Skip to content

Webservice: replace Workhorse ERB with gomplate

Kristof Kalocsai requested to merge kristofkalocsai/gitlabChart:2893-replace-erb-in-workhorse-config-with-gomplate into master

What does this MR do?

replaces ERB with gomplate for the Workhorse container

Related issues

#2893 (closed)

Testing

Full pipeline

https://gitlab.com/gitlab-org/charts/gitlab/-/pipelines/393756000

In-cluster

With default values, the config file was rendered as such in the Workhorse container:

# git@gitlab-webservice-default-69fd985487-jqdk8:/$ cat /srv/gitlab/config/workhorse-config.toml
shutdown_timeout = "61s"
[redis]
URL = "redis://gitlab-redis-master.default.svc:6379"
Password = "<redacted>"
[object_storage]
provider = "AWS"
# AWS / S3 object storage configuration.
[object_storage.s3]
# access/secret can be blank!
aws_access_key_id = "<redacted>"
aws_secret_access_key = "<redacted>"
[image_resizer]
max_scaler_procs = 2
max_filesize = 250000
  • Password is rendered correctly
  • object_storage blocks are rendered correctly
  • No lines seem to be unintentionally chomped by {{- or -}}

Local rendering

First, I copied the workhorse.object_storage.config template:

$ cat test.toml.tpl
{%- $supported_providers := slice "AWS" "AzureRM" -%}
{%- $provider := "" -%}
{%- $aws_access_key_id := "" -%}
{%- $aws_secret_access_key := "" -%}
{%- $azure_storage_account_name := "" -%}
{%- $azure_storage_access_key := "" -%}
{%- if file.Exists "etc/gitlab/minio/accesskey" -%}
  {%- $provider = "AWS" -%}
  {%- $aws_access_key_id = file.Read "etc/gitlab/minio/accesskey" | strings.TrimSpace -%}
  {%- $aws_secret_access_key = file.Read "etc/gitlab/minio/secretkey" | strings.TrimSpace -%}
{%- end -%}
{%- if file.Exists "etc/gitlab/objectstorage/object_store" -%}
  {%- $connection := file.Read "etc/gitlab/objectstorage/object_store" | strings.TrimSpace | data.YAML -%}
  {%- $provider = $connection.provider -%}
  {%- if has $connection "aws_access_key_id" -%}
    {%- $aws_access_key_id = $connection.aws_access_key_id -%}
    {%- $aws_secret_access_key = $connection.aws_secret_access_key -%}
  {%- else if has $connection "azure_storage_account_name" -%}
    {%- $azure_storage_account_name = $connection.azure_storage_account_name -%}
    {%- $azure_storage_access_key = $connection.azure_storage_access_key -%}
  {%- end -%}
{%- end -%}
{%- if has $supported_providers $provider %}
[object_storage]
provider = "{% $provider %}"
{%   if eq $provider "AWS" -%}
# AWS / S3 object storage configuration.
[object_storage.s3]
# access/secret can be blank!
aws_access_key_id = "{% $aws_access_key_id %}"
aws_secret_access_key = "{% $aws_secret_access_key %}"
{%   else if eq $provider "AzureRM" -%}
# Azure Blob storage configuration.
[object_storage.azurerm]
azure_storage_account_name = "{% $azure_storage_account_name %}"
azure_storage_access_key = "{% $azure_storage_access_key %}"
{%-   end -%}
{%- end -%}

AWS provider

Script
#!/bin/bash

mkdir -p etc/gitlab/minio

echo "ACCESS" > etc/gitlab/minio/accesskey
echo "SECRET" > etc/gitlab/minio/secretkey

gomplate --left-delim='{%' --right-delim='%}' -f test.toml.tpl
Result
[object_storage]
provider = "AWS"
# AWS / S3 object storage configuration.
[object_storage.s3]
# access/secret can be blank!
aws_access_key_id = "ACCESS"
aws_secret_access_key = "SECRET"

AzureRM provider

Script
mkdir -p etc/gitlab/objectstorage

# https://gitlab.com/kristofkalocsai/gitlabChart/blob/2893-replace-erb-in-workhorse-config-with-gomplate/examples/objectstorage/rails.azurerm.yaml
cat examples/objectstorage/rails.azurerm.yaml > etc/gitlab/objectstorage/object_store

gomplate --left-delim='{%' --right-delim='%}' -f test.toml.tpl
Result
[object_storage]
provider = "AzureRM"
# Azure Blob storage configuration.
[object_storage.azurerm]
azure_storage_account_name = "YOUR_AZURE_STORAGE_ACCOUNT_NAME"
azure_storage_access_key = "YOUR_AZURE_STORAGE_ACCOUNT_KEY"

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened

Closes #2893 (closed)

Edited by Mitchell Nielsen

Merge request reports