Allow multiple secondary nodes behind a load balancer
What does this MR do?
Background
A Geo node has a record in the geo_nodes
table. It knows which one it belongs to by comparing its external_url
in gitlab.rb
with the geo_nodes.url
column.
Problem
geo_nodes.url
must be unique so it can be used as an identifier. But this forces external_url
to be unique as well. This constraint on external_url
prevents at least the following use cases:
- All secondaries can be accessed via a geographically-aware load balancer
- Active-passive Geo nodes (if we implement secondaries as transparent primaries)
Solution
Decouple GeoNode
identity from external_url
.
Add a gitlab.rb
setting (let's say gitlab_rails['geo_node_name']
) paired with a new geo_nodes
column (let's say name
) and use those as identifiers.
Here is the omnibus MR adding the gitlab.rb
setting: omnibus-gitlab!3201 (merged)
In this MR, gitlab_rails['geo_node_name']
ends up in Rails as Gitlab.config.geo.node_name
.
Backwards-compatible
-
Gitlab.config.geo.node_name
defaults toexternal_url
(plus a terminating/
). -
geo_nodes.name
copiesgeo_nodes.url
in a one-time data migration. This is reversible as long as all nodes'name
andurl
remain identical.
Side note: Difference from initial proposal
In the initial proposal https://gitlab.com/gitlab-org/gitlab-ee/issues/9123#note_153433953, I suggested we can rename geo_nodes.url
to geo_nodes.name
. It turns out there are a number of instances where we secondary nodes need to know a user-facing primary node URL:
- https://gitlab.com/gitlab-org/gitlab-ee/blob/v11.10.0-rc5-ee/ee/app/controllers/ee/application_controller.rb#L15
- https://gitlab.com/gitlab-org/gitlab-ee/blob/v11.10.0-rc5-ee/ee/app/helpers/ee/gitlab_routing_helper.rb#L10
- https://gitlab.com/gitlab-org/gitlab-ee/blob/v11.10.0-rc5-ee/ee/app/helpers/ee/application_helper.rb#L15
etc.
And the primary needs to know the secondary URLs to set the OAuth application redirect URI.
So we should retain geo_nodes.url
for these purposes. As a bonus, a URL field is needed later so the primary can specify a unique, user-facing URL when we allow all nodes to be put behind a load balancer #10888 (closed).
Though the primary must have a unique URL in #10888 (closed), we need to remove the uniqueness
constraint so secondaries can all use the same URL (to resolve this MR's issue).
Screenshot of new Name field in Geo Node Edit form
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
To do
-
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/11515 must be merged first -
target master -
After this MR is merged, also merge the omnibus MR: omnibus-gitlab!3201 (merged)