Gerrit - 初始配置
1 - 插件管理
1.1 下载并安装插件
以reviewers插件为例。
在GerritForge(https://gerrit-ci.gerritforge.com/),找到对应gerrit 版本的reviewers插件
获得对应的jar下载地址
https://gerrit-ci.gerritforge.com/job/plugin-reviewers-bazel-master/lastSuccessfulBuild/artifact/bazel-bin/plugins/reviewers/reviewers.jar
下载插件(jar包)并放置在$GERRIT_SITE/plugins目录下,然后重启Gerrit服务($GERRIT_SITE/bin/gerrit.sh restart),会自动加载此目录下的插件。
[gerrit@mt101 ~]$ cd gerrit_testsite/plugins/
[gerrit@mt101 plugins]$ pwd
/home/gerrit/gerrit_testsite/plugins
[gerrit@mt101 plugins]$ wget https://gerrit-ci.gerritforge.com/job/plugin-reviewers-bazel-master/lastSuccessfulBuild/artifact/bazel-bin/plugins/reviewers/reviewers.jar
--2019-12-11 11:55:16-- https://gerrit-ci.gerritforge.com/job/plugin-reviewers-bazel-master/lastSuccessfulBuild/artifact/bazel-bin/plugins/reviewers/reviewers.jar
Resolving gerrit-ci.gerritforge.com (gerrit-ci.gerritforge.com)... 8.26.94.23
Connecting to gerrit-ci.gerritforge.com (gerrit-ci.gerritforge.com)|8.26.94.23|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 41911 (41K) [application/java-archive]
Saving to: ‘reviewers.jar’
100%[==========================================>] 41,911 118KB/s in 0.3s
2019-12-11 11:55:23 (118 KB/s) - ‘reviewers.jar’ saved [41911/41911]
[gerrit@mt101 plugins]$
[gerrit@mt101 plugins]$ chmod 755 reviewers.jar
[gerrit@mt101 plugins]$ ll
total 44
-rwxr-xr-x 1 gerrit gerrit 41911 Nov 16 02:03 reviewers.jar
[gerrit@mt101 plugins]$
[gerrit@mt101 plugins]$ cd
[gerrit@mt101 ~]$ sudo sh gerrit_testsite/bin/gerrit.sh restart
Stopping Gerrit Code Review: OK
Starting Gerrit Code Review: OK
[gerrit@mt101 ~]$
查看插件是否安装成功
1.2 通过SSH安装插件
实际是通过SSH连接到Gerrit,然后执行“gerrit plugin”命令来管理插件。
官网教程:https://review.gerrithub.io/Documentation/cmd-plugin-install.html
[gerrit@mt101 ~]$ ssh -p 29418 admin@192.168.16.101 gerrit plugin -h
gerrit plugin [COMMAND] [ARG ...] [--] [--help (-h)]
-- : end of options (default: false)
--help (-h) : display this help text (default: true)
Available commands of gerrit plugin are:
add Install/Add a plugin
enable Enable plugins
install Install/Add a plugin
ls List the installed plugins
reload Reload/Restart plugins
remove Disable plugins
rm Disable plugins
See 'COMMAND --help' for more information.
