作者: halazi100
2014-11-04 13:50:11
+------------------------------------------------+
| Install mysql database and setup gerrit server |
+------------------------------------------------+
1. install git, openjdk-6-jdk, apache2(httpd), mysql-server(mariadb-server), openssl
2. install postfix
/* a mail server */
3. config database mysql;
# yum install mariadb-server
/* for CentOS 7 the mariadb had replaced the mysql as the default db */
# systemctl enable mariadb.service
# systemctl start mariadb.service
first of all initialize root user's passwd;
$ /usr/bin/mysqladmin -u root password 'new-password'
then copy the file mysql_cfg_script.txt to the terminal to configure the mysql, note that replace the passwd of the real passwd phrase;
$ mysql -u root -p
-----------------------------/*
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'Gerrit2_passwd';
CREATE DATABASE reviewdb;
ALTER DATABASE reviewdb charset = latin1;
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';
FLUSH PRIVILEGES;
exit;
-----------------------------*/
/*
To delete the database created by above step, can use command
> drop user 'gerrit2'@'localhost';
> drop database reviewdb;
OR delete the /var/lib/mysql, then initialize the mysql database again;
*/
4. setup gerrit server
A create a group and user for gerrit:
#groupadd gerrit2
#useradd -r -m -d /home/gerrit2 -s /bin/bash -g gerrit2 gerrit2
##passwd gerrit2 #
please do not excute this line, or you will be regretful for what you have done.
B install gerrit server
#sudo su gerrit2
#cd
/*
download the installation source file gerrit-*.war */
#wget
http://gerrit.google.com/files/gerrit-full-2.5.2.war
#java -jar gerrit-full-2.5.2.war init -d /home/gerrit2/review_site
--------------------------------------------------------------------------------/*
*** Gerrit Code Review 2.5.2
***
*** Git Repositories
***
Location of Git repositories [git]:
*** SQL Database
***
Database server type [h2]: MYSQL
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [reviewdb]:
Database username [gerrit2]:
gerrit2's password :
confirm password :
*** Index
***
Type [LUCENE/?]:
The index must be rebuilt before starting Gerrit:
java -jar gerrit.war reindex -d site_path
*** User Authentication
***
Authentication method [OPENID/?]: HTTP
Get username from custom HTTP header [y/N]?
SSO logout URL :
*** Review Labels
***
Install Verified label [y/N]?
*** Email Delivery
***
SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [NONE/?]:
SMTP username :
*** Container Process
***
Run as [gerrit2]:
Java runtime
[/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre]:
Upgrade /home/gerrit2/review_site/bin/gerrit.war [Y/n]?
Copying gerrit-2.5.2.war to /home/gerrit2/review_site/bin/gerrit.war
*** SSH Daemon
***
Listen on address [*]:
Listen on port [29418]:
Generating SSH host key ... rsa(simple)... done
*** HTTP Daemon
***
Behind reverse proxy [y/N]? y
Proxy uses SSL (https://) [y/N]?
Subdirectory on proxy server [/]:
Listen on address [*]:
Listen on port [8081]: 8080
Canonical URL [http://localhost/]:
*** Plugins
***
Install plugin commit-message-length-validator version v2.9.1 [y/N]?
Install plugin download-commands version v2.9.1 [y/N]?
Install plugin replication version v2.9.1 [y/N]?
Install plugin reviewnotes version v2.9.1 [y/N]?
Install plugin singleusergroup version v2.9.1 [y/N]?
