Gerrit

We use Gerrit for our code review system.

Gerrit is installed on gerrit1001 in the prefix /var/lib/gerrit2 and serves public request at https://gerrit.wikimedia.org/r/) . A replica runs on gerrit2002 which serves requests at https://gerrit-replica.wikimedia.org/r/ ), it is intended for a switch over and for various bots in order to offload the primary instance.

Gerrit is a Java daemon which listens for HTTP connections (TCP port 8080) and SSH connections (TCP port 29418). Apache proxies the relevant URLs on port 80 and 443 through to Gerrit. The SSH port provides a restricted shell for Git upload pack, reviews and administrative commands.

Since the Gerrit v3.2 upgrade in summer 2020, Gerrit no longer uses a conventional, relational database. So if you read somewhere about Gerrit's MySQL (or similar) database or "reviewdb": it is stale information. Instead of a relational database, Gerrit 3 stores the needed data directly in the git repositories (NoteDB). To speed up lookup, it creates indices also known has secondary index. These indices are Lucene backed indices and H2 (flat file database engine from the Java world).

Git repositories are stored at /srv/gerrit/git/.

Gerrit uses the LDAP instance shared with Wikimedia Cloud Services for authentication. Accounts under ou=people,dc=wikimedia,dc=org and groups under ou=groups,dc=wikimedia,dc=org are exposed to Gerrit. The Gerrit account name is the cn field in LDAP. In order to log in to Gerrit, a user needs to already have a Wikimedia developer account. See Help:Getting Started for the process of getting a developer account.

As of July 2021, Gerrit runs with Java 11 (task T268225).