Gerrit - 代码评审工具Gerrit简介与安装

时间  2021-02-15 标签 php html java linux nginx git web vim centos api

1 - 前言

Code Review 代码评审是指在软件开发过程当中,对源代码的系统性检查,改进代码质量,查找系统缺陷,保证软件整体质量和提升开发者自身水平。 简单的说,Code Review是用来确认方案设计和代码实现的质量保证机制。php

2 - Gerrit简介

Gerrit 是创建在Git版本控制系统之上而且基于Web的一个免费开源的轻量级代码审查工具。 做为开发者和Git之间的一层屏障,不容许直接将本地修改内容同步到远程仓库中。 与Jenkins集成后,能够在每次提交代码后,人工审核代码前,经过Jenkins任务自动运行单元测试、构建以及自动化测试,若是Jenkins任务失败,会自动打回本次提交。html

通常Git、Gerrit和Jenkins集成后的使用流程java

  1. 开发者提交代码到Gerrit
  2. 触发对应的Jenkins任务,经过之后Verified加1
  3. 人工审核,审核经过后code review加2,触发对应的Jenkins任务
  4. 经过之后确认本次提交,Gerrit执行与Git仓库的代码同步操做
  5. 代码进入Git仓库

2.1 官网信息

2.2 Training Slides

The following slides explain Git and Gerrit concepts and workflows and are meant for self-studying how Git and Gerrit work:linux

3 - 安装准备

A Unix-based server, including any Linux flavor, MacOS, or Berkeley Software Distribution (BSD). Java SE Runtime Environment version 1.8. Gerrit is not compatible with Java 9 or newer yet.nginx

3.1 Linux、Java、Git

[Anliven@mt101 ~]$ cat /etc/system-release
CentOS Linux release 7.5.1804 (Core) 
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ uname -a
Linux mt101 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ java -version
openjdk version "1.8.0_161"
OpenJDK Runtime Environment (build 1.8.0_161-b14)
OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ git --version
git version 1.8.3.1 
[Anliven@mt101 ~]$

3.2 建立Gerrit帐户

[Anliven@mt101 ~]$ sudo adduser gerrit
[Anliven@mt101 ~]$ sudo passwd gerrit
Changing password for user gerrit.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[Anliven@mt101 ~]$ su - gerrit
Password: 
[gerrit@mt101 ~]$ git config --global core.quotepath false
[gerrit@mt101 ~]$ git config --global i18n.logoutputencoding utf8
[gerrit@mt101 ~]$ git config --global i18n.commitencoding utf8
[gerrit@mt101 ~]$ git config --list
core.quotepath=false
i18n.logoutputencoding=utf8
i18n.commitencoding=utf8
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ exit
logout
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ sudo visudo
[Anliven@mt101 ~]$ sudo cat /etc/sudoers |grep gerrit
gerrit    ALL=(ALL)    NOPASSWD: ALL
[Anliven@mt101 ~]$

4 - Gerrit安装

4.1 官网信息

4.2 安装并启动

java -jar gerrit-3.1.0.war init  -d $GERRIT_SITE方式,将会逐个出现配置选项,填写以下选项配置,其他默认。git

  • Authentication method [openid/?]: HTTP
  • Listen on address [*]: 192.168.16.101
  • Listen on port [8080]: 8083

