Multiple databases support

Summary

This document explains how to support a component with one or more databases. It describes different levels of support and offers an implementation model for each level to overcome the several challenges of the recommended deployment models.

The architecture page provides some background on this subject.

A development document accompanies this blueprint. It details the implementation model and provides a few examples.

Goals

  • Offer higher levels of support for current and new components with database requirements.
  • Implementation refactors maintain the current configuration options already present in gitlab.rb.
  • Minimize breaking changes and refactors in database code with a consistent, testable, and extensible implementation model.
  • Migrate code to the newer implementation method.

Proposal

Terminology

Term Definition
Database A logical database that a component, such as Rails application, uses. For example, gitlabhq_production. A component can have