Enable interactive web terminal for GitLab.com
Problem to solve
We have support for docker executor for web terminals and we should enable it on GitLab.com since it's a core feature.
Further details
This will add the ability to use interactive web terminals on .com, giving many users the ability to take advantage of this feature. We have to be careful before enabling this feature, however, since it can have an impact on production performance and security characteristics. This issue represents the due diligence from an engineering side to do this investigation and, once complete (assuming no hurdles), enable the feature on .com.
Currently, shared runners are using the docker executor, which is partially supported, there are talks to use kubernetes since we have better support for it. From a security perspective both. There are also plans to migrate to kubernets for our runner managers but that will not affect the proposal below or vice versa.
Resoruces
- Interactive web terminal documentation
- Web terminal for WebIDE
- Architecture overview
- Tecnical Doucmentation
Proposal
This issue picks up after the ~backstage work (steps 1-5) in https://gitlab.com/gitlab-org/gitlab-ce/issues/52611 has been completed. Please see that issue for those steps.
private-runners-manager-5.gitlab.com
for CI jobs
6. Start using Given all previous steps have been successful especially step 4 & 5 we can start using the runner manager for running some tests. We can do this in two ways:
- Set specific jobs with the correct tags (
interactive-web-terminal
,gitlab-org
) inside of the.gitlab-ci.yml
file - Configure the group runner to pick up untagged jobs
It might also be ideal to do both of them, reason being the runner manager will pick up more jobs and still have predictability on which jobs we can find the interactive web terminal for debugging a running job
Requirements/Stakeholders:
- SRE/~Verify GitLab.com admin to configure runner to pick up untagged jobs
- ~Verify to add the correct tags to
.gitlab-ci.yml
if we want specific jobs to run them
7. Roll out other runner managers
Rolling this out to the other runners, following the order below. All of the steps require us to update the respective role inside of https://ops.gitlab.net/gitlab-cookbooks/chef-repo and a period of 3-5 days each to monitor the situation.
- Update all the private runner manages by updating the
gitlab-runner-prm
- Update gitlab shared runner managers by updating
gitlab-runner-gsrm
- Update the final shared runner manages by updating
gitlab-runner-srm
Requirements/Stakeholders:
- ~Verify To add the necessary configuration
private-runners-manager-5.gitlab.com
8. Remove private-runners-manager-5.gitlab.com
served its purpose and can be removed since there is no benefit of having another manager.
Requirements/Stakeholders:
- ~Verify to update chef configurtion and remove the box.
What does success look like, and how can we measure that?
- Users can use the web terminal on their jobs when they are GitLab.com user and for the Web IDE.
- Easy to maintain for SREs.
- Doesn't affect any uptime for CI.
- Performance of each runner manager is not effected by a large amount.