Gerrit directory structure, connectivity and more

Here's some reference information on Gerrit's scalability and hardware requirements, file/directory structure, database, ports and connectivity.

Scalability and hardware requirements

Gerrit directory structure

Gerrit expects a standardized directory structure under the GERRIT_SITE directory: /opt/collabnet/gerrit, the gerrit user's home directory. The /etc/default/gerritcodereview file contains the GERRIT_SITE variable and points to /opt/collabnet/gerrit.

Sub-directories of GERRIT_SITE (/opt/collabnet/gerrit):

        - .ssh: contains the SSH key for the gerrit user; generated during installation and needs to be backed up.
        - bin: binaries, startup script        
            - gerrit.war: the main Gerrit service        
            - gerrit-sync.jar: the Gerrit-TeamForge synchronization service        
            - SYSV-style init script; launches and shuts down; linked to /etc/init.d/gerrit        
        - cache: disk cache; does not need to be backed up; can always be re-generated on the fly.            
        - etc: contains all configuration information; needs to be backed up.        
            - gerrit.config: Gerrit's main configuration file      
            - secure.config: contains obfuscated passwords and secrets
            - contains logging settings in log4j format
            - TeamForgeGerritMappings.xml: defines how TeamForge access permissions are mapped to Gerrit access rights
            - GerritSite.css: .css file for Gerrit Web interface branding
            - GerritSiteFooter.html: renders the customized footer in the Gerrit Web interface
        - lib: libraries, potentially customer-specific extensions, treat like the bin directory
        - logs: Gerrit log files; default configuration rotates logs daily, gzips old logs; debug files are rotated after they reach 10 MB; we keep 10 copies. You can make changes in Gerrit’s file in /opt/collabnet/gerrit/etc.
            - audit.log: audit events
            - system.log: INFO-level logging              
            - sshd.log: logs connections to Gerrit's SSH port (not system shell SSH)  
            - *.gc.log: information on garbage collector usage
      Note: In co-hosted mode, TeamForge log rotation behavior will be used as default.
       - plugins: The Gerrit plugins directory includes jar files for all CollabNet plugins — TeamForge-Sync, TeamForge-History Protection and so on.
       - static: The content of this directory is served as gerrit/static/ to http clients. You can include logos and other custom content you refer to in your branding here. By default, it contains the schema for the TeamForge-to-Gerrit access right mapping file which can be accessed from a browser at http://<Git Integration server>/gerrit/static/TeamForgeGerritMappings-8.0.0.xsd
                               You need to back up this directory if it includes custom content.    

       - doc: contains README-NG.pdf, gerrit.config and log4j-ng properties templates.
       - /gitroot: default location for Git repositories. The default location can be changed using the setting in gerrit.config or by symlinking the directory. You need to back up this directory.


Gerrit stores runtime information about users, groups, code reviews and commits in a PostgreSQL database called reviewdb by default. You need to back up this database. If the Git integration is installed on the TeamForge server, it will use the same PostgreSQL install as TeamForge. If the integration is on a separate server, it will use a local PostgreSQL installation on that server. During installation, a new gerrit role and reviewdb schema get created. Note that Git does not, at any point, access TeamForge schema within the Postgres database.
To access reviewdb from Gerrit, the following line will be added by the installer to /var/lib/pgsql/9.0/pg_hba.conf:
host     reviewdb         gerrit          samehost         md5
In the "free-form" mode, we do not have full control over the Postgres installation and hb_pga.conf may contain the following conflicting line:
host       all     all          ident
If it exists, you need to comment it out (using #) to avoid clashing with this line inserted by installer:
host     reviewdb         gerrit          samehost         md5

Ports and connectivity

Gerrit opens three (TCP) ports: 9080, 9081 and 29418. You should expose only port 29418 outside localhost.
9080: the Gerrit Web interface
This port will be proxied by Apache conf (prefix /gerrit) and doesn't need to be externally accessible. Do not expose this port to the outside.
9081: Gerrit-sync web service (REST)

In the Local (or co-hosted mode), TeamForge talks to the Gerrit REST API over localhost. Gerrit talks to TeamForge over its default SOAP URL.

The Git integration needs bidirectional connectivity to the TeamForge host. In the Remote (or distributed) mode, TeamForge talks to the Gerrit REST API over an Apache proxy rule (SSL-enabled if Apache is SSL-enabled on the integration server where Gerrit is running). Gerrit talks to TeamForge over its default SOAP URL.

Do not expose this port to the outside.
29418: Gerrit SSH access
Developers use the SSH protocol to push and pull source code to and from Gerrit. This port needs to be open to users.
Note: Gerrit ships its own SSH implementation and offers no shell access over this port.