GERRIT2 installation Configuration

Gerrit is a code review system for GIT version control systems.

Download

Currently the latest version of Gerrit is 2.8.1, download the binary war package from the official.

Database Settings

Gerrit can use H2,postgresql,mysql and Oracle databases. This installation uses the PostgreSQL database.

Create the users and databases used by Gerrit:

$ createuser--username=postgres-rdielps gerrit2$ createdb--username=postgres-e UTF-8-o gerrit2 reviewdb

Using the shell tool provided by PostgreSQL, you can also log in to PostgreSQL using Psql to create role and create DATABASE.

Create user

Create a separate user gerrit2 for Gerrit, which runs Gerrit, but prohibits gerrit2 users from logging on to the system.

# adduser gerrit2# passwd--delete gerrit2

Installation

Switch to the GERRIT2 user, use the review directory under the Gerrit2 home directory as the root directory of the Gerrit site

# sudo su-gerrit2# java-jar gerrit-2.8.1.war init-d Review

To enter the interactive installation, the specific installation configuration is as follows:

The  Gerrit Code Review 2.8.1***  option has uppercase letters as the default option, such as using the default option, enter to create  '/home/gerrit2/ Review '   [y/n]? *** git repositories*** gerrit the directory used to store the Git repository, relative to the root directory reviewlocation  of git repositories   [git]: *** sql database*** database  server type           [h2]:  postgresqlserver hostname                 [localhost]: Server port                     [(Postgresql default)]: Database  name                   [reviewdb]: Database username               [gerrit2]:&nbSp;gerrit2 ' s password             :                confirm  password : *** user authentication***  uses HTTP authentication, OpenID requires the server to connect to the Internet, You can also use the LDAP authentication Service Authentication method          [openid/?]:  httpGet username from custom HTTP header [y/N]? SSO logout  url                 :  *** email delivery*** gerrit Send mail settings, you can use a local or remote SMTP server,***  as long as you have an account on the SMTP server. Smtp server hostname           [localhost]:  mail.openwares.netSMTP server port                [(default)]: 25smtp encryption                [ none/?]: tlssmtp username                   [gerrit2]: [email protected][email protected] ' s  password :                confirm password : *** container process***  run with Gerrit2 user gerritrun as                           [gerrit2]: Java runtime                    [/usr/lib/jvm/ Java-7-openjdk-amd64/jre]: copy gerrit-2.8.1.war to /home/gerrit2/review/bin/gerrit.war  [y/n]? copying gerrit-2.8.1.war to /home/gerrit2/review/bin/gerrit.war*** ssh daemon*** gerrit's own SSH service, independent of the server's own SSH service, Listen to the default port ***  Note: If you want to use a privileged port below 1024, you need to authbind authorization, otherwise SSH will bind the port failed listen on address               [*]: Listen on port                  [29418]:  gerrit code review is not shipped with bouncy castle crypto  v144  if available, gerrit can take advantage of features   in the library, but will also function without it. download and install it now [y/n]? downloading http://www.bouncycastle.org/ Download/bcprov-jdk16-144.jar ... okchecksum bcprov-jdk16-144.jar okgenerating ssh  host key ... rsa... dsa... done*** http daemon***  here uses Nginx reverse proxy Gerrit, so only listen on the loop interface.   If you use a domain name to access Gerrit, it is best to set the canonical URL as a domain name and use it to behind reverse proxy     when sending a verification message.        [y/N]? yProxy uses SSL  (https://)        [y/N]? Subdirectory on proxy server   [/]:  listen on address               [*]: 127.0.0.1Listen on port                  [8081]: Canonical URL                   [http://127.0.0.1/]:http:// review.domain.tld/*** plugins***  Optional plug-in install plugin download-commands version  V2.8.1 [Y/N]? Install plugin reviewnotes versION V2.8.1 [Y/N]? INSTALL PLUGIN REPLICATION VERSION V2.8.1 [Y/N]?  Install plugin commit-message-length-validator version v2.8.1 [y/N]?  Initialized /home/gerrit2/reviewexecuting /home/gerrit2/review/bin/gerrit.sh startstarting  Gerrit Code Review: ***  because the SSH service is selected at a port less than 1024, and there is no authbind port authorization, the following error occurs, which is higher than the 1024 port.  FAILED*** error: cannot start Gerrit: exit status 1Waiting  There is no X on the for server on 127.0.0.1:80 ... ok***  server, so using a browser to open a connection fails opening http:// 127.0.0.1/#/ADMIN/PROJECTS/&NBSP, ..... failedopen gerrit with a javascript capable browser:http://127.0.0.1/#/admin/ projects/***  Interactive Installation Complete

Gerrit Self-starting service

Add the/etc/default/gerritcodereview file with the following contents:
Gerrit_site=/path/to/gerrit

And then

# ln-sf/home/gerrit2/review/bin/gerrit.sh/etc/init.d/gerrit# Ln-sf/etc/init.d/gerrit/etc/rc3.d/s90gerrit

Nginx Configuration

Using Nginx reverse proxy Gerrit, and Nginx assumes HTTP authentication, Gerrit will not authenticate the user. Gerrit the first logged-on user after HTTP authentication succeeds as the administrator, and the other users are normal users. After the user first HTTP authentication succeeds, Gerrit will generate the same name Gerrit user for the user, as long as the account can be further perfected. For example, add email and public key. The administrator authorizes other ordinary users.

Nginx Reverse proxy configuration

server {         listen 80;         server_name review.domain.tld;         location / {                 auth_basic               " Gerrit2 code review ";                 auth_basic_user_file    /home/gerrit2/htpasswd.conf;                 proxy_pass               http://127.0.0.1:8081;                 proxy_set_header         x-forwarded-for  $remote _addr;                 proxy_set_header        Host  $host;         }        location /login/  {                proxy_ pass              http://127.0.0.1:8081;                 proxy_set_ header        x-forwarded-for  $remote _addr;                 proxy_set_header         Host  $host;         }}

HTTP Authentication File

Use the HTPASSWD command to generate an HTTP authentication profile for the management cloud user, if no htpasswd file is required to install the Apache2-utils package.

# htpasswd-d htpasswd.conf Admin

When you add Gerrit users later, you also need to configure HTTP authentication for them, and then after the user logs on, Gerrit automatically generates user accounts for them, with the name identical to the HTTP authentication name.

Account Configuration

The user who successfully logs on for the first time is Gerrit as an admin user. After logging in, click on "Anonymous Coward" Anonymous Coward, settings, in the upper right corner to configure your account.

Email

Select the left Contact Information tab to add the user's full name. Then register a new mail register, enter the administrator's email address, Gerrit will send to the new mailbox
Verify the message, the validation after the pass is a valid mailbox. At this time the installation of the configuration canonical URL is useful, verifying the domain name of the message is the canonical URL, if the configuration is HTTP://127.0.0.1/, then it is necessary to manually modify the domain name part to perform the verification.

Sending a check message is sometimes inconvenient, and you can use the remote SSH shell provided by Gerrit to add a valid mailbox to the user. Of course, first the administrator must add the SSH public key to remotely access the Gerrit SSH shell.
The syntax is as follows:

# SSH review Gerrit Set-account--add-email [email protected] Username

This is the remote SSH host alias that review is configured in. ssh/config.

You can also add user mail by directly modifying the Gerrit database table, but it's a bit dirty and not recommended.

SSH Public Key

To use Gerrit, you must provide the user's public key. Select SSH public keys on the left side of the page to add a key for the current user. Paste the public key directly into the Add SSH publicly key box and click Add.
Users can then use SSH to access the Gerrit. Of course, you cannot log on to the server, only the shell provided by Gerrit.

Add another regular account

If you are using HTTP authentication, you will need to add an HTTP authentication account when adding another account. A user created with HTPASSWD does not add an account to Gerrit, and the account is added to the Gerrit database only if the user logs on to the Gerrit server via the Web. Using HTTP authentication, do not use the Gerrit SSH shell command to add users, through HTTP authentication for the first time the successful authentication of the user, Gerrit will automatically create an account for it, then as long as the completion of the account can be. Users created with the SSH shell cannot be associated with users who are automatically created after HTTP authentication, that is, the user name is exactly the same.

Other user accounts are configured the same way as administrators.

SSH Access Gerrit

After you add the SSH public key, you can use SSH to use Gerrit.

# ssh-p 29418-i ~/.ssh/id_rsa.gerrit [email protected]

If the private key name is Id_rsa, you can not use the-i parameter. Configuring aliases for SSH hosts is easier to access, adding the ~/.ssh/config file:

Host Review Hostname review.domain.tld User admin Port 29418 #如果私钥名字为id_rsa, you can omit the following line Ident Ityfile ~/.ssh/id_rsa.gerrit

This allows SSH access to the Gerrit:

# ssh review**** Welcome to Gerrit Code Review * * * * * Hi username, you had successfully connected over SSH.  Unfortunately, interactive shells is disabled. To clone a hosted Git repository, use:git clones Ssh://[email protected]:29418/repository_name.gitconnection to Review.ta Fdc.org closed.

View Gerrit Shell Help

# ssh review gerrit --helpgerrit [command] [arg&nbsp, ...]  [--] [--help  (-h)] --          :  end of options --help  (-h)  : display this help textavailable  commands of gerrit are:   ban-commit            ban a commit from a project ' s repository    create-account       create a new batch/role  account   create-group         create a  new account group   create-project        create a new project and associated git repository    flush-caches         flush some/all server caches from memory   gc                    run git  garbage collection   gsql                  Administrative interface to active  database   ls-groups             list groups visible to the caller   ls-members            lists the members of a given group    ls-projects          list projects  visible to the caller   ls-user-refs          list refs visible to a specific user   plugin                   query                 query the change database    receive-pack         Standard Git  Server side command for client side git push   rename-group          Rename an account group    review               verify,  Approve and/or submit one or more patch sets   set-account           change an account ' s settings    set-members&nbsP;         modifies members of specific group  or number of groups   set-project           change a project ' s settings   set-project-parent    Change the project permissions are inherited from    Set-reviewers        add or remove reviewers on  a change   show-caches           display current cache statistics   show-connections      Display active client SSH connections   show-queue            Display the background work queues,  Including replication&nbsP;  stream-events        monitor events occurring  in real time   test-submit              version               Display gerrit versionSee  ' Gerrit command --help '  for more  information.

Import an existing Git code library

The simplest way is to copy the current git bare repository directly to the Gerrit managed warehouse directory.

#cp-R/path/to/old.git/path/to/gerrit/git/

Or a slightly more cumbersome approach: Create a new project in Gerrit, do not make an init commit, and then make the new repository a remote repository that already exists in the repository and push it.
Can be set Gerrit the warehouse is not audited, you can push the entire warehouse directly over.

Gitweb Integration

As soon as the Debian system is installed with the Gitweb package, the Gerrit can be automatically associated to Gitweb, through the gitweb to browse the Git repository.

# Apt-get Install Gitweb

Other questions

SMTP Certificate

If the SMTP server configured for Gerrit is SSL/TLS encrypted, and the SMTP server's certificate is self-signed, an exception is thrown when Gerrit attempts to send a message:

Sun.security.validator.ValidatorException:PKIX Path Building failed: Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target

Because the self-signed certificate is untrusted, the simplest solution is to tell Gerrit not to validate the STMP service's certificate:

Edit ~/review/etc/gerrit.config, add:

[SendMail] Sslverify=false

Or a more complex workaround, add the SMTP SSL certificate to the Java Truststore, and refer to [3] for a detailed description of this issue.

Sign Out

After logging in Gerrit with HTTP authentication, you cannot exit the login by clicking "Sign Out", and you can only exit the current session by closing the browser window directly.

If you need to reinstall Gerrit, remember to drop the database and recreate it.

References:
[1] Gerrit Code Review for Git
[2] Gerrit use summary of roast duck
[3] Code review system Reviewboard and Gerrit (bottom)

===
All Governments should is pressured to correct their abuses of human rights. ---Richard Stallman

GERRIT2 installation Configuration