Centralize configuration via setup.env file
Configuration of the cluster used to be inconsistent.
Some parameters were injected as environment variable via cloudformation
to the docker container, whilst some others were expected to be read
from *.setup files (such as gerrit.setup and replication.setup).
Normalize configuration by reading _all_ parameters from environment
variables set in a unique source of truth: setup.env
Feature: Issue 13081
Change-Id: Ib45626ca0e434f4fc63c9a8e17bd08f20a51742c
diff --git a/.gitignore b/.gitignore
index 9965ad4..cb80d80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,4 @@
setup.env
-gerrit.setup
-replication.setup
gerrit/plugins/*.jar
gerrit/etc/*key*
gerrit.config
diff --git a/dual-master/Makefile b/dual-master/Makefile
index 6200bbb..2553e09 100644
--- a/dual-master/Makefile
+++ b/dual-master/Makefile
@@ -42,9 +42,17 @@
--template-body file://`pwd`/$(SERVICE_MASTER_TEMPLATE) \
--region $(AWS_REGION) \
--parameters \
+ ParameterKey=LDAPServer,ParameterValue=$(LDAP_SERVER) \
+ ParameterKey=LDAPUsername,ParameterValue=\"$(LDAP_USERNAME)\" \
+ ParameterKey=LDAPAccountBase,ParameterValue=\"$(LDAP_ACCOUNT_BASE)\" \
+ ParameterKey=LDAPGroupBase,ParameterValue=\"$(LDAP_GROUP_BASE)\" \
+ ParameterKey=SMTPServer,ParameterValue=$(SMTP_SERVER) \
+ ParameterKey=SMTPUser,ParameterValue=$(SMTP_USER) \
+ ParameterKey=SMTPDomain,ParameterValue=$(SMTP_DOMAIN) \
ParameterKey=ClusterStackName,ParameterValue=$(CLUSTER_STACK_NAME) \
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(MASTER1_SUBDOMAIN) \
+ ParameterKey=SlaveSubdomain,ParameterValue=$(SLAVE_SUBDOMAIN) \
ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
ParameterKey=HTTPHostPort,ParameterValue=$(HTTP_HOST_PORT_MASTER1) \
@@ -72,9 +80,17 @@
--template-body file://`pwd`/$(SERVICE_MASTER_TEMPLATE) \
--region $(AWS_REGION) \
--parameters \
+ ParameterKey=LDAPServer,ParameterValue=$(LDAP_SERVER) \
+ ParameterKey=LDAPUsername,ParameterValue=\"$(LDAP_USERNAME)\" \
+ ParameterKey=LDAPAccountBase,ParameterValue=\"$(LDAP_ACCOUNT_BASE)\" \
+ ParameterKey=LDAPGroupBase,ParameterValue=\"$(LDAP_GROUP_BASE)\" \
+ ParameterKey=SMTPServer,ParameterValue=$(SMTP_SERVER) \
+ ParameterKey=SMTPUser,ParameterValue=$(SMTP_USER) \
+ ParameterKey=SMTPDomain,ParameterValue=$(SMTP_DOMAIN) \
ParameterKey=ClusterStackName,ParameterValue=$(CLUSTER_STACK_NAME) \
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(MASTER2_SUBDOMAIN) \
+ ParameterKey=SlaveSubdomain,ParameterValue=$(SLAVE_SUBDOMAIN) \
ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
ParameterKey=HTTPHostPort,ParameterValue=$(HTTP_HOST_PORT_MASTER2) \
@@ -102,6 +118,10 @@
--template-body file://`pwd`/$(SERVICE_SLAVE_TEMPLATE) \
--region $(AWS_REGION) \
--parameters \
+ ParameterKey=LDAPServer,ParameterValue=$(LDAP_SERVER) \
+ ParameterKey=LDAPUsername,ParameterValue=\"$(LDAP_USERNAME)\" \
+ ParameterKey=LDAPAccountBase,ParameterValue=\"$(LDAP_ACCOUNT_BASE)\" \
+ ParameterKey=LDAPGroupBase,ParameterValue=\"$(LDAP_GROUP_BASE)\" \
ParameterKey=ClusterStackName,ParameterValue=$(CLUSTER_STACK_NAME) \
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(SLAVE_SUBDOMAIN) \
diff --git a/dual-master/README.md b/dual-master/README.md
index f6191ea..82b475d 100644
--- a/dual-master/README.md
+++ b/dual-master/README.md
@@ -77,6 +77,10 @@
This is the list of available parameters:
+#### Environment
+
+Configuration values affecting deployment environment and cluster properties
+
* `DOCKER_REGISTRY_URI`: Mandatory. URI of the Docker registry. See the
[prerequisites](#prerequisites) section for more details.
