Gerrit is a code review system for GIT version control systems.
Download
Currently the latest version of Gerrit is 2.8.1, download the binary war package from the official.
Database Settings
Gerrit can use H2,postgresql,mysql and Oracle databases. This installation uses the PostgreSQL database.
Create the users and databases used by Gerrit:
$ createuser--username=postgres-rdielps gerrit2$ createdb--username=postgres-e UTF-8-o gerrit2 reviewdb
Using the shell tool provided by PostgreSQL, you can also log in to PostgreSQL using Psql to create role and create DATABASE.
Create user
Create a separate user gerrit2 for Gerrit, which runs Gerrit, but prohibits gerrit2 users from logging on to the system.
# adduser gerrit2# passwd--delete gerrit2
Installation
Switch to the GERRIT2 user, use the review directory under the Gerrit2 home directory as the root directory of the Gerrit site
# sudo su-gerrit2# java-jar gerrit-2.8.1.war init-d Review
To enter the interactive installation, the specific installation configuration is as follows:
The Gerrit Code Review 2.8.1*** option has uppercase letters as the default option, such as using the default option, enter to create '/home/gerrit2/ Review ' [y/n]? *** git repositories*** gerrit the directory used to store the Git repository, relative to the root directory reviewlocation of git repositories [git]: *** sql database*** database server type [h2]: postgresqlserver hostname [localhost]: Server port [(Postgresql default)]: Database name [reviewdb]: Database username [gerrit2]:&nbSp;gerrit2 ' s password : confirm password : *** user authentication*** uses HTTP authentication, OpenID requires the server to connect to the Internet, You can also use the LDAP authentication Service Authentication method [openid/?]: httpGet username from custom HTTP header [y/N]? SSO logout url : *** email delivery*** gerrit Send mail settings, you can use a local or remote SMTP server,*** as long as you have an account on the SMTP server. Smtp server hostname [localhost]: mail.openwares.netSMTP server port [(default)]: 25smtp encryption [ none/?]: tlssmtp username [gerrit2]: [email protected][email protected] ' s password : confirm password : *** container process*** run with Gerrit2 user gerritrun as [gerrit2]: Java runtime [/usr/lib/jvm/ Java-7-openjdk-amd64/jre]: copy gerrit-2.8.1.war to /home/gerrit2/review/bin/gerrit.war [y/n]? copying gerrit-2.8.1.war to /home/gerrit2/review/bin/gerrit.war*** ssh daemon*** gerrit's own SSH service, independent of the server's own SSH service, Listen to the default port *** Note: If you want to use a privileged port below 1024, you need to authbind authorization, otherwise SSH will bind the port failed listen on address [*]: Listen on port [29418]: gerrit code review is not shipped with bouncy castle crypto v144 if available, gerrit can take advantage of features in the library, but will also function without it. download and install it now [y/n]? downloading http://www.bouncycastle.org/ Download/bcprov-jdk16-144.jar ... okchecksum bcprov-jdk16-144.jar okgenerating ssh host key ... rsa... dsa... done*** http daemon*** here uses Nginx reverse proxy Gerrit, so only listen on the loop interface. If you use a domain name to access Gerrit, it is best to set the canonical URL as a domain name and use it to behind reverse proxy when sending a verification message. [y/N]? yProxy uses SSL (https://) [y/N]? Subdirectory on proxy server [/]: listen on address [*]: 127.0.0.1Listen on port [8081]: Canonical URL [http://127.0.0.1/]:http:// review.domain.tld/*** plugins*** Optional plug-in install plugin download-commands version V2.8.1 [Y/N]? Install plugin reviewnotes versION V2.8.1 [Y/N]? INSTALL PLUGIN REPLICATION VERSION V2.8.1 [Y/N]? Install plugin commit-message-length-validator version v2.8.1 [y/N]? Initialized /home/gerrit2/reviewexecuting /home/gerrit2/review/bin/gerrit.sh startstarting Gerrit Code Review: *** because the SSH service is selected at a port less than 1024, and there is no authbind port authorization, the following error occurs, which is higher than the 1024 port. FAILED*** error: cannot start Gerrit: exit status 1Waiting There is no X on the for server on 127.0.0.1:80 ... ok*** server, so using a browser to open a connection fails opening http:// 127.0.0.1/#/ADMIN/PROJECTS/&NBSP, ..... failedopen gerrit with a javascript capable browser:http://127.0.0.1/#/admin/ projects/*** Interactive Installation Complete
