CentOS7详细搭建Gerrit服务

0.环境准备1.安装Git2.下载Gerrit3.安装Java

3.1 旧JDK卸载3.2 安装指定JDK 4.安装MySQL

4.1 卸载Mariadb4.2 安装MySQL4.3 创建数据库 5.初始化Gerrit6.使用HTTP认证配置

6.1 nginx服务认证6.2 httpd服务认证

# 关闭防火墙
[root@gerrit ~]# systemctl stop firewalld
[root@gerrit ~]# systemctl disable firewalld

# 关闭SELINUX
[root@gerrit ~]# vim /etc/selinux/config
SELINUX=disabled
:wq! # 保存退出

# 使配置立即生效
[root@gerrit ~]# setenforce 0

# 安装
[root@gerrit ~]# yum -y install git
# 验证
[root@gerrit ~]# git --version
git version 1.8.3.1

官网下载地址：https://www.gerritcodereview.com/

# 下载gerrit war包，在 /root 目录下
[root@gerrit ~]# wget https://gerrit-releases.storage.googleapis.com/gerrit-3.5.1.war

[root@gerrit ~]#  rpm -qa | grep -i java | xargs -n1 sudo rpm -e --nodeps
rpm -qa：表示查询所有已经安装的软件包
grep -i：表示过滤时不区分大小写
xargs -n1：表示一次获取上次执行结果的一个值
rpm -e --nodeps：表示卸载软件

# 创建节点安装服务目录
[root@gerrit ~]#  mkdir /opt/software
# 解压JDK
[root@gerrit ~]# tar -zxvf jdk-11.0.13_linux-x64_bin.tar.gz -C /opt/software/
# 配置环境变量
[root@gerrit ~]# vim /etc/profile.d/jdk11.sh
export JAVA_HOME=/opt/software/jdk-11.0.13
export JRE_HOME=$JAVA_HOME
export CLASSPATH=.:$JAVA_HOME/lib
export PATH=$PATH:$JAVA_HOME/bin
[root@gerrit ~]# source /etc/profile
# 验证JDK安装
[root@gerrit ~]# java --version
java 11.0.13 2021-10-19 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.13+10-LTS-370)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.13+10-LTS-370, mixed mode)

部署完Gerrit之后，数据库中是空，好像数据库并没有用到 4.1 卸载Mariadb

# CentOS自带一些mariadb相关的依赖
[root@gerrit ~]# rpm -qa | grep mariadb
[root@gerrit ~]# rpm -e --nodeps mariadb-libs-5.5.65-1.el7.x86_64

# 如果该节点安装过mysql数据库，请检查还是否有依赖包，并卸载
[root@gerrit ~]# rpm -qa | grep mysql
[root@gerrit ~]# rpm -e --nodeps mysql*

# 在外网下载 MySQL的相关离线安装包，拷贝到内网进行安装
[https://dev.mysql.com/downloads/mysql/5.7.html#downloads]

# 安装命令如下
[root@gerrit ~]# rpm -ivh mysql-community-common-5.7.27-1.el7.x86_64.rpm --force --nodeps
[root@gerrit ~]# rpm -ivh mysql-community-libs-5.7.27-1.el7.x86_64.rpm --force --nodeps
[root@gerrit ~]# rpm -ivh mysql-community-devel-5.7.27-1.el7.x86_64.rpm --force --nodeps
[root@gerrit ~]# rpm -ivh mysql-community-libs-compat-5.7.27-1.el7.x86_64.rpm --force --nodeps
[root@gerrit ~]# rpm -ivh mysql-community-client-5.7.27-1.el7.x86_64.rpm --force --nodeps
[root@gerrit ~]# rpm -ivh mysql-community-server-5.7.27-1.el7.x86_64.rpm --force --nodeps

# 启动mysql服务
[root@gerrit ~]# systemctl start mysqld

# 查看密码
[root@gerrit ~]# cat /var/log/mysqld.log | grep password
2022-03-23T11:31:03.443772Z 1 [Note] A temporary password is generated for root@localhost: WF#CxnWW;8cF