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ ssh -p 29418 admin@192.168.16.101 gerrit plugin ls
Name Version Status File
-------------------------------------------------------------------------------
codemirror-editor v3.1.0 ENABLED codemirror-editor.jar
commit-message-length-validator v3.1.0 ENABLED commit-message-length-validator.jar
delete-project v3.1.0 ENABLED delete-project.jar
download-commands v3.1.0 ENABLED download-commands.jar
gitiles v3.1.0 ENABLED gitiles.jar
hooks v3.1.0 ENABLED hooks.jar
plugin-manager v3.1.0 ENABLED plugin-manager.jar
replication v3.1.0 ENABLED replication.jar
reviewers c0b1572ad4 ENABLED reviewers.jar
reviewnotes v3.1.0 ENABLED reviewnotes.jar
singleusergroup v3.1.0 ENABLED singleusergroup.jar
webhooks v3.1.0 ENABLED webhooks.jar
[gerrit@mt101 ~]$
常用的安装方式
# Install a plugin from an absolute file path on the server’s host:
ssh -p 29418 localhost gerrit plugin install -n name.jar $(pwd)/my-plugin.jar
# Install a plugin from an HTTP site:
ssh -p 29418 localhost gerrit plugin install -n name.jar http://build-server/output/our-plugin
1.3 war文件中携带的插件
war文件中包含了一些插件,例如:gerrit-3.1.0.war文件
[gerrit@node202 ~]$ ll
total 67552
-rw-r--r-- 1 gerrit gerrit 69172528 Nov 30 22:39 gerrit-3.1.0.war
drwxrwxr-x 14 gerrit gerrit 150 Nov 30 22:41 gerrit_testsite
[gerrit@node202 ~]$
[gerrit@node202 ~]$ mkdir gerrit-tmp
[gerrit@node202 ~]$ unzip -oq gerrit-3.1.0.war -d gerrit-tmp/
[gerrit@node202 ~]$ ll
total 67552
-rw-r--r-- 1 gerrit gerrit 69172528 Nov 30 22:39 gerrit-3.1.0.war
drwxrwxr-x 14 gerrit gerrit 150 Nov 30 22:41 gerrit_testsite
drwxrwxr-x 7 gerrit gerrit 194 Dec 1 22:46 gerrit-tmp
[gerrit@node202 ~]$
[gerrit@node202 ~]$ ll gerrit-tmp/WEB-INF/plugins/
total 2456
-r-xr-xr-x 1 gerrit gerrit 376828 Jan 1 1980 codemirror-editor.jar
-r-xr-xr-x 1 gerrit gerrit 5331 Jan 1 1980 commit-message-length-validator.jar
-r-xr-xr-x 1 gerrit gerrit 229911 Jan 1 1980 delete-project.jar
-r-xr-xr-x 1 gerrit gerrit 28106 Jan 1 1980 download-commands.jar
-r-xr-xr-x 1 gerrit gerrit 1312259 Jan 1 1980 gitiles.jar
-r-xr-xr-x 1 gerrit gerrit 50470 Jan 1 1980 hooks.jar
-r-xr-xr-x 1 gerrit gerrit 58172 Jan 1 1980 plugin-manager.jar
-r-xr-xr-x 1 gerrit gerrit 339874 Jan 1 1980 replication.jar
-r-xr-xr-x 1 gerrit gerrit 25251 Jan 1 1980 reviewnotes.jar
-r-xr-xr-x 1 gerrit gerrit 7958 Jan 1 1980 singleusergroup.jar
-r-xr-xr-x 1 gerrit gerrit 58843 Jan 1 1980 webhooks.jar
[gerrit@node202 ~]$
2 - 创建用户
2.1 在启用HTTP认证情况下,需要使用htpasswd命令。
示例如下:
[gerrit@mt101 ~]$ chmod 755 /home/gerrit/
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r-- 1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
drwxr-xr-x 14 root root 150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ sudo htpasswd -c /home/gerrit/gerrit.password admin
New password:
Re-type new password:
Adding password for user admin
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ sudo htpasswd -m /home/gerrit/gerrit.password testdemo
New password:
Re-type new password:
Adding password for user testdemo
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ sudo chmod 755 gerrit.password
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ ll
total 67556
-rw-r--r-- 1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
-rwxr-xr-x 1 root root 91 Dec 10 14:52 gerrit.password
drwxr-xr-x 14 root root 150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ cat gerrit.password
admin:$apr1$fQB7h4KA$uhYXP/fEeyfA8GDyA18781
testdemo:$apr1$ETlmCKcz$L5unhKCEx1HRnad7SmPSv.
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ sudo service nginx restart
Redirecting to /bin/systemctl restart nginx.service
[gerrit@mt101 ~]$
2.2 默认认证情况下,可以在web页面添加。
示例如下:
创建新用户
初次登录时,会提醒添加账号的name和email信息。
在User Settings中可以进行具体的设置
3 - 创建新Repository(Project)
4 - SSH连接
4.1 生成SSH公钥
[gerrit@mt101 ~]$ ll .ssh
ls: cannot access .ssh: No such file or directory
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ ssh-keygen -t rsa -C "sshtest"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/gerrit/.ssh/id_rsa):
Created directory '/home/gerrit/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gerrit/.ssh/id_rsa.
