docker-compose openldap+phpldapadmin+gerrit安装

2021/4/15 22:55:13

本文主要是介绍docker-compose openldap+phpldapadmin+gerrit安装,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

环境

centos7,192.168.1.55

防火墙检查

systemctl status firewalld
systemctl disable firewalld
systemctl stop firewalld

 

开启路由转发

vim /etc/sysctl.conf
#添加如下内容:
net.ipv4.ip_forward=1
#执行如下命令,生效配置
sysctl -p

 

检查是否安装docker

# 安装依赖包
yum install -y yum-utils   device-mapper-persistent-data   lvm2
# 设置docker源
yum-config-manager     --add-repo     https://download.docker.com/linux/centos/docker-ce.repo
    
# 查看docker版本
yum list docker-ce --showduplicates | sort -r
# 安装docker
# 安装docker最新版本
yum install -y docker-ce docker-ce-cli containerd.io
# 启动docker服务
systemctl enable docker
systemctl start docker
复制代码

 

创建数据存放目录

mkdir /data/system_data/openldap
mkdir /data/system_data/gerrit
chown -R nobody.nobody /data/system_data
chmod -R 777 /data/system_data
    
#注意:以上步骤需要在执行完docker-compose up之后在执行一次
复制代码

 

编写docker-composer

version: '2'
services:
  gerrit:
    image: gerritcodereview/gerrit
    ports:
      - "29418:29418"
      - "8081:8080"
    volumes:
      - /data/system_data/gerrit/etc:/var/gerrit/etc
      - /data/system_data/gerrit/git:/var/gerrit/git
      - /data/system_data/gerrit/db:/var/gerrit/db
      - /data/system_data/gerrit/index:/var/gerrit/index
      - /data/system_data/gerrit/cache:/var/gerrit/cache
    environment:
      - CANONICAL_WEB_URL=http://192.168.1.55:8081
  openldap:
    image: osixia/openldap:latest
    container_name: openldap
    environment:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: "byheart"
      LDAP_DOMAIN: "byheart.com"
      LDAP_BASE_DN: "dc=byheart,dc=com"
      LDAP_ADMIN_PASSWORD: "xxxxxxxx"
      LDAP_CONFIG_PASSWORD: "config"
      LDAP_READONLY_USER: "false"
      LDAP_RFC2307BIS_SCHEMA: "false"
      LDAP_BACKEND: "mdb"
      LDAP_TLS: "true"
      LDAP_TLS_CRT_FILENAME: "ldap.crt"
      LDAP_TLS_KEY_FILENAME: "ldap.key"
      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
      LDAP_TLS_ENFORCE: "false"
      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
      LDAP_TLS_PROTOCOL_MIN: "3.1"
      LDAP_TLS_VERIFY_CLIENT: "demand"
      LDAP_REPLICATION: "false"
      KEEP_EXISTING_CONFIG: "false"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
      LDAP_SSL_HELPER_PREFIX: "ldap"
    tty: true
    stdin_open: true
    volumes:
      - /data/system_data/openldap/var/lib/ldap:/var/lib/ldap
      - /data/system_data/openldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
      - /data/system_data/openldap/container/service/slapd/assets/certs:/container/service/slapd/assets/certs
    ports:
      - "389:389"
      - "636:636"
    domainname: "byheart.com" # important: same as hostname
    hostname: "byheart.com"
  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
      PHPLDAPADMIN_HTTPS: "false"
    ports:
      - "6443:80"
    depends_on:
      - openldap
复制代码

 

执行docker-compose up

第一次执行不建议加上 -d,这样会在控制台实时输出日志,出现错误可以及时看到,比如gerrit就会报错,因为权限的问题,另外需要执行以下步骤:mkdir /data/system_data/gerrit/etc/mail,

chown -R nobody.nobody /data/system_data
chmod -R 777 /data/system_data

 

gerrit配置

[gerrit]
  basePath = git
    canonicalWebUrl = http://192.168.1.55:8081
    serverId = b5136284-cae0-4f61-8b21-798dce18e85a

