2024-04-10: Migrate OPS container registry to database
Production Change
Change Summary
In GitLab v17 the registry metadata is moving from being self-contained in the storage bucket to a new metadata database. This feature is already available since v16.4 and we want to migrate to it in advance to prepare for the upgrade, and to match the current gprd
configuration as the configuration difference lead to false assumptions causing an incident.
The 3-step migration is not supported for Kubernetes installations so we will need to do the 1-step migration which requires putting the registry in readonly mode during the operation which could last a few hours. There is 9TiB of data in the bucket which means about 2 hours of migration time according to the documentation, let's say 3 hours to be safe.
Migration documentation:
- https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/database-quick-start.md#option-1-one-step-import
- https://docs.gitlab.com/charts/charts/registry/metadata_database.html#existing-registries
Issue: Migrate OPS container registry to database setup (production-engineering#24685 - closed)
corrective action for 2023-10-24: Image pulling from ops registry fai... (#17020 - closed)
Change Details
- Services Impacted - ServiceOpsGitlabNet
-
Change Technician -
@pguinoiseau
- Change Reviewer - @ayeung
- Time tracking - 180 minutes
-
Downtime Component -
registry.ops.gitlab.net
in readonly mode
Set Maintenance Mode in GitLab
If your change involves scheduled maintenance, add a step to set and unset maintenance mode per our runbooks. This will make sure SLA calculations adjust for the maintenance period.
Detailed steps for the change
Change Steps - steps to take to execute the change
Estimated Time to Complete (mins) - 180 minutes
-
2 hours prior, post an announcement in #infrastructure-lounge
and#s_platforms
to warn about the Ops registry going into readonly mode -
Set label changein-progress /label ~change::in-progress
-
Merge and apply the Registry database configuration, setting also the registry in readonly mode: gitlab-com/gl-infra/k8s-workloads/gitlab-helmfiles!4407 (merged) -
Run the database import command in a Registry pod: kubectl --context gke_gitlab-ops_us-central1_ops-central -n gitlab exec -ti gitlab-registry-XXX -c registry -- /usr/bin/registry database import --log-to-stdout /etc/docker/registry/config.yml
-
Disable readonly mode: gitlab-com/gl-infra/k8s-workloads/gitlab-helmfiles!4670 (merged) -
Set label changecomplete /label ~change::complete
Rollback
Rollback steps - steps to be taken in the event of a need to rollback this change
Note: There is no rollback possible without loss of data after readonly mode is disabled.
Estimated Time to Complete (mins) - 10 minutes
-
Revert gitlab-com/gl-infra/k8s-workloads/gitlab-helmfiles!4407 (merged) -
Set label changeaborted /label ~change::aborted
Monitoring
Key metrics to observe
- Metric: Service Apdex / Error rate
- Location: https://dashboards.gitlab.net/d/ops-gitlab-net-main/ops-gitlab-net3a-overview?orgId=1
- What changes to this metric should prompt a rollback: significant apdex / error rate degradation, keeping in mind that Registry write operations will fail.
- Metric: PostgreSQL Transaction Count, Rows Processed, etc.
Change Reviewer checklist
-
Check if the following applies: - The scheduled day and time of execution of the change is appropriate.
- The change plan is technically accurate.
- The change plan includes estimated timing values based on previous testing.
- The change plan includes a viable rollback plan.
- The specified metrics/monitoring dashboards provide sufficient visibility for the change.
-
Check if the following applies: - The complexity of the plan is appropriate for the corresponding risk of the change. (i.e. the plan contains clear details).
- The change plan includes success measures for all steps/milestones during the execution.
- The change adequately minimizes risk within the environment/service.
- The performance implications of executing the change are well-understood and documented.
- The specified metrics/monitoring dashboards provide sufficient visibility for the change.
- If not, is it possible (or necessary) to make changes to observability platforms for added visibility?
- The change has a primary and secondary SRE with knowledge of the details available during the change window.
- The change window has been agreed with Release Managers in advance of the change. If the change is planned for APAC hours, this issue has an agreed pre-change approval.
- The labels blocks deployments and/or blocks feature-flags are applied as necessary.
Change Technician checklist
-
Check if all items below are complete: - The change plan is technically accurate.
- This Change Issue is linked to the appropriate Issue and/or Epic
- Change has been tested in staging and results noted in a comment on this issue.
- A dry-run has been conducted and results noted in a comment on this issue.
- The change execution window respects the Production Change Lock periods.
- For C1 and C2 change issues, the change event is added to the GitLab Production calendar.
- For C1 and C2 change issues, the SRE on-call has been informed prior to change being rolled out. (In #production channel, mention
@sre-oncall
and this issue and await their acknowledgement.) - For C1 and C2 change issues, the SRE on-call provided approval with the eoc_approved label on the issue.
- For C1 and C2 change issues, the Infrastructure Manager provided approval with the manager_approved label on the issue.
- Release managers have been informed prior to any C1, C2, or blocks deployments change being rolled out. (In #production channel, mention
@release-managers
and this issue and await their acknowledgment.) - There are currently no active incidents that are severity1 or severity2
- If the change involves doing maintenance on a database host, an appropriate silence targeting the host(s) should be added for the duration of the change.