GitLab/Replica

gitlab-replica-a.wikimedia.org and gitlab-replica-b.wikimedia.org are copies of production GitLab. Currently gitlab1003 and gitlab1004 are the replicas of gitlab2002.

The purpose of the GitLab replica is:

• to have a almost identical machine with production Gitlab to test changes
• to verify the installation path developed by S&F for gitlab1001
• to have a host for failover in case production GitLab breaks (WIP)
• to have parity with gerrit-replica

The purpose is not to share the load between both GitLab instances.

To manually sync of production GitLab with the replica the latest backups have to be moved from production GitLab to the replica. You can either use the existing rsync configuration or cumin. In most cases the most recent backup should bre present under /etc/gitlab/config_backup/latest and /srv/gitlab-backup/latest and you can skip this step.

For rsync, run the following commands on gitlab1001 to sync the latest backup to gitlab2001:

gitlab1001:~# /usr/bin/rsync -avp --delete /etc/gitlab/config_backup/latest/ rsync://gitlab2001.wikimedia.org/config-backup
gitlab1001:~# /usr/bin/rsync -avp --delete /srv/gitlab-backup/latest/ rsync://gitlab2001.wikimedia.org/data-backup

/config-backup and /data-backup are just module names of the rsyncd config. The backups are copied to /etc/gitlab/config_backup/latest and /srv/gitlab-backup/latest. Or use cumin:

cumin1001:~$ sudo SSH_AUTH_SOCK=/run/keyholder/proxy.sock scp -3 gitlab1001.wikimedia.org:/etc/gitlab/config_backup/gitlab_config_1628121602_2021_08_05.tar gitlab2001.wikimedia.org:/etc/gitlab/config_backup/
cumin1001:~$ sudo SSH_AUTH_SOCK=/run/keyholder/proxy.sock scp -3 gitlab1001.wikimedia.org:/srv/gitlab-backup/1628121868_2021_08_05_13.12.9_gitlab_backup.tar gitlab2001.wikimedia.org:/srv/gitlab-backup/

All restore logic for the replica is handled by a custom shell script which is present on the replica. So the easiest option to restore is to run the script on the replica:

/srv/gitlab-backup/gitlab-restore.sh

It is also possible to do the restore manually if needed. The GitLab restore guide should be used. The exception here is that we have to keep the gitlab.rb from the replica when restoring the config backup. Before restore, make sure to copy the old gitlab.rb before following the guide.

sudo cp /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.bak

Before restore, make sure the backup can be found by GitLab. So we have to move and rename the backups:

cp /srv/gitlab-backup/latest/latest.tar /srv/gitlab-backup/latest_gitlab_backup.tar

After the restore is finished, the settings have to be reapplied to the replica using gitlab-settings:

./settings --instance https://gitlab-replica-a.wikimedia.org --settings-file settings-replica.yaml update

Automated sync and restore between the replica and production GitLab is active. For automated sync of the backups a systemd timer with rsync is configured on production GitLab and rsyncd is running on the replica. The job runs every 24h and transfers the most recent data and config backup to the replica.^[1] The actual restore of the backup on the replica is handled by custom shell script and a systemd timer running this script. The restore runs every 24 hours.

The most recent backup can be found in: /etc/gitlab/config_backup/latest and /srv/gitlab-backup/latest.

So make sure to use the timestamp latest when using the gitlab-backup restore BACKUP=latest command and follow the GitLab restore guide.

The usage of gitlab-replicas (replica-a or replica-b) should be mostly internal for testing, troubleshooting and in case of an emergency. Thus login with SSO needs the groups ops, wmf or nda.

1. ↑ https://gerrit.wikimedia.org/r/c/operations/puppet/+/710948