Perform Git over HTTP request to primary repo (!716) · Merge requests · GitLab.org / gitlab-shell

Instead of proxying the Geo request via Rails, let's do the Git over HTTP request to the primary repo

sequenceDiagram
    participant C as Git on client
    participant S as GitLab Shell
    participant I as Workhorse & Rails
    participant P as Workhorse & Rails

    Note left of C: git fetch
    Note over S,I: Secondary site
    Note over P: Primary site
    C->>+S: ssh git receive-pack request
    S->>I: SSH key validation (api/v4/internal/authorized_keys?key=..)
    I-->>S: HTTP/1.1 300 (custom action status) with {endpoint, msg, primary_repo}
    S->>I: POST /api/v4/geo/proxy_git_ssh/info_refs_receive_pack
    I->>P: POST $PRIMARY/foo/bar.git/info/refs/?service=git-receive-pack
    P-->>I: HTTP/1.1 200 OK
    I-->>S: <response>
    S-->>C: return Git response from primary
    C-->>S: stream Git data to push
    S->>I: POST /api/v4/geo/proxy_git_ssh/receive_pack
    I->>P: POST $PRIMARY/foo/bar.git/git-receive-pack
    P-->>I: HTTP/1.1 200 OK
    I-->>S: <response>
    S-->>-C: gitlab-shell receive-pack response

After

When a user performs a Git over SSH request to secondary node, Gitlab Shell performs Git over HTTP requests to primary Workhorse & Rails.

sequenceDiagram
    participant C as Git on client
    participant S as GitLab Shell
    participant I as Workhorse & Rails
    participant P as Workhorse & Rails

    Note left of C: git fetch
    Note over S,I: Secondary site
    Note over P: Primary site
    C->>+S: ssh git receive-pack request
    S->>I: SSH key validation (api/v4/internal/authorized_keys?key=..)
    I-->>S: HTTP/1.1 300 (custom action status) with {endpoint, msg, primary_repo, authorization headers}
    S->>P: POST $PRIMARY/foo/bar.git/info/refs/?service=git-receive-pack
    P-->>S: HTTP/1.1 200 OK
    P-->>S: <response>
    S-->>C: return Git response from primary
    C-->>S: stream Git data to push
    S->>P: POST $PRIMARY/foo/bar.git/git-receive-pack
    P-->>S: HTTP/1.1 200 OK
    P-->>S: <response>
    S-->>-C: gitlab-shell receive-pack response

Testing

Install Geo https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/geo.md
Checkout to Geo: Send auth headers to GitLab Shell (gitlab!111888 - merged) on Gitlab Rails secondary
Checkout to this branch on Gitlab Shell secondary
gdk start
gdk stop sshd (in order to run it manually to make sure it compiles and outputs logs)
make && bin/gitlab-sshd -config-dir=. from Gitlab Shell
Perform push to secondary
Gitlab Shell logs should show that the requests go to geo/proxy_git_ssh/... endpoints
Enable geo_proxy_direct_to_primary feature flag on Rails
Perform push to secondary
Gitlab Shell logs should show that Primary is requested directly

Edited Feb 14, 2023 by Igor Drozdov

Perform Git over HTTP request to primary repo

After

Testing

Merge request reports