后续能够经过配置文件($GERRIT_SITE/etc/gerrit.config)来更新配置。web

[gerrit@mt101 ~]$ pwd
/home/gerrit
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r-- 1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo java -jar gerrit-3.1.0.war init -d $GERRIT_SITE
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2019-12-10 14:42:35,778] [main] INFO  com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/gerrit_testsite/etc/gerrit.config; assuming defaults
​
*** Gerrit Code Review 3.1.0
*** 
​
Create '/home/gerrit/gerrit_testsite' [Y/n]? 
​
*** Git Repositories
*** 
​
Location of Git repositories   [git]: 
​
*** Index
*** 
​
Type                           [lucene]: 
​
*** User Authentication
*** 
​
Authentication method          [openid/?]: HTTP
Get username from custom HTTP header [y/N]? 
SSO logout URL                 : 
Enable signed push support     [y/N]? 
​
*** Review Labels
*** 
​
Install Verified label         [y/N]? 
​
*** Email Delivery
*** 
​
SMTP server hostname           [localhost]: 
SMTP server port               [(default)]: 
SMTP encryption                [none/?]: 
SMTP username                  : 
​
*** Container Process
*** 
​
Run as                         [root]: 
Java runtime                   [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-2.b14.el7.x86_64/jre]: 
Copy gerrit-3.1.0.war to /home/gerrit/gerrit_testsite/bin/gerrit.war [Y/n]? 
Copying gerrit-3.1.0.war to /home/gerrit/gerrit_testsite/bin/gerrit.war
​
*** SSH Daemon
*** 
​
Listen on address              [*]: 
Listen on port                 [29418]: 
Generating SSH host key ... rsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done
​
*** HTTP Daemon
*** 
​
Behind reverse proxy           [y/N]? 
Use SSL (https://)             [y/N]? 
Listen on address              [*]: 192.168.16.101
Listen on port                 [8080]: 8083
Canonical URL                  [http://192.168.16.101:8083/]: 
​
*** Cache
*** 
​
​
*** Plugins
*** 
​
Installing plugins.
Install plugin codemirror-editor version v3.1.0 [y/N]? 
Install plugin commit-message-length-validator version v3.1.0 [y/N]? 
Install plugin delete-project version v3.1.0 [y/N]? 
Install plugin download-commands version v3.1.0 [y/N]? 
Install plugin gitiles version v3.1.0 [y/N]? 
Install plugin hooks version v3.1.0 [y/N]? 
Install plugin plugin-manager version v3.1.0 [y/N]? 
Install plugin replication version v3.1.0 [y/N]? 
Install plugin reviewnotes version v3.1.0 [y/N]? 
Install plugin singleusergroup version v3.1.0 [y/N]? 
Install plugin webhooks version v3.1.0 [y/N]? 
Initializing plugins.
No plugins found with init steps.
​
Initialized /home/gerrit/gerrit_testsite
Init complete, reindexing projects with: reindex --site-path /home/gerrit/gerrit_tesReindexing projects:    100% (2/2)
Reindexed 2 documents in projects index in 0.2s (11.0/s)
Executing /home/gerrit/gerrit_testsite/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on 192.168.16.101:8083 ... OK
Opening http://192.168.16.101:8083/#/admin/projects/ ...OK
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
drwxr-xr-x 14 root   root        150 Dec 10 13:09 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
drwxr-xr-x 14 root   root        150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll gerrit_testsite/
total 8
drwxr-xr-x 2 root root   84 Dec 10 14:43 bin
drwxr-xr-x 2 root root 4096 Dec 10 14:44 cache
drwxr-xr-x 2 root root    6 Dec 10 14:42 data
drwxr-xr-x 2 root root   78 Dec 10 14:44 db
drwxr-xr-x 3 root root 4096 Dec 10 14:43 etc
drwxr-xr-x 4 root root   51 Dec 10 14:43 git
drwxr-xr-x 6 root root  114 Dec 10 14:43 index
drwxr-xr-x 2 root root    6 Dec 10 14:42 lib
drwxr-xr-x 2 root root  106 Dec 10 14:44 logs
drwxr-xr-x 2 root root    6 Dec 10 14:42 plugins
drwxr-xr-x 2 root root    6 Dec 10 14:42 static
drwx------ 2 root root    6 Dec 10 14:43 tmp
[gerrit@mt101 ~]$

4.3 查看状态

[gerrit@mt101 ~]$ sudo netstat -ltpn |grep -i gerrit
tcp6       0      0 :::29418                :::*                    LISTEN      8968/GerritCodeRevi 
tcp6       0      0 192.168.16.101:8083     :::*                    LISTEN      8968/GerritCodeRevi 
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo ps -au |grep -i gerrit
root      2909  0.0  0.0 234388  4224 pts/0    S    13:02   0:00 su - gerrit
gerrit    2912  0.0  0.0 116748  3568 pts/0    S    13:02   0:01 -bash
root      8968  9.5  5.8 4693148 464716 pts/0  Sl   14:43   0:27 GerritCodeReview -Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance -Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance -jar /home/gerrit/gerrit_testsite/bin/gerrit.war daemon -d /home/gerrit/gerrit_testsite --run-id=1575960233.8922
gerrit    9183  0.0  0.0 112704  1000 pts/0    S+   14:48   0:00 grep --color=auto -i gerrit
[gerrit@mt101 ~]$