Your public key has been saved in /home/gerrit/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9eQRv/j8pNN3N1/7R4KzEvttvg1teyzUbw7Wuyb3YE4 sshtest
The key's randomart image is:
+---[RSA 2048]----+
| . |
| o |
| . o . |
| . + o . |
| S +... |
| . ooooo|
| o +E=B|
| o .B+&/|
| o.oX@^|
+----[SHA256]-----+
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ ll .ssh
total 8
-rw------- 1 gerrit gerrit 1675 Dec 10 15:28 id_rsa
-rw-r--r-- 1 gerrit gerrit 389 Dec 10 15:28 id_rsa.pub
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCE36kKv9cRTR/UU+7c620a6sYwptzVCRa8KBWBVijXNME+te4Nt2ZKp1uVvVOYKWv4akR/E5wMMTa9sYiE7EZJsC0cfg+FSuvc7WeoyT0hWYEWAabqp1cAApZUKSm7c06829dSTAPLj4MIEQOtEzID8iaq7+kGDf6RsGF6QRrAVx28k5ZJNvNFLpFqv4cjOaDbWOKaVXkrAgYYdLWWJ6xEeQTJ6yxCkk9KY7+rHEHd9zEoJYiA03J9UgxRRkyTX8vRW39RHVVM+GriOasAgwhvhFZXJsm6mJVXr2Y3AFcMNPo4YJNq68LGdU8bjqN78ysBbkxfIDq+r3ANc7+D+Az sshtest
[gerrit@mt101 ~]$
4.2 在用户设置中添加SSH公钥
这里是在admin账户中添加了SSH公钥
4.3 测试SSH连接
这里通过执行“ssh -p 29418 admin@192.168.16.101 gerrit -h”获取了gerrit的使用帮助信息。
“-p 29418”是指定使用29418端口,在gerrit配置文件中定义了SSH的端口。
[gerrit@mt101 ~]$ ssh -p 29418 admin@192.168.16.101 gerrit -h
The authenticity of host '[192.168.16.101]:29418 ([192.168.16.101]:29418)' can't be established.
ECDSA key fingerprint is SHA256:V0hOtzBCxfCmebW0ilpZWoQxucMVy+D4gf0nsBmq9R8.
ECDSA key fingerprint is MD5:d3:a4:8c:5e:d0:28:04:ac:6f:85:1e:03:7b:c7:41:15.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.16.101]:29418' (ECDSA) to the list of known hosts.
gerrit [COMMAND] [ARG ...] [--] [--help (-h)]
-- : end of options (default: false)
--help (-h) : display this help text (default: true)
Available commands of gerrit are:
apropos Search in Gerrit documentation
ban-commit Ban a commit from a project's repository
close-connection Close the specified SSH connection
create-account Create a new batch/role account
create-branch Create a new branch
create-group Create a new account group
create-project Create a new project and associated Git repository
flush-caches Flush some/all server caches from memory
gc Run Git garbage collection
index
logging
ls-groups List groups visible to the caller
ls-members List the members of a given group
ls-projects List projects visible to the caller
ls-user-refs List refs visible to a specific user
plugin
query Query the change database
receive-pack Standard Git server side command for client side git push
reload-config Reloads the Gerrit configuration
rename-group Rename an account group
review Apply reviews to one or more patch sets
set-account Change an account's settings
set-head Change HEAD reference for a project
set-members Modify members of specific group or number of groups
set-project Change a project's settings
set-project-parent Change the project permissions are inherited from
set-reviewers Add or remove reviewers on a change
show-caches Display current cache statistics
show-connections Display active client SSH connections
show-queue Display the background work queues
stream-events Monitor events occurring in real time
test-submit
version Display gerrit version
See 'gerrit COMMAND --help' for more information.
[gerrit@mt101 ~]$
5 - 为admin账户开启访问数据库权限
6 - LDAP认证方式
Gerrit支持多种认证方式。
Gerrit可以和LDAP用户认证服务集成,用于用户的导入、同步和集中管理。
在LDAP认证模式下,用户的用户名和密码都是在LDAP端进行管理的。
LDAP认证方式的配置
- Gerrit配置文件auth部分的type属性为LDAP,并增加ldap部分的配置
- 修改nginx配置,将先前的“Basic Auth”相关内容注释,然后重启nginx
行动是绝望的解药!
欢迎转载和引用,但请在明显处保留原文链接和原作者信息!
本博客内容多为个人工作与学习的记录,少数内容来自于网络并略有修改,已尽力标明原文链接和转载说明。如有冒犯,即刻删除!
以所舍,求所得,有所获,方所成。
