Set up listeners for git operations (unix socket) and monitoring (tcp) in main.main()
We will initially only run gitaly on 'localhost'. For ease of installation, it is best if that means connecting through a Unix domain socket because:
- it gives you basic access control via directory permissions
- no chance of port conflicts during installation
At the same time, we want to have Prometheus integration from the start, and the way we like deploying that for ourselves on gitlab.com means listening on a port on 0.0.0.0.
I see two options now:
- listen on both a unix socket (for application access) and on a 0.0.0.0 TCP port (prometheus only)
- fold prometheus into the main listener under
/metrics
and listen on TCP from the start
In the latter case we need an access control mechanism. It is not OK to have a daemon on 0.0.0.0:xxx (or even 127.0.0.1:xxx) that gives unconditional read/write access to Git repositories managed by GitLab.