reconciling configuration between gcp and azure production
Some items that came out of a review https://dev.gitlab.org/cookbooks/gitlab-rb-gcp-check/merge_requests/6/diffs
Gitlab rails
- Should we update these now to match prd exactly?
external_url 'https://gprd.gitlab.com';
pages_external_url 'https://gprd.gitlab.io'
gitlab_rails['gitlab_email_from'] = "gitlab@gprd.gitlab.com"
gitlab_rails['incoming_email_address'] = "incoming-gprd+%{key}@gitlab.com"
gitlab_rails['incoming_email_email'] = "incoming-gprd@gitlab.com"
gitlab_rails['incoming_email_password'] = "***"
gitlab_rails['omniauth_providers'] <-- credentials are different than azure production
- As discussed we should set registry_enabled to true in the base role - https://dev.gitlab.org/cookbooks/chef-repo/merge_requests/2295
gitlab_rails['registry_enabled'] = false
- GCP is missing all of these, I assume they need to be added?
gitlab_rails['smtp_authentication'] = "plain"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_password'] = "***"
gitlab_rails['smtp_user_name'] = "gitlab@mg.gitlab.com"
https://dev.gitlab.org/cookbooks/chef-repo/merge_requests/2296
- this contains aws credentials, why do we not have this on gcp, what is it used for?
gitlab_rails['backup_upload_connection']
- Should gitlab-object-storage@gitlab-production.iam.gserviceaccount.com be changed in gcp to gitlab-object-storage-prd@gitlab-production.iam.gserviceaccount.com ?
In azure we have:
gitlab_rails['uploads_object_store_connection'] = {"provider"=>"Google", "google_project"=>"gitlab-production", "google_client_email"=>"gitlab-object-storage-prd@gitlab-production.iam.gserviceaccount.com", "google_json_key_location"=>"/etc/gitlab/gcs-creds.json"}
In GCP we have
gitlab_rails['uploads_object_store_connection'] = {"provider"=>"Google", "google_project"=>"gitlab-production", "google_client_email"=>"gitlab-object-storage@gitlab-production.iam.gserviceaccount.com", "google_json_key_location"=>"/etc/gitlab/gcs-creds.json"}
Registry
- These are currently set to the external gprd url, can we use the internal lb for
registry_api_url
? - Should
registry_host
be the external registry address or can we use an internal lb address?
gitlab_rails['registry_api_url'] = "http://registry.gprd.gitlab.com"
gitlab_rails['registry_host'] = "registry.gprd.gitlab.com"
Postgres
We need a detailed review of postgres settings between Azure and GCP.
Changed tokens
- gitaly_auth_token
- redis password
- gitlab shell secret token
Edited by John Jarvis