Proxy Geo secondary HTTP pushes + LFS through Workhorse
What does this MR do and why?
As the secondary is read-only, we want to ensure pushes are proxied to the primary, while reads are served localy, same with LFS files.
Screenshots or screen recordings
How to set up and validate locally
This is not particularly useful on its own, and its functionality depends on !71711 (merged). Because unified URL proxying isn't very straightforward to test in the GDK, this is also likely easier to test in an Omnibus Geo setup, so the steps assume it:
- Rebase this locally on !71711 (merged) (
cat-always-redirect-geo-primary-external-url
) - Configure the Geo proxying and use unified URLs:
-
In the secondary
gitlab.rb
, set the external URL to be the same as the primary and add:gitlab_workhorse['env'] = { "GEO_SECONDARY_PROXY" => "1" }
-
Then, run a
gitlab-ctl reconfigure
andgitlab-ctl restart gitlab-workhorse
-
In a primary Rails node, run
gitlab-rails runner "Feature.enabled(:geo_secondary_proxy)"
-
For the primary, set a separate internal URL (you can use the IP directly), and edit the secondary's URL to be the same URL as the primary
-
- Manually point your unified URL to the secondary (through
/etc/hosts
or otherwise) - Attempt a HTTP(s) push and notice you get redirected to
/-/push_from_secondary
and then the push works, proxied to the primary - Try to push & pull LFS through HTTP(s) and SSH and notice everything working.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.