This set of Templates provide all the components to deploy a single Gerrit master in ECS
Two templates are provided in this example:
cf-cluster: define the ECS cluster and the networking stack
cf-service: defined the service stack running Gerrit
cf-dns-route: defined the DNS routing for the service
error_logis exported in a Log Group in CloudWatch
You can find on GerritForge's YouTube Channel a step-by-step guide on how to setup you Gerrit Code Review in AWS.
However, keep reading this guide for a more exhaustive explanation.
setup.env.template is an example of setup file for the creation of the stacks.
Before creating the stacks, create a
setup.env in the
Makefile directory and correctly set the value of the environment variables.
This is the list of available parameters:
DOCKER_REGISTRY_URI: Mandatory. URI of the Docker registry. See the prerequisites section for more details.
SSL_CERTIFICATE_ARN: Mandatory. ARN of the SSL Certificate.
CLUSTER_STACK_NAME: Optional. Name of the cluster stack.
SERVICE_STACK_NAME: Optional. Name of the service stack.
DNS_ROUTING_STACK_NAME: Optional. Name of the DNS routing stack.
HOSTED_ZONE_NAME: Optional. Name of the hosted zone.
SUBDOMAIN: Optional. Name of the sub domain.
GERRIT_RAM: RAM allocated (MiB) to the Gerrit container.
GERRIT_CPU: vCPU units allocated to the Gerrit container.
GERRIT_HEAP_LIMIT: Maximum heap size of the Java process running Gerrit, in bytes. See Gerrit documentation
JGIT_CACHE_SIZE: Maximum number of bytes to load and cache in memory from pack files. See Gerrit documentation for more details.
As a prerequisite to run this stack, you will need:
AWS Secret Manager is a secure way of storing and managing secrets of any type.
The secrets you will have to add are the Gerrit SSH keys and the Register Email Private Key set in
The SSH keys you will need to add are the one usually created and used by Gerrit:
You will have to create the keys and place them in a directory.
You will need to create a secret and put it in a file called
registerEmailPrivateKey in the same directory of the SSH keys.
You will need to put the admin LDAP password in a file called
ldapPassword in the same directory of the SSH keys.
You will need to put the SMTP password in a file called
smtpPassword in the same directory of the SSH keys.
You can now run the script to upload them to AWS Secret Manager:
add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix aws-region-id
secret_prefix is omitted, it is set to
gerrit_secret by default.
aws ecr create-repository --repository-name aws-gerrit/gerrit
gerrit.setupand set the correct parameters
gerrit.setupare the same as a normal
NOTE: the creation of the cluster needs an EC2 key pair are useful when you need to connect to the EC2 instances for troubleshooting purposes. The key pair is automatically generated and store them in a
pem file on the current directory. To use when ssh-ing into your instances as follow:
ssh -i cluster-keys.pem ec2-user@<ec2_instance_ip>
You Gerrit instance will be available at this URL:
The available ports are
8080 for HTTP and
29418 for SSH.
This is a list of external services that you might need to setup your stack and some suggestions on how to easily create them.
If you need to setup a SMTP service Amazon Simple Email Service can be used. Details how setup Amazon SES can be found here.
To correctly setup email notifications Gerrit requires ssl protocol on default port 465 to be enabled on SMTP Server. It is possible to setup Gerrit to talk to standard SMTP port 25 but by default all EC2 instances are blocking it. To enable port 25 please follow this link.
If you need a testing LDAP server you can find details on how to easily create one in the LDAP folder.