* `SSL_CERTIFICATE_ARN`: Mandatory. ARN of the wildcard SSL Certificate, covering both master nodes.
@@ -88,8 +92,13 @@
* `MASTER1_SUBDOMAIN`: Optional. Name of the master 1 sub domain. `gerrit-master-1-demo` by default.
* `MASTER2_SUBDOMAIN`: Optional. Name of the master 2 sub domain. `gerrit-master-2-demo` by default.
* `CLUSTER_DESIRED_CAPACITY`: Optional. Number of EC2 instances composing the cluster. `1` by default.
-* GERRIT_KEY_PREFIX : Optional. Secrets prefix used during the [Import into AWS Secret Manager](#import-into-aws-secret-manager).
+* `GERRIT_KEY_PREFIX` : Optional. Secrets prefix used during the [Import into AWS Secret Manager](#import-into-aws-secret-manager).
`gerrit_secret` by default.
+
+#### SPECS
+
+Configuration values to spec up Gerrit containers.
+
* `GERRIT_RAM`: RAM allocated (MiB) to the Gerrit container. `70000` by default.
* `GERRIT_CPU`: vCPU units allocated to the Gerrit container. `10240` by default.
* `GERRIT_HEAP_LIMIT`: Maximum heap size of the Java process running Gerrit, in bytes.
@@ -99,6 +108,32 @@
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#core.packedGitLimit)
for more details. `12g` by default.
+#### LDAP
+
+Configuration values related to LDAP integration.
+See more details [here](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap)
+
+* `LDAP_SERVER`: Mandatory. URL of the organization’s LDAP server to query for user information and group membership from
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.server)
+* `LDAP_USERNAME`: Mandatory. Username to bind to the LDAP server with
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.username)
+* `LDAP_ACCOUNT_BASE`: Mandatory. Root of the tree containing all user accounts
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.accountBase)
+* `LDAP_GROUP_BASE`: Mandatory. Root of the tree containing all group objects
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.groupBase)
+
+#### SMTP
+
+Configuration values related to SMTP integration.
+See more details [here](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail)
+
+* `SMTP_SERVER`: Mandatory. Hostname (or IP address) of a SMTP server that will relay messages generated by Gerrit to end users
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpServer)
+* `SMTP_USER`: Mandatory. User name to authenticate with
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpUser)
+* `SMTP_DOMAIN`: Mandatory. Domain to be used in the "From" field of any generated email messages
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.from)
+
### 2 - Deploy
* Create the cluster, services and DNS routing stacks:
diff --git a/dual-master/cf-service-master.yml b/dual-master/cf-service-master.yml
index 175578f..955989d 100644
--- a/dual-master/cf-service-master.yml
+++ b/dual-master/cf-service-master.yml
@@ -54,6 +54,14 @@
Description: Gerrit SSH port
Type: Number
Default: 29418
+ GitPort:
+ Description: Git daemon port
+ Type: Number
+ Default: 9418
+ GitSSHPort:
+ Description: Git ssh port
+ Type: Number
+ Default: 1022
CertificateArn:
Description: SSL Certificates ARN
Type: String
@@ -64,6 +72,9 @@
Description: The subdomain of the Gerrit cluster
Type: String
Default: gerrit-master-demo
+ SlaveSubdomain:
+ Description: The subdomain of the Gerrit slave
+ Type: String
LBSubdomain:
Description: The subdomain of the Gerrit load balancer
Type: String
@@ -125,7 +136,27 @@
Description: JGit cache size
Type: String
Default: 12g
-
+ LDAPServer:
+ Description: LDAP server URL
+ Type: String
+ LDAPUsername:
+ Description: Username to bind to the LDAP server with
+ Type: String
+ LDAPAccountBase:
+ Description: Root of the tree containing all user accounts
+ Type: String
+ LDAPGroupBase:
+ Description: Root of the tree containing all group objects
+ Type: String
+ SMTPServer:
+ Description: SMTP server URL
+ Type: String
+ SMTPUser:
+ Description: User name to authenticate with, if required for relay
+ Type: String
+ SMTPDomain:
+ Description: Domain to be used in the From field
+ Type: String
Resources:
Service:
@@ -181,6 +212,26 @@
Value: !Ref GerritHeapLimit
- Name: JGIT_CACHE_SIZE
Value: !Ref JgitCacheSize
+ - Name: LDAP_SERVER
+ Value: !Ref LDAPServer
+ - Name: LDAP_USERNAME
+ Value: !Ref LDAPUsername
+ - Name: LDAP_ACCOUNT_BASE
+ Value: !Ref LDAPAccountBase
+ - Name: LDAP_GROUP_BASE
+ Value: !Ref LDAPGroupBase
+ - Name: SMTP_SERVER
+ Value: !Ref SMTPServer
+ - Name: SMTP_USER
+ Value: !Ref SMTPUser
+ - Name: SMTP_DOMAIN
+ Value: !Ref SMTPDomain
+ - Name: GIT_PORT
+ Value: !Ref GitPort
+ - Name: GIT_SSH_PORT
+ Value: !Ref GitSSHPort
+ - Name: SLAVE_SUBDOMAIN
+ Value: !Ref SlaveSubdomain
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git
diff --git a/dual-master/cf-service-slave.yml b/dual-master/cf-service-slave.yml
index 01da4ac..18aee8e 100644
--- a/dual-master/cf-service-slave.yml
+++ b/dual-master/cf-service-slave.yml
@@ -118,6 +118,18 @@
Description: JGit cache size
Type: String
Default: 12g
+ LDAPServer:
+ Description: LDAP server URL
+ Type: String
+ LDAPUsername:
+ Description: Username to bind to the LDAP server with
+ Type: String
+ LDAPAccountBase:
+ Description: Root of the tree containing all user accounts
+ Type: String
+ LDAPGroupBase:
+ Description: Root of the tree containing all group objects
+ Type: String
Resources:
GerritService:
@@ -173,6 +185,14 @@
Value: !Ref GerritHeapLimit
- Name: JGIT_CACHE_SIZE
Value: !Ref JgitCacheSize
+ - Name: LDAP_SERVER
+ Value: !Ref LDAPServer
+ - Name: LDAP_USERNAME
+ Value: !Ref LDAPUsername
+ - Name: LDAP_ACCOUNT_BASE
+ Value: !Ref LDAPAccountBase
+ - Name: LDAP_GROUP_BASE
+ Value: !Ref LDAPGroupBase
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git
diff --git a/dual-master/setup.env.template b/dual-master/setup.env.template
index 25f3e87..5917586 100644
--- a/dual-master/setup.env.template
+++ b/dual-master/setup.env.template
@@ -20,3 +20,12 @@
GERRIT_CPU=10240
GERRIT_HEAP_LIMIT=35g
JGIT_CACHE_SIZE=12g
+
+LDAP_SERVER:=ldap://yourldap.yourcompany.com
+LDAP_USERNAME:=cn=admin,dc=example,dc=org
+LDAP_ACCOUNT_BASE:=dc=example,dc=org
+LDAP_GROUP_BASE:=dc=example,dc=org
+
+SMTP_SERVER:=yoursmtp.yourcompany.com
+SMTP_USER:=smtpuser
+SMTP_DOMAIN:=mail.yourcompany.com
diff --git a/gerrit/Dockerfile b/gerrit/Dockerfile
index aa03945..26dec1f 100644
--- a/gerrit/Dockerfile
+++ b/gerrit/Dockerfile
@@ -8,8 +8,6 @@
# Installing scripts to get SSH Keys from Secret Manager
COPY --chown=gerrit:gerrit requirements.txt /tmp
-COPY --chown=gerrit:gerrit gerrit.setup /tmp
-COPY --chown=gerrit:gerrit replication.setup /tmp
COPY --chown=gerrit:gerrit setup_gerrit.py /tmp
RUN chmod +x /tmp/setup_gerrit.py \
&& pip3 install -r /tmp/requirements.txt
diff --git a/gerrit/gerrit.setup.template b/gerrit/gerrit.setup.template
deleted file mode 100644
index b019efe..0000000
--- a/gerrit/gerrit.setup.template
+++ /dev/null
@@ -1,12 +0,0 @@
-[ldap]
-server = ldap://yourldap.yourcompany.com
-username = cn=admin,dc=example,dc=org
-accountBase = dc=example,dc=org
-groupBase = dc=example,dc=org
-
-[smtp]
-server = yoursmtp.yourcompany.com
-user = smtpuser
-password = smtppassword
-domain = yourcompany.com
-
diff --git a/gerrit/replication.setup.template b/gerrit/replication.setup.template
deleted file mode 100644
index e5e018b..0000000
--- a/gerrit/replication.setup.template
+++ /dev/null
@@ -1,3 +0,0 @@
-[remote-slave]
- url = git://subdomain.hostedzonename:9418/${name}.git
- adminUrl = ssh://gerrit@$subdomain.hostedzonename:1022/var/gerrit/git/${name}.git
diff --git a/gerrit/requirements.txt b/gerrit/requirements.txt
index 45831a6..58ee30e 100644
--- a/gerrit/requirements.txt
+++ b/gerrit/requirements.txt
@@ -1,3 +1,2 @@
boto3
jinja2==2.11.1
-configparser==5.0.0
diff --git a/gerrit/setup_gerrit.py b/gerrit/setup_gerrit.py
index 54dabe8..2f15659 100755
--- a/gerrit/setup_gerrit.py
+++ b/gerrit/setup_gerrit.py
@@ -3,7 +3,6 @@
import boto3
import base64
import os
-import configparser
from botocore.exceptions import ClientError
from jinja2 import Environment, FileSystemLoader
@@ -61,7 +60,6 @@
It reads from:
- AWS Secret Manager: Statically defined.
- - gerrit.setup: Statically defined.
- environment variables: Dinamycally defined.
"""
@@ -120,8 +118,6 @@
)
BASE_CONFIG_DIR = "/tmp"
-config = configparser.ConfigParser()
-config.read(BASE_CONFIG_DIR + '/gerrit.setup')
print("Setting Gerrit config in '" + GERRIT_CONFIG_DIRECTORY + "gerrit.config'")
template = env.get_template("gerrit.config.template")
@@ -141,13 +137,13 @@
with open(GERRIT_CONFIG_DIRECTORY + "gerrit.config", 'w',
encoding='utf-8') as f:
config_for_template.update({
- 'LDAP_SERVER': config['ldap']['server'],
- 'LDAP_USERNAME': config['ldap']['username'],
- 'LDAP_ACCOUNT_BASE': config['ldap']['accountBase'],
- 'LDAP_GROUP_BASE': config['ldap']['groupBase'],
- 'SMTP_SERVER': config['smtp']["server"],
- 'SMTP_USER': config['smtp']["user"],
- 'SMTP_DOMAIN': config['smtp']["domain"],
+ 'LDAP_SERVER': os.getenv('LDAP_SERVER'),
+ 'LDAP_USERNAME': os.getenv('LDAP_USERNAME'),
+ 'LDAP_ACCOUNT_BASE': os.getenv('LDAP_ACCOUNT_BASE'),
+ 'LDAP_GROUP_BASE': os.getenv('LDAP_GROUP_BASE'),
+ 'SMTP_SERVER': os.getenv('SMTP_SERVER'),
+ 'SMTP_USER': os.getenv('SMTP_USER'),
+ 'SMTP_DOMAIN': os.getenv('SMTP_DOMAIN'),
'GERRIT_HEAP_LIMIT': os.getenv('GERRIT_HEAP_LIMIT'),
'JGIT_CACHE_SIZE': os.getenv('JGIT_CACHE_SIZE')
})
@@ -157,18 +153,17 @@
if ((not containerSlave) and setupReplication):
print("Setting Replication config in '" +
GERRIT_CONFIG_DIRECTORY + "replication.config'")
- config.read(BASE_CONFIG_DIR + '/replication.setup')
template = env.get_template("replication.config.template")
with open(GERRIT_CONFIG_DIRECTORY + "replication.config", 'w', encoding='utf-8') as f:
+ SLAVE_FQDN = os.getenv('SLAVE_SUBDOMAIN') + "." + os.getenv('HOSTED_ZONE_NAME')
f.write(template.render(
- SLAVE_1_URL=config['remote-slave']['url'],
- SLAVE_1_AMDIN_URL=config['remote-slave']['adminUrl']
+ SLAVE_1_URL="git://" + SLAVE_FQDN + ":" + os.getenv('GIT_PORT') + "/${name}.git",
+ SLAVE_1_AMDIN_URL="ssh://gerrit@" + SLAVE_FQDN + ":" + os.getenv('GIT_SSH_PORT') + "/var/gerrit/git/${name}.git"
))
if (setupHA):
print("Setting HA config in '" +
GERRIT_CONFIG_DIRECTORY + "high-availability.config'")
- config.read(BASE_CONFIG_DIR + '/high-availability.setup')
template = env.get_template("high-availability.config.template")
with open(GERRIT_CONFIG_DIRECTORY + "high-availability.config", 'w', encoding='utf-8') as f:
f.write(template.render(HA_PEER_URL=os.getenv('HA_PEER_URL')))
diff --git a/master-slave/Makefile b/master-slave/Makefile
index 3d3b7fd..efe396d 100644
--- a/master-slave/Makefile
+++ b/master-slave/Makefile
@@ -38,9 +38,17 @@
--template-body file://`pwd`/$(SERVICE_MASTER_TEMPLATE) \
--region $(AWS_REGION) \
--parameters \
+ ParameterKey=LDAPServer,ParameterValue=$(LDAP_SERVER) \
+ ParameterKey=LDAPUsername,ParameterValue=\"$(LDAP_USERNAME)\" \
+ ParameterKey=LDAPAccountBase,ParameterValue=\"$(LDAP_ACCOUNT_BASE)\" \
+ ParameterKey=LDAPGroupBase,ParameterValue=\"$(LDAP_GROUP_BASE)\" \
+ ParameterKey=SMTPServer,ParameterValue=$(SMTP_SERVER) \
+ ParameterKey=SMTPUser,ParameterValue=$(SMTP_USER) \
+ ParameterKey=SMTPDomain,ParameterValue=$(SMTP_DOMAIN) \
ParameterKey=ClusterStackName,ParameterValue=$(CLUSTER_STACK_NAME) \
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(MASTER_SUBDOMAIN) \
+ ParameterKey=SlaveSubdomain,ParameterValue=$(SLAVE_SUBDOMAIN) \
ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
ParameterKey=SlaveServiceStackName,ParameterValue=$(SERVICE_SLAVE_STACK_NAME) \
@@ -58,6 +66,10 @@
--template-body file://`pwd`/$(SERVICE_SLAVE_TEMPLATE) \
--region $(AWS_REGION) \
--parameters \
+ ParameterKey=LDAPServer,ParameterValue=$(LDAP_SERVER) \
+ ParameterKey=LDAPUsername,ParameterValue=\"$(LDAP_USERNAME)\" \
+ ParameterKey=LDAPAccountBase,ParameterValue=\"$(LDAP_ACCOUNT_BASE)\" \
+ ParameterKey=LDAPGroupBase,ParameterValue=\"$(LDAP_GROUP_BASE)\" \
ParameterKey=ClusterStackName,ParameterValue=$(CLUSTER_STACK_NAME) \
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(SLAVE_SUBDOMAIN) \
diff --git a/master-slave/README.md b/master-slave/README.md
index dbf84e2..3fec46c 100644
--- a/master-slave/README.md
+++ b/master-slave/README.md
@@ -69,6 +69,10 @@
This is the list of available parameters:
+#### Environment
+
+Configuration values affecting deployment environment and cluster properties
+
* `DOCKER_REGISTRY_URI`: Mandatory. URI of the Docker registry. See the
[prerequisites](#prerequisites) section for more details.
* `SSL_CERTIFICATE_ARN`: Mandatory. ARN of the SSL Certificate.
@@ -79,9 +83,18 @@
* `HOSTED_ZONE_NAME`: Optional. Name of the hosted zone. `mycompany.com` by default.
* `MASTER_SUBDOMAIN`: Optional. Name of the master sub domain. `gerrit-master-demo` by default.
* `SLAVE_SUBDOMAIN`: Optional. Name of the slave sub domain. `gerrit-slave-demo` by default.
-* GERRIT_KEY_PREFIX : Optional. Secrets prefix used during the [Import into AWS Secret Manager](#import-into-aws-secret-manager).
+* `GERRIT_KEY_PREFIX` : Optional. Secrets prefix used during the [Import into AWS Secret Manager](#import-into-aws-secret-manager).
`gerrit_secret` by default.
* `CLUSTER_DESIRED_CAPACITY`: Optional. Number of EC2 instances composing the cluster. `1` by default.
+
+*NOTE*: if you are planning to run the monitoring stack, set the
+`CLUSTER_DESIRED_CAPACITY` value to at least 2. The resources provided by
+a single EC2 instance won't be enough for all the services that will be ran*
+
+#### SPECS
+
+Configuration values to spec up Gerrit containers.
+
* `GERRIT_RAM`: RAM allocated (MiB) to the Gerrit container. `70000` by default.
* `GERRIT_CPU`: vCPU units allocated to the Gerrit container. `10240` by default.
* `GERRIT_HEAP_LIMIT`: Maximum heap size of the Java process running Gerrit, in bytes.
@@ -91,9 +104,31 @@
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#core.packedGitLimit)
for more details. `12g` by default.
-*NOTE: if you are planning to run the monitoring stack, set the
-`CLUSTER_DESIRED_CAPACITY` value to at least 2. The resources provided by
-a single EC2 instance won't be enough for all the services that will be ran*
+#### LDAP
+
+Configuration values related to LDAP integration.
+See more details [here](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap)
+
+* `LDAP_SERVER`: Mandatory. URL of the organization’s LDAP server to query for user information and group membership from
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.server)
+* `LDAP_USERNAME`: Mandatory. Username to bind to the LDAP server with
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.username)
+* `LDAP_ACCOUNT_BASE`: Mandatory. Root of the tree containing all user accounts
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.accountBase)
+* `LDAP_GROUP_BASE`: Mandatory. Root of the tree containing all group objects
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.groupBase)
+
+#### SMTP
+
+Configuration values related to SMTP integration.
+See more details [here](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail)
+
+* `SMTP_SERVER`: Mandatory. Hostname (or IP address) of a SMTP server that will relay messages generated by Gerrit to end users
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpServer)
+* `SMTP_USER`: Mandatory. User name to authenticate with
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpUser)
+* `SMTP_DOMAIN`: Mandatory. Domain to be used in the "From" field of any generated email messages
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.from)
### 2 - Deploy
diff --git a/master-slave/cf-service-master.yml b/master-slave/cf-service-master.yml
index 7a2f4a3..85861b9 100644
--- a/master-slave/cf-service-master.yml
+++ b/master-slave/cf-service-master.yml
@@ -42,6 +42,14 @@
Description: Gerrit SSH port
Type: Number
Default: 29418
+ GitPort:
+ Description: Git daemon port
+ Type: Number
+ Default: 9418
+ GitSSHPort:
+ Description: Git ssh port
+ Type: Number
+ Default: 1022
CertificateArn:
Description: SSL Certificates ARN
Type: String
@@ -52,6 +60,9 @@
Description: The subdomain of the Gerrit cluster
Type: String
Default: gerrit-master-demo
+ SlaveSubdomain:
+ Description: The subdomain of the Gerrit slave
+ Type: String
GerritKeyPrefix:
Description: Gerrit credentials keys prefix
Type: String
@@ -95,6 +106,27 @@
Description: JGit cache size
Type: String
Default: 12g
+ LDAPServer:
+ Description: LDAP server URL
+ Type: String
+ LDAPUsername:
+ Description: Username to bind to the LDAP server with
+ Type: String
+ LDAPAccountBase:
+ Description: Root of the tree containing all user accounts
+ Type: String
+ LDAPGroupBase:
+ Description: Root of the tree containing all group objects
+ Type: String
+ SMTPServer:
+ Description: SMTP server URL
+ Type: String
+ SMTPUser:
+ Description: User name to authenticate with, if required for relay
+ Type: String
+ SMTPDomain:
+ Description: Domain to be used in the From field
+ Type: String
Resources:
Service:
@@ -142,6 +174,28 @@
Value: !Ref GerritHeapLimit
- Name: JGIT_CACHE_SIZE
Value: !Ref JgitCacheSize
+ - Name: LDAP_SERVER
+ Value: !Ref LDAPServer
+ - Name: LDAP_USERNAME
+ Value: !Ref LDAPUsername
+ - Name: LDAP_ACCOUNT_BASE
+ Value: !Ref LDAPAccountBase
+ - Name: LDAP_GROUP_BASE
+ Value: !Ref LDAPGroupBase
+ - Name: SMTP_SERVER
+ Value: !Ref SMTPServer
+ - Name: SMTP_USER
+ Value: !Ref SMTPUser
+ - Name: SMTP_DOMAIN
+ Value: !Ref SMTPDomain
+ - Name: GIT_PORT
+ Value: !Ref GitPort
+ - Name: GIT_SSH_PORT
+ Value: !Ref GitSSHPort
+ - Name: SLAVE_SUBDOMAIN
+ Value: !Ref SlaveSubdomain
+ - Name: HOSTED_ZONE_NAME
+ Value: !Ref HostedZoneName
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git
diff --git a/master-slave/cf-service-slave.yml b/master-slave/cf-service-slave.yml
index 01da4ac..18aee8e 100644
--- a/master-slave/cf-service-slave.yml
+++ b/master-slave/cf-service-slave.yml
@@ -118,6 +118,18 @@
Description: JGit cache size
Type: String
Default: 12g
+ LDAPServer:
+ Description: LDAP server URL
+ Type: String
+ LDAPUsername:
+ Description: Username to bind to the LDAP server with
+ Type: String
+ LDAPAccountBase:
+ Description: Root of the tree containing all user accounts
+ Type: String
+ LDAPGroupBase:
+ Description: Root of the tree containing all group objects
+ Type: String
Resources:
GerritService:
@@ -173,6 +185,14 @@
Value: !Ref GerritHeapLimit
- Name: JGIT_CACHE_SIZE
Value: !Ref JgitCacheSize
+ - Name: LDAP_SERVER
+ Value: !Ref LDAPServer
+ - Name: LDAP_USERNAME
+ Value: !Ref LDAPUsername
+ - Name: LDAP_ACCOUNT_BASE
+ Value: !Ref LDAPAccountBase
+ - Name: LDAP_GROUP_BASE
+ Value: !Ref LDAPGroupBase
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git
diff --git a/master-slave/git-ssh/setup_ssh.py b/master-slave/git-ssh/setup_ssh.py
index 362df06..c42fb3d 100644
--- a/master-slave/git-ssh/setup_ssh.py
+++ b/master-slave/git-ssh/setup_ssh.py
@@ -53,7 +53,6 @@
It reads from:
- AWS Secret Manager: Statically defined.
- - gerrit.setup: Statically defined.
- environment variables: Dinamycally defined.
"""
diff --git a/master-slave/setup.env.template b/master-slave/setup.env.template
index 4edded0..c53f920 100644
--- a/master-slave/setup.env.template
+++ b/master-slave/setup.env.template
@@ -8,7 +8,7 @@
DNS_ROUTING_MONITORING_STACK_NAME:=$(AWS_PREFIX)-monitoring-dns-routing
HOSTED_ZONE_NAME:=yourcompany.com
MASTER_SUBDOMAIN:=$(AWS_PREFIX)-master.gerrit-demo
-SLAVE_SUBDOMAIN:=$(AWS_PREFIX).gerrit-demo
+SLAVE_SUBDOMAIN:=$(AWS_PREFIX)-slave.gerrit-demo
PROMETHEUS_SUBDOMAIN:=$(AWS_PREFIX)-prometheus.gerrit-demo
GRAFANA_SUBDOMAIN:=$(AWS_PREFIX)-grafana.gerrit-demo
DOCKER_REGISTRY_URI:=<yourAccountId>.dkr.ecr.us-east-1.amazonaws.com
@@ -18,3 +18,12 @@
GERRIT_CPU=10240
GERRIT_HEAP_LIMIT=35g
JGIT_CACHE_SIZE=12g
+
+LDAP_SERVER:=ldap://yourldap.yourcompany.com
+LDAP_USERNAME:=cn=admin,dc=example,dc=org
+LDAP_ACCOUNT_BASE:=dc=example,dc=org
+LDAP_GROUP_BASE:=dc=example,dc=org
+
+SMTP_SERVER:=yoursmtp.yourcompany.com
+SMTP_USER:=smtpuser
+SMTP_DOMAIN:=mail.yourcompany.com
diff --git a/single-master/Makefile b/single-master/Makefile
index 8d652bbe..62a7436 100644
--- a/single-master/Makefile
+++ b/single-master/Makefile
@@ -34,6 +34,13 @@
--template-body file://`pwd`/$(SERVICE_TEMPLATE) \
--region $(AWS_REGION) \
--parameters \
+ ParameterKey=LDAPServer,ParameterValue=$(LDAP_SERVER) \
+ ParameterKey=LDAPUsername,ParameterValue=\"$(LDAP_USERNAME)\" \
+ ParameterKey=LDAPAccountBase,ParameterValue=\"$(LDAP_ACCOUNT_BASE)\" \
+ ParameterKey=LDAPGroupBase,ParameterValue=\"$(LDAP_GROUP_BASE)\" \
+ ParameterKey=SMTPServer,ParameterValue=$(SMTP_SERVER) \
+ ParameterKey=SMTPUser,ParameterValue=$(SMTP_USER) \
+ ParameterKey=SMTPDomain,ParameterValue=$(SMTP_DOMAIN) \
ParameterKey=ClusterStackName,ParameterValue=$(CLUSTER_STACK_NAME) \
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(SUBDOMAIN) \
diff --git a/single-master/README.md b/single-master/README.md
index 4d2e624..c8a6621 100644
--- a/single-master/README.md
+++ b/single-master/README.md
@@ -71,6 +71,10 @@
This is the list of available parameters:
+#### Environment
+
+Configuration values affecting deployment environment and cluster properties
+
* `DOCKER_REGISTRY_URI`: Mandatory. URI of the Docker registry. See the
[prerequisites](#prerequisites) section for more details.
* `SSL_CERTIFICATE_ARN`: Mandatory. ARN of the SSL Certificate.
@@ -79,8 +83,13 @@
* `DNS_ROUTING_STACK_NAME`: Optional. Name of the DNS routing stack. `gerrit-dns-routing` by default.
* `HOSTED_ZONE_NAME`: Optional. Name of the hosted zone. `mycompany.com` by default.
* `SUBDOMAIN`: Optional. Name of the sub domain. `gerrit-master-demo` by default.
-* GERRIT_KEY_PREFIX : Optional. Secrets prefix used during the [Import into AWS Secret Manager](#import-into-aws-secret-manager).
+* `GERRIT_KEY_PREFIX` : Optional. Secrets prefix used during the [Import into AWS Secret Manager](#import-into-aws-secret-manager).
`gerrit_secret` by default.
+
+#### SPECS
+
+Configuration values to spec up Gerrit containers.
+
* `GERRIT_RAM`: RAM allocated (MiB) to the Gerrit container. `70000` by default.
* `GERRIT_CPU`: vCPU units allocated to the Gerrit container. `10240` by default.
* `GERRIT_HEAP_LIMIT`: Maximum heap size of the Java process running Gerrit, in bytes.
@@ -90,6 +99,32 @@
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#core.packedGitLimit)
for more details. `12g` by default.
+#### LDAP
+
+Configuration values related to LDAP integration.
+See more details [here](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap)
+
+* `LDAP_SERVER`: Mandatory. URL of the organization’s LDAP server to query for user information and group membership from
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.server)
+* `LDAP_USERNAME`: Mandatory. Username to bind to the LDAP server with
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.username)
+* `LDAP_ACCOUNT_BASE`: Mandatory. Root of the tree containing all user accounts
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.accountBase)
+* `LDAP_GROUP_BASE`: Mandatory. Root of the tree containing all group objects
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.groupBase)
+
+#### SMTP
+
+Configuration values related to SMTP integration.
+See more details [here](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail)
+
+* `SMTP_SERVER`: Mandatory. Hostname (or IP address) of a SMTP server that will relay messages generated by Gerrit to end users
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpServer)
+* `SMTP_USER`: Mandatory. User name to authenticate with
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.smtpUser)
+* `SMTP_DOMAIN`: Mandatory. Domain to be used in the "From" field of any generated email messages
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail.from)
+
### 2 - Deploy
* Create the cluster, service and DNS routing stacks:
diff --git a/single-master/cf-service.yml b/single-master/cf-service.yml
index a361e7d..d6f2681 100644
--- a/single-master/cf-service.yml
+++ b/single-master/cf-service.yml
@@ -88,6 +88,27 @@
Description: JGit cache size
Type: String
Default: 12g
+ LDAPServer:
+ Description: LDAP server URL
+ Type: String
+ LDAPUsername:
+ Description: Username to bind to the LDAP server with
+ Type: String
+ LDAPAccountBase:
+ Description: Root of the tree containing all user accounts
+ Type: String
+ LDAPGroupBase:
+ Description: Root of the tree containing all group objects
+ Type: String
+ SMTPServer:
+ Description: SMTP server URL
+ Type: String
+ SMTPUser:
+ Description: User name to authenticate with, if required for relay
+ Type: String
+ SMTPDomain:
+ Description: Domain to be used in the From field
+ Type: String
Resources:
Service:
@@ -133,6 +154,20 @@
Value: !Ref GerritHeapLimit
- Name: JGIT_CACHE_SIZE
Value: !Ref JgitCacheSize
+ - Name: LDAP_SERVER
+ Value: !Ref LDAPServer
+ - Name: LDAP_USERNAME
+ Value: !Ref LDAPUsername
+ - Name: LDAP_ACCOUNT_BASE
+ Value: !Ref LDAPAccountBase
+ - Name: LDAP_GROUP_BASE
+ Value: !Ref LDAPGroupBase
+ - Name: SMTP_SERVER
+ Value: !Ref SMTPServer
+ - Name: SMTP_USER
+ Value: !Ref SMTPUser
+ - Name: SMTP_DOMAIN
+ Value: !Ref SMTPDomain
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git
diff --git a/single-master/setup.env.template b/single-master/setup.env.template
index 55e5b39..70cecf3 100644
--- a/single-master/setup.env.template
+++ b/single-master/setup.env.template
@@ -9,3 +9,12 @@
GERRIT_CPU=10240
GERRIT_HEAP_LIMIT=35g
JGIT_CACHE_SIZE=12g
+
+LDAP_SERVER:=ldap://yourldap.yourcompany.com
+LDAP_USERNAME:=cn=admin,dc=example,dc=org
+LDAP_ACCOUNT_BASE:=dc=example,dc=org
+LDAP_GROUP_BASE:=dc=example,dc=org
+
+SMTP_SERVER:=yoursmtp.yourcompany.com
+SMTP_USER:=smtpuser
+SMTP_DOMAIN:=mail.yourcompany.com
\ No newline at end of file
