gerrit + ldap or http

这几天在学习配置Gerrit的，gerrit 是一个结合git作code review流程管理的基于web的application。真正配置起来还是遇到了好多问题，我这里就直接把正确的方法写出来了，大家不必走弯路。具体要了解某一方面的原理，请参考相关的链接。

1.  install git

$sudo apt-get install  git-core

2.  install java6

java6
$ java -version     #先查看java的version，已经是1.6就不必重现安装了。
$ sudo add-apt-repository "deb http://cz.archive.Ubuntu.com/ubuntu hardy-updates main multiverse"
$ sudo apt-get update
$ sudo apt-get install sun-java6-jdk
Please remove the repository "deb http://cz.archive.Ubuntu.com/ubuntu hardy-updates main multiverse" after sun-java6-jdk installed immediately.

3.  install openldap

这里用 LDAP 方式作用户认证。

$sudo apt-get install slapd

please refer, https://help.ubuntu.com/11.04/serverguide/openldap-server.html

$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

$vi backend.fxf.com.ldif

# Load dynamic backend modulesdn: cn=module,cn=configobjectClass: olcModuleListcn: moduleolcModulepath: /usr/lib/ldapolcModuleload: back_hdb.la# Database settingsdn: olcDatabase=hdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {1}hdbolcSuffix: dc=fxf,dc=comolcDbDirectory: /var/lib/ldapolcRootDN: cn=admin,dc=fxf,dc=comolcRootPW: secretolcDbConfig: set_cachesize 0 2097152 0olcDbConfig: set_lk_max_objects 1500olcDbConfig: set_lk_max_locks 1500olcDbConfig: set_lk_max_lockers 1500olcDbIndex: objectClass eqolcLastMod: TRUEolcDbCheckpoint: 512 30olcAccess: to attrs=userPassword by dn="cn=admin,dc=fxf,dc=com" write by anonymous auth by self write by * noneolcAccess: to attrs=shadowLastChange by self write by * readolcAccess: to dn.base="" by * readolcAccess: to * by dn="cn=admin,dc=fxf,dc=com" write by * read

$sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.fxf.com.ldif

create a frontend.tieto.com.ldif

# Create top-level object in domain
dn: dc=fxf,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: fxf Organization
dc: fxf
description: LDAP Gerrit

# Admin user.
dn: cn=admin,dc=fxf,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret

dn: ou=people,dc=fxf,dc=com
objectClass: organizationalUnit
ou: people

dn: cn=john,ou=people,dc=fxf,dc=com
objectClass: person

cn:  john
sn: Doe
userPassword: 12345

sudo ldapadd -x -D cn=admin,dc=fxf,dc=com -W -f frontend.fxf.com.ldif

input LDAP password: secret

add a user test01, create test01.ldif

dn: cn=test01,ou=people,dc=fxf,dc=com
objectClass: person

cn: test01
sn: test
userPassword: 12345

sudo ldapadd -x -D cn=admin,dc=fxf,dc=com -W -f test01.ldif

search,

$ ldapsearch -h localhost -xLLL -b "dc=fxf,dc=com" -D "cn=admin,dc=fxf,dc=com"  -w secret

how to delete data,

sudo ladpdelete -h localhost -D "admin,dc=fxf,dc=com, -w secret   cn=test01,ou=people,dc=fxf,dc=com

4. install gerrit

Please refer http://gerrit-documentation.googlecode.com/svn/Documentation

$java -jar gerrit.war init -d /path/to/your/gerrit_application_directory

gerrit.config

[gerrit]
    basePath = git
    canonicalWebUrl = http://127.0.0.1:8080/
[database]
    type = H2
    database = db/ReviewDB
[auth]config
    type = LDAP
[ldap]
    server = ldap://localhost
    username = cn=admin,dc=fxf,dc=com
    accountBase = ou=people,dc=fxf,dc=com
    accountPattern = (&(objectClass=person)(cn=${username}))
    sslVerify = false
[sendemail]
    smtpServer = localhost
[container]
    user = hadoop
    javaHome = /usr/lib/jvm/java-6-sun-1.6.0.26/jre
[sshd]
    listenAddress = *:29418
[httpd]
    listenUrl = http://*:8080/
[cache]
    directory = cache

使用HTTP方式作用户认证

gerrit默认第一个登录的用户作为administrator,有管理的projects和groups的权限。

1. install apache2

$sudo apt-get install apache2

    ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enable/proxy.conf

    ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enable/proxy.load

    ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enable/proxy_http.load

配置apache作为8080的反向代理，反向代理的意思是访问80端口的效果和直接访问8080端口是一样的。

然后在/etc/apache2/httpd.conf中加入下面的内容（ httpd.conf 原始的是个空文件 ）

如果出现ProxyRequests无法识别的错误，应当，

LoadModules proxy_module /usr/lib/apache2/modules/mod_proxy.so

LoadModules proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

    <VirtualHost *>
      ServerName localhost
      ProxyRequests Off
      ProxyVia Off
      ProxyPreserveHost On

      <Proxy *>
            Order deny,allow
            Allow from all
      </Proxy>
     
      <Location /login/>
         AuthType Basic
         AuthName "Gerrit Code Review"
         AuthBasicProvider file
         AuthUserFile /your gerrit installed path/etc/passwords
         Require valid-user
      </Location>

      ProxyPass / http://127.0.0.1:8080/
      ProxyPassReverse / http://127.0.0.1:8080/
    </VirtualHost>

这里需要注意的是2个地方，一是AuthUserFile /home/xx/gerrt_sites/etc/passwords，这个路是指向的是个密码文件。此文件通过命令生成

     $htpasswd /home/xx/gerrt_sites/etc/passwords "gerrit_fisrt_username"

这里的gerrit_fisrt_username就是以后用来登录gerrit的用户名。

3. gerrit configure

    [gerrit]
            basePath = git
            canonicalWebUrl = http://127.0.0.1:8080/  #这项配置一般用真实的ip，比如10.126.39.128，这样在其他机器上访问就不会出现无法定位127.0.0.1的问题。
    [database]
         type = H2
         database = db/ReviewDBt
    [auth]
            type = HTTP
    [sendemail]
            smtpServer = localhost
    [container]
            user = gerrit2
            javaHome = /usr/lib/jvm/java-6-openjdk/jre
    [sshd]
            listenAddress = *:29418
    [httpd]
            listenUrl = proxy-http://127.0.0.1:8080/
    [cache]
            directory = cache