Gerrit Self-starting service
Add the/etc/default/gerritcodereview file with the following contents:
Gerrit_site=/path/to/gerrit
And then
# ln-sf/home/gerrit2/review/bin/gerrit.sh/etc/init.d/gerrit# Ln-sf/etc/init.d/gerrit/etc/rc3.d/s90gerrit
Nginx Configuration
Using Nginx reverse proxy Gerrit, and Nginx assumes HTTP authentication, Gerrit will not authenticate the user. Gerrit the first logged-on user after HTTP authentication succeeds as the administrator, and the other users are normal users. After the user first HTTP authentication succeeds, Gerrit will generate the same name Gerrit user for the user, as long as the account can be further perfected. For example, add email and public key. The administrator authorizes other ordinary users.
Nginx Reverse proxy configuration
server { listen 80; server_name review.domain.tld; location / { auth_basic " Gerrit2 code review "; auth_basic_user_file /home/gerrit2/htpasswd.conf; proxy_pass http://127.0.0.1:8081; proxy_set_header x-forwarded-for $remote _addr; proxy_set_header Host $host; } location /login/ { proxy_ pass http://127.0.0.1:8081; proxy_set_ header x-forwarded-for $remote _addr; proxy_set_header Host $host; }}
HTTP Authentication File
Use the HTPASSWD command to generate an HTTP authentication profile for the management cloud user, if no htpasswd file is required to install the Apache2-utils package.
# htpasswd-d htpasswd.conf Admin
When you add Gerrit users later, you also need to configure HTTP authentication for them, and then after the user logs on, Gerrit automatically generates user accounts for them, with the name identical to the HTTP authentication name.
Account Configuration
The user who successfully logs on for the first time is Gerrit as an admin user. After logging in, click on "Anonymous Coward" Anonymous Coward, settings, in the upper right corner to configure your account.
Email
Select the left Contact Information tab to add the user's full name. Then register a new mail register, enter the administrator's email address, Gerrit will send to the new mailbox
Verify the message, the validation after the pass is a valid mailbox. At this time the installation of the configuration canonical URL is useful, verifying the domain name of the message is the canonical URL, if the configuration is HTTP://127.0.0.1/, then it is necessary to manually modify the domain name part to perform the verification.
Sending a check message is sometimes inconvenient, and you can use the remote SSH shell provided by Gerrit to add a valid mailbox to the user. Of course, first the administrator must add the SSH public key to remotely access the Gerrit SSH shell.
The syntax is as follows:
# SSH review Gerrit Set-account--add-email [email protected] Username
This is the remote SSH host alias that review is configured in. ssh/config.
You can also add user mail by directly modifying the Gerrit database table, but it's a bit dirty and not recommended.
SSH Public Key
To use Gerrit, you must provide the user's public key. Select SSH public keys on the left side of the page to add a key for the current user. Paste the public key directly into the Add SSH publicly key box and click Add.
Users can then use SSH to access the Gerrit. Of course, you cannot log on to the server, only the shell provided by Gerrit.
Add another regular account
If you are using HTTP authentication, you will need to add an HTTP authentication account when adding another account. A user created with HTPASSWD does not add an account to Gerrit, and the account is added to the Gerrit database only if the user logs on to the Gerrit server via the Web. Using HTTP authentication, do not use the Gerrit SSH shell command to add users, through HTTP authentication for the first time the successful authentication of the user, Gerrit will automatically create an account for it, then as long as the completion of the account can be. Users created with the SSH shell cannot be associated with users who are automatically created after HTTP authentication, that is, the user name is exactly the same.
