Add Container Registry metadata database to legacy backup tool
Summary
Add support for backing up and restoring the Container Registry metadata database in the legacy backup tool. This includes accepting connection information via environment variables and conditionally including the registry database in backup operations.
Implementation Proposal
1. Environment Variable Support
Add support for passing registry database connection info via environment variables to align with current backup tool workflow (similar to SKIP, COMPRESS_CMD, etc.):
REGISTRY_DATABASE_HOSTREGISTRY_DATABASE_PORT-
REGISTRY_DATABASE_NAME(dbname) REGISTRY_DATABASE_USERREGISTRY_DATABASE_PASSWORDREGISTRY_DATABASE_SSLMODE
2. Conditional Database Inclusion
Conditionally add the registry database to the list of databases to be backed up when:
-
databases.enabled == truein the registry configuration, OR - The registry database environment variables are present
Implementation location options:
-
Option A (Recommended): Update
lib/backup/targets/database.rb#each_databaseto keep changes localized to the legacy backup tool -
Option B: Update
lib/gitlab/database/each_database.rbfor broader integration
Recommendation is Option A to minimize impact on non-backup code paths.
3. Backup Verification
Add verification step to ensure registry database backups are valid:
- Checksum validation
- Basic restore test capability
- Backup metadata tracking
4. Security Considerations
- Ensure credentials are handled securely in memory
- Add audit logging for registry database backup operations
- Validate SSL/TLS connection requirements
Exit Criteria
-
Registry database can be backed up when environment variables are set -
Registry database is conditionally included based on configuration -
Backup verification confirms data integrity -
Security review completed -
Unit tests cover new functionality -
Integration tests validate end-to-end backup/restore
Related
- Parent epic: gitlab-com/gl-infra/data-access/durability#45
- Original issue: #532507
Edited by 🤖 GitLab Bot 🤖