Skip to content

Set up listeners for git operations (unix socket) and monitoring (tcp) in main.main()

We will initially only run gitaly on 'localhost'. For ease of installation, it is best if that means connecting through a Unix domain socket because:

  • it gives you basic access control via directory permissions
  • no chance of port conflicts during installation

At the same time, we want to have Prometheus integration from the start, and the way we like deploying that for ourselves on gitlab.com means listening on a port on 0.0.0.0.

I see two options now:

  • listen on both a unix socket (for application access) and on a 0.0.0.0 TCP port (prometheus only)
  • fold prometheus into the main listener under /metrics and listen on TCP from the start

In the latter case we need an access control mechanism. It is not OK to have a daemon on 0.0.0.0:xxx (or even 127.0.0.1:xxx) that gives unconditional read/write access to Git repositories managed by GitLab.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information