Consider refactoring Praefect's storage nodes config structure
Currently we configure storage nodes for praefect in the following manner on gitlab.rb
:
praefect['storage_nodes'] = [
{
'storage' => 'praefect',
'address' => 'tcp://12:23:56:78',
'token' => 'abc123'
},
{
'storage' => 'praefect-2',
'address' => 'tcp://praefect2.internal',
'token' => 'xyz456'
}
]
I'd like to propose a change to a scheme where we move from an array of objects to an object where the property names are the storage names, such that the previous configuration would look like this:
praefect['storage_nodes'] = {
'praefect' => {
'address' => 'tcp://12:23:56:78',
'token' => 'abc123'
},
'praefect-2' => {
'address' => 'tcp://praefect2.internal',
'token' => 'xyz456'
}
}
What made me want to re-think our scheme was working on gitlab-com/gl-infra/production#1256 (closed). We use the gitlab-secrets cookbook for secret management, which uses Hash#deep_merge!
underneath. This means that in chef-repo (e.g. here) we can't add secrets like we do elsewhere with something like:
"storage_nodes": [
{
"storage": "nfs-file22",
"address": "tcp://file-03-stor-gstg.c.gitlab-staging-1.internal:9999",
"primary": true,
"token": "[in vault]"
}
]
because deep_merge
doesn't merge arrays. We'd have to put the whole storage_nodes
array into the vault, which is overkill. With the new proposed scheme we can put a key under praefect.storage_nodes.token
in the vault and have the public information in the chef-repo role.
/cc @gl-gitaly