1 - 前言

Code Review 代碼評審是指在軟件開發過程當中，對源代碼的系統性檢查，改進代碼質量，查找系統缺陷，保證軟件整體質量和提升開發者自身水平。簡單的說，Code Review是用來確認方案設計和代碼實現的質量保證機制。php

2 - Gerrit簡介

Gerrit 是創建在Git版本控制系統之上而且基於Web的一個免費開源的輕量級代碼審查工具。做爲開發者和Git之間的一層屏障，不容許直接將本地修改內容同步到遠程倉庫中。與Jenkins集成後，能夠在每次提交代碼後，人工審覈代碼前，經過Jenkins任務自動運行單元測試、構建以及自動化測試，若是Jenkins任務失敗，會自動打回本次提交。html

通常Git、Gerrit和Jenkins集成後的使用流程java

開發者提交代碼到Gerrit
觸發對應的Jenkins任務，經過之後Verified加1
人工審覈，審覈經過後code review加2，觸發對應的Jenkins任務
經過之後確認本次提交，Gerrit執行與Git倉庫的代碼同步操做
代碼進入Git倉庫

2.1 官網信息

HomePage：https://www.gerritcodereview.com/
Downloads：https://gerrit-releases.storage.googleapis.com/index.html
Docs：https://gerrit-review.googlesource.com/Documentation/
Quickstart：https://gerrit-review.googlesource.com/Documentation/linux-quickstart.html
Issues List：https://bugs.chromium.org/p/gerrit/issues/list

2.2 Training Slides

The following slides explain Git and Gerrit concepts and workflows and are meant for self-studying how Git and Gerrit work:linux

Git explained: Git Concepts and Workflows：https://docs.google.com/presentation/d/1IQCRPHEIX-qKo7QFxsD3V62yhyGA9_5YsYXFOiBpgkk/
Gerrit explained: Gerrit Concepts and Workflows：https://docs.google.com/presentation/d/1C73UgQdzZDw0gzpaEqIC6SPujZJhqamyqO1XOHjH-uk/

3 - 安裝準備

A Unix-based server, including any Linux flavor, MacOS, or Berkeley Software Distribution (BSD). Java SE Runtime Environment version 1.8. Gerrit is not compatible with Java 9 or newer yet.nginx

3.1 Linux、Java、Git

[Anliven@mt101 ~]$ cat /etc/system-release
CentOS Linux release 7.5.1804 (Core) 
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ uname -a
Linux mt101 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ java -version
openjdk version "1.8.0_161"
OpenJDK Runtime Environment (build 1.8.0_161-b14)
OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ git --version
git version 1.8.3.1 
[Anliven@mt101 ~]$

3.2 建立Gerrit帳戶

[Anliven@mt101 ~]$ sudo adduser gerrit
[Anliven@mt101 ~]$ sudo passwd gerrit
Changing password for user gerrit.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[Anliven@mt101 ~]$ su - gerrit
Password: 
[gerrit@mt101 ~]$ git config --global core.quotepath false
[gerrit@mt101 ~]$ git config --global i18n.logoutputencoding utf8
[gerrit@mt101 ~]$ git config --global i18n.commitencoding utf8
[gerrit@mt101 ~]$ git config --list
core.quotepath=false
i18n.logoutputencoding=utf8
i18n.commitencoding=utf8
[gerrit@mt101 ~]$
[gerrit@mt101 ~]$ exit
logout
[Anliven@mt101 ~]$ 
[Anliven@mt101 ~]$ sudo visudo
[Anliven@mt101 ~]$ sudo cat /etc/sudoers |grep gerrit
gerrit    ALL=(ALL)    NOPASSWD: ALL
[Anliven@mt101 ~]$

4 - Gerrit安裝

4.1 官網信息

https://gerrit-releases.storage.googleapis.com/gerrit-3.1.0.war
https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/index.html
Quickstart for Installing Gerrit on Linux：https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/linux-quickstart.html

4.2 安裝並啓動

以java -jar gerrit-3.1.0.war init -d $GERRIT_SITE方式，將會逐個出現配置選項，填寫以下選項配置，其他默認。git

Authentication method [openid/?]: HTTP
Listen on address [*]: 192.168.16.101
Listen on port [8080]: 8083

後續能夠經過配置文件（$GERRIT_SITE/etc/gerrit.config）來更新配置。web

[gerrit@mt101 ~]$ pwd
/home/gerrit
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r-- 1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo java -jar gerrit-3.1.0.war init -d $GERRIT_SITE
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2019-12-10 14:42:35,778] [main] INFO  com.google.gerrit.server.config.GerritServerConfigProvider : No /home/gerrit/gerrit_testsite/etc/gerrit.config; assuming defaults

*** Gerrit Code Review 3.1.0
*** 

Create '/home/gerrit/gerrit_testsite' [Y/n]? 

*** Git Repositories
*** 

Location of Git repositories   [git]: 

*** Index
*** 

Type                           [lucene]: 

*** User Authentication
*** 

Authentication method          [openid/?]: HTTP
Get username from custom HTTP header [y/N]? 
SSO logout URL                 : 
Enable signed push support     [y/N]? 

*** Review Labels
*** 

Install Verified label         [y/N]? 

*** Email Delivery
*** 

SMTP server hostname           [localhost]: 
SMTP server port               [(default)]: 
SMTP encryption                [none/?]: 
SMTP username                  : 

*** Container Process
*** 

Run as                         [root]: 
Java runtime                   [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-2.b14.el7.x86_64/jre]: 
Copy gerrit-3.1.0.war to /home/gerrit/gerrit_testsite/bin/gerrit.war [Y/n]? 
Copying gerrit-3.1.0.war to /home/gerrit/gerrit_testsite/bin/gerrit.war

*** SSH Daemon
*** 

Listen on address              [*]: 
Listen on port                 [29418]: 
Generating SSH host key ... rsa... ed25519... ecdsa 256... ecdsa 384... ecdsa 521... done

*** HTTP Daemon
*** 

Behind reverse proxy           [y/N]? 
Use SSL (https://)             [y/N]? 
Listen on address              [*]: 192.168.16.101
Listen on port                 [8080]: 8083
Canonical URL                  [http://192.168.16.101:8083/]: 

*** Cache
*** 


*** Plugins
*** 

Installing plugins.
Install plugin codemirror-editor version v3.1.0 [y/N]? 
Install plugin commit-message-length-validator version v3.1.0 [y/N]? 
Install plugin delete-project version v3.1.0 [y/N]? 
Install plugin download-commands version v3.1.0 [y/N]? 
Install plugin gitiles version v3.1.0 [y/N]? 
Install plugin hooks version v3.1.0 [y/N]? 
Install plugin plugin-manager version v3.1.0 [y/N]? 
Install plugin replication version v3.1.0 [y/N]? 
Install plugin reviewnotes version v3.1.0 [y/N]? 
Install plugin singleusergroup version v3.1.0 [y/N]? 
Install plugin webhooks version v3.1.0 [y/N]? 
Initializing plugins.
No plugins found with init steps.

Initialized /home/gerrit/gerrit_testsite
Init complete, reindexing projects with: reindex --site-path /home/gerrit/gerrit_tesReindexing projects:    100% (2/2)
Reindexed 2 documents in projects index in 0.2s (11.0/s)
Executing /home/gerrit/gerrit_testsite/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on 192.168.16.101:8083 ... OK
Opening http://192.168.16.101:8083/#/admin/projects/ ...OK
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
drwxr-xr-x 14 root   root        150 Dec 10 13:09 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
drwxr-xr-x 14 root   root        150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll gerrit_testsite/
total 8
drwxr-xr-x 2 root root   84 Dec 10 14:43 bin
drwxr-xr-x 2 root root 4096 Dec 10 14:44 cache
drwxr-xr-x 2 root root    6 Dec 10 14:42 data
drwxr-xr-x 2 root root   78 Dec 10 14:44 db
drwxr-xr-x 3 root root 4096 Dec 10 14:43 etc
drwxr-xr-x 4 root root   51 Dec 10 14:43 git
drwxr-xr-x 6 root root  114 Dec 10 14:43 index
drwxr-xr-x 2 root root    6 Dec 10 14:42 lib
drwxr-xr-x 2 root root  106 Dec 10 14:44 logs
drwxr-xr-x 2 root root    6 Dec 10 14:42 plugins
drwxr-xr-x 2 root root    6 Dec 10 14:42 static
drwx------ 2 root root    6 Dec 10 14:43 tmp
[gerrit@mt101 ~]$

4.3 查看狀態

[gerrit@mt101 ~]$ sudo netstat -ltpn |grep -i gerrit
tcp6       0      0 :::29418                :::*                    LISTEN      8968/GerritCodeRevi 
tcp6       0      0 192.168.16.101:8083     :::*                    LISTEN      8968/GerritCodeRevi 
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo ps -au |grep -i gerrit
root      2909  0.0  0.0 234388  4224 pts/0    S    13:02   0:00 su - gerrit
gerrit    2912  0.0  0.0 116748  3568 pts/0    S    13:02   0:01 -bash
root      8968  9.5  5.8 4693148 464716 pts/0  Sl   14:43   0:27 GerritCodeReview -Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance -Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance -jar /home/gerrit/gerrit_testsite/bin/gerrit.war daemon -d /home/gerrit/gerrit_testsite --run-id=1575960233.8922
gerrit    9183  0.0  0.0 112704  1000 pts/0    S+   14:48   0:00 grep --color=auto -i gerrit
[gerrit@mt101 ~]$

4.4 防火牆開放端口

[gerrit@mt101 ~]$ sudo firewall-cmd --zone=public --permanent --add-port=8083/tcp
success
[gerrit@mt101 ~]$ sudo firewall-cmd --reload
success
[gerrit@mt101 ~]$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3 enp0s8
  sources: 
  services: ssh dhcpv6-client
  ports: 8083/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
    
[gerrit@mt101 ~]$

5 - 經過Nginx設置反向代理

5.1 安裝Nginx

官網步驟：http://nginx.org/en/linux_packages.html#RHEL-CentOSvim

[gerrit@mt101 ~]$ sudo vim /etc/yum.repos.d/nginx.repo
[gerrit@mt101 ~]$ sudo cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo yum -y install nginx
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
nginx-stable                                                 | 2.9 kB  00:00:00     
nginx-stable/7/x86_64/primary_db                             |  50 kB  00:00:09     
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.16.1-1.el7.ngx will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================
 Package       Arch           Version                    Repository            Size
====================================================================================
Installing:
 nginx         x86_64         1:1.16.1-1.el7.ngx         nginx-stable         766 k

Transaction Summary
====================================================================================
Install  1 Package

Total download size: 766 k
Installed size: 2.7 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/nginx-stable/packages/nginx-1.16.1-1.el7.ngx.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
Public key for nginx-1.16.1-1.el7.ngx.x86_64.rpm is not installed
nginx-1.16.1-1.el7.ngx.x86_64.rpm                            | 766 kB  00:02:29     
Retrieving key from https://nginx.org/keys/nginx_signing.key
Importing GPG key 0x7BD9BF62:
 Userid     : "nginx signing key <signing-key@nginx.com>"
 Fingerprint: 573b fd6b 3d8f bc64 1079 a6ab abf5 bd82 7bd9 bf62
 From       : https://nginx.org/keys/nginx_signing.key
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 1:nginx-1.16.1-1.el7.ngx.x86_64                                  1/1 
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/

Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* http://nginx.org/en/support.html

Commercial subscriptions for nginx are available on:
* http://nginx.com/products/

----------------------------------------------------------------------
  Verifying  : 1:nginx-1.16.1-1.el7.ngx.x86_64                                  1/1 

Installed:
  nginx.x86_64 1:1.16.1-1.el7.ngx                                                   

Complete!
[gerrit@mt101 ~]$

5.2 配置Nginx

添加關於gerrit的配置：/etc/nginx/conf.d/gerrit.conf centos

listen：監聽的端口
auth_basic：用於登陸時彈出驗證對話框所顯示的內容
auth_basic_user_file：驗證用戶名和密碼是否匹配的文件
location 部分：表示當用戶訪問83端口時，nginx直接將此請求代理到8083端口上，也就是「反向代理」

並添加以下內容api

location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

[gerrit@mt101 ~]$ sudo vim /etc/nginx/conf.d/gerrit.conf
[gerrit@mt101 ~]$ sudo cat /etc/nginx/conf.d/gerrit.conf
server {
     listen *:83;
     server_name 192.168.16.101;
     allow   all;
     deny    all;

     auth_basic "Welcom to Gerrit Code Review Site!";
     auth_basic_user_file /home/gerrit/gerrit.password;

     location / {
        proxy_pass  http://192.168.16.101:8083;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
     }

     location = /favicon.ico {
        log_not_found off;
        access_log off;
     }
   }
[gerrit@mt101 ~]$

修改Nginx配置文件/etc/nginx/nginx.conf中user參數，修改成root

[gerrit@mt101 ~]$ sudo vim /etc/nginx/nginx.conf
[gerrit@mt101 ~]$ sudo cat /etc/nginx/nginx.conf

user  root;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
[gerrit@mt101 ~]$

修改/etc/nginx/conf.d/default.conf，添加以下內容

location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

[gerrit@mt101 ~]$ sudo vim /etc/nginx/conf.d/default.conf 
[gerrit@mt101 ~]$ sudo cat /etc/nginx/conf.d/default.conf 
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

[gerrit@mt101 ~]$

5.3 防火牆

[gerrit@mt101 ~]$ sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
success
[gerrit@mt101 ~]$ sudo firewall-cmd --zone=public --permanent --add-port=83/tcp
success
[gerrit@mt101 ~]$ sudo firewall-cmd --reload
success
[gerrit@mt101 ~]$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3 enp0s8
  sources: 
  services: ssh dhcpv6-client
  ports: 8083/tcp 80/tcp 83/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
    
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo cat /etc/selinux/config |grep "SELINUX="
# SELINUX= can take one of these three values:
SELINUX=disabled
[gerrit@mt101 ~]$

6 - 更改目錄權限和建立用戶

[gerrit@mt101 ~]$ chmod 755 /home/gerrit/
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67552
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
drwxr-xr-x 14 root   root        150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo htpasswd -c /home/gerrit/gerrit.password admin
New password: 
Re-type new password: 
Adding password for user admin
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo htpasswd -m /home/gerrit/gerrit.password testdemo
New password: 
Re-type new password: 
Adding password for user testdemo
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo chmod 755 gerrit.password 
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ ll
total 67556
-rw-r--r--  1 gerrit gerrit 69172528 Dec 10 13:04 gerrit-3.1.0.war
-rwxr-xr-x  1 root   root         91 Dec 10 14:52 gerrit.password
drwxr-xr-x 14 root   root        150 Dec 10 14:44 gerrit_testsite
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ cat gerrit.password 
admin:$apr1$fQB7h4KA$uhYXP/fEeyfA8GDyA18781
testdemo:$apr1$ETlmCKcz$L5unhKCEx1HRnad7SmPSv.
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo service nginx restart
Redirecting to /bin/systemctl restart nginx.service
[gerrit@mt101 ~]$

7 - 確認Gerrit配置並重啓服務

主配置文件$GERRIT_SITE/etc/gerrit.config

Gerrit Server監聽 8083端口
認證方式爲 HTTP

[gerrit@mt101 ~]$ sudo vim gerrit_testsite/etc/gerrit.config 
[gerrit@mt101 ~]$ sudo cat gerrit_testsite/etc/gerrit.config 
[gerrit]
    basePath = git
    canonicalWebUrl = http://192.168.16.101:8083/
    serverId = 0b911b9e-195a-46b0-a5cd-b407b776b344
[container]
    javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
    javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
    user = root
    javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-2.b14.el7.x86_64/jre
[index]
    type = lucene
[auth]
    type = HTTP
[receive]
    enableSignedPush = false
[sendemail]
    smtpServer = localhost
[sshd]
    listenAddress = *:29418
[httpd]
    listenUrl = http://192.168.16.101:8083/
[cache]
    directory = cache
[gerrit@mt101 ~]$ 
[gerrit@mt101 ~]$ sudo gerrit_testsite/bin/gerrit.sh restart
Stopping Gerrit Code Review: OK
Starting Gerrit Code Review: OK
[gerrit@mt101 ~]$

8 - 登陸頁面

Basic HTTP認證模式不支持Sign Out。須要先Sign Out退出帳號，關閉瀏覽器後再登陸，才能出現HTTP驗證密碼對話框。 http://192.168.16.101:83

8.1 admin用戶

第一個登陸的Gerrit用戶爲管理員，ID爲1000000。

Gerrit - 代碼評審工具Gerrit簡介與安裝