Geo: rake gitlab:geo:check fails the HTTP connection check with Kerberos SPNEGO configured
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
From a Slack conversation (internal link) about a customer ticket (internal link):
enabling the
keberos_spegnoprovider inomniauth_auto_sign_in_with_providergenerated a failure incheck_gitlab_geo_node
Hmm. It has been this way for a long time, but it used to look for Net::HTTPFound 1f679685
it is mostly advisory-- if the secondary cannot successfully make HTTP requests to the primary, then Geo won't work
Gitlab::HTTP uses HTTParty and I guess it follows the redirect by default and you end up on the sign_in page with a 200 HTTP status code.
I'm not sure that the omniauth auto sign-in (at least with kerberos_spnego ) falls back to the sign in looking at the test - it probably returns a 401 : https://gitlab.com/gitlab-org/gitlab/blob/07fb7498a8c401b8d0300a1bf5143fa5fe45fe9f/ee/spec/requests/omniauth_kerberos_spnego_spec.rb#L20
Ok that makes sense that it would be a false positive for this check then.
Steps to reproduce
Example Project
What is the current bug behavior?
What is the expected correct behavior?
Relevant logs and/or screenshots
Possible fixes
Request a specific path (not root /) which is not affected when using a different authentication method on the primary. Maybe https://docs.gitlab.com/ee/user/admin_area/monitoring/health_check.html#health Never mind-- on staging.gitlab.com, for example, we don't expose the health checks publicly.