# 修改root密码，密码登录：mysql -u root
# 首次登录必须先修改密码（强密码）
mysql>alter user user() identified by "Spark@V123";

mysql>SHOW variables LIKE 'validate_password%';
mysql>set global validate_password_policy=0;
mysql>set global validate_password_length=4;
# 可以修改为弱密码啦
mysql>ALTER USER 'root'@'localhost' IDENTIFIED BY "bigdata123";
mysql>flush privileges; # 更新权限

mysql>use mysql;
mysql>update user set host = '%' where user ='root'; # 配置可远程登录
mysql>flush privileges; # 更新权限
mysql>exit; # 退出

# 修改MySQL配置文件：vim /etc/my.cnf
# 在[mysqld]下添加
collation_server=utf8_general_ci
character_set_server=utf8
default-storage-engine=INNODB
# 在[client]下添加（如果没有[client]，则创建）
default_character-set=utf8

# 启动mysql服务
[root@gerrit ~]# systemctl restart mysqld

# 设置开机启动
[root@gerrit ~]# systemctl enable mysqld

# 创建数据库
mysql>CREATE DATAbase reviewdb CHARACTER SET utf8;
mysql>set global validate_password_policy=0;
# 创建用户
mysql>CREATE USER 'gerrit'@'%'IDENTIFIED BY 'bigdata123';
# 赋权
mysql>GRANT ALL PRIVILEGES ON reviewdb.* TO 'gerrit'@'%';
# 刷线权限
mysql>FLUSH PRIVILEGES;

# 创建用户
[root@gerrit ~]# adduser gerrit
# gerrit拷贝到gerrit用户的家目录
[root@gerrit ~]# cp gerrit-3.5.1.war /home/gerrit/
# 切换用户
[root@gerrit ~]# su - gerrit

# 初始化环境（需要联网下载插件，可以提前下载好放在code_review/lib/目录中）
[gerrit@gerrit ~]$ mkdir -p /home/gerrit/code_review
[gerrit@gerrit ~]$ java -jar gerrit-3.5.1.war init -d /home/gerrit/code_review

[gerrit@gerrit ~]$ java -jar gerrit-3.5.1.war init -d /home/gerrit/code_review
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2022-03-23 18:27:08,050] [main] INFO  com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/code_review/etc/gerrit.config; assuming defaults

*** Gerrit Code Review 3.5.1
***

Create '/home/gerrit/code_review' [Y/n]?

*** Git Repositories
***

Location of Git repositories   [git]:

*** JGit Configuration
***

Auto-configured "receive.autogc = false" to disable auto-gc after git-receive-pack.

*** Index
***

Type                           [lucene]:

*** User Authentication
***

Authentication method          [openid/?]: HTTP
Get username from custom HTTP header [y/N]?
SSO logout URL                 :
Enable signed push support     [y/N]? 
Use case insensitive usernames [Y/n]?

*** Review Labels
***

Install Verified label         [y/N]?

*** Email Delivery
***

SMTP server hostname           [localhost]:
SMTP server port               [(default)]:
SMTP encryption                [none/?]:
SMTP username                  :

*** Container Process
***

Run as                         [gerrit]:
Java runtime                   [/opt/software/jdk-11.0.13]:
Copy gerrit-3.5.1.war to /home/gerrit/code_review/bin/gerrit.war [Y/n]?
Copying gerrit-3.5.1.war to /home/gerrit/code_review/bin/gerrit.war

*** SSH Daemon
***

Listen on address              [*]:
Listen on port                 [29418]:
Generating SSH host key ... rsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done

*** HTTP Daemon
***

Behind reverse proxy           [y/N]?
Use SSL (https://)             [y/N]?
Listen on address              [*]:
Listen on port                 [8080]:
Canonical URL                  [http://gerrit:8080/]: http://192.168.120.11:8080/

*** Cache
***


*** Plugins
***

Installing plugins.
Install plugin codemirror-editor version v3.5.1 [y/N]? y
Installed codemirror-editor v3.5.1
Install plugin commit-message-length-validator version v3.5.1 [y/N]? y
Installed commit-message-length-validator v3.5.1
Install plugin delete-project version v3.5.1 [y/N]? y
Installed delete-project v3.5.1
Install plugin download-commands version v3.5.1 [y/N]? y
Installed download-commands v3.5.1
Install plugin gitiles version v3.5.1 [y/N]? y
Installed gitiles v3.5.1
Install plugin hooks version v3.5.1 [y/N]? y
Installed hooks v3.5.1
Install plugin plugin-manager version v3.5.1 [y/N]? y
Installed plugin-manager v3.5.1
Install plugin replication version v3.5.1 [y/N]? y
Installed replication v3.5.1
Install plugin reviewnotes version v3.5.1 [y/N]? y
Installed reviewnotes v3.5.1
Install plugin singleusergroup version v3.5.1 [y/N]? y
Installed singleusergroup v3.5.1
Install plugin webhooks version v3.5.1 [y/N]? y
Installed webhooks v3.5.1
Initializing plugins.

