Allow to configure Gerrit SMTP port and SMTP encryption
Currently SMTP encryption is hardcoded to 'ssl' and default port 465.
Feature: Issue 13272
Change-Id: I88ae1ed636dd0b671014b75cb35098943af1935f
diff --git a/Configuration.md b/Configuration.md
index 0d85b3e..9afdbb4 100644
--- a/Configuration.md
+++ b/Configuration.md
@@ -94,8 +94,18 @@
* `SMTP_SERVER`: Mandatory. Hostname (or IP address) of a SMTP server that will relay messages generated by Gerrit to end users
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpServer)
+* `SMTP_SERVER_PORT`: Optional. Port number of the SMTP server.
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpServerPort)
+ Default: 465
* `SMTP_USER`: Mandatory. User name to authenticate with
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpUser)
* `SMTP_DOMAIN`: Mandatory. Domain to be used in the "From" field of any generated email messages
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.from)
+* SMTP_ENCRYPTION : Optional. Specify the encryption to use, either 'ssl', 'tls' or 'none'
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpEncryption)
+ Default: ssl
+* SMTP_SSL_VERIFY: Optional. If false and SMTP_ENCRYPTION is 'ssl' or 'tls', Gerrit will not verify the server certificate
+ when it connects to send an email message.
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.sslVerify)
+ Default: false
diff --git a/Makefile.common b/Makefile.common
index 7b1caf5..202fab1 100644
--- a/Makefile.common
+++ b/Makefile.common
@@ -38,4 +38,15 @@
endif
ifdef METRICS_CLOUDWATCH_EXCLUDE_METRICS_LIST
$(eval METRICS_CW_OPTIONAL_PARAMS := $(METRICS_CW_OPTIONAL_PARAMS) ParameterKey=MetricsCloudwatchExcludeMetrics,ParameterValue=\"$(METRICS_CLOUDWATCH_EXCLUDE_METRICS_LIST)\")
+endif
+
+set-optional-params-smtp:
+ifdef SMTP_SERVER_PORT
+ $(eval SMTP_OPTIONAL_PARAMS := $(SMTP_OPTIONAL_PARAMS) ParameterKey=SMTPServerPort,ParameterValue=$(SMTP_SERVER_PORT))
+endif
+ifdef SMTP_ENCRYPTION
+ $(eval SMTP_OPTIONAL_PARAMS := $(SMTP_OPTIONAL_PARAMS) ParameterKey=SMTPEncryption,ParameterValue=$(SMTP_ENCRYPTION))
+endif
+ifdef SMTP_SSL_VERIFY
+ $(eval SMTP_OPTIONAL_PARAMS := $(SMTP_OPTIONAL_PARAMS) ParameterKey=SMTPSslVerify,ParameterValue=$(SMTP_SSL_VERIFY))
endif
\ No newline at end of file
diff --git a/common.env b/common.env
index 13860af..9411c5b 100644
--- a/common.env
+++ b/common.env
@@ -28,3 +28,4 @@
# Elastic Container Service
CLUSTER_STACK_NAME:=$(AWS_PREFIX)-cluster
+
diff --git a/dual-master/Makefile b/dual-master/Makefile
index acc64ef..a8d9113 100644
--- a/dual-master/Makefile
+++ b/dual-master/Makefile
@@ -50,7 +50,7 @@
ParameterKey=SubnetIdProp,ParameterValue=$(SUBNET_ID) \
$(CLUSTER_OPTIONAL_PARAMS)
-service-master-1: set-optional-params-metrics-cloudwatch
+service-master-1: set-optional-params-metrics-cloudwatch set-optional-params-smtp
ifdef GERRIT_MASTER1_INSTANCE_ID
$(eval MASTER1_SERVICE_OPTIONAL_PARAMS := $(MASTER1_SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_MASTER1_INSTANCE_ID))
endif
@@ -92,9 +92,10 @@
ParameterKey=GerritHeapLimit,ParameterValue=$(GERRIT_HEAP_LIMIT) \
ParameterKey=JgitCacheSize,ParameterValue=$(JGIT_CACHE_SIZE) \
$(MASTER1_SERVICE_OPTIONAL_PARAMS) \
- $(METRICS_CW_OPTIONAL_PARAMS)
+ $(METRICS_CW_OPTIONAL_PARAMS) \
+ $(SMTP_OPTIONAL_PARAMS)
-service-master-2: set-optional-params-metrics-cloudwatch
+service-master-2: set-optional-params-metrics-cloudwatch set-optional-params-smtp
ifdef GERRIT_MASTER2_INSTANCE_ID
$(eval MASTER2_SERVICE_OPTIONAL_PARAMS := $(MASTER2_SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_MASTER2_INSTANCE_ID))
endif
@@ -137,7 +138,8 @@
ParameterKey=GerritHeapLimit,ParameterValue=$(GERRIT_HEAP_LIMIT) \
ParameterKey=JgitCacheSize,ParameterValue=$(JGIT_CACHE_SIZE) \
$(MASTER2_SERVICE_OPTIONAL_PARAMS) \
- $(METRICS_CW_OPTIONAL_PARAMS)
+ $(METRICS_CW_OPTIONAL_PARAMS) \
+ $(SMTP_OPTIONAL_PARAMS)
service-slave: set-optional-params-metrics-cloudwatch
ifdef GERRIT_SLAVE_INSTANCE_ID
diff --git a/dual-master/cf-service-master.yml b/dual-master/cf-service-master.yml
index 287bcd3..b7277f0 100644
--- a/dual-master/cf-service-master.yml
+++ b/dual-master/cf-service-master.yml
@@ -154,12 +154,26 @@
SMTPServer:
Description: SMTP server URL
Type: String
+ SMTPServerPort:
+ Description: SMTP server port
+ Type: Number
+ Default: 465
SMTPUser:
Description: User name to authenticate with, if required for relay
Type: String
SMTPDomain:
Description: Domain to be used in the From field
Type: String
+ SMTPEncryption:
+ Description: Encryption to be used
+ Type: String
+ Default: ssl
+ AllowedValues: ['ssl', 'tls', 'none']
+ SMTPSslVerify:
+ Description: If false and SMTPEncryption is 'ssl' or 'tls', Gerrit will not verify the server certificate when it connects to send an email message.
+ Type: String
+ Default: true
+ AllowedValues: [true, false]
InstanceId:
Description: Optional identifier for the Gerrit instance
Type: String
@@ -260,6 +274,12 @@
Value: !Ref LDAPGroupBase
- Name: SMTP_SERVER
Value: !Ref SMTPServer
+ - Name: SMTP_SERVER_PORT
+ Value: !Ref SMTPServerPort
+ - Name: SMTP_ENCRYPTION
+ Value: !Ref SMTPEncryption
+ - Name: SMTP_SSL_VERIFY
+ Value: !Ref SMTPSslVerify
- Name: SMTP_USER
Value: !Ref SMTPUser
- Name: SMTP_DOMAIN
diff --git a/gerrit/etc/gerrit.config.template b/gerrit/etc/gerrit.config.template
index 62951f9..df1d045 100644
--- a/gerrit/etc/gerrit.config.template
+++ b/gerrit/etc/gerrit.config.template
@@ -26,15 +26,18 @@
accountEmailAddress = mail
groupBase = {{ LDAP_GROUP_BASE }}
-[sendemail]
- smtpServer = {{ SMTP_SERVER }}
- connectTimeout = 30 s
- threadPoolSize = 2
- smtpEncryption = ssl
- sslVerify = false
- smtpUser = {{ SMTP_USER }}
- enable = true
- from = ${user} (Gerrit) <gerrit@{{ SMTP_DOMAIN }}>
+{% if SMTP_SERVER %}
+ [sendemail]
+ smtpServer = {{ SMTP_SERVER }}
+ connectTimeout = 30 s
+ threadPoolSize = 2
+ smtpEncryption = {{ SMTP_ENCRYPTION }}
+ smtpServerPort = {{ SMTP_SERVER_PORT }}
+ sslVerify = {{ SMTP_SSL_VERIFY }}
+ smtpUser = {{ SMTP_USER }}
+ enable = true
+ from = ${user} (Gerrit) <gerrit@{{ SMTP_DOMAIN }}>
+{% endif %}
[sshd]
listenAddress = *:29418
diff --git a/gerrit/setup_gerrit.py b/gerrit/setup_gerrit.py
index 56aecf0..61654a0 100755
--- a/gerrit/setup_gerrit.py
+++ b/gerrit/setup_gerrit.py
@@ -142,8 +142,11 @@
'LDAP_ACCOUNT_BASE': os.getenv('LDAP_ACCOUNT_BASE'),
'LDAP_GROUP_BASE': os.getenv('LDAP_GROUP_BASE'),
'SMTP_SERVER': os.getenv('SMTP_SERVER'),
+ 'SMTP_SERVER_PORT': os.getenv('SMTP_SERVER_PORT'),
'SMTP_USER': os.getenv('SMTP_USER'),
'SMTP_DOMAIN': os.getenv('SMTP_DOMAIN'),
+ 'SMTP_ENCRYPTION': os.getenv('SMTP_ENCRYPTION'),
+ 'SMTP_SSL_VERIFY': os.getenv('SMTP_SSL_VERIFY'),
'GERRIT_HEAP_LIMIT': os.getenv('GERRIT_HEAP_LIMIT'),
'JGIT_CACHE_SIZE': os.getenv('JGIT_CACHE_SIZE'),
'GERRIT_INSTANCE_ID': os.getenv('GERRIT_INSTANCE_ID'),
diff --git a/master-slave/Makefile b/master-slave/Makefile
index 16c217a..1d6cbea 100644
--- a/master-slave/Makefile
+++ b/master-slave/Makefile
@@ -41,7 +41,7 @@
ParameterKey=SubnetIdProp,ParameterValue=$(SUBNET_ID) \
$(CLUSTER_OPTIONAL_PARAMS)
-service-master: set-optional-params-metrics-cloudwatch
+service-master: set-optional-params-metrics-cloudwatch set-optional-params-smtp
ifdef LOAD_BALANCER_SCHEME
$(eval MASTER_SERVICE_OPTIONAL_PARAMS := $(MASTER_SERVICE_OPTIONAL_PARAMS) ParameterKey=LoadBalancerScheme,ParameterValue=$(LOAD_BALANCER_SCHEME))
endif
@@ -77,7 +77,8 @@
ParameterKey=GerritHeapLimit,ParameterValue=$(GERRIT_HEAP_LIMIT) \
ParameterKey=JgitCacheSize,ParameterValue=$(JGIT_CACHE_SIZE) \
$(MASTER_SERVICE_OPTIONAL_PARAMS) \
- $(METRICS_CW_OPTIONAL_PARAMS)
+ $(METRICS_CW_OPTIONAL_PARAMS) \
+ $(SMTP_OPTIONAL_PARAMS)
service-slave: set-optional-params-metrics-cloudwatch
ifdef LOAD_BALANCER_SCHEME
diff --git a/master-slave/cf-service-master.yml b/master-slave/cf-service-master.yml
index a38c939..6f9050f 100644
--- a/master-slave/cf-service-master.yml
+++ b/master-slave/cf-service-master.yml
@@ -129,12 +129,26 @@
SMTPServer:
Description: SMTP server URL
Type: String
+ SMTPServerPort:
+ Description: SMTP server port
+ Type: Number
+ Default: 465
SMTPUser:
Description: User name to authenticate with, if required for relay
Type: String
SMTPDomain:
Description: Domain to be used in the From field
Type: String
+ SMTPEncryption:
+ Description: Encryption to be used
+ Type: String
+ Default: ssl
+ AllowedValues: ['ssl', 'tls', 'none']
+ SMTPSslVerify:
+ Description: If false and SMTPEncryption is 'ssl' or 'tls', Gerrit will not verify the server certificate when it connects to send an email message.
+ Type: String
+ Default: true
+ AllowedValues: [true, false]
InstanceId:
Description: Optional identifier for the Gerrit instance
Type: String
@@ -227,6 +241,12 @@
Value: !Ref LDAPGroupBase
- Name: SMTP_SERVER
Value: !Ref SMTPServer
+ - Name: SMTP_SERVER_PORT
+ Value: !Ref SMTPServerPort
+ - Name: SMTP_ENCRYPTION
+ Value: !Ref SMTPEncryption
+ - Name: SMTP_SSL_VERIFY
+ Value: !Ref SMTPSslVerify
- Name: SMTP_USER
Value: !Ref SMTPUser
- Name: SMTP_DOMAIN
diff --git a/single-master/Makefile b/single-master/Makefile
index adf84d6..9fd0ebf 100644
--- a/single-master/Makefile
+++ b/single-master/Makefile
@@ -37,7 +37,7 @@
ParameterKey=SubnetIdProp,ParameterValue=$(SUBNET_ID) \
$(CLUSTER_OPTIONAL_PARAMS)
-service: set-optional-params-metrics-cloudwatch
+service: set-optional-params-metrics-cloudwatch set-optional-params-smtp
ifdef LOAD_BALANCER_SCHEME
$(eval SERVICE_OPTIONAL_PARAMS := $(SERVICE_OPTIONAL_PARAMS) ParameterKey=LoadBalancerScheme,ParameterValue=$(LOAD_BALANCER_SCHEME))
endif
@@ -71,7 +71,8 @@
ParameterKey=GerritHeapLimit,ParameterValue=$(GERRIT_HEAP_LIMIT) \
ParameterKey=JgitCacheSize,ParameterValue=$(JGIT_CACHE_SIZE) \
$(SERVICE_OPTIONAL_PARAMS) \
- $(METRICS_CW_OPTIONAL_PARAMS)
+ $(METRICS_CW_OPTIONAL_PARAMS) \
+ $(SMTP_OPTIONAL_PARAMS)
dns-routing:
$(AWS_FC_COMMAND) create-stack \
diff --git a/single-master/cf-service.yml b/single-master/cf-service.yml
index a6946a8..9c80353 100644
--- a/single-master/cf-service.yml
+++ b/single-master/cf-service.yml
@@ -111,12 +111,26 @@
SMTPServer:
Description: SMTP server URL
Type: String
+ SMTPServerPort:
+ Description: SMTP server port
+ Type: Number
+ Default: 465
SMTPUser:
Description: User name to authenticate with, if required for relay
Type: String
SMTPDomain:
Description: Domain to be used in the From field
Type: String
+ SMTPEncryption:
+ Description: Encryption to be used
+ Type: String
+ Default: ssl
+ AllowedValues: ['ssl', 'tls', 'none']
+ SMTPSslVerify:
+ Description: If false and SMTPEncryption is 'ssl' or 'tls', Gerrit will not verify the server certificate when it connects to send an email message.
+ Type: String
+ Default: true
+ AllowedValues: [true, false]
InstanceId:
Description: Optional identifier for the Gerrit instance
Type: String
@@ -209,6 +223,12 @@
Value: !Ref LDAPGroupBase
- Name: SMTP_SERVER
Value: !Ref SMTPServer
+ - Name: SMTP_SERVER_PORT
+ Value: !Ref SMTPServerPort
+ - Name: SMTP_ENCRYPTION
+ Value: !Ref SMTPEncryption
+ - Name: SMTP_SSL_VERIFY
+ Value: !Ref SMTPSslVerify
- Name: SMTP_USER
Value: !Ref SMTPUser
- Name: SMTP_DOMAIN