Other user accounts are configured the same way as administrators.
SSH Access Gerrit
After you add the SSH public key, you can use SSH to use Gerrit.
# ssh-p 29418-i ~/.ssh/id_rsa.gerrit [email protected]
If the private key name is Id_rsa, you can not use the-i parameter. Configuring aliases for SSH hosts is easier to access, adding the ~/.ssh/config file:
Host Review Hostname review.domain.tld User admin Port 29418 #如果私钥名字为id_rsa, you can omit the following line Ident Ityfile ~/.ssh/id_rsa.gerrit
This allows SSH access to the Gerrit:
# ssh review**** Welcome to Gerrit Code Review * * * * * Hi username, you had successfully connected over SSH. Unfortunately, interactive shells is disabled. To clone a hosted Git repository, use:git clones Ssh://[email protected]:29418/repository_name.gitconnection to Review.ta Fdc.org closed.
View Gerrit Shell Help
# ssh review gerrit --helpgerrit [command] [arg , ...] [--] [--help (-h)] -- : end of options --help (-h) : display this help textavailable commands of gerrit are: ban-commit ban a commit from a project ' s repository create-account create a new batch/role account create-group create a new account group create-project create a new project and associated git repository flush-caches flush some/all server caches from memory gc run git garbage collection gsql Administrative interface to active database ls-groups list groups visible to the caller ls-members lists the members of a given group ls-projects list projects visible to the caller ls-user-refs list refs visible to a specific user plugin query query the change database receive-pack Standard Git Server side command for client side git push rename-group Rename an account group review verify, Approve and/or submit one or more patch sets set-account change an account ' s settings set-members&nbsP; modifies members of specific group or number of groups set-project change a project ' s settings set-project-parent Change the project permissions are inherited from Set-reviewers add or remove reviewers on a change show-caches display current cache statistics show-connections Display active client SSH connections show-queue Display the background work queues, Including replication&nbsP; stream-events monitor events occurring in real time test-submit version Display gerrit versionSee ' Gerrit command --help ' for more information.
Import an existing Git code library
The simplest way is to copy the current git bare repository directly to the Gerrit managed warehouse directory.
#cp-R/path/to/old.git/path/to/gerrit/git/
Or a slightly more cumbersome approach: Create a new project in Gerrit, do not make an init commit, and then make the new repository a remote repository that already exists in the repository and push it.
Can be set Gerrit the warehouse is not audited, you can push the entire warehouse directly over.
Gitweb Integration
As soon as the Debian system is installed with the Gitweb package, the Gerrit can be automatically associated to Gitweb, through the gitweb to browse the Git repository.
# Apt-get Install Gitweb
Other questions
SMTP Certificate
If the SMTP server configured for Gerrit is SSL/TLS encrypted, and the SMTP server's certificate is self-signed, an exception is thrown when Gerrit attempts to send a message:
Sun.security.validator.ValidatorException:PKIX Path Building failed: Sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target
Because the self-signed certificate is untrusted, the simplest solution is to tell Gerrit not to validate the STMP service's certificate:
Edit ~/review/etc/gerrit.config, add:
[SendMail] Sslverify=false
Or a more complex workaround, add the SMTP SSL certificate to the Java Truststore, and refer to [3] for a detailed description of this issue.
Sign Out
After logging in Gerrit with HTTP authentication, you cannot exit the login by clicking "Sign Out", and you can only exit the current session by closing the browser window directly.
If you need to reinstall Gerrit, remember to drop the database and recreate it.
References:
[1] Gerrit Code Review for Git
[2] Gerrit use summary of roast duck
[3] Code review system Reviewboard and Gerrit (bottom)
===
All Governments should is pressured to correct their abuses of human rights. ---Richard Stallman
GERRIT2 installation Configuration