Add registry-database import command to gitlab-ctl
What does this MR do?
Adds a new import command under gitlab-ctl registry-database that wraps the registry database import tool, which provides users with the ability to migrate from filesystem metadata (old registry) to database metadata (new registry).
Syntax
$ gitlab-ctl registry-database import -h
Import filesystem metadata into the database
Usage:
gitlab-ctl registry-database import [options]
Options:
-B, --common-blobs import all blob metadata from common storage
-c, --row-count count and log number of rows across relevant database tables on (pre)import completion
-d, --dry-run do not commit changes to the database
-e, --require-empty-database abort import if the database is not empty
-p, --pre-import import immutable repository-scoped data to speed up a following import
-r, --all-repositories import all repository-scoped data
-h, --help help for import
-1, --step-one pre-import perform step one of a multi-step import: alias for pre-import
-2, --step-two all-repositories perform step two of a multi-step import: alias for all-repositories
-3, --step-three common-blobs perform step three of a multi-step import: alias for common-blobsFor more details about each option please see the documentation linked above.
Validations
- The registry must be enabled before proceeding
- The registry binary exists
- The configuration file exists
- If the registry is running and not set to read-only mode, the execution is aborted when using the
-r/--all-repositoriesor-2/--step-twooptions
Why?
As of today, users in the Beta program of Release container registry with metadata databa... (&5521) need to bypass gitlab-ctl and interact directly with the registry CLI to perform a migration. With this change we allow them to keep using gitlab-ctl, while also providing another layer for basic validations.
Testing
Initial setup
-
Setup a development Omnibus environment
-
Provision a separate PostgreSQL instance and create a logical database, for example:
CREATE USER registry WITH PASSWORD 'registrypassword' CREATE DATABASE registry_omnibus WITH OWNER registryAlternatively, you can use the provisioned PostgreSQL instance but you will need to allow the registry to connect to it via Unix socket (sample)
-
Edit
/etc/gitlab/gitlab.rband enable the registry service:registry['enable'] = true -
Also configure the database section under the registry configuration (update accordingly):
registry['database'] = { 'enabled' => true, 'host' => '172.17.0.1', 'port' => 5432, 'user' => 'registry', 'password' => 'registrypassword', 'dbname' => 'registry_omnibus', 'sslmode' => 'disable' } -
Finally, update/add a
storagesection to includemaintenance.readonly.enabled. Let it set tofalsefor now:registry['storage'] = { 'filesystem' => { 'rootdirectory' => "/var/opt/gitlab/gitlab-rails/shared/registry" }, 'maintenance' => { 'readonly' => { 'enabled' => false } } } -
To be able to test the actual import we need some sample data that the registry tool will scan and record on the database. To make it easier we're going to use test fixtures from the registry codebase:
git clone --depth 1 -b master https://gitlab.com/gitlab-org/container-registry.git /tmp/fixtures cp -r /tmp/fixtures/registry/datastore/testdata/fixtures/importer/happy-path/docker /var/opt/gitlab/gitlab-rails/shared/registryBy doing the above we're populating the default storage location for the registry with a few sample repositories.
-
Reconfigure:
gitlab-ctl reconfigure -
To test the newly added command, you need to replace/symlink the changed files in the right directory under your Omnibus installation. For example
ln -s /home/dev/files/gitlab-ctl-commands/registry_database.rb /opt/gitlab/embedded/service/omnibus-ctl/ ln -s /home/dev/files/gitlab-ctl-commands/lib/ /opt/gitlab/embedded/service/omnibus-ctl/ -
Now let's run all schema migrations to initialize our registry database:
$ gitlab-ctl registry-database migrate up <truncated> OK: applied 145 migrations in 19.781s
Command test
-
First we can test that while the registry is not in read-only mode, if we pass the
--dry-runflag all should work:$ gitlab-ctl registry-database import --dry-run Running import Executing command: /opt/gitlab/embedded/bin/registry database import --dry-run /var/opt/gitlab/registry/config.yml 2023/11/24 15:33:24 maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined INFO[0000] starting metadata import common_blobs=true dry_run=true environment=production go_version=go1.20.11 instance_id=9d7be951-d0fa-4ee8-8c4a-021963c84a68 pre_import=true repository_import=true service=registry version=v3.86.2-gitlab <truncated> INFO[0000] metadata import complete common_blobs=true dry_run=true duration_s=0.443187137 environment=production go_version=go1.20.11 instance_id=9d7be951-d0fa-4ee8-8c4a-021963c84a68 pre_import=true repository_import=true service=registry version=v3.86.2-gitlab -
Then, we can test that the command is aborted in case the registry is not in read-only mode AND we pass one of the
-r/--all-repositoriesor-2/--step-twooptions:$ gitlab-ctl registry-database import --all-repositories Running import Command requires the container registry to be in read-only mode. Exiting... -
Now update
/etc/gitlab/gitlab.rband setmaintenance.readonly.enabledtotrue. Then reconfigure. -
Now we can repeat the process and it should succeed:
$ gitlab-ctl registry-database import --all-repositories Running import Executing command: /opt/gitlab/embedded/bin/registry database import --all-repositories /var/opt/gitlab/registry/config.yml 2023/11/24 15:35:35 maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined INFO[0000] starting metadata import common_blobs=false dry_run=false environment=production go_version=go1.20.11 instance_id=c6ac7afd-f0cd-42c3-b10b-e6855c351c14 pre_import=false repository_import=true service=registry version=v3.86.2-gitlab <truncated> INFO[0000] metadata import complete common_blobs=false dry_run=false duration_s=0.553058922 environment=production go_version=go1.20.11 instance_id=c6ac7afd-f0cd-42c3-b10b-e6855c351c14 pre_import=false repository_import=true service=registry version=v3.86.2-gitlabThe remaining options can also be tested but they only differ in how the registry operates the import internally and all options are mapped directly with no modifications.
Related issues
Related to container-registry#1160 (closed).
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
MR title and description are up to date, accurate, and descriptive. -
MR targeting the appropriate branch. -
Latest Merge Result pipeline is green. -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow.
For GitLab team members
If you don't have access to this, the reviewer should trigger these jobs for you during the review process.
-
The manual Trigger:ee-packagejobs have a green pipeline running against latest commit. -
If config/softwareorconfig/patchesdirectories are changed, make sure thebuild-package-on-all-osjob within theTrigger:ee-packagedownstream pipeline succeeded. -
If you are changing anything SSL related, then the Trigger:package:fipsmanual job within theTrigger:ee-packagedownstream pipeline must succeed. -
If CI configuration is changed, the branch must be pushed to dev.gitlab.orgto confirm regular branch builds aren't broken.
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes. -
Documentation created/updated. -
Tests added. -
Integration tests added to GitLab QA. -
Equivalent MR/issue for the GitLab Chart opened. -
Validate potential values for new configuration settings. Formats such as integer 10, duration10s, URIscheme://user:passwd@host:portmay require quotation or other special handling when rendered in a template and written to a configuration file.