This set of Templates provide all the components to deploy a single Gerrit master and a single Gerrit slave in ECS
Four templates are provided in this example:
cf-cluster
: define the ECS cluster and the networking stackcf-service-master
: define the service stack running Gerrit mastercf-service-slave
: define the service stack running Gerrit slavecf-dns-route
: define the DNS routing for the serviceerror_log
is exported in a Log Group in CloudWatchThe setup.env.template
is an example of setup file for the creation of the stacks.
Before creating the stacks, create a setup.env
in the Makefile
directory and correctly set the value of the environment variables.
This is the list of available parameters:
DOCKER_REGISTRY_URI
: Mandatory. URI of the Docker registry. See the prerequisites section for more details.SSL_CERTIFICATE_ARN
: Mandatory. ARN of the SSL Certificate.CLUSTER_STACK_NAME
: Optional. Name of the cluster stack. gerrit-cluster
by default.SERVICE_MASTER_STACK_NAME
: Optional. Name of the master service stack. gerrit-service-master
by default.SERVICE_SLAVE_STACK_NAME
: Optional. Name of the slave service stack. gerrit-service-slave
by default.DNS_ROUTING_STACK_NAME
: Optional. Name of the DNS routing stack. gerrit-dns-routing
by default.HOSTED_ZONE_NAME
: Optional. Name of the hosted zone. mycompany.com
by default.MASTER_SUBDOMAIN
: Optional. Name of the master sub domain. gerrit-master-demo
by default.SLAVE_SUBDOMAIN
: Optional. Name of the slave sub domain. gerrit-slave-demo
by default.gerrit_secret
by default.CLUSTER_DESIRED_CAPACITY
: Optional. Number of EC2 instances composing the cluster. 1
by default.NOTE: if you are planning to run the monitoring stack, set the CLUSTER_DESIRED_CAPACITY
value to at least 2. The resources provided by a single EC2 instance won't be enough for all the services that will be ran
As a prerequisite to run this stack, you will need:
AWS Secret Manager is a secure way of storing and managing secrets of any type.
The secrets you will have to add are the Gerrit SSH keys and the Register Email Private Key set in secure.config
.
The SSH keys you will need to add are the one usually created and used by Gerrit:
Plus a key used by the replication plugin:
Generate a random bearer token to be used for monitoring with Promtetheus:
openssl rand -hex 20 > prometheus_bearer_token
You will have to create the keys and place them in a directory.
You will need to create a secret and put it in a file called registerEmailPrivateKey
in the same directory of the SSH keys.
You will need to put the admin LDAP password in a file called ldapPassword
in the same directory of the SSH keys.
You will need to put the SMTP password in a file called smtpPassword
in the same directory of the SSH keys.
You can now run the script to upload them to AWS Secret Manager: add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix aws-region-id
When secret_prefix
is omitted, it is set to gerrit_secret
by default.
aws ecr create-repository --repository-name aws-gerrit/gerrit
DOCKER_REGISTRY_URI
gerrit.setup
and set the correct parametersgerrit.setup.template
gerrit.setup
are the same as a normal gerrit.config
./gerrit/plugins
make gerrit-publish
aws ecr create-repository --repository-name aws-gerrit/git-ssh
make git-ssh-publish
aws ecr create-repository --repository-name aws-gerrit/git-daemon
make git-daemon-publish
make create-all
The slave will start with 5 min delay to allow the replication from master of All-Users
and All-Projects
to happen. You can now check in the slave logs to see when the slave is up and running.
NOTE: the creation of the cluster needs an EC2 key pair are useful when you need to connect to the EC2 instances for troubleshooting purposes. The key pair is automatically generated and store them in a pem
file on the current directory. To use when ssh-ing into your instances as follow: ssh -i cluster-keys.pem ec2-user@<ec2_instance_ip>
make delete-all
Get the URL of your Gerrit master instance this way:
aws cloudformation describe-stacks \ --stack-name <SERVICE_MASTER_STACK_NAME> \ | grep -A1 '"OutputKey": "CanonicalWebUrl"' \ | grep OutputValue \ | cut -d'"' -f 4
Similarly for the slave:
aws cloudformation describe-stacks \ --stack-name <SERVICE_SLAVE_STACK_NAME> \ | grep -A1 '"OutputKey": "CanonicalWebUrl"' \ | grep OutputValue \ | cut -d'"' -f 4
Gerrit master instance ports:
8080
29418
Gerrit slave instance ports:
9080
39418
This is a list of external services that you might need to setup your stack and some suggestions on how to easily create them.
If you need to setup a SMTP service Amazon Simple Email Service can be used. Details how setup Amazon SES can be found here.
To correctly setup email notifications Gerrit requires ssl protocol on default port 465 to be enabled on SMTP Server. It is possible to setup Gerrit to talk to standard SMTP port 25 but by default all EC2 instances are blocking it. To enable port 25 please follow this link.
If you need a testing LDAP server you can find details on how to easily create one in the LDAP folder.
If you want to monitor your system, you can add a Prometheus and Grafana stack. Here you can find the details on how to add it.