ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 编程语言> 文章详细

docker-compose openldap+phpldapadmin+gerrit安装

2021-04-15 22:35:35  阅读:276  来源: 互联网

标签:compose java com phpldapadmin gerrit LDAP docker data


环境

centos7,192.168.1.55

防火墙检查

systemctl status firewalld
systemctl disable firewalld
systemctl stop firewalld

 

开启路由转发

vim /etc/sysctl.conf
#添加如下内容:
net.ipv4.ip_forward=1
#执行如下命令,生效配置
sysctl -p

 

检查是否安装docker

# 安装依赖包
yum install -y yum-utils   device-mapper-persistent-data   lvm2
# 设置docker源
yum-config-manager     --add-repo     https://download.docker.com/linux/centos/docker-ce.repo
    
# 查看docker版本
yum list docker-ce --showduplicates | sort -r
# 安装docker
# 安装docker最新版本
yum install -y docker-ce docker-ce-cli containerd.io
# 启动docker服务
systemctl enable docker
systemctl start docker
复制代码

 

创建数据存放目录

mkdir /data/system_data/openldap
mkdir /data/system_data/gerrit
chown -R nobody.nobody /data/system_data
chmod -R 777 /data/system_data
    
#注意:以上步骤需要在执行完docker-compose up之后在执行一次
复制代码

 

编写docker-composer

version: '2'
services:
  gerrit:
    image: gerritcodereview/gerrit
    ports:
      - "29418:29418"
      - "8081:8080"
    volumes:
      - /data/system_data/gerrit/etc:/var/gerrit/etc
      - /data/system_data/gerrit/git:/var/gerrit/git
      - /data/system_data/gerrit/db:/var/gerrit/db
      - /data/system_data/gerrit/index:/var/gerrit/index
      - /data/system_data/gerrit/cache:/var/gerrit/cache
    environment:
      - CANONICAL_WEB_URL=http://192.168.1.55:8081
  openldap:
    image: osixia/openldap:latest
    container_name: openldap
    environment:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: "byheart"
      LDAP_DOMAIN: "byheart.com"
      LDAP_BASE_DN: "dc=byheart,dc=com"
      LDAP_ADMIN_PASSWORD: "xxxxxxxx"
      LDAP_CONFIG_PASSWORD: "config"
      LDAP_READONLY_USER: "false"
      LDAP_RFC2307BIS_SCHEMA: "false"
      LDAP_BACKEND: "mdb"
      LDAP_TLS: "true"
      LDAP_TLS_CRT_FILENAME: "ldap.crt"
      LDAP_TLS_KEY_FILENAME: "ldap.key"
      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
      LDAP_TLS_ENFORCE: "false"
      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
      LDAP_TLS_PROTOCOL_MIN: "3.1"
      LDAP_TLS_VERIFY_CLIENT: "demand"
      LDAP_REPLICATION: "false"
      KEEP_EXISTING_CONFIG: "false"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
      LDAP_SSL_HELPER_PREFIX: "ldap"
    tty: true
    stdin_open: true
    volumes:
      - /data/system_data/openldap/var/lib/ldap:/var/lib/ldap
      - /data/system_data/openldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
      - /data/system_data/openldap/container/service/slapd/assets/certs:/container/service/slapd/assets/certs
    ports:
      - "389:389"
      - "636:636"
    domainname: "byheart.com" # important: same as hostname
    hostname: "byheart.com"
  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
      PHPLDAPADMIN_HTTPS: "false"
    ports:
      - "6443:80"
    depends_on:
      - openldap
复制代码

 

执行docker-compose up

第一次执行不建议加上 -d,这样会在控制台实时输出日志,出现错误可以及时看到,比如gerrit就会报错,因为权限的问题,另外需要执行以下步骤:mkdir /data/system_data/gerrit/etc/mail,

chown -R nobody.nobody /data/system_data
chmod -R 777 /data/system_data

 

gerrit配置

[gerrit]
  basePath = git
    canonicalWebUrl = http://192.168.1.55:8081
    serverId = b5136284-cae0-4f61-8b21-798dce18e85a

[index]
  type = LUCENE

[auth]
  type = ldap
  gitBasicAuth = true

[ldap]
  server = ldap://openldap
  username = cn=admin,dc=byheart,dc=com
  password = xxxxxx
  accountBase = dc=byheart,dc=com
  groupBase = ou=Depts,dc=byheart,dc=com
  accountPattern = (&(objectClass=person)(uid=${username}))
  accountFullName = displayName
  accountEmailAddress = mail

[sendemail]
  smtpServer = localhost

[sshd]
  listenAddress = *:29418

[httpd]
  listenUrl = http://*:8080/

[cache]
  directory = cache

[container]
  user = root
    javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
    javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
    javaHome = /usr/lib/jvm/java-11-openjdk-11.0.9.11-2.el8_3.x86_64
    javaOptions = -Djava.security.egd=file:/dev/./urandom
    javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
    javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
    javaOptions = -Djava.security.egd=file:/dev/./urandom
    javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
    javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
    javaOptions = -Djava.security.egd=file:/dev/./urandom
    javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
    javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
复制代码 
# 执行以下命令停掉服务
docker-compose down

# 执行以下命令启动服务
docker-compose up

 

 

phpldapadmin创建用户组

http://192.168.1.55:6443 是phpldapadmin登陆界面

命令行导入两个组

# baseDN.ldif 
dn: ou=Users,dc=byheart,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Users

dn: ou=Depts,dc=byheart,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Depts
复制代码

 

将这个baseDN.ldif拷贝到openldap的容器实例中去

docker cp baseDN.ldif  $containerId:/root/

docker exec -it $containerId /bin/bash

ldapadd -x -h 127.0.0.1:389 -D "cn=admin,dc=byheart,dc=com" -f baseDN.ldif -W

 

创建其他用户组

 

 

 

 点击 Generic: Posix Group 创建用户组

Users

VPN

RDD

PDD

创建用户

 

 

 

 

点击Users用户组,点击Create new entry here,进入如下界面

 

注意:在创建ldap账号的时候使用默认的md5加密方式,否则无法登录成功 gerrit

登陆gerrit

http://192.168.1.55:8081

  • 添加公钥

    [2021-01-21T12:12:57.931Z] [HTTP POST /accounts/self/sshkeys (zhxm from 192.168.1.214)] ERROR com.google.gerrit.httpd.restapi.RestApiServlet : Error in POST /accounts/self/sshkeys: NullPointerException
java.lang.NullPointerException: Null email
    at com.google.gerrit.entities.AutoValue_Address.<init>(AutoValue_Address.java:18)
    at com.google.gerrit.entities.Address.create(Address.java:61)
    at com.google.gerrit.entities.Address.create(Address.java:57)
    at com.google.gerrit.server.mail.send.AddKeySender.init(AddKeySender.java:71)
    at com.google.gerrit.server.mail.send.OutgoingEmail.send(OutgoingEmail.java:115)
    at com.google.gerrit.server.restapi.account.AddSshKey.apply(AddSshKey.java:109)
    at com.google.gerrit.server.restapi.account.AddSshKey.apply(AddSshKey.java:84)
    at com.google.gerrit.server.restapi.account.AddSshKey.apply(AddSshKey.java:52)
    at com.google.gerrit.httpd.restapi.RestApiServlet.lambda$invokeRestCollectionModifyViewWithRetry$10(RestApiServlet.java:866)
    at com.github.rholder.retry.AttemptTimeLimiters$NoAttemptTimeLimit.call(AttemptTimeLimiters.java:78)
    at com.github.rholder.retry.Retryer.call(Retryer.java:160)
    at com.google.gerrit.server.update.RetryHelper.executeWithTimeoutCount(RetryHelper.java:561)
    at com.google.gerrit.server.update.RetryHelper.execute(RetryHelper.java:504)
at com.google.gerrit.server.update.RetryableAction.call(RetryableAction.java:172)
    复制代码

    注意:虽然报错,但是不影响添加成功

参考:

https://gist.github.com/thomasdarimont/d22a616a74b45964106461efb948df9c

https://github.com/GerritCodeReview/docker-gerrit

标签:compose,java,com,phpldapadmin,gerrit,LDAP,docker,data
来源: https://www.cnblogs.com/byheartzhxm/p/14664714.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有