Resolve "Geo: JWT token expiration too short" (!154474) · Merge requests · GitLab.org / GitLab

Michael Kozono requested to merge 464101-geo-jwt-token-expiration-too-short into master May 28, 2024

What does this MR do and why?

Increase Geo's JWT expiration, in particular for large Git repositories with a lot of refs that take too long during the info/refs request phase of Git fetch. This is causing Geo replication authentication to fail for repos with too many refs.

Resolves #464101

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Set up Geo
Increase Gitaly timeouts on both primary and secondary sites
Insert a line sleep 120 at https://gitlab.com/gitlab-org/gitlab/-/blob/c89636ff9abc460d8da7b2224442fc3fe4e9c181/app/controllers/repositories/git_http_controller.rb#L22 on the primary site
With the secondary site running on master, then Git repository syncs will fail
With the secondary site running on this MR's branch, then Git repository syncs will succeed

Related to #464101

Edited May 30, 2024 by Michael Kozono

Resolve "Geo: JWT token expiration too short"

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports