Skip to content

Support Workhorse config options for propagating correlation IDs

Stan Hu requested to merge sh-support-trusted-cidrs-for-correlation-id into master

This commit adds support for two Workhorse configuration options added in gitlab!66715 (merged):

  1. gitlab_workhorse['trusted_cidrs_for_propagation']
  2. gitlab_workhorse['trusted_cidrs_for_x_forwarded_for']

These configuration options make it possible to trace the entire flow of the request via correlation_id. Previously when Gitaly made a request to the internal API, Workhorse would generate a new correlation ID. As a result, we would lose the ability to trace every RPC made during a UI edit, for example.

trusted_cidrs_for_x_forwarded_for tells Workhorse what remote IPs can be trusted to use the X-Forwarded-For HTTP header to resolve the actual client IP. Note that this parameter is only used to determine whether to propagate the correlation ID. It is not yet used for logging the remote IP resolution, but it should be.

trusted_cidrs_for_propagation allows Workhorse to restrict propagation to certain IP ranges. We will want to add Gitaly servers and other services that make HTTP internal calls (e.g. GitLab Pages) to this list.

Relates to gitlab#324836 (closed)

Edited by Stan Hu

Merge request reports

Loading