When doing Gerrit deployment we extract bundled plugins with: java -jar bin/gerrit.war init --batch --install-all-plugins which actually runs the whole initialization process. One side effect is it normalizes the gerrit.config which is later overwritten by the Puppet one.
A capture of the differences:
gerrit2@gerrit2001:~/review_site/etc$ diff gerrit.config.before-gerrit-init gerrit.config 67c67 < link = "/q/$1" --- > link = /q/$1 76c76 < html = "$1<a href=\"/q/$2\">$2</a>" --- > html = $1<a href=\"/q/$2\">$2</a> 110,111c110,111 < javaOptions = "-XX:+UseG1GC" < javaOptions = "-Xmx32g -Xms32g" --- > javaOptions = -XX:+UseG1GC > javaOptions = -Xmx32g -Xms32g 114,119c114,119 < javaOptions = "-XX:+UnlockExperimentalVMOptions" < javaOptions = "-XX:G1NewSizePercent=15" < javaOptions = "-XX:+UseStringDeduplication" < javaOptions = "-XX:+HeapDumpOnOutOfMemoryError" < javaOptions = "-XX:+ExitOnOutOfMemoryError" < javaOptions = "-XX:HeapDumpPath=/srv/gerrit" --- > javaOptions = -XX:+UnlockExperimentalVMOptions > javaOptions = -XX:G1NewSizePercent=15 > javaOptions = -XX:+UseStringDeduplication > javaOptions = -XX:+HeapDumpOnOutOfMemoryError > javaOptions = -XX:+ExitOnOutOfMemoryError > javaOptions = -XX:HeapDumpPath=/srv/gerrit 254d253 < smtpEncryption = none 257c256 < listenAddress = 208.80.153.107:29418 --- > listenAddress = [2620:0:860:4:208:80:153:107]:29418
The last one is sshd.listenAddress. It used to be set to gerrit.wikimedia.org probably to workaround the faulty detection by gerrit init.
The configuration should not vary.