4.4 防火墙开放端口

[gerrit@mt101 ~]$ sudo firewall-cmd --zone=public --permanent --add-port=8083/tcp
success
[gerrit@mt101 ~]$ sudo firewall-cmd --reload
success
[gerrit@mt101 ~]$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3 enp0s8
  sources: 
  services: ssh dhcpv6-client
  ports: 8083/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
    
[gerrit@mt101 ~]$

5 - 经过Nginx设置反向代理

5.1 安装Nginx

官网步骤:http://nginx.org/en/linux_packages.html#RHEL-CentOSvim

[gerrit@mt101 ~]$ sudo vim /etc/yum.repos.d/nginx.repo
[gerrit@mt101 ~]$ sudo cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
​
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo yum -y install nginx
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
nginx-stable                                                 | 2.9 kB  00:00:00     
nginx-stable/7/x86_64/primary_db                             |  50 kB  00:00:09     
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.16.1-1.el7.ngx will be installed
--> Finished Dependency Resolution
​
Dependencies Resolved
​
====================================================================================
 Package       Arch           Version                    Repository            Size
====================================================================================
Installing:
 nginx         x86_64         1:1.16.1-1.el7.ngx         nginx-stable         766 k
​
Transaction Summary
====================================================================================
Install  1 Package
​
Total download size: 766 k
Installed size: 2.7 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/nginx-stable/packages/nginx-1.16.1-1.el7.ngx.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
Public key for nginx-1.16.1-1.el7.ngx.x86_64.rpm is not installed
nginx-1.16.1-1.el7.ngx.x86_64.rpm                            | 766 kB  00:02:29     
Retrieving key from https://nginx.org/keys/nginx_signing.key
Importing GPG key 0x7BD9BF62:
 Userid     : "nginx signing key <signing-key@nginx.com>"
 Fingerprint: 573b fd6b 3d8f bc64 1079 a6ab abf5 bd82 7bd9 bf62
 From       : https://nginx.org/keys/nginx_signing.key
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 1:nginx-1.16.1-1.el7.ngx.x86_64                                  1/1 
----------------------------------------------------------------------
​
Thanks for using nginx!
​
Please find the official documentation for nginx here:
* http://nginx.org/en/docs/
​
Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* http://nginx.org/en/support.html
​
Commercial subscriptions for nginx are available on:
* http://nginx.com/products/
​
----------------------------------------------------------------------
  Verifying  : 1:nginx-1.16.1-1.el7.ngx.x86_64                                  1/1 
​
Installed:
  nginx.x86_64 1:1.16.1-1.el7.ngx                                                   
​
Complete!
[gerrit@mt101 ~]$

5.2 配置Nginx

添加关于gerrit的配置:/etc/nginx/conf.d/gerrit.conf centos

  • listen:监听的端口
  • auth_basic:用于登陆时弹出验证对话框所显示的内容
  • auth_basic_user_file:验证用户名和密码是否匹配的文件
  • location 部分:表示当用户访问83端口时,nginx直接将此请求代理到8083端口上,也就是“反向代理”

并添加以下内容api

location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
[gerrit@mt101 ~]$ sudo vim /etc/nginx/conf.d/gerrit.conf
[gerrit@mt101 ~]$ sudo cat /etc/nginx/conf.d/gerrit.conf
server {
     listen *:83;
     server_name 192.168.16.101;
     allow   all;
     deny    all;
​
     auth_basic "Welcom to Gerrit Code Review Site!";
     auth_basic_user_file /home/gerrit/gerrit.password;
​
     location / {
        proxy_pass  http://192.168.16.101:8083;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
     }
​
     location = /favicon.ico {
        log_not_found off;
        access_log off;
     }
   }
[gerrit@mt101 ~]$

修改Nginx配置文件/etc/nginx/nginx.conf中user参数,修改成root

[gerrit@mt101 ~]$ sudo vim /etc/nginx/nginx.conf
[gerrit@mt101 ~]$ sudo cat /etc/nginx/nginx.conf
​
user  root;
worker_processes  1;
​
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
​
​
events {
    worker_connections  1024;
}
​
​
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
​
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
​
    access_log  /var/log/nginx/access.log  main;
​
    sendfile        on;
    #tcp_nopush     on;
​
    keepalive_timeout  65;
​
    #gzip  on;
​
    include /etc/nginx/conf.d/*.conf;
}
[gerrit@mt101 ~]$

修改/etc/nginx/conf.d/default.conf,添加以下内容

location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
[gerrit@mt101 ~]$ sudo vim /etc/nginx/conf.d/default.conf 
[gerrit@mt101 ~]$ sudo cat /etc/nginx/conf.d/default.conf 
server {
    listen       80;
    server_name  localhost;
​
    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;
​
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
​
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
​
    #error_page  404              /404.html;
​
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
​
    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}
​
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}
​
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
​
[gerrit@mt101 ~]$

5.3 防火墙

[gerrit@mt101 ~]$ sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
success
[gerrit@mt101 ~]$ sudo firewall-cmd --zone=public --permanent --add-port=83/tcp
success
[gerrit@mt101 ~]$ sudo firewall-cmd --reload
success
[gerrit@mt101 ~]$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3 enp0s8
  sources: 
  services: ssh dhcpv6-client
  ports: 8083/tcp 80/tcp 83/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
    
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo cat /etc/selinux/config |grep "SELINUX="
# SELINUX= can take one of these three values:
SELINUX=disabled
[gerrit@mt101 ~]$

6 - 更改目录权限和建立用户

[gerrit@mt101 ~]$ chmod 755 /home/gerrit/
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
drwxr-xr-x 14 root   root        150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo htpasswd -c /home/gerrit/gerrit.password admin
New password: 
Re-type new password: 
Adding password for user admin
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo htpasswd -m /home/gerrit/gerrit.password testdemo
New password: 
Re-type new password: 
Adding password for user testdemo
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo chmod 755 gerrit.password 
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67556
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
-rwxr-xr-x  1 root   root         91 Dec 10 14:52 gerrit.password
drwxr-xr-x 14 root   root        150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ cat gerrit.password 
admin:$apr1$fQB7h4KA$uhYXP/fEeyfA8GDyA18781
testdemo:$apr1$ETlmCKcz$L5unhKCEx1HRnad7SmPSv.
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo service nginx restart
Redirecting to /bin/systemctl restart nginx.service
[gerrit@mt101 ~]$

7 - 确认Gerrit配置并重启服务

主配置文件$GERRIT_SITE/etc/gerrit.config

  • Gerrit Server监听 8083端口
  • 认证方式为 HTTP
[gerrit@mt101 ~]$ sudo vim gerrit_testsite/etc/gerrit.config 
[gerrit@mt101 ~]$ sudo cat gerrit_testsite/etc/gerrit.config 
[gerrit]
    basePath = git
    canonicalWebUrl = http://192.168.16.101:8083/
    serverId = 0b911b9e-195a-46b0-a5cd-b407b776b344
[container]
    javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
    javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
    user = root
    javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-2.b14.el7.x86_64/jre
[index]
    type = lucene
[auth]
    type = HTTP
[receive]
    enableSignedPush = false
[sendemail]
    smtpServer = localhost
[sshd]
    listenAddress = *:29418
[httpd]
    listenUrl = http://192.168.16.101:8083/
[cache]
    directory = cache
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo gerrit_testsite/bin/gerrit.sh restart
Stopping Gerrit Code Review: OK
Starting Gerrit Code Review: OK
[gerrit@mt101 ~]$

8 - 登陆页面

Basic HTTP认证模式不支持Sign Out。 须要先Sign Out退出帐号,关闭浏览器后再登陆,才能出现HTTP验证密码对话框。 http://192.168.16.101:83

8.1 admin用户

第一个登陆的Gerrit用户为管理员,ID为1000000。

8.2 普通用户

联系我们 沪ICP备2021010478号-7