CentOS7 build CI (GitLab + Gerrit + Jenkins) System

CentOS7 build CI (GitLab + Gerrit + Jenkins) System
1. Install GitLab: ①. Install the required extensions/applications:

yum -y install curl policycoreutils openssh-server openssh-clients postfix cronieyum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui crontabs logwatch logrotate perl-Time-HiRes git cmake libcom_err-devel libcom_err-devel git patch gcc-c++ zlib-devel make autoconf automake libtool bison python python-docutils wget rubysudo systemctl enable sshdsudo systemctl start sshdsudo systemctl enable postfixsudo systemctl start postfixsudo chkconfig postfix on

② Replacing the Ruby Source:

gem sources -r https://rubygems.org/gem sources -a https://ruby.taobao.org/

③ Add a yum source and install it using the yum Source:

I. This is the official yum source and may be slow in China:

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bashsudo yum -y install gitlab-ce

Ii. Use the domestic yum Source: PS. For details about the source content, refer to official instructions: Modify and use the GitLab domestic source. First, add the source file.

sudo vi /etc/yum.repos.d/gitlab_gitlab-ce.repo

Modify source file content:

[gitlab-ce]name=gitlab-cebaseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7repo_gpgcheck=0gpgcheck=0enabled=1gpgkey=https://packages.gitlab.com/gpg.key

Run the following command:

sudo yum makecachesudo yum -y install gitlab-ce

④ Use the default configuration to configure GitLab:

sudo gitlab-ctl reconfigure

⑤ Modify GitLab configurations as needed:

PS. Because the existing Nginx is used as the GitLab server, you must first configure the location of the GitLab configuration file:

/etc/gitlab/gitlab.rb

Because the gitlab domain name is configured in advancehttp://Git.xxx.comNext, modify/etc/gitlab/gitlab.rbNote the following in the modification:web_serverThe set value is your nginx configuration. Note that there is no space before each line. Note that GitLab uses Ruby and the default port is 8080:

# note the 'https' belowexternal_url 'http://git.xxx.com'# Set the web serverweb_server['external_users'] = ['www']# Disable the built-in nginxnginx['enable'] = false

The above is where the gitlab configuration file needs to be modified. Next, add the nginx Virtual Host

6. Add nginx virtual hosts and support gitlab:

Add gitlab. conf:

vi /usr/local/nginx/conf/vhost/gitlab.conf

Add the following template content to gitlab. conf:

## GitLab#### Modified from nginx http version## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html#### Lines starting with two hashes (##) are comments with information.## Lines starting with one hash (#) are configuration parameters that can be uncommented.######################################        CONTRIBUTING          ######################################## If you change this file in a Merge Request, please also create## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests#######################################         configuration         ######################################### See installation.md#using-https for additional HTTPS configuration details.upstream gitlab-workhorse {  server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;}## HTTPS hostserver {  listen  80;  server_name git.xxx.com; ## Replace this with something like gitlab.example.com  server_tokens off; ## Don't show the nginx version number, a security best practice  root /opt/gitlab/embedded/service/gitlab-rails/public;  include pagespeed.conf;  ## Individual nginx logs for this GitLab vhost  access_log  /data/log/nginx/gitlab.access.log;  error_log   /data/log/nginx/gitlab.error.log;  location / {    client_max_body_size 0;    gzip off;    ## https://github.com/gitlabhq/gitlabhq/issues/694    ## Some requests take more than 30 seconds.    proxy_read_timeout      300;    proxy_connect_timeout   300;    proxy_redirect          off;    proxy_http_version 1.1;    proxy_set_header    Host                $http_host;    proxy_set_header    X-Real-IP           $remote_addr;    proxy_set_header    X-Forwarded-Ssl     on;    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;    proxy_set_header    X-Forwarded-Proto   $scheme;    proxy_pass http://gitlab-workhorse;  }}

7. Modify firewall settings:

# Open tcp port 8080 for the public domain: firewall-cmd -- zone = public -- add-port = 8080/tcp -- permanent # add http service firewall-cmd -- zone = for the public domain public -- add-service = http -- permanent # restart firewall-cmd -- reload

2. Install Jenkins: ①. Install the yum Source:

cd ~&&  wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.reposudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key

② Install jenkins and modify the startup Port:

sudo yum -y install java jenkins

Modify/etc/sysconfig/jenkinsConfiguration:

JENKINS_PORT="8081"

3. Start jenkins and set the startup:

sudo service jenkins start/stop/restartsudo chkconfig jenkins on

④ Modify firewall settings:

firewall-cmd --zone=public --add-port=8081/tcp --permanentfirewall-cmd --zone=public --add-service=http --permanentfirewall-cmd --reload

⑤ Use Nginx as the Web Server:

After the installation is complete, accesshttp://localhost:8080/You can seejenkinsOn the home page, enter the randomly generated password as prompted to log on.jenkinsIf you want to use an existing Web server to accessjenkins, You can perform the following configuration (I use Nginx directly here, the Apache configuration is officially described ),

vi /etc/nginxhost/jenkins.conf 

Write the following configuration in the configuration file:

server {  listen          80;       # Listen on port 80 for IPv4 requests  server_name     jenkins.xxx.com;  server_tokens   off;  #this is the jenkins web root directory (mentioned in the /etc/default/jenkins file)  root            /var/run/jenkins/war/;  include pagespeed.conf;  include proxy.conf;  access_log      /data/log/nginx/jenkins.access.log;  error_log       /data/log/nginx/jenkins.error.log;  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {    #rewrite all static files into requests to the root    #E.g /static/12345678/css/something.css will become /css/something.css    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;  }  location /userContent {        #have nginx handle all the static requests to the userContent folder files        #note : This is the $JENKINS_HOME dir        root /var/lib/jenkins/;        if (!-f $request_filename){           #this file does not exist, might be a directory or a /**view** url           rewrite (.*) /$1 last;           break;        }        sendfile on;  }  location @jenkins {      sendfile off;      proxy_pass         http://127.0.0.1:8081;      proxy_redirect     default;  }  location / {     # Optional configuration to detect and redirect iPhones      if ($http_user_agent ~* '(iPhone|iPod)') {          rewrite ^/$ /view/iphone/ redirect;      }      try_files $uri @jenkins;   }}

Restart Nginx and accesshttp://jenkins.xxx.comYou can accessjenkinsAfter installing the update plug-in, you will find that the agent update is slow. You can set a new update site without the official update point: ①. First, test whether the update data is available: Accesshttp://mirror.xmission.com/jenkins/updates/current/update-center.jsonIf the results are obtained, the update point is available. If not accessible, use the official default update source; ② after the test is available, set "Update Site" to the following address in "Manage Jenkins" --> "Manage Plugins" --> "Advanced:

http://mirror.xmission.com/jenkins/updates/current/update-center.json

3. Install Gerrit:

① Download gerrit2.12.2:

cd ~ && wget https://gerrit-releases.storage.googleapis.com/gerrit-2.12.2.war

②. Preparations before installation: Gerrit supports MySQL, PostgreSQL, etc. Here I am using MySQL to find a prompt to create a data table and report an error. If you are not willing to try it again, use PostgreSQL instead, for details about how to install and use PostgreSQL, refer to Centos7 to install PostgreSQL9.5. After installation, create a database for Gerrit.reviewdb:

createdb -h 127.0.0.1 -p 5432 -U postgres reviewdb

InputpostgresThe password is used to create a database.reviewdb③ Install gerrit/var/opt/gerritLower

cd ~ && java -jar gerrit-2.12.2.war init -d /var/opt/gerrit 

The operation and display result are as follows:

