = dc=foxitsoftware,dc=com
accountFullName = ${cn}
groupBase = dc=foxitsoftware,dc=com
[sendemail]
smtpServer = smtp.163.com
smtpServerPort = 587
smtpEncryption = TLS
smtpUser = liang_mailbox@163.com
[container]
#user = root
user = www-data //以www-data运行,不然Apache调用的时候会报权限问题
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/r/
listenUrl = proxy-https://*:8081/r/
requestLog = true
[cache]
directory = cache
[user]
anonymousCoward = Unregistered User
[change]
submitWholeTopic = true
[receive]
enableSignedPush = false
设置主和组的权限
# chown -R www-data:www-data /srv/gerrit
配置web
#vi /etc/apache2/sites-available/gerrit.conf
<VirtualHost *:80>
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
ErrorLog /var/log/apache2/testlink_foxitsoftware_com_error.log
CustomLog /var/log/apache2/testlink_foxitsoftware_com_access.log combined
<Proxy *:80>
Order deny,allow
Allow from all
</Proxy>
<Location "/login/">
AuthType Basic
AuthName "Gerrit”
Require valid-user
AuthUserFile /srv/gerrit/etc/password
</Location>
AllowEncodedSlashes On
ProxyPass / http://127.0.0.1:8082/ nocanon
</VirtualHost>
设置一个gerrit授权用户的账号和密码
#htpasswd -c /srv/gerrit/etc/password gerrit kevinstar
配置默认网站路径index.html
vi /var/www/index.html
<html>
<head>
<script type="text/javascript">
window.location.href=‘/r/‘;
</script>
</head>
<body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>
加载proxy模块
#a2enmod proxy
软连接
#/cd /etc/apache2/mods-enabled
# ln -s ../mods-available/proxy_http.load proxy_http.load
重启apache2和gerrit服务
#/etc/init.d/gerrit restart
#/etc/init.d/apache2 restart
现在就可以登陆web界面做测试了
启用443端口配置:
#apt-get install ssl-cert
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/apache2.pem
#openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/apache2.pem -out /etc/ssl/private/apache2.pem -nodes -days 999
Generating a 1024 bit RSA private key
..............++++++
.........................++++++
writing new private key to ‘/etc/ssl/private/apache2.pem‘
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:liang_mailbox@163.com
#openssl genrsa 1024 >server.key
#openssl req -new -key server.key > server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:foxit
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:liang_mailbox@163.com
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:kevinstar
An optional company name []:foxit
开启ssl模块
#a2enmod ssl
配置Apache站点配置:
# vi /etc/apache2/sites-availble/gerrit.conf
<VirtualHost *:80>
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *:80>
Order deny,allow
Allow from all
</Proxy>
AllowEncodedSlashes On
ProxyPass /r/ http://127.0.0.1:8081/r/ nocanon
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
ServerName 10.104.128.161
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *:443>
Order deny,allow
Allow from all
</Proxy>
<Location "/r/login/">
AuthType Basic
AuthName "Gerrit"
Require valid-user
AuthUserFile /etc/gerrit/etc/.password
</Location>
<Location "/p/">
AuthType Basic
AuthName "Gerrit Code Review"
</Location>
AllowEncodedSlashes On
ProxyPass /r/ http://127.0.0.1:8082/r/ nocanon
ProxyPass /p/ http://127.0.0.1:8082/p/ nocanon
</VirtualHost>
修改gerrit配置:
vi /etc/gerrit/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://10.104.128.161/r/
[database]
type = mysql
hostname = localhost
database = gerritdb
username = gerrituser
[auth]
type = LDAP
[ldap]
server = ldap://10.104.128.163:389
accountBase = dc=foxitsoftware,dc=com
accountFullName = ${cn}
groupBase = dc=foxitsoftware,dc=com
[sendemail]
smtpServer = smtp.163.com
smtpServerPort = 587
smtpEncryption = TLS
smtpUser = liang_mailbox@163.com
[container]
user = root
javaHome = /usr/lib/jvm/java-7-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/r/
listenUrl = proxy-https://*:8082/r/
requestLog = true
[cache]
directory = cache
[user]
anonymousCoward = Unregistered User
[change]
submitWholeTopic = true
[receive]
enableSignedPush = false
重启Apache和gerrit:
#/etc/init.d/apache restart
#/etc/init.d/gerrit restart
测试 !!!!!
搭建完成
本文出自 “12506531” 博客,转载请与作者联系!
原文地址:http://12516531.blog.51cto.com/12506531/1975549