gerrit + ldap or http

最新推荐文章于 2025-06-23 13:22:58 发布

spark_fountain

最新推荐文章于 2025-06-23 13:22:58 发布

阅读量1.2w

点赞数

CC 4.0 BY-SA版权

分类专栏： Version Control 文章标签： database application module java apache cache

本文链接：https://blog.youkuaiyun.com/spark_fountain/article/details/7690024

Version Control 专栏收录该内容

5 篇文章

订阅专栏

本文详细介绍如何配置Gerrit，包括Git、Java、OpenLDAP的安装，以及通过HTTP进行用户认证的过程。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

这几天在学习配置Gerrit的，gerrit 是一个结合git作code review流程管理的基于web的application。真正配置起来还是遇到了好多问题，我这里就直接把正确的方法写出来了，大家不必走弯路。具体要了解某一方面的原理，请参考相关的链接。

1. install git

$sudo apt-get install git-core

2. install java6

java6
$ java -version #先查看java的version，已经是1.6就不必重现安装了。
$ sudo add-apt-repository "deb http://cz.archive.Ubuntu.com/ubuntu hardy-updates main multiverse"
$ sudo apt-get update
$ sudo apt-get install sun-java6-jdk
Please remove the repository "deb http://cz.archive.Ubuntu.com/ubuntu hardy-updates main multiverse" after sun-java6-jdk installed immediately.

3. install openldap

这里用 LDAP 方式作用户认证。

$sudo apt-get install slapd

please refer, https://help.ubuntu.com/11.04/serverguide/openldap-server.html

$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

$vi backend.fxf.com.ldif

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=fxf,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=fxf,dc=com
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=fxf,dc=com" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=fxf,dc=com" write by * read

$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.fxf.com.ldif

create a frontend.tieto.com.ldif

# Create top-level object in domain
dn: dc=fxf,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: fxf Organization
dc: fxf
description: LDAP Gerrit

# Admin user.
dn: cn=admin,dc=fxf,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret

dn: ou=people,dc=fxf,dc=com
objectClass: organizationalUnit
ou: people

dn: cn=john,ou=people,dc=fxf,dc=com
objectClass: person

cn: john
sn: Doe
userPassword: 12345

sudo ldapadd -x -D cn=admin,dc=fxf,dc=com -W -f frontend.fxf.com.ldif

input LDAP password: secret

add a user test01, create test01.ldif

dn: cn=test01,ou=people,dc=fxf,dc=com
objectClass: person

cn: test01
sn: test
userPassword: 12345

sudo ldapadd -x -D cn=admin,dc=fxf,dc=com -W -f test01.ldif

search,

$ ldapsearch -h localhost -xLLL -b "dc=fxf,dc=com" -D "cn=admin,dc=fxf,dc=com" -w secret

how to delete data,

sudo ladpdelete -h localhost -D "admin,dc=fxf,dc=com, -w secret cn=test01,ou=people,dc=fxf,dc=com

4. install gerrit

Please refer http://gerrit-documentation.googlecode.com/svn/Documentation

$java -jar gerrit.war init -d /path/to/your/gerrit_application_directory

gerrit.config

[gerrit]
   basePath = git
   canonicalWebUrl = http://127.0.0.1:8080/
[database]
   type = H2
   database = db/ReviewDB
[auth]config
   type = LDAP
[ldap]
   server = ldap://localhost
   username = cn=admin,dc=fxf,dc=com
   accountBase = ou=people,dc=fxf,dc=com
   accountPattern = (&(objectClass=person)(cn=${username}))
   sslVerify = false
[sendemail]
   smtpServer = localhost
[container]
   user = hadoop
   javaHome = /usr/lib/jvm/java-6-sun-1.6.0.26/jre
[sshd]
   listenAddress = *:29418
[httpd]
   listenUrl = http://*:8080/
[cache]
   directory = cache

使用HTTP方式作用户认证

gerrit默认第一个登录的用户作为administrator,有管理的projects和groups的权限。

1. install apache2

$sudo apt-get install apache2

    ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enable/proxy.conf

    ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enable/proxy.load

    ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enable/proxy_http.load

配置apache作为8080的反向代理，反向代理的意思是访问80端口的效果和直接访问8080端口是一样的。

然后在/etc/apache2/httpd.conf中加入下面的内容（ httpd.conf 原始的是个空文件）

如果出现ProxyRequests无法识别的错误，应当，

LoadModules proxy_module /usr/lib/apache2/modules/mod_proxy.so

LoadModules proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

    <VirtualHost *>
      ServerName localhost
      ProxyRequests Off
      ProxyVia Off
      ProxyPreserveHost On

      <Proxy *>
            Order deny,allow
            Allow from all
      </Proxy>

      <Location /login/>
         AuthType Basic
         AuthName "Gerrit Code Review"
         AuthBasicProvider file
         AuthUserFile /your gerrit installed path/etc/passwords
         Require valid-user
      </Location>

      ProxyPass / http://127.0.0.1:8080/
      ProxyPassReverse / http://127.0.0.1:8080/
    </VirtualHost>

这里需要注意的是2个地方，一是AuthUserFile /home/xx/gerrt_sites/etc/passwords，这个路是指向的是个密码文件。此文件通过命令生成

$htpasswd /home/xx/gerrt_sites/etc/passwords "gerrit_fisrt_username"

这里的gerrit_fisrt_username就是以后用来登录gerrit的用户名。

3. gerrit configure

    [gerrit]
            basePath = git
            canonicalWebUrl = http://127.0.0.1:8080/ #这项配置一般用真实的ip，比如10.126.39.128，这样在其他机器上访问就不会出现无法定位127.0.0.1的问题。
    [database]
         type = H2
   database = db/ReviewDBt
    [auth]
            type = HTTP
    [sendemail]
            smtpServer = localhost
    [container]
            user = gerrit2
            javaHome = /usr/lib/jvm/java-6-openjdk/jre
    [sshd]
            listenAddress = *:29418
    [httpd]
            listenUrl = proxy-http://127.0.0.1:8080/
    [cache]
            directory = cache