Enable Jira public key storage on GitLab.com
Production Change
Change Summary
I'm replacing the gitlab.jira_connect.enable_public_keys_storage
config with an application setting (gitlab-org/gitlab!110640 (merged)).
The config is set to false
by default but true
for GitLab.com. To allow a smooth transition. I want to roll this out in 3 steps:
- Introduce new application setting. (gitlab-org/gitlab!110640 (merged))
- Set the setting to
true
on GitLab.com. (this change request) - Remove the
gitlab.jira_connect.enable_public_keys_storage
config. (gitlab-org/gitlab#391330 (closed))
Change Details
- Services Impacted - ServiceGitLab Rails
- Change Technician - DRI for the execution of this change
- Change Reviewer - DRI for the review of this change
- Time tracking - Time, in minutes, needed to execute all change steps, including rollback
- Downtime Component - No
Detailed steps for the change
Change Steps - steps to take to execute the change
Estimated Time to Complete (mins) - 1
-
Set label changein-progress /label ~change::in-progress
-
Go to https://gitlab.com/admin/application_settings/general. -
Expand the GitLab for Jira App at the bottom of the page. -
Select Enable public key storage. -
Select Save changes. -
Set label changecomplete /label ~change::complete
Rollback
Rollback steps - steps to be taken in the event of a need to rollback this change
Estimated Time to Complete (mins) - Estimated Time to Complete in Minutes
-
Go to https://gitlab.com/admin/application_settings/general. -
Expand the GitLab for Jira App at the bottom of the page. -
Un-select Enable public key storage. -
Select Save changes. -
Set label changeaborted /label ~change::aborted
Monitoring
Key metrics to observe
No changes are expected because the gitlab.jira_connect.enable_public_keys_storage
config still exists and acts as a fallback (https://gitlab.com/gitlab-org/gitlab/-/blob/31be68df6cf2ccbc48ff27c168e097c8747a2eb1/app/controllers/jira_connect/public_keys_controller.rb#L25)
- Metric: Metric Name
- Location: Dashboard URL
- What changes to this metric should prompt a rollback: Describe Changes
Change Reviewer checklist
-
Check if the following applies: - The scheduled day and time of execution of the change is appropriate.
- The change plan is technically accurate.
- The change plan includes estimated timing values based on previous testing.
- The change plan includes a viable rollback plan.
- The specified metrics/monitoring dashboards provide sufficient visibility for the change.
-
Check if the following applies: - The complexity of the plan is appropriate for the corresponding risk of the change. (i.e. the plan contains clear details).
- The change plan includes success measures for all steps/milestones during the execution.
- The change adequately minimizes risk within the environment/service.
- The performance implications of executing the change are well-understood and documented.
- The specified metrics/monitoring dashboards provide sufficient visibility for the change.
- If not, is it possible (or necessary) to make changes to observability platforms for added visibility?
- The change has a primary and secondary SRE with knowledge of the details available during the change window.
- The labels blocks deployments and/or blocks feature-flags are applied as necessary
Change Technician checklist
-
Check if all items below are complete: - The change plan is technically accurate.
- This Change Issue is linked to the appropriate Issue and/or Epic
- Change has been tested in staging and results noted in a comment on this issue.
- A dry-run has been conducted and results noted in a comment on this issue.
- The change execution window respects the Production Change Lock periods.
- For C1 and C2 change issues, the change event is added to the GitLab Production calendar.
- For C1 and C2 change issues, the SRE on-call has been informed prior to change being rolled out. (In #production channel, mention
@sre-oncall
and this issue and await their acknowledgement.) - For C1 and C2 change issues, the SRE on-call provided approval with the eoc_approved label on the issue.
- For C1 and C2 change issues, the Infrastructure Manager provided approval with the manager_approved label on the issue.
- Release managers have been informed (If needed! Cases include DB change) prior to change being rolled out. (In #production channel, mention
@release-managers
and this issue and await their acknowledgment.) - There are currently no active incidents that are severity1 or severity2
- If the change involves doing maintenance on a database host, an appropriate silence targeting the host(s) should be added for the duration of the change.
Edited by Stan Hu