CentOS7 build CI (GitLab + Gerrit + Jenkins) System
1. Install GitLab: ①. Install the required extensions/applications:
yum -y install curl policycoreutils openssh-server openssh-clients postfix cronieyum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui crontabs logwatch logrotate perl-Time-HiRes git cmake libcom_err-devel libcom_err-devel git patch gcc-c++ zlib-devel make autoconf automake libtool bison python python-docutils wget rubysudo systemctl enable sshdsudo systemctl start sshdsudo systemctl enable postfixsudo systemctl start postfixsudo chkconfig postfix on
② Replacing the Ruby Source:
gem sources -r https://rubygems.org/gem sources -a https://ruby.taobao.org/
③ Add a yum source and install it using the yum Source:
I. This is the official yum source and may be slow in China:
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bashsudo yum -y install gitlab-ce
Ii. Use the domestic yum Source: PS. For details about the source content, refer to official instructions: Modify and use the GitLab domestic source. First, add the source file.
sudo vi /etc/yum.repos.d/gitlab_gitlab-ce.repo
Modify source file content:
[gitlab-ce]name=gitlab-cebaseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7repo_gpgcheck=0gpgcheck=0enabled=1gpgkey=https://packages.gitlab.com/gpg.key
Run the following command:
sudo yum makecachesudo yum -y install gitlab-ce
④ Use the default configuration to configure GitLab:
sudo gitlab-ctl reconfigure
⑤ Modify GitLab configurations as needed:
PS. Because the existing Nginx is used as the GitLab server, you must first configure the location of the GitLab configuration file:
/etc/gitlab/gitlab.rb
Because the gitlab domain name is configured in advancehttp://Git.xxx.com
Next, modify/etc/gitlab/gitlab.rb
Note the following in the modification:web_server
The set value is your nginx configuration. Note that there is no space before each line. Note that GitLab uses Ruby and the default port is 8080:
# note the 'https' belowexternal_url 'http://git.xxx.com'# Set the web serverweb_server['external_users'] = ['www']# Disable the built-in nginxnginx['enable'] = false
The above is where the gitlab configuration file needs to be modified. Next, add the nginx Virtual Host
6. Add nginx virtual hosts and support gitlab:
Add gitlab. conf:
vi /usr/local/nginx/conf/vhost/gitlab.conf
Add the following template content to gitlab. conf:
## GitLab#### Modified from nginx http version## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html#### Lines starting with two hashes (##) are comments with information.## Lines starting with one hash (#) are configuration parameters that can be uncommented.###################################### CONTRIBUTING ######################################## If you change this file in a Merge Request, please also create## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests####################################### configuration ######################################### See installation.md#using-https for additional HTTPS configuration details.upstream gitlab-workhorse { server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;}## HTTPS hostserver { listen 80; server_name git.xxx.com; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice root /opt/gitlab/embedded/service/gitlab-rails/public; include pagespeed.conf; ## Individual nginx logs for this GitLab vhost access_log /data/log/nginx/gitlab.access.log; error_log /data/log/nginx/gitlab.error.log; location / { client_max_body_size 0; gzip off; ## https://github.com/gitlabhq/gitlabhq/issues/694 ## Some requests take more than 30 seconds. proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://gitlab-workhorse; }}
7. Modify firewall settings:
# Open tcp port 8080 for the public domain: firewall-cmd -- zone = public -- add-port = 8080/tcp -- permanent # add http service firewall-cmd -- zone = for the public domain public -- add-service = http -- permanent # restart firewall-cmd -- reload
2. Install Jenkins: ①. Install the yum Source:
cd ~&& wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.reposudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
② Install jenkins and modify the startup Port:
sudo yum -y install java jenkins
Modify/etc/sysconfig/jenkins
Configuration:
JENKINS_PORT="8081"
3. Start jenkins and set the startup:
sudo service jenkins start/stop/restartsudo chkconfig jenkins on
④ Modify firewall settings:
firewall-cmd --zone=public --add-port=8081/tcp --permanentfirewall-cmd --zone=public --add-service=http --permanentfirewall-cmd --reload
⑤ Use Nginx as the Web Server:
After the installation is complete, accesshttp://localhost:8080/
You can seejenkins
On the home page, enter the randomly generated password as prompted to log on.jenkins
If you want to use an existing Web server to accessjenkins
, You can perform the following configuration (I use Nginx directly here, the Apache configuration is officially described ),
vi /etc/nginxhost/jenkins.conf
Write the following configuration in the configuration file:
server { listen 80; # Listen on port 80 for IPv4 requests server_name jenkins.xxx.com; server_tokens off; #this is the jenkins web root directory (mentioned in the /etc/default/jenkins file) root /var/run/jenkins/war/; include pagespeed.conf; include proxy.conf; access_log /data/log/nginx/jenkins.access.log; error_log /data/log/nginx/jenkins.error.log; location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" { #rewrite all static files into requests to the root #E.g /static/12345678/css/something.css will become /css/something.css rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; } location /userContent { #have nginx handle all the static requests to the userContent folder files #note : This is the $JENKINS_HOME dir root /var/lib/jenkins/; if (!-f $request_filename){ #this file does not exist, might be a directory or a /**view** url rewrite (.*) /$1 last; break; } sendfile on; } location @jenkins { sendfile off; proxy_pass http://127.0.0.1:8081; proxy_redirect default; } location / { # Optional configuration to detect and redirect iPhones if ($http_user_agent ~* '(iPhone|iPod)') { rewrite ^/$ /view/iphone/ redirect; } try_files $uri @jenkins; }}
Restart Nginx and accesshttp://jenkins.xxx.com
You can accessjenkins
After installing the update plug-in, you will find that the agent update is slow. You can set a new update site without the official update point: ①. First, test whether the update data is available: Accesshttp://mirror.xmission.com/jenkins/updates/current/update-center.json
If the results are obtained, the update point is available. If not accessible, use the official default update source; ② after the test is available, set "Update Site" to the following address in "Manage Jenkins" --> "Manage Plugins" --> "Advanced:
http://mirror.xmission.com/jenkins/updates/current/update-center.json
3. Install Gerrit:
① Download gerrit2.12.2:
cd ~ && wget https://gerrit-releases.storage.googleapis.com/gerrit-2.12.2.war
②. Preparations before installation: Gerrit supports MySQL, PostgreSQL, etc. Here I am using MySQL to find a prompt to create a data table and report an error. If you are not willing to try it again, use PostgreSQL instead, for details about how to install and use PostgreSQL, refer to Centos7 to install PostgreSQL9.5. After installation, create a database for Gerrit.reviewdb
:
createdb -h 127.0.0.1 -p 5432 -U postgres reviewdb
Inputpostgres
The password is used to create a database.reviewdb
③ Install gerrit/var/opt/gerrit
Lower
cd ~ && java -jar gerrit-2.12.2.war init -d /var/opt/gerrit
The operation and display result are as follows:
*** Gerrit Code Review 2.12.2*** Create '/var/opt/gerrit' [Y/n]? y*** Git Repositories*** Location of Git repositories [git]: *** SQL Database*** Database server type [h2]: postgresqlServer hostname [localhost]: Server port [(postgresql default)]: Database name [reviewdb]: Database username [root]: postgrespostgres's password : confirm password : *** Index*** Type [LUCENE/?]: *** User Authentication*** Authentication method [OPENID/?]: httpGet username from custom HTTP header [y/N]? SSO logout URL : Enable signed push support [y/N]? *** Review Labels*** Install Verified label [y/N]? *** Email Delivery*** SMTP server hostname [localhost]: SMTP server port [(default)]: SMTP encryption [NONE/?]: SMTP username : root@localhost.localdomainroot@localhost.localdomain's password : confirm password : *** Container Process*** Run as [root]: Java runtime [/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre]: Copy gerrit-2.12.2.war to /var/opt/gerrit/bin/gerrit.war [Y/n]? Copying gerrit-2.12.2.war to /var/opt/gerrit/bin/gerrit.war*** SSH Daemon*** Listen on address [*]: Listen on port [29418]: Gerrit Code Review is not shipped with Bouncy Castle Crypto SSL v152 If available, Gerrit can take advantage of features in the library, but will also function without it.Download and install it now [Y/n]? Downloading http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar ... Failed to clean up lib: /var/opt/gerrit/lib/bcpkix-jdk15on-152.jar !! FAIL !!error: http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar: 302 FoundPlease download: http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jarand save as: /var/opt/gerrit/lib/bcpkix-jdk15on-152.jarPress enter to continue Continue without this library [Y/n]? Generating SSH host key ... rsa(simple)... done*** HTTP Daemon*** Behind reverse proxy [y/N]? yProxy uses SSL (https://) [y/N]? Subdirectory on proxy server [/]: Listen on address [*]: Listen on port [8081]: 8082Canonical URL [http://localhost/]: http://g.example.com*** Plugins*** Installing plugins.Install plugin singleusergroup version v2.12.2 [y/N]? yInstall plugin commit-message-length-validator version v2.12.2 [y/N]? yInstall plugin reviewnotes version v2.12.2 [y/N]? yInstall plugin replication version v2.12.2 [y/N]? yInstall plugin download-commands version v2.12.2 [y/N]? yInitializing plugins.No plugins found with init steps.Initialized /var/opt/gerritExecuting /var/opt/gerrit/bin/gerrit.sh startStarting Gerrit Code Review: OKWaiting for server on g.maidoumi.cn:80 ... OKOpening http://g.example.com/#/admin/projects/ ...FAILEDOpen Gerrit with a JavaScript capable browser: http://g.example.com/#/admin/projects/
④ After installation is complete, set Gerrit: Add Filegerritcodereview
:
vi /etc/default/gerritcodereview
The file content is as follows:
GERRIT_SITE=/var/opt/gerrit
⑤ Start Gerrit and set Gerrit auto-start: Create startup soft chain:
ln -sf /var/opt/gerrit/bin/gerrit.sh /usr/bin/gerrit
Start Gerrit:
gerrit start
Set auto-start:
echo -e 'gerrit start\n' >> /etc/rc.local
6. Set Gerrit authentication: Use the htpasswd command to generate an http Authentication configuration file for management cloud users. If there is no htpasswd file, you need to install the apache2-utils package. Add the admin user's authentication file under/var/opt/gerrit and use admin as the administrator:
cd /var/opt/gerrit && htpasswd -d htpasswd.conf admin
After the password is entered twice, the admin user is added. When you add a gerrit user later, you also need to configure http authentication for the user. After the user logs on, gerrit automatically generates a user account for the user, the name is the same as the http Authentication Name. After the First Login is successful, you will be asked to set basic verification. 7. Set Nginx Proxy:
vi /etc/nginxhost/gerrit.conf
The file content is as follows:
server { listen 80; server_name g.example.com; ## Don't show the nginx version number, a security best practice server_tokens off; include proxy.conf; include pagespeed.conf; #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } access_log /data/log/nginx/gerrit.access.log main; error_log /data/log/nginx/gerrit.error.log; location / { auth_basic "Gerrit2 Code Review"; auth_basic_user_file /var/opt/gerrit/htpasswd.conf; proxy_pass http://127.0.0.1:8082; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; } location /login/ { proxy_pass http://127.0.0.1:8082; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 1d; } location ~ .*\.(js|css|html)?$ { expires 1d; }}
PS. In the configuration fileproxy.conf;
Andpagespeed.conf
For more information, see my previous articles. Then restart Nginx and Gerrit:
nginx -s reloadnginx -s reopengerrit restart
So far, the three products required by the CI system have been installed, and then they will be used together.