Fix gitaly-backup TLS connections
What does this MR do and why?
Omnibus has an embedded version of OpenSSL that uses custom trusted cert paths. Since gitaly-backup
is written in go and doesn't use OpenSSL we need to pass through these default options as environment variables. See https://docs.gitlab.com/omnibus/settings/ssl.html#details-on-how-gitlab-and-ssl-work
How to set up and validate locally
I don't think this is possible to test locally, but we can gain some confidence as there are other go services that use the same trick https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/gitlab/elastic/indexer.rb#L114-115
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by James Fargher