Perform Git over HTTP request to primary repo
Instead of proxying the Geo request via Rails, let's do the Git over HTTP request to the primary repo
Related issue: #614 (closed)
sequenceDiagram
participant C as Git on client
participant S as GitLab Shell
participant I as Workhorse & Rails
participant P as Workhorse & Rails
Note left of C: git fetch
Note over S,I: Secondary site
Note over P: Primary site
C->>+S: ssh git receive-pack request
S->>I: SSH key validation (api/v4/internal/authorized_keys?key=..)
I-->>S: HTTP/1.1 300 (custom action status) with {endpoint, msg, primary_repo}
S->>I: POST /api/v4/geo/proxy_git_ssh/info_refs_receive_pack
I->>P: POST $PRIMARY/foo/bar.git/info/refs/?service=git-receive-pack
P-->>I: HTTP/1.1 200 OK
I-->>S: <response>
S-->>C: return Git response from primary
C-->>S: stream Git data to push
S->>I: POST /api/v4/geo/proxy_git_ssh/receive_pack
I->>P: POST $PRIMARY/foo/bar.git/git-receive-pack
P-->>I: HTTP/1.1 200 OK
I-->>S: <response>
S-->>-C: gitlab-shell receive-pack response
After
When a user performs a Git over SSH request to secondary node, Gitlab Shell performs Git over HTTP requests to primary Workhorse & Rails.
sequenceDiagram
participant C as Git on client
participant S as GitLab Shell
participant I as Workhorse & Rails
participant P as Workhorse & Rails
Note left of C: git fetch
Note over S,I: Secondary site
Note over P: Primary site
C->>+S: ssh git receive-pack request
S->>I: SSH key validation (api/v4/internal/authorized_keys?key=..)
I-->>S: HTTP/1.1 300 (custom action status) with {endpoint, msg, primary_repo, authorization headers}
S->>P: POST $PRIMARY/foo/bar.git/info/refs/?service=git-receive-pack
P-->>S: HTTP/1.1 200 OK
P-->>S: <response>
S-->>C: return Git response from primary
C-->>S: stream Git data to push
S->>P: POST $PRIMARY/foo/bar.git/git-receive-pack
P-->>S: HTTP/1.1 200 OK
P-->>S: <response>
S-->>-C: gitlab-shell receive-pack response
Testing
- Install Geo https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/geo.md
- Checkout to Geo: Send auth headers to GitLab Shell (gitlab!111888 - merged) on Gitlab Rails secondary
- Checkout to this branch on Gitlab Shell secondary
gdk start
-
gdk stop sshd
(in order to run it manually to make sure it compiles and outputs logs) -
make && bin/gitlab-sshd -config-dir=.
from Gitlab Shell - Perform push to secondary
- Gitlab Shell logs should show that the requests go to
geo/proxy_git_ssh/...
endpoints - Enable
geo_proxy_direct_to_primary
feature flag on Rails - Perform push to secondary
- Gitlab Shell logs should show that Primary is requested directly
Edited by Igor Drozdov