Fix gitaly-backup TLS connections (!70883) · Merge requests · GitLab.org / GitLab

James Fargher requested to merge fix_gitaly_backup_ssl into master Sep 22, 2021

What does this MR do and why?

Omnibus has an embedded version of OpenSSL that uses custom trusted cert paths. Since gitaly-backup is written in go and doesn't use OpenSSL we need to pass through these default options as environment variables. See https://docs.gitlab.com/omnibus/settings/ssl.html#details-on-how-gitlab-and-ssl-work

How to set up and validate locally

I don't think this is possible to test locally, but we can gain some confidence as there are other go services that use the same trick https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/gitlab/elastic/indexer.rb#L114-115

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 22, 2021 by James Fargher

Fix gitaly-backup TLS connections

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports