Alternate URL for Geo secondaries behind a load balancer
This issue is created based on the investigation done in https://gitlab.com/gitlab-org/gitlab-ee/issues/6306
Problem
Customer's use case is that they want to build multiple Geo secondaries, placed strategically in various geographic areas. Then, users will access Geo through a common name/load balancer. The load balancer intelligently routes the user to the closest Geo node. This is useful in large enterprises because users don't need to know where the Geo nodes are or what their specific URL is.
This currently doesn't work with Geo due to OAuth. When attempting to authenticate via the load balanced name, OAuth fails with 'Invalid URI' on the GitLab primary. However, authentication works fine when accessing a specific Geo node via it's proper URL. This seems to be due to the way we do name matching.
Solution
Make it possible to specify an alternate URL for Geo Node. This URL has to be added to a Doorkeeper application. When I experimented locally I did it like this:
Doorkeeper::Application.last.redirect_uri # => "http://s1.gitlab.com/oauth/geo/callback"
new_redirect_uri = "http://s1.gitlab.com/oauth/geo/callback http://secondary.gitlab.com/oauth/geo/callback"
Doorkeeper::Application.last.update(redirect_uri: new_redirect_uri)This issue will probably need some help of frontend team. The administrator will need somewhere on the UI to specify these URLs.
We'll show the alternate URL and sync URL info in the 'Other information' section, illustrated below:
Refactoring the form in 'Edit node' so it aligns with our form guidelines will make it easier to read and use. 'Alternate URL' fits well, right aligned with the main URL input field.
Attaching how it should look like on mobile as well:
