Page MenuHomePhabricator
Create Task
Maniphest T285867

GitLab replica in codfw
Closed, ResolvedPublic
Actions

Description

A second replica of GitLab in codfw would help to validate the setup of production Gitlab gitlab1001 in eqiad. This replica should be passive and we want to use it to test backup and restore of gitlab1001 backups.

In the future this instance can also be used for failover and automated restore scenarios.

Details

SubjectRepoBranchLines +/-
gitlab: pass restore interval to gitlab::restore moduleoperations/puppetproduction+1 -0
gitlab: run backup and restore twice dailyoperations/puppetproduction+5 -4
gitlab: add version check to restore scriptoperations/puppetproduction+16 -9
gitlab: enable backup restore timeroperations/puppetproduction+2 -2
gitlab: disable puppet in script and change timeroperations/puppetproduction+8 -2
gitlab: re-enable timer for backup-restore scriptoperations/puppetproduction+1 -1
gitlab: redirect out to logfile in restore scriptoperations/puppetproduction+41 -34
gitlab: allow installing the restore script while NOT enabling the timeroperations/puppetproduction+14 -5
gitlab: remove unnecessary comments from restore scriptoperations/puppetproduction+0 -18
gitlab: deactivate new backup-restore unit for nowoperations/puppetproduction+1 -1
gitlab: add gitlab restore systemd timeroperations/puppetproduction+9 -0
gitlab: install backup restore scriptoperations/puppetproduction+156 -0
profile::gitlab load rsync::server only on passive GitLaboperations/puppetproduction+11 -1
profile::gitlab rsync fix rsync backup commandoperations/puppetproduction+2 -2
profile::gitlab rsync latest backup to passive hostoperations/puppetproduction+67 -0
hiera::role::common::idp add gitlab-replica to production idpoperations/puppetproduction+7 -0
hiera::role::common::acme_chief add gitlab-replica SNIoperations/puppetproduction+1 -0
disable backup cronjobs for gitlab2001operations/gitlab-ansiblemaster+3 -0
add gitlab2001 to host_vars and variablesoperations/gitlab-ansiblemaster+23 -1
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

Jelto created this task.Jun 30 2021, 2:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 30 2021, 2:41 PM
Jelto added a subtask: T285456: codfw: 1 of VMs requested for gitlab.Jun 30 2021, 2:42 PM
Jelto closed subtask T285456: codfw: 1 of VMs requested for gitlab as Resolved.
Dzahn added a comment.Jun 30 2021, 2:44 PM

https://gerrit.wikimedia.org/r/c/operations/puppet/+/702126 prevents that backups will be created twice. Bacula will only backup the active server, not the replica.

Dzahn mentioned this in T285870: request service IP / DNS name for gitlab-replica, apply puppet role on gitlab2001.Jun 30 2021, 2:45 PM
Dzahn added a subtask: T285870: request service IP / DNS name for gitlab-replica, apply puppet role on gitlab2001.
gerritbot added a comment.Jul 23 2021, 1:56 PM

Change 707350 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/gitlab-ansible@master] add gitlab2001 to host_vars and variables

https://gerrit.wikimedia.org/r/707350

gerritbot added a project: Patch-For-Review.Jul 23 2021, 1:56 PM
Jelto added a comment.EditedJul 23 2021, 1:57 PM

I modified and ran the install script using ansibles --check (dry-run) flag against gitlab2001. Looks good, there are two errors due to check mode usage.

I would like to roll out the ansible playbook on gitlab2001 without the --check flag to setup the machine completely.

Complete change: https://gerrit.wikimedia.org/r/c/operations/gitlab-ansible/+/707350

Output:

./install-gitlab-server.sh 

PLAY [Install Gitlab Server] ***************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************
ok: [gitlab-server-replica]

TASK [gitlab_server : Include OS-specific variables] ***************************************************************************************************************************************************
ok: [gitlab-server-replica]

TASK [gitlab_server : Check if GitLab configuration file already exists] *******************************************************************************************************************************
ok: [gitlab-server-replica]

TASK [gitlab_server : Check if GitLab is already installed] ********************************************************************************************************************************************
ok: [gitlab-server-replica]

