gerrit + ldap or http
来源:互联网 发布:机械三维设计软件课程 编辑:程序博客网 时间:2024/05/17 06:04
这几天在学习配置Gerrit的,gerrit 是一个结合git作code review流程管理的基于web的application。真正配置起来还是遇到了好多问题,我这里就直接把正确的方法写出来了,大家不必走弯路。具体要了解某一方面的原理,请参考相关的链接。
1. install git
$sudo apt-get install git-core
2. install java6
java6
$ java -version #先查看java的version,已经是1.6就不必重现安装了。
$ sudo add-apt-repository "deb http://cz.archive.Ubuntu.com/ubuntu hardy-updates main multiverse"
$ sudo apt-get update
$ sudo apt-get install sun-java6-jdk
Please remove the repository "deb http://cz.archive.Ubuntu.com/ubuntu hardy-updates main multiverse" after sun-java6-jdk installed immediately.
3. install openldap
这里用 LDAP 方式作用户认证。
$sudo apt-get install slapd
please refer, https://help.ubuntu.com/11.04/serverguide/openldap-server.html
$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
$vi backend.fxf.com.ldif
# Load dynamic backend modulesdn: cn=module,cn=configobjectClass: olcModuleListcn: moduleolcModulepath: /usr/lib/ldapolcModuleload: back_hdb.la# Database settingsdn: olcDatabase=hdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {1}hdbolcSuffix: dc=fxf,dc=comolcDbDirectory: /var/lib/ldapolcRootDN: cn=admin,dc=fxf,dc=comolcRootPW: secretolcDbConfig: set_cachesize 0 2097152 0olcDbConfig: set_lk_max_objects 1500olcDbConfig: set_lk_max_locks 1500olcDbConfig: set_lk_max_lockers 1500olcDbIndex: objectClass eqolcLastMod: TRUEolcDbCheckpoint: 512 30olcAccess: to attrs=userPassword by dn="cn=admin,dc=fxf,dc=com" write by anonymous auth by self write by * noneolcAccess: to attrs=shadowLastChange by self write by * readolcAccess: to dn.base="" by * readolcAccess: to * by dn="cn=admin,dc=fxf,dc=com" write by * read
$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.fxf.com.ldif
create a frontend.tieto.com.ldif
# Create top-level object in domain
dn: dc=fxf,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: fxf Organization
dc: fxf
description: LDAP Gerrit
# Admin user.
dn: cn=admin,dc=fxf,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret
dn: ou=people,dc=fxf,dc=com
objectClass: organizationalUnit
ou: people
dn: cn=john,ou=people,dc=fxf,dc=com
objectClass: person
cn: john
sn: Doe
userPassword: 12345
sudo ldapadd -x -D cn=admin,dc=fxf,dc=com -W -f frontend.fxf.com.ldif
input LDAP password: secret
add a user test01, create test01.ldif
dn: cn=test01,ou=people,dc=fxf,dc=com
objectClass: person
cn: test01
sn: test
userPassword: 12345
sudo ldapadd -x -D cn=admin,dc=fxf,dc=com -W -f test01.ldif
search,
$ ldapsearch -h localhost -xLLL -b "dc=fxf,dc=com" -D "cn=admin,dc=fxf,dc=com" -w secret
how to delete data,
sudo ladpdelete -h localhost -D "admin,dc=fxf,dc=com, -w secret cn=test01,ou=people,dc=fxf,dc=com
4. install gerrit
Please refer http://gerrit-documentation.googlecode.com/svn/Documentation
$java -jar gerrit.war init -d /path/to/your/gerrit_application_directory
gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://127.0.0.1:8080/
[database]
type = H2
database = db/ReviewDB
[auth]config
type = LDAP
[ldap]
server = ldap://localhost
username = cn=admin,dc=fxf,dc=com
accountBase = ou=people,dc=fxf,dc=com
accountPattern = (&(objectClass=person)(cn=${username}))
sslVerify = false
[sendemail]
smtpServer = localhost
[container]
user = hadoop
javaHome = /usr/lib/jvm/java-6-sun-1.6.0.26/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8080/
[cache]
directory = cache
使用HTTP方式作用户认证
gerrit默认第一个登录的用户作为administrator,有管理的projects和groups的权限。
1. install apache2
$sudo apt-get install apache2
ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enable/proxy.conf
ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enable/proxy.load
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enable/proxy_http.load
配置apache作为8080的反向代理,反向代理的意思是访问80端口的效果和直接访问8080端口是一样的。
然后在/etc/apache2/httpd.conf中加入下面的内容( httpd.conf 原始的是个空文件 )
如果出现ProxyRequests无法识别的错误,应当,
LoadModules proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModules proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
<VirtualHost *>
ServerName localhost
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /login/>
AuthType Basic
AuthName "Gerrit Code Review"
AuthBasicProvider file
AuthUserFile /your gerrit installed path/etc/passwords
Require valid-user
</Location>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
这里需要注意的是2个地方,一是AuthUserFile /home/xx/gerrt_sites/etc/passwords,这个路是指向的是个密码文件。此文件通过命令生成
$htpasswd /home/xx/gerrt_sites/etc/passwords "gerrit_fisrt_username"
这里的gerrit_fisrt_username就是以后用来登录gerrit的用户名。
3. gerrit configure
[gerrit]
basePath = git
canonicalWebUrl = http://127.0.0.1:8080/ #这项配置一般用真实的ip,比如10.126.39.128,这样在其他机器上访问就不会出现无法定位127.0.0.1的问题。
[database]
type = H2
database = db/ReviewDBt
[auth]
type = HTTP
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-6-openjdk/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://127.0.0.1:8080/
[cache]
directory = cache
- gerrit + ldap or http
- Gerrit+Ldap登陆验证
- gerrit http
- LDAP + redmine + gerrit + jenkins + gitlab -- LDAP配置
- Gerrit服务器的搭建(Git+Gerrit+PostgreSQL+LDAP)
- LDAP + Gerrit搭建code review系统(三) --- Gerrit
- LDAP + Gerrit搭建code review系统(二) --- LDAP
- 安装gerrit+http
- GERRIT http验证配置
- gerrit+http+2
- Gerrit配置(http+postgresql+nginx)
- LDAP + Gerrit搭建code review系统(一) --- 简介
- LDAP + Gerrit搭建code review系统(四) --- backup备份
- LDAP + redmine + gerrit + jenkins + gitlab -- 添加已有git仓库到gerrit
- LDAP + redmine + gerrit + jenkins + gitlab -- 使用LAM(LDAP Account Manager)管理用户
- gerrit
- Gerrit
- gerrit
- 走进移动支付:开启物联网时代的商务之门
- VBO、FBO、PBO 学习总结贴 (OpenGL ES)
- 求余yu求模
- poj 2141 水题 Message Decoding
- mysql 日常总结
- gerrit + ldap or http
- H.264编码过程
- 制作Win7 U盘安装盘出错!
- C++使用VS2010导出Excel的方法及步骤
- Xml帮助类
- iOS学习之UIPickerView控件的简单使用
- ORACLE PL/SQL编程之八:把触发器说透
- C# 获取AD组中的用户信息
- 众数问题