*** Gerrit Code Review 2.12.2*** Create '/var/opt/gerrit'       [Y/n]? y*** Git Repositories*** Location of Git repositories   [git]: *** SQL Database*** Database server type           [h2]: postgresqlServer hostname                [localhost]: Server port                    [(postgresql default)]: Database name                  [reviewdb]: Database username              [root]: postgrespostgres's password            :               confirm password : *** Index*** Type                           [LUCENE/?]: *** User Authentication*** Authentication method          [OPENID/?]: httpGet username from custom HTTP header [y/N]? SSO logout URL                 : Enable signed push support     [y/N]? *** Review Labels*** Install Verified label         [y/N]? *** Email Delivery*** SMTP server hostname           [localhost]: SMTP server port               [(default)]: SMTP encryption                [NONE/?]: SMTP username                  : root@localhost.localdomainroot@localhost.localdomain's password :               confirm password : *** Container Process*** Run as                         [root]: Java runtime                   [/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre]: Copy gerrit-2.12.2.war to /var/opt/gerrit/bin/gerrit.war [Y/n]? Copying gerrit-2.12.2.war to /var/opt/gerrit/bin/gerrit.war*** SSH Daemon*** Listen on address              [*]: Listen on port                 [29418]: Gerrit Code Review is not shipped with Bouncy Castle Crypto SSL v152  If available, Gerrit can take advantage of features  in the library, but will also function without it.Download and install it now [Y/n]? Downloading http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar ... Failed to clean up lib: /var/opt/gerrit/lib/bcpkix-jdk15on-152.jar !! FAIL !!error: http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar: 302 FoundPlease download:  http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jarand save as:  /var/opt/gerrit/lib/bcpkix-jdk15on-152.jarPress enter to continue Continue without this library  [Y/n]? Generating SSH host key ... rsa(simple)... done*** HTTP Daemon*** Behind reverse proxy           [y/N]? yProxy uses SSL (https://)      [y/N]? Subdirectory on proxy server   [/]: Listen on address              [*]:    Listen on port                 [8081]: 8082Canonical URL                  [http://localhost/]: http://g.example.com*** Plugins*** Installing plugins.Install plugin singleusergroup version v2.12.2 [y/N]? yInstall plugin commit-message-length-validator version v2.12.2 [y/N]? yInstall plugin reviewnotes version v2.12.2 [y/N]? yInstall plugin replication version v2.12.2 [y/N]? yInstall plugin download-commands version v2.12.2 [y/N]? yInitializing plugins.No plugins found with init steps.Initialized /var/opt/gerritExecuting /var/opt/gerrit/bin/gerrit.sh startStarting Gerrit Code Review: OKWaiting for server on g.maidoumi.cn:80 ... OKOpening http://g.example.com/#/admin/projects/ ...FAILEDOpen Gerrit with a JavaScript capable browser:  http://g.example.com/#/admin/projects/

④ After installation is complete, set Gerrit: Add Filegerritcodereview:

vi /etc/default/gerritcodereview

The file content is as follows:

GERRIT_SITE=/var/opt/gerrit

⑤ Start Gerrit and set Gerrit auto-start: Create startup soft chain:

ln -sf /var/opt/gerrit/bin/gerrit.sh /usr/bin/gerrit

Start Gerrit:

gerrit start

Set auto-start:

echo -e 'gerrit start\n' >> /etc/rc.local

6. Set Gerrit authentication: Use the htpasswd command to generate an http Authentication configuration file for management cloud users. If there is no htpasswd file, you need to install the apache2-utils package. Add the admin user's authentication file under/var/opt/gerrit and use admin as the administrator:

cd /var/opt/gerrit && htpasswd -d htpasswd.conf admin

After the password is entered twice, the admin user is added. When you add a gerrit user later, you also need to configure http authentication for the user. After the user logs on, gerrit automatically generates a user account for the user, the name is the same as the http Authentication Name. After the First Login is successful, you will be asked to set basic verification. 7. Set Nginx Proxy:

vi /etc/nginxhost/gerrit.conf

The file content is as follows:

server {        listen       80;        server_name  g.example.com;        ## Don't show the nginx version number, a security best practice        server_tokens off;        include proxy.conf;        include pagespeed.conf;        #error_page  404              /404.html;        # redirect server error pages to the static page /50x.html        #        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }        access_log  /data/log/nginx/gerrit.access.log  main;        error_log   /data/log/nginx/gerrit.error.log;        location / {                auth_basic              "Gerrit2 Code Review";                auth_basic_user_file    /var/opt/gerrit/htpasswd.conf;                proxy_pass              http://127.0.0.1:8082;                proxy_set_header        X-Forwarded-For $remote_addr;                proxy_set_header        Host $host;        }        location /login/ {                proxy_pass              http://127.0.0.1:8082;                proxy_set_header        X-Forwarded-For $remote_addr;                proxy_set_header        Host $host;        }        location ~ .*＼.(gif|jpg|jpeg|png|bmp|swf)$        {                expires       1d;        }        location ~ .*＼.(js|css|html)?$        {                expires       1d;        }}

PS. In the configuration fileproxy.conf;Andpagespeed.confFor more information, see my previous articles. Then restart Nginx and Gerrit:

nginx -s reloadnginx -s reopengerrit restart

So far, the three products required by the CI system have been installed, and then they will be used together.