gerrit代码审计+ldap部署配置

1、下载安装包可以在官网上下载

这个版本不需要依赖数据库

https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.3/install.html

2、新建用户

新建gerrit用户
sudo adduser gerrit
sudo su gerrit

3、安装

[gerrit@VM_32_3_centos bags]$ java -version
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 1.8.0_161-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)

[gerrit@VM_32_3_centos bags]$ java -jar gerrit-3.2.3.war init -d /home/gerrit_app

Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2019-07-30 13:51:43,882] [main] INFO  com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit_app/etc/gerrit.config; assuming defaults


*** Gerrit Code Review 3.2.3
***

Create '/home/gerrit/gerrit'   [Y/n]?


*** Git Repositories
***


Location of Git repositories   [git]: /home/gerrit_app/gerrit_repo


*** Index
***


Type                           [lucene/?]:


*** User Authentication
***


Authentication method          [openid/?]: http
Get username from custom HTTP header [y/N]?
SSO logout URL                 :
Enable signed push support     [y/N]?


*** Review Labels
***


Install Verified label         [y/N]?


*** Email Delivery
***


SMTP server hostname           [localhost]:
SMTP server port               [(default)]:
SMTP encryption                [none/?]:
SMTP username                  :


*** Container Process
***


Run as                         [gerrit]:
Java runtime                   [/usr/local/jdk1.8.0_161/jre]:
Copy gerrit-3.0.0.war to /home/gerrit/gerrit/bin/gerrit.war [Y/n]?
Copying gerrit-3.0.0.war to /home/gerrit/gerrit/bin/gerrit.war


*** SSH Daemon
***


Listen on address              [*]:
Listen on port                 [29418]:
Generating SSH host key ... rsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done


*** HTTP Daemon
***


Behind reverse proxy           [y/N]?y
Use SSL (https://)             [y/N]?
Listen on address              [*]:
Listen on port                 [8080]: 8020
Canonical URL            [http://localhost:8787/]:http://localhost:8020/gerrit


*** Cache
***




*** Plugins
***


Installing plugins.
Install plugin codemirror-editor version v3.0.0 [y/N]?
Install plugin commit-message-length-validator version v3.0.0 [y/N]?
Install plugin delete-project version v3.0.0 [y/N]?
Install plugin download-commands version v3.0.0 [y/N]?
Install plugin gitiles version v3.0.0 [y/N]?
Install plugin hooks version v3.0.0 [y/N]?
Install plugin plugin-manager version v3.0.0 [y/N]?
Install plugin replication version v3.0.0 [y/N]?
Install plugin reviewnotes version v3.0.0 [y/N]?
Install plugin singleusergroup version v3.0.0 [y/N]?
Install plugin webhooks version v3.0.0 [y/N]?
Initializing plugins.
No plugins found with init steps.

4、等待运行结果：

配置文件内容

5、这个时候看尝试访问8787端口：

6、我通过查看上面的博客发现，是因为gerrit需要使用反向代理，我这里使用的是nginx。

7、为了让反向代理能够有登录的用户名和密码，需要创建用户名和密码，需要使用到工具htpasswd

[root@VM_32_3_centos ~]# htpasswd -c /home/gerrit/gerrit/etc/gerrit.password admin
-bash: htpasswd: command not found
[root@VM_32_3_centos ~]# yum -y install httpd-tools
```bash

## 8、然后创建admin用户
[root@VM_32_3_centos ~]# htpasswd -c /home/gerrit/gerrit/etc/gerrit.password admin
## 9、然后配置nginx反向代理：
代理到这个8787端口
## 10、重新加载nginx配置文件 
nginx -s reload
## 11、再次访问安装机器的81端口：

## 12、原因是nginx不能访问用户gerrit文件夹的内容。所以需要给gerrit文件夹对应755权限
```bash
chmod 755 /home/gerrit

13、安装成功

配置脚本示例

[gerrit@BJ-DBL-A09-ZYC1Q-OMP-HPDL360-SV004 etc]$ vim gerrit.config

[gerrit]
        basePath = git
        canonicalWebUrl = http://10.148.33.129:8020/gerrit
        serverId = e984d66d-d292-4aa0-9c8c-36995c0044f1
[container]
        javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
        javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
        user = gerrit
        javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.102-4.b14.el7.x86_64/jre
[index]
        type = lucene
[gerrit]
        basePath = git
        canonicalWebUrl = http://10.148.88.129:8020/gerrit
        serverId = e984d66d-d292-4aa0-9c8c-36995c0044f1
[container]
        javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
        javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
        user = gerrit
        javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.102-4.b14.el7.x86_64/jre
[index]
        type = lucene
[auth]
        type = HTTP
        gitBasicAuthPolicy = HTTP
[receive]
        enableSignedPush = false
[sendmail]
        smtpUser = localhost

[auth]
        type = ldap
[ldap]
        server = ldap://10.148.33.14:389
        username = cn=gerrit,dc=test,dc=com
        accountBase = ou=people,dc=test,dc=com
        groupBase = ou=groups,dc=test,dc=com
        groupMemberPattern = (member=${dn})
        accountFullName = cn
        supportAnonymous = false
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = proxy-http://*:8020/gerrit
[cache]
        directory = cache
[plugins]
        allowRemoteAdmin = true