Use chpst to force registry user on registry migrations

João Alexandre Cunharequested to merge
detect-registry-system-user-on-migration-command into master

What does this MR do?

Use chpst to force regstry user on registry migrations

This will facilitate use cases when the user is running as root and calls the registry database commands. This was troublesome in cases where PostgreSQL was running on the same node as the registry and doing peer authentication. Since the peer authentication expects the registry system user instead of root, it would fail the connection or required the user to run the migration command with sudo -u registry or su - registry.

With this change, the users can always call gitlab-ctl registry-database migrate commands without having to prefix it with a user change. This should work for any case.

Changelog: added

Related issues

Closes Documentation for the container registry metada... (gitlab#573653)

The related issue started as a documentation proposal to tell docker users to use su - registry when running the registry migration commands. But after discussing the approach within the issue, Balu proposed that we introduce the chpst approach which makes the user experience simpler, thus avoiding the need to document adding this prefix to the command.

Context: gitlab#573653 (comment 2840012398)

Dependent MR

Fix registry permission to restart service if u... (!8817)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • MR title and description are up to date, accurate, and descriptive.
  • MR targeting the appropriate branch.
  • Latest Merge Result pipeline is green.
  • When ready for review, MR is labeled workflowready for review per the Distribution MR workflow.

For GitLab team members

If you don't have access to this, the reviewer should trigger these jobs for you during the review process.

  • The manual Trigger:ee-package jobs have a green pipeline running against latest commit.
  • If config/software or config/patches directories are changed, make sure the build-package-on-all-os job within the Trigger:ee-package downstream pipeline succeeded.
  • If you are changing anything SSL related, then the Trigger:package:fips manual job within the Trigger:ee-package downstream pipeline must succeed.
  • If CI configuration is changed, the branch must be pushed to dev.gitlab.org to confirm regular branch builds aren't broken.

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes.
  • Documentation created/updated.
  • Tests added.
  • Integration tests added to GitLab QA.
  • Equivalent MR/issue for the GitLab Chart opened.
  • Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by João Alexandre Cunha

Merge request reports