Project:Infrastructure/Gitlab

Gitlab
Gitlab is currently deployed in a testing capacity on gitlab.gentoo.org and is not yet publicly available.

Gitlab Authentication
Currently only "Gentoo SSO" is supported. This means only developers can login at this time. We expect to add other omniauth login sources later (google, github, gitlab, etc.)

Backups
Gitlab backups are taken nightly.

Updates
The current pace by gitlab upstream is 1 minor release per month. We try stay within 3 minor releases of :latest.

SSH Keys
Currently we do not synchronize SSH keys with any identity platform, but we likely need to add syncing of ssh keys from LDAP.

Groups
We currently do not synchronize any group data from anywhere. Again this is an open item we need to address before going public.

SSH
The physical machine hosting gitlab has 2 IPs (both on v4 and v6.) sshing to gitlab.gentoo.org will try to connect to the specific IP for gitlab and you will be connected to gitlab's ssh.

Gitlab's ssh uses its own set of host keys and wrappers like a normal gitlab.

Infra Note
If you want to "ssh to gitlab" to inspect the service, you have to ssh to the physical host; not the service name. The service name always points to the containerized ssh.

What about Gitolite?
Currently we plan to keep gentoo repos mastered in gitolite. We can set up automatic pushes to gitlab in gitolite configs. We will consider migrating repos to gitlab in the future.

TODOs for gitlab setup

 * Add Icinga monitoring for https (done)
 * Add infra-status.gentoo.org lines for gitlab.
 * Add ssh key sync
 * add group sync
 * add more admins to gitlab
 * add Gentoo org admins
 * add terraform for admnistration?