reconciling configuration between gcp and azure production

Some items that came out of a review https://dev.gitlab.org/cookbooks/gitlab-rb-gcp-check/merge_requests/6/diffs

Gitlab rails

Should we update these now to match prd exactly?

external_url 'https://gprd.gitlab.com';
pages_external_url 'https://gprd.gitlab.io'
gitlab_rails[&#39;gitlab_email_from&#39;] = "gitlab@gprd.gitlab.com"
gitlab_rails[&#39;incoming_email_address&#39;] = "incoming-gprd+%{key}@gitlab.com"
gitlab_rails[&#39;incoming_email_email&#39;] = "incoming-gprd@gitlab.com"
gitlab_rails[&#39;incoming_email_password&#39;] = "***"
gitlab_rails[&#39;omniauth_providers&#39;] <-- credentials are different than azure production

As discussed we should set registry_enabled to true in the base role - https://dev.gitlab.org/cookbooks/chef-repo/merge_requests/2295

gitlab_rails[&#39;registry_enabled&#39;] = false

GCP is missing all of these, I assume they need to be added?

gitlab_rails[&#39;smtp_authentication&#39;] = "plain"
gitlab_rails[&#39;smtp_enable_starttls_auto&#39;] = true
gitlab_rails[&#39;smtp_password&#39;] = "***"
gitlab_rails[&#39;smtp_user_name&#39;] = "gitlab@mg.gitlab.com"

https://dev.gitlab.org/cookbooks/chef-repo/merge_requests/2296

this contains aws credentials, why do we not have this on gcp, what is it used for?

gitlab_rails[&#39;backup_upload_connection&#39;]

Should gitlab-object-storage@gitlab-production.iam.gserviceaccount.com be changed in gcp to gitlab-object-storage-prd@gitlab-production.iam.gserviceaccount.com ?

In azure we have:

gitlab_rails[&#39;uploads_object_store_connection&#39;] = {"provider"=>"Google", "google_project"=>"gitlab-production", "google_client_email"=>"gitlab-object-storage-prd@gitlab-production.iam.gserviceaccount.com", "google_json_key_location"=>"/etc/gitlab/gcs-creds.json"}

In GCP we have

gitlab_rails[&#39;uploads_object_store_connection&#39;] = {"provider"=>"Google", "google_project"=>"gitlab-production", "google_client_email"=>"gitlab-object-storage@gitlab-production.iam.gserviceaccount.com", "google_json_key_location"=>"/etc/gitlab/gcs-creds.json"}

Registry

These are currently set to the external gprd url, can we use the internal lb for registry_api_url?
Should registry_host be the external registry address or can we use an internal lb address?

gitlab_rails[&#39;registry_api_url&#39;] = "http://registry.gprd.gitlab.com"
gitlab_rails[&#39;registry_host&#39;] = "registry.gprd.gitlab.com"

Postgres

We need a detailed review of postgres settings between Azure and GCP.

Changed tokens

gitaly_auth_token
redis password
gitlab shell secret token

Edited Jul 17, 2018 by John Jarvis