============================================================================
Welcome to the Gerrit community

Find more information on the homepage: https://www.gerritcodereview.com
Discuss Gerrit on the mailing list: https://groups.google.com/g/repo-discuss
============================================================================
Initialized /home/gerrit/code_review
Init complete, reindexing accounts,changes,groups,projects with: reindex --site-path /home/gerrit/code_review --threads 1 --index accounts --index changes --index groups --index projects --disable-cache-statsReindexed 0 documents in accounts index in 0.0s (0.0/s)
Index accounts in version 11 is ready
Reindexing groups:      100% (2/2)
Reindexed 2 documents in groups index in 0.2s (8.4/s)
Index groups in version 8 is ready
Reindexing changes: Slicing projects: 100% (2/2), done
Reindexed 0 documents in changes index in 0.0s (0.0/s)
Index changes in version 71 is ready
Reindexing projects:    100% (2/2)
Reindexed 2 documents in projects index in 0.0s (44.4/s)
Index projects in version 4 is ready
Executing /home/gerrit/code_review/bin/gerrit.sh start
Starting Gerrit Code Review: WARNING: Could not adjust Gerrit's process for the kernel's out-of-memory killer.
         This may be caused by /home/gerrit/code_review/bin/gerrit.sh not being run as root.
         Consider changing the OOM score adjustment manually for Gerrit's PID=6996 with e.g.:
         echo '-1000' | sudo tee /proc/6996/oom_score_adj
OK
Waiting for server on 192.168.120.11:8080 ... OK
Opening http://192.168.120.11:8080/#/admin/projects/ ...OK

如果没有启动，需要手动启动

[gerrit@gerrit ~]$ /home/gerrit/code_review/bin/gerrit.sh restart

此时，访问8080端口，显示需要认证设置。HTTP认证有两种服务认证方式：ngin、httpd
6.1 nginx服务认证

# 安装
[root@gerrit ~]# yum install epel-release
[root@gerrit ~]# yum -y install nginx httpd

# 要保证httpd服务关闭
[root@gerrit ~]# systemctl stop httpd
[root@gerrit ~]# systemctl disable httpd

# 配置
[root@gerrit ~]# vim /etc/nginx/nginx.conf
location / {
  auth_basic              "Gerrit Code Review";
  auth_basic_user_file    /passwords;
  proxy_pass              http://127.0.0.1:8080;
  proxy_set_header        X-Forwarded-For $remote_addr;
  proxy_set_header        Host $host;
}

# 启动nginx（httpd服务必须停止）
[root@gerrit ~]# systemctl start nginx
# 设置开机启动
[root@gerrit ~]# systemctl enable nginx

# Gerrit创建管理员用户（Gerrit默认第一个登录的用户名为超级管理员）
[root@gerrit ~]# touch /passwords # 和nginx配置对应
[root@gerrit ~]# htpasswd -m /passwords admin
New password:		# 密码设置为 admin
Re-type new password:
Adding password for user admin

# 要保证nginx服务停止
[root@gerrit ~]# systemctl stop nginx
[root@gerrit ~]# systemctl disable nginx

[root@gerrit ~]# vim /etc/httpd/conf/httpd.conf
## 在最后一行追加如下内容

    ServerName 192.168.120.11
    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
    
        Order deny,allow
        Allow from all
    
    
        AuthType Basic
        AuthName "Gerrit Code Review"
        Require valid-user
        AuthUserFile /gerrit.password
    
    ProxyPass / http://192.168.120.11:8080/
 

[root@gerrit ~]# systemctl start httpd
[root@gerrit ~]# systemctl enable httpd

[root@gerrit ~]# touch /gerrit.password
[root@gerrit ~]# htpasswd -m /gerrit.password admin
New password:		# 密码admin
Re-type new password:
Adding password for user admin