Page MenuHomePhabricator
Create Task
Maniphest T366882

Move GitLab behind the CDN
Open, HighPublic
Actions

Description

In T365259 it was discussed to move Gerrit behind the CDN/loadbalancer. It was discussed that GitLab may be a better first candidate because the setup is quite similar (one web service and one ssh service) but GitLab is less production-critical and has more test instances available. Ultimately putting those instance behind the CDN would mean they no longer need public IP addresses, so this would also cover T310265. However this is a second step, because this requires reimaging the host after successful tests.

Most discussion already happened in T365259 which also holds up for GitLab. So this task is mostly for discussing and tracking the actual technical implementation of putting GitLab behind the CDN.

GitLab consits of multiple machines and services:

This services are not related or distributed in any way. The replicas are standby machines which can be used for emergency switchovers and testing. They run an actual GitLab instance with old (12h) data but this instances are not used for the production GitLab.

We will start by mostly following https://wikitech.wikimedia.org/wiki/LVS#Add_a_new_load_balanced_service, which consists of roughly the following steps:

  • Ensure the service is running on all the backend servers
  • Add relevant data in etcd: https://gerrit.wikimedia.org/r/c/operations/puppet/+/1040094
  • Add DNS records, allocate service IPs in all datacenters where the service is running
  • Create an entry in the service::catalog
  • Add this IP to the loopback interface on all the servers where the service is present
  • Configure the load balancers to provide balancing across those backends
  • Add the puppet-generated discovery DNS resources, start sending network probes/monitoring
  • Make the service page
  • Add discovery DNS records for the service

Details

SubjectRepoBranchLines +/-
add LVS service IPs for gitlab and gitlab-sshoperations/dnsmaster+8 -4
conftool-data: add gitlab and replicasoperations/puppetproduction+11 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 OpenJeltoT366882 Move GitLab behind the CDN

Event Timeline

Jelto created this task.Fri, Jun 7, 8:39 AM
gerritbot added a comment.Fri, Jun 7, 8:54 AM

Change #1040094 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] conftool-data: add gitlab and replicas

https://gerrit.wikimedia.org/r/1040094

gerritbot added a project: Patch-For-Review.Fri, Jun 7, 8:54 AM
Jelto updated the task description. (Show Details)Fri, Jun 7, 8:59 AM
Fabfur subscribed.Fri, Jun 7, 9:01 AM
Peachey88 removed a project: WMF-NDA.Fri, Jun 7, 9:37 AM
gerritbot added a comment.Fri, Jun 7, 8:23 PM

Change #1040261 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/dns@master] add LVS service IPs for gitlab and gitlab-ssh

https://gerrit.wikimedia.org/r/1040261

LSobanski triaged this task as High priority.Mon, Jun 10, 3:33 PM
LSobanski moved this task from Incoming to Work in Progress on the collaboration-services board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL