Geo: Primary Admin Area can do secondary-specific tasks
Follow up #343805 (comment 730066705):
Though.. except for non-proxied pages, which at this point is just the
admin/geo/*
page (and git requests, but that's another topic), now thinking of it.. hmm, with multiple sites under a DNS, how do / should we actually handle the Geo admin/details page?🙀 I realize in testing I was pretty much always directing traffic to a specific secondary, but how would an admin get info about a specific Geo secondary (or get to the replication details page, as they would before by going to the secondary directly)?
🤔 we might need to iterate on the UI and make it accessible from the primary somehow now?Argh, I forgot about the Admin replication details! Given our release discussion, I think it's reasonable to document this limitation of the new Unified URL feature and how to get the information that you need, until we implement issue X.
I thought about this a long time ago in #207168 (closed):
New feature: Unified Admin Area? View and manage any necessary secondary Admin Area things in the primary Admin Area.
since you no longer need to access the secondary Admin Area, we can remove OAuth and secondary Admin Area direct-access proxy exclusions.
Problem
When using Geo with a Unified URL, you cannot easily access the primary or secondary-specific Admin Area > Geo
views.
To illustrate the problem:
- Configure Geo with Unified URL
- Visit the primary at
Admin Area > Geo > Nodes
- Click one of the
Replication Details
buttons - If your request is directed to the primary site, then you should see a 404.
Workaround
Visit the secondary at its IP address, or set up another FQDN that points at the secondary just so you can visit the Geo Admin Area. (I haven't tested this workaround at this time.)
Possible solution
- Behind a feature flag
- Add frontend and routes on the primary to provide Replication Details for any secondary
- Make it so the primary can query the secondaries' tracking database data using GraphQL
- This may be mostly done
- Document that secondaries' url or at least internal_url needs to be accessible to the primary. (That's not a requirement at the moment)
To do
-
Update Firewall and Internal URL doc sections to make it clear that all Geo sites should be able to make HTTP requests to all other Geo sites https://docs.gitlab.com/ee/administration/geo/#firewall-rules -
Document a Replication Details bug for non-SSF data types as a temporary limitation of Unified URL https://docs.gitlab.com/ee/administration/geo/secondary_proxy/#limitations and also link to that section from the general Geo Limitations section https://docs.gitlab.com/ee/administration/geo/#limitations -
Open an issue (or include the change here) to proxy the whole Geo Admin Area to the primary instead of making the secondary serve it.