This set of templates provides all the components to deploy a Gerrit dual-master in HA in ECS. The 2 masters will share the Git repositories via NFS, using EFS.
Four templates are provided in this example:
cf-cluster: define the ECS cluster and the networking stack
cf-service-master-1: define the service stack running Gerrit master 1
cf-service-master-2: define the service stack running Gerrit master 2
cf-dns-route: define the DNS routing for the service
NOTE: This stack uses EFS in provisioned mode, which is a better setting for large repos (> 1GB uncompressed) since it provides a lower latency compared to the burst mode. However, it has some costs associated. If you are dealing with small repos, you can switch to burst mode.
setup.env.template is an example of setup file for the creation of the stacks.
Before creating the stacks, create a
setup.env in the
Makefile directory and set the correct values of the environment variables.
This is the list of available parameters:
DOCKER_REGISTRY_URI: Mandatory. URI of the Docker registry. See the prerequisites section for more details.
SSL_CERTIFICATE_ARN: Mandatory. ARN of the wildcard SSL Certificate, covering both master nodes.
CLUSTER_STACK_NAME: Optional. Name of the cluster stack.
SERVICE_MASTER1_STACK_NAME: Optional. Name of the master 1 service stack.
SERVICE_MASTER2_STACK_NAME: Optional. Name of the master 2 service stack.
DNS_ROUTING_STACK_NAME: Optional. Name of the DNS routing stack.
HOSTED_ZONE_NAME: Optional. Name of the hosted zone.
MASTER1_SUBDOMAIN: Optional. Name of the master 1 sub domain.
MASTER2_SUBDOMAIN: Optional. Name of the master 2 sub domain.
CLUSTER_DESIRED_CAPACITY: Optional. Number of EC2 instances composing the cluster.
GERRIT_RAM: RAM allocated (MiB) to the Gerrit container.
GERRIT_CPU: vCPU units allocated to the Gerrit container.
GERRIT_HEAP_LIMIT: Maximum heap size of the Java process running Gerrit, in bytes. See Gerrit documentation
JGIT_CACHE_SIZE: Maximum number of bytes to load and cache in memory from pack files. See Gerrit documentation for more details.
The prerequisites to run this stack are:
AWS Secret Manager is a secure way of storing and managing secrets of any type.
The secrets you will have to add are the Gerrit SSH keys and the Register Email Private Key set in
The SSH keys you will need to add are the one usually created and used by Gerrit:
Plus a key used by the replication plugin:
You will have to create the keys and place them in a directory.
You will need to create a secret and put it in a file called
registerEmailPrivateKey in the same directory of the SSH keys.
You will need to put the admin LDAP password in a file called
ldapPassword in the same directory of the SSH keys.
You will need to put the SMTP password in a file called
smtpPassword in the same directory of the SSH keys.
You can now run the script to upload them to AWS Secret Manager:
add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix aws-region-id
secret_prefix is omitted, it is set to
gerrit_secret by default.
aws ecr create-repository --repository-name aws-gerrit/gerrit
gerrit.setupand set the correct parameters
gerrit.setupare the same as a normal
aws ecr create-repository --repository-name aws-gerrit/haproxy
aws ecr create-repository --repository-name aws-gerrit/syslog-sidecar
NOTE: the creation of the cluster needs an EC2 key pair are useful when you need to connect to the EC2 instances for troubleshooting purposes. The key pair is automatically generated and store them in a
pem file on the current directory. To use when ssh-ing into your instances as follow:
ssh -i cluster-keys.pem ec2-user@<ec2_instance_ip>
Get the URL of your Gerrit master instances this way:
aws cloudformation describe-stacks \ --stack-name <SERVICE_MASTER1_STACK_NAME> \ | grep -A1 '"OutputKey": "CanonicalWebUrl"' \ | grep OutputValue \ | cut -d'"' -f 4 aws cloudformation describe-stacks \ --stack-name <SERVICE_MASTER2_STACK_NAME> \ | grep -A1 '"OutputKey": "CanonicalWebUrl"' \ | grep OutputValue \ | cut -d'"' -f 4
Gerrit master instance ports:
This is a list of external services that you might need to setup your stack and some suggestions on how to easily create them.
If you need to setup a SMTP service Amazon Simple Email Service can be used. Details how setup Amazon SES can be found here.
To correctly setup email notifications Gerrit requires ssl protocol on default port 465 to be enabled on SMTP Server. It is possible to setup Gerrit to talk to standard SMTP port 25 but by default all EC2 instances are blocking it. To enable port 25 please follow this link.
If you need a testing LDAP server you can find details on how to easily create one in the LDAP folder.