Geo - Design of the testing infrastructure and possible test plan
Summary
The GEO testbed is provisioned using terraform and will contain a copy of the production database and subset of repositories (nfs-08) and will run on a single VM in Azure. Although the process to tear down and create the infrastructure is automated the process currently takes around 6 hours because of the database restore.
How to access
VPN access required
- Production copy: https://prod.geo.gitlab.com
- GEO test instance: https://sync.geo.gitlab.com
Note to access these instances VPN access is required.
Important milestones
-
Create terraform configuration for prod clone. -
Ensure that inbound and outbound network access is restricted to the VPN -
Ensure that the instance is healthy and that GEO configuration can be modified. -
Create terraform configuration for prod sync. -
Sanitization script to disable webooks and disable non-gitlab accounts -
Ensure that this testbed is meeting security requirements. -
Setup automatic deployments using nightly builds to both VMs.
Security and Isolation
The GEO testbed is isolated by being situated behind the VPN proxy. All inbound and outbound network connections to the prod copy instance are limited to.
- The VPN IP address
- The server that acts as the GEO node.
Here are some of the risks identified:
- Private repository data (names, contents, etc) - For now we are limiting this testbed by requiring VPN access.
- Web hooks - These are disabled as part of provisioning.
- Misconfiguration - The outbound network access of the instance is restricted to the VPN endpoints
- Accidental emails - Email is disabled globally, also outbound connectivity is limited.
The testbed should always restrict outbound network access while GitLab is running. This means that during tear-down the network restrictions should not be lifted.
Configuration
Azure instance, production copy
Instance size: Standard_DS4_v2 (8vCPU 28GiB)
Disk: 16 1TB Premium_LRS
- The production copy is configured by doing point-in-time database restore using WAL-E and repository restore from snapshot from a single nfs server (file-08)
- All git data directories are configured, for those that are not present you will see a repository not found error.
GCE instance for synchronization
Instance size: n1-standard-8 (8vCPU 30GiB)
Disk: 20TB pd-ssd
- The GCE instance uses a single disk and only allows connections from the VPN and the Azure instance.