[index]
  type = LUCENE

[auth]
  type = ldap
  gitBasicAuth = true

[ldap]
  server = ldap://openldap
  username = cn=admin,dc=byheart,dc=com
  password = xxxxxx
  accountBase = dc=byheart,dc=com
  groupBase = ou=Depts,dc=byheart,dc=com
  accountPattern = (&(objectClass=person)(uid=${username}))
  accountFullName = displayName
  accountEmailAddress = mail

[sendemail]
  smtpServer = localhost

[sshd]
  listenAddress = *:29418

[httpd]
  listenUrl = http://*:8080/

[cache]
  directory = cache

[container]
  user = root
    javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
    javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
    javaHome = /usr/lib/jvm/java-11-openjdk-11.0.9.11-2.el8_3.x86_64
    javaOptions = -Djava.security.egd=file:/dev/./urandom
    javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
    javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
    javaOptions = -Djava.security.egd=file:/dev/./urandom
    javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
    javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
    javaOptions = -Djava.security.egd=file:/dev/./urandom
    javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
    javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
复制代码
# 执行以下命令停掉服务
docker-compose down

# 执行以下命令启动服务
docker-compose up

 

 

phpldapadmin创建用户组

http://192.168.1.55:6443 是phpldapadmin登陆界面

命令行导入两个组

# baseDN.ldif 
dn: ou=Users,dc=byheart,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Users

dn: ou=Depts,dc=byheart,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Depts
复制代码

 

将这个baseDN.ldif拷贝到openldap的容器实例中去

docker cp baseDN.ldif  $containerId:/root/

docker exec -it $containerId /bin/bash

ldapadd -x -h 127.0.0.1:389 -D "cn=admin,dc=byheart,dc=com" -f baseDN.ldif -W

 

创建其他用户组

 

 

 

 点击 Generic: Posix Group 创建用户组

Users

VPN

RDD

PDD

创建用户

 

 

 

 

点击Users用户组,点击Create new entry here,进入如下界面

 

注意:在创建ldap账号的时候使用默认的md5加密方式,否则无法登录成功 gerrit

登陆gerrit

http://192.168.1.55:8081

  • 添加公钥

    [2021-01-21T12:12:57.931Z] [HTTP POST /accounts/self/sshkeys (zhxm from 192.168.1.214)] ERROR com.google.gerrit.httpd.restapi.RestApiServlet : Error in POST /accounts/self/sshkeys: NullPointerException
    java.lang.NullPointerException: Null email
        at com.google.gerrit.entities.AutoValue_Address.<init>(AutoValue_Address.java:18)
        at com.google.gerrit.entities.Address.create(Address.java:61)
        at com.google.gerrit.entities.Address.create(Address.java:57)
        at com.google.gerrit.server.mail.send.AddKeySender.init(AddKeySender.java:71)
        at com.google.gerrit.server.mail.send.OutgoingEmail.send(OutgoingEmail.java:115)
        at com.google.gerrit.server.restapi.account.AddSshKey.apply(AddSshKey.java:109)
        at com.google.gerrit.server.restapi.account.AddSshKey.apply(AddSshKey.java:84)
        at com.google.gerrit.server.restapi.account.AddSshKey.apply(AddSshKey.java:52)
        at com.google.gerrit.httpd.restapi.RestApiServlet.lambda$invokeRestCollectionModifyViewWithRetry$10(RestApiServlet.java:866)
        at com.github.rholder.retry.AttemptTimeLimiters$NoAttemptTimeLimit.call(AttemptTimeLimiters.java:78)
        at com.github.rholder.retry.Retryer.call(Retryer.java:160)
        at com.google.gerrit.server.update.RetryHelper.executeWithTimeoutCount(RetryHelper.java:561)
        at com.google.gerrit.server.update.RetryHelper.execute(RetryHelper.java:504)
    at com.google.gerrit.server.update.RetryableAction.call(RetryableAction.java:172)
    复制代码

    注意:虽然报错,但是不影响添加成功

参考:

https://gist.github.com/thomasdarimont/d22a616a74b45964106461efb948df9c

https://github.com/GerritCodeReview/docker-gerrit



这篇关于docker-compose openldap+phpldapadmin+gerrit安装的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!


扫一扫关注最新编程教程