Air-Gapped Implementation 2 — Gerrit Stack — VM2 (Docker Compose)

This runbook describes how to deploy Gerrit on VM2 using Docker Compose so that it aligns with the Zuul stack network and is available for SSH validation steps in the Zuul runbook. Use this stack as the authoritative control plane for the disconnected site, keeping replication and access controls local to the air-gapped LAN.

Compose service definition

Add the Gerrit service to the same Docker Compose project used by the Zuul stack so it lands on the shared Docker network:

  gerrit:
    image: gerritcodereview/gerrit:3.9.5
    container_name: gerrit
    restart: unless-stopped
    environment:
      - CANONICAL_WEB_URL=http://<VM2_IP_OR_FQDN>:8080/
    volumes:
      - /var/lib/gerrit:/var/gerrit  # persistent site data
    ports:
      - "8080:8080"   # HTTP/REST
      - "29418:29418" # SSH/git/events
    networks:
      - default  # matches the Zuul compose network

Start and validate Gerrit

Run these commands from the compose directory (for example, /opt/zuul-compose):

cd /opt/zuul-compose

# Start the container
docker compose up -d gerrit

# Check container state
docker compose ps gerrit

# HTTP health check
curl -sSf http://localhost:8080/ >/dev/null

# SSH health check and version output
ssh -p 29418 -o StrictHostKeyChecking=no localhost gerrit version

Important: Gerrit must be running before performing the SSH validation steps in Section 7 of the Zuul runbook.