Initialized /home/gerrit2/review_site
--------------------------------------------------------------------------------*/
note that:
Database server type [H2/?:]: MYSQL
gerrit2's password /*
input the passwd created by mysql when creating reviewdb */
Authentication method [OPENID/?:]: HTTP
Behind reverse proxy [y/N]? Y /*
set reverse proxy */
Proxy uses SSL (https:) [y/N]? /*
not essential for us */
Canonical URL [http://localhost/]: /*
not http://localhost:8080 */
------------/home/gerrit2/etc/gerrit.config------------------------------------------
[gerrit]
basePath = git
canonicalWebUrl=http://localhost/
[database]
type = MYSQL
hostname = localhost
database = reviewdb
username = gerrit2
[auth]
type = HTTP
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8081/
[cache]
directory = cache
-------------------------------------------------------------------------------------
/*
rebuild index of db for gerrit-2.9
$ java -jar /home/gerrit2/review_site/bin/gerrit.war reindex -d /home/gerrit2/review_site/
*/
B generate a default configure file for gerrit and fullfill the information "GERRIT_SITE=/home/gerrit2";
#vi /etc/default/gerritcodereview
--------------------------------------/*
GERRIT_SITE=/home/gerrit2/review_site/
--------------------------------------*/
C check the gerrit server
gerrit2@localhost $ ./bin/gerrit.sh start
Starting Gerrit Code Review: OK
If you could see the message above, the gerrit server works correctly;
/*
check gerrit ssh port and gerrit web port
# netstat -ltpn | grep -i gerrit
tcp 0 0 :::8080 :::* LISTEN 3185/GerritCodeRevi
tcp 0 0 :::29418 :::* LISTEN 3185/GerritCodeRevi
*/
5.config web server apache
A install web server and set reverse proxy;
---------------centos-----------------------/*
# yum install httpd
# touch /etc/httpd/conf.d/gerrit_proxy.conf
# vim /etc/httpd/conf.d/gerrit_proxy.conf
******************************
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
Order deny,allow
Allow from all
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
AuthBasicProvider file
AuthUserFile /etc/httpd/.passwords
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
******************************
then restart the apache, as CentOS 7
# systemctl restart httpd.service
check the error_log file /etc/httpd/logs/error_log
set the security level settings
#/usr/sbin/setsebool -P httpd_can_network_connect 1
-------------------------------------------*/
B create accounts for http authentication, or we will see "Internal server error"
$ sudo su gerrit2
$ cd
$ cd review_site
/*
create the /etc/httpd/.passwords file and create the first account */
$ htpasswd -cb /etc/httpd/.passwords username userpasswd
/*
the -c optional means create a new file; */
/*
add a new account to the passwords file */
$ htpasswd /etc/httpd/.passwords username
/*
the optional -b means Use the password from the command line rather than prompting for it; */
OR
$ htpasswd -b /etc/httpd/.passwords username userpasswd
C test web server
http://localhost
D test web server for gerrit use the account created by step 5-B;
6. set email for user
$ sudo su gerrit2
$ cd
$ cd review_site
$ java -jar bin/gerrit.war gsql
gerrit> select * from account_external_ids;
/* get the information of gerrit database; */
/* configure Admin's email */
gerrit> update account_external_ids set email_address = 'email@xx.com' where account_id = your_acc_id ;
/* configure Admin's passwd, this step can be ignored; bacause the
* authencation could be NULL, and user login the web by the passwd
* generated by htpasswd */
gerrit> update account_external_ids set password = 'admin' where account_id = 1;
gerrit> \d
/* display all table of the database */
gerrit> insert into account_group_members (account_id, group_id) values (1, 1); /* add member to a group */
gerrit> \q
7. use the account to login the website and fullfill information;
the first login account is the http authentication account, then close the web brawser and open it again;
the current account is the administrator account of the gerrit server;
+-----------------------+
| How to add a new user |
+-----------------------+
1. Admin user this command to generate passwd
#htpasswd /etc/httpd/.passwords newuser
2. user uses the account created by above step to open http://localhost
then fullfill fullname, and contact infomation, that is email;
3. Admin login mysql to add email to the database following step 6;
+-----------------------------+
| add ssl certificate support |
+-----------------------------+
These steps are not essential, if you select no when notice "Proxy uses SSL (https://) [y/N]?";
1. install openssl
2. verify if the configure file /etc/httpd/conf/httpd.conf include mod_ssl.so module;
# yum -y install mod_ssl mod_wsgi
then verify the conf.d/ssl.conf file, if there exists the following sentence
LoadModule ssl_module modules/mod_ssl.so
3. generate ithe key and ceriticate file
# cd /etc/httpd/
# mkdir ssl
# cd ssl
A generate a key
$ openssl genrsa 1024 > server.key
B create to request file
$ openssl req -new -key server.key > server.csr
C generate a certificate file
$ openssl req -x509 -days 365 -key server.key -in server.csr > server.crt
4. verify following sentences in /etc/httpd/conf.d/ssl.conf
-------------------------------------------------/*
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
-------------------------------------------------*/
add following sentences to conf.d/ssl.conf file
-------------------------------------------------/*
AuthType Basic
AuthName "Gerrit Code Review"
Require valid-user
AuthBasicProvider file
AuthUserFile /etc/httpd/.passwords
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
-------------------------------------------------*/
notice
Log file and "man" are very important for us working under Linux;