TASK [gitlab_server : Gather package facts] ************************************************************************************************************************************************************
ok: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab dependencies] *****************************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab dependencies (Debian)] ********************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Check GitLab dependencies] *******************************************************************************************************************************************************
skipping: [gitlab-server-replica] => (item=openssh-server) 
skipping: [gitlab-server-replica] => (item=curl) 
skipping: [gitlab-server-replica] => (item=openssl) 
skipping: [gitlab-server-replica] => (item=tzdata) 

TASK [gitlab_server : Check GitLab dependencies (Debian)] **********************************************************************************************************************************************
skipping: [gitlab-server-replica] => (item=gnupg) 

TASK [gitlab_server : Download GitLab repository installation script] **********************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab repository] *******************************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Define the Gitlab package name] **************************************************************************************************************************************************
ok: [gitlab-server-replica]

TASK [gitlab_server : Generate random password] ********************************************************************************************************************************************************
ok: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab] ******************************************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Reconfigure GitLab (first run)] **************************************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Create GitLab SSL configuration folder] ******************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Create self-signed certificate] **************************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Copy GitLab configuration file] **************************************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Create GitLab crontab] ***********************************************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Setup GitLab user] ***************************************************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab sshd - create config directory] ***********************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab sshd - create config file] ****************************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab sshd - create moduli file] ****************************************************************************************************************************************
fatal: [gitlab-server-replica]: FAILED! => {"changed": false, "msg": "Destination directory /etc/ssh-gitlab does not exist"}
...ignoring

TASK [gitlab_server : Install GitLab sshd - create host keys] ******************************************************************************************************************************************
changed: [gitlab-server-replica] => (item=/etc/ssh-gitlab/ssh_host_rsa_key)
changed: [gitlab-server-replica] => (item=/etc/ssh-gitlab/ssh_host_ecdsa_key)
changed: [gitlab-server-replica] => (item=/etc/ssh-gitlab/ssh_host_ed25519_key)

TASK [gitlab_server : Install GitLab sshd - create service] ********************************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Install GitLab sshd - enable service] ********************************************************************************************************************************************
fatal: [gitlab-server-replica]: FAILED! => {"changed": false, "msg": "Could not find the requested service ssh-gitlab: host"}
...ignoring

TASK [gitlab_server : Remove GitLab sshd - stop service] ***********************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Remove GitLab sshd - remove config file] *****************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Remove GitLab sshd - remove config directory] ************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Remove GitLab sshd - remove service] *********************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Remove GitLab sshd - reload systemd] *********************************************************************************************************************************************
skipping: [gitlab-server-replica]

TASK [gitlab_server : Create bacula backup directory for GitLab data backup] ***************************************************************************************************************************
changed: [gitlab-server-replica]

TASK [gitlab_server : Create bacula backup directory for GitLab config backup] *************************************************************************************************************************
changed: [gitlab-server-replica]

RUNNING HANDLER [gitlab_server : restart gitlab] *******************************************************************************************************************************************************
skipping: [gitlab-server-replica]

PLAY RECAP *********************************************************************************************************************************************************************************************
gitlab-server-replica      : ok=19   changed=10   unreachable=0    failed=0    skipped=15   rescued=0    ignored=2
gerritbot added a comment.Jul 26 2021, 10:22 PM

Change 707350 merged by Brennen Bearnes:

[operations/gitlab-ansible@master] add gitlab2001 to host_vars and variables

https://gerrit.wikimedia.org/r/707350

Maintenance_bot removed a project: Patch-For-Review.Jul 26 2021, 11:10 PM
gerritbot added a comment.Jul 27 2021, 11:37 AM

Change 708275 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/gitlab-ansible@master] disable backup cronjobs for gitlab2001

https://gerrit.wikimedia.org/r/708275

gerritbot added a project: Patch-For-Review.Jul 27 2021, 11:37 AM
gerritbot added a comment.Jul 29 2021, 12:03 PM

Change 708275 merged by Brennen Bearnes:

[operations/gitlab-ansible@master] disable backup cronjobs for gitlab2001

https://gerrit.wikimedia.org/r/708275

Maintenance_bot removed a project: Patch-For-Review.Jul 29 2021, 12:10 PM
gerritbot added a comment.Jul 29 2021, 1:44 PM

Change 708767 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] hiera::role::common::acme_chief add gitlab-replica SNI

https://gerrit.wikimedia.org/r/708767

gerritbot added a project: Patch-For-Review.Jul 29 2021, 1:44 PM
gerritbot added a comment.Jul 29 2021, 3:04 PM

Change 708767 merged by Jelto:

[operations/puppet@production] hiera::role::common::acme_chief add gitlab-replica SNI

https://gerrit.wikimedia.org/r/708767

Maintenance_bot removed a project: Patch-For-Review.Jul 29 2021, 3:10 PM
gerritbot added a comment.Aug 2 2021, 9:27 AM

Change 709383 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] hiera::role::common::idp add gitlab-replica to production idp

https://gerrit.wikimedia.org/r/709383

gerritbot added a project: Patch-For-Review.Aug 2 2021, 9:27 AM
gerritbot added a comment.Aug 3 2021, 11:00 AM

Change 709383 merged by Jelto:

[operations/puppet@production] hiera::role::common::idp add gitlab-replica to production idp

https://gerrit.wikimedia.org/r/709383

Maintenance_bot removed a project: Patch-For-Review.Aug 3 2021, 11:10 AM
Jelto closed subtask T285870: request service IP / DNS name for gitlab-replica, apply puppet role on gitlab2001 as Resolved.Aug 4 2021, 11:03 AM
Jelto added a comment.Aug 5 2021, 5:58 PM

I restored the backup of gitlab1001 to gitlab2001 using the restore instructions of S&F.
I enhanced the guide and moved it to wikitech: https://wikitech.wikimedia.org/wiki/GitLab/Backup_and_Restore#Restore

I also documented some first information about the replica in a dedicated page: https://wikitech.wikimedia.org/wiki/GitLab/Replica

The next step is to evaluate options to automate this process and to run the restore on gitlab-replica every 24h.

Dzahn awarded a token.Aug 6 2021, 4:13 PM
gerritbot added a comment.Aug 9 2021, 11:01 AM

Change 710948 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] profile::gitlab rsync latest backup to passive host

https://gerrit.wikimedia.org/r/710948

gerritbot added a project: Patch-For-Review.Aug 9 2021, 11:01 AM
gerritbot added a comment.Aug 10 2021, 12:57 PM

Change 710948 merged by Jelto:

[operations/puppet@production] profile::gitlab rsync latest backup to passive host

https://gerrit.wikimedia.org/r/710948

Maintenance_bot removed a project: Patch-For-Review.Aug 10 2021, 1:10 PM
gerritbot added a comment.Aug 11 2021, 7:31 AM

Change 711348 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] profile::gitlab rsync fix rsync backup command

https://gerrit.wikimedia.org/r/711348

gerritbot added a project: Patch-For-Review.Aug 11 2021, 7:31 AM
gerritbot added a comment.Aug 11 2021, 7:38 AM

Change 711348 merged by Jelto:

[operations/puppet@production] profile::gitlab rsync fix rsync backup command

https://gerrit.wikimedia.org/r/711348

gerritbot added a comment.Aug 18 2021, 1:03 PM

Change 713635 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] profile::gitlab load rsync::server only on passive GitLab

https://gerrit.wikimedia.org/r/713635

gerritbot added a comment.Aug 18 2021, 4:08 PM

Change 713635 merged by Jelto:

[operations/puppet@production] profile::gitlab load rsync::server only on passive GitLab

https://gerrit.wikimedia.org/r/713635

Jelto added a subscriber: Arnoldokoth.Sep 14 2021, 12:06 PM

@Arnoldokoth some thoughts on the wrong settings on the replica after restore:

When we import the dump of production GitLab to the repica, the setting for home_page_url doesn't match the replica. So redirects and a click on the top left GitLab icon result in redirects to production GitLab. Which may confuse people especially when doing tests on the replica. So we have to find a way to adjust this setting.

One solution would be to use gitlab-settings and run the Python script to adjust all settings after doing the restore. This would mean we have to clone the script and create API keys for access. For me this sound like a lot of moving parts.

A simple solution would be to set the home_page_url using the gitlab-rails console. The console is available on the replica and doesn't require additional credentials (apart from being root).

So for the first version of the restore script we could add the following line to make sure the home_page_url matches the replica:

echo "ApplicationSetting.last.update(home_page_url: 'https://gitlab-replica.wikimedia.org/explore')" | gitlab-rails console

This solution is not optimal. As soon as we also change other settings on production GitLab we have to add them as well. So we might need to use gitlab-settings at some point. But for now I'm fine with just setting this single value in the console.

Arnoldokoth added a comment.Sep 15 2021, 5:05 PM

@Jelto I've taken note of this and will add it to the script. Thank you.

brennen moved this task from Inbox to Infrastructure on the GitLab board.Sep 21 2021, 7:36 PM
brennen edited projects, added GitLab (Infrastructure); removed GitLab.
gerritbot added a comment.Oct 1 2021, 4:15 PM

Change 725340 had a related patch set uploaded (by AOkoth; author: AOkoth):

[operations/puppet@production] gitlab: install backup restore script

https://gerrit.wikimedia.org/r/725340

gerritbot added a comment.Oct 1 2021, 5:04 PM

Change 725340 merged by Dzahn:

[operations/puppet@production] gitlab: install backup restore script

https://gerrit.wikimedia.org/r/725340

gerritbot added a comment.Oct 13 2021, 5:29 PM

Change 730605 had a related patch set uploaded (by AOkoth; author: AOkoth):

[operations/puppet@production] gitlab: add gitlab restore systemd timer

https://gerrit.wikimedia.org/r/730605

gerritbot added a comment.Oct 13 2021, 6:37 PM

Change 730605 merged by Dzahn:

[operations/puppet@production] gitlab: add gitlab restore systemd timer

https://gerrit.wikimedia.org/r/730605

Stashbot added a comment.Oct 13 2021, 7:16 PM

Mentioned in SAL (#wikimedia-operations) [2021-10-13T19:16:00Z] <mutante> gitlab2001 - status before was that "gitlab-ctl status" showed components "gitlab-workhorse" and "postgres-exporter" as "down". this was either pre-broken or caused by the restore process. after manually 'gitlab-ctl start gitlab-workhorse' all of the components are in "run" and https://gitlab-replica.wikimedia.org is up ( T285867)

gerritbot added a comment.Oct 13 2021, 8:01 PM

Change 730630 had a related patch set uploaded (by AOkoth; author: AOkoth):

[operations/puppet@production] gitlab: remove unnecessary comments from restore script

https://gerrit.wikimedia.org/r/730630

gerritbot added a comment.Oct 13 2021, 8:06 PM

Change 730632 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gitlab: deactivate new backup-restore unit for now

https://gerrit.wikimedia.org/r/730632

gerritbot added a comment.Oct 13 2021, 8:29 PM

Change 730632 merged by Dzahn:

[operations/puppet@production] gitlab: deactivate new backup-restore unit for now

https://gerrit.wikimedia.org/r/730632

gerritbot added a comment.Oct 13 2021, 8:33 PM

Change 730630 merged by Dzahn:

[operations/puppet@production] gitlab: remove unnecessary comments from restore script

https://gerrit.wikimedia.org/r/730630

gerritbot added a comment.Oct 13 2021, 8:46 PM

Change 730641 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gitlab: allow installing the restore script while NOT enabling the timer

https://gerrit.wikimedia.org/r/730641

gerritbot added a comment.Oct 13 2021, 9:17 PM

Change 730641 merged by Dzahn:

[operations/puppet@production] gitlab: allow installing the restore script while NOT enabling the timer

https://gerrit.wikimedia.org/r/730641

gerritbot added a comment.Oct 15 2021, 5:04 PM

Change 731154 had a related patch set uploaded (by AOkoth; author: AOkoth):

[operations/puppet@production] gitlab: redirect out to logfile in restore script

https://gerrit.wikimedia.org/r/731154

gerritbot added a comment.Oct 15 2021, 5:06 PM

Change 731154 merged by Dzahn:

[operations/puppet@production] gitlab: redirect out to logfile in restore script

https://gerrit.wikimedia.org/r/731154

gerritbot added a comment.Oct 15 2021, 5:12 PM

Change 731155 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] gitlab: re-enable timer for backup-restore script

https://gerrit.wikimedia.org/r/731155

gerritbot added a comment.Oct 15 2021, 5:14 PM

Change 731155 merged by Dzahn:

[operations/puppet@production] gitlab: re-enable timer for backup-restore script

https://gerrit.wikimedia.org/r/731155

gerritbot added a comment.Oct 26 2021, 9:23 PM

Change 734741 had a related patch set uploaded (by AOkoth; author: AOkoth):

[operations/puppet@production] gitlab: disable puppet in script and change timer

https://gerrit.wikimedia.org/r/734741

gerritbot added a comment.Oct 26 2021, 10:05 PM

Change 734741 merged by Dzahn:

[operations/puppet@production] gitlab: disable puppet in script and change timer

https://gerrit.wikimedia.org/r/734741

gerritbot added a comment.Oct 28 2021, 7:20 PM

Change 735435 had a related patch set uploaded (by AOkoth; author: AOkoth):

[operations/puppet@production] gitlab: enable backup restore timer

https://gerrit.wikimedia.org/r/735435

Stashbot added a comment.Oct 28 2021, 9:46 PM

Mentioned in SAL (#wikimedia-operations) [2021-10-28T21:46:53Z] <arnoldokoth> restoreccccccvkvhgbvtklgce kkbeuvvuskljihickdbgcunljcr scheduled to run on gitlab2001 (T285867)

Stashbot added a comment.Oct 28 2021, 9:48 PM

Mentioned in SAL (#wikimedia-operations) [2021-10-28T21:48:18Z] <arnoldokoth> restore script scheduled to run on gitlab2001 (T285867)

Dzahn mentioned this in T283076: Puppetise gitlab-ansible playbook.Oct 28 2021, 10:45 PM
Dzahn added a comment.Oct 28 2021, 10:47 PM

We have spread the updates related to gitlab-backup-restore / sync across multiple tickets. also see T283076#7466960

gerritbot added a comment.Oct 29 2021, 3:59 PM

Change 735435 abandoned by AOkoth:

[operations/puppet@production] gitlab: enable backup restore timer

Reason:

merged through different change

https://gerrit.wikimedia.org/r/735435

Jelto closed this task as Resolved.Nov 30 2021, 9:28 AM
Jelto mentioned this in T296713: Document and test failover for GitLab and GitLab Replica.

I'm going to close this task, as gitlab2001 is running for some time and is restored automatically now.
Some open topics which are somewhat related to the replica have other tasks: T274463, T291322, T296713

Feel free to reopen if you miss anything here

gerritbot added a comment.Mar 25 2022, 2:08 PM

Change 773783 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] gitlab: add version check to restore script

https://gerrit.wikimedia.org/r/773783

gerritbot added a comment.Mar 28 2022, 9:48 AM

Change 774418 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] gitlab: run backup and restore twice daily

https://gerrit.wikimedia.org/r/774418

gerritbot added a comment.Mar 29 2022, 9:58 AM

Change 773783 merged by Jelto:

[operations/puppet@production] gitlab: add version check to restore script

https://gerrit.wikimedia.org/r/773783

gerritbot added a comment.Mar 29 2022, 11:03 PM

Change 774418 merged by Dzahn:

[operations/puppet@production] gitlab: run backup and restore twice daily

https://gerrit.wikimedia.org/r/774418

gerritbot added a comment.Apr 1 2022, 1:35 PM

Change 776198 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] gitlab: pass restore interval to gitlab::restore module

https://gerrit.wikimedia.org/r/776198

gerritbot added a comment.Apr 1 2022, 8:27 PM

Change 776198 merged by Dzahn:

[operations/puppet@production] gitlab: pass restore interval to gitlab::restore module

https://gerrit.wikimedia.org/r/776198

Jelto mentioned this in T328635: Make gitlab-replica-old accessible.Feb 2 2023, 9:00 AM
Maintenance_bot removed a project: Patch-For-Review.Feb 2 2023, 9:31 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL