User facing configuration for roles
Iteration 3 of Role based services: #2560 (closed)
Using this issue as a brain dump as I try to figure out how best to do this.
Two existing methods of configuring gitlab.rb HA that we want to continue forward
Method 1 - 3rd party node management
This is using chef, puppet, ansible, etc to manage your gitlab nodes, and is in charge of configuring gitlab.rb on each node. This method works by the node management solution providing a different gitlab.rb to the different nodes.
The gitlab.rb is often generated from properties defined in the 3rd party solution, and so as a result, any role configuration we have needs to also be easily generated. It's simpler for these systems to set one-liners instead of managing config blocks. (ie wrapping config in a role block)
Method 2 - /etc/gitlab is shared and mounted on all instances
This is often the easiest way to have the secrets and ssl certs persisted, in this method current users often have a second mount that overlays a custom gitlab.rb into the directory for that node.
This method is also how our container clusters generally are setup at the moment. (OpenShift, Kubernetes, DC/OS)
Moving forward, it would probably be ideal to allow the full configuration of all possible nodes to exist in the mounted gitlab.rb (or accross several files, loaded into gitlab.rb using from_file
) But have some configuration external to the gitlab.rb file that indicates which role is actually turned on.
The GitLab.rb file
This config file is a ruby file, but I have not seen configs that really take advantage of that. People configuring these files do not necessarily have ruby knowledge, so we should probably avoid a block syntax for role configuration.
# confusing ruby syntax
role 'redis_master' do
gitlab_rails['time_zone'] = 'UTC'
end
# same syntax, more familiar to something like a nginx config, but too fragile (newlining the block breaks it)
role 'redis_master' {
gitlab_rails['time_zone'] = 'UTC'
}
# makes 'gitlab_rails' call different than non_role config, not ideal
redis_master['gitlab_rails']['time_zone'] = 'UTC'
# Better, not clear that redis_master is a role?
redis_master.gitlab_rails['time_zone'] = 'UTC'
WIP config proposal
What roles are enabled/disabled declared at the top. Might try calling them something like server_roles
# Set the type of server this instance is.
server_roles 'redis_master_role' #should allow multiple
# Normal base settings
gitlab_rails['time_zone'] = 'UTC'
# role specific overrides
redis_master_role.gitlab_rails['time_zone'] = 'UTC'
Setting can be referenced/set using redis_master_role['gitlab_rails']['time_zone']
as well (allows roles to be used by our prod config without too much tweaking)
Will also explore allowing the server_roles to be overridden/configured outside of /etc/gitlab
Through an environment variable, or perhaps in a new file /etc/gitlab.conf
During documentation, I am looking to include a reference to how to setup a multi rb file layout. Where you can separate your roles config into separate files, and load them all using from_file
lines in your gitlab.rb
Documentation
Each role will have it's own doc page. The page should contain a code block of all the config that you might want to set for that role type. With required values being uncommented and optional changes being commented. This config can be pasted into gitlab.rb, or into it's own rb file and loaded from gitlab.rb using from_file
And then of course any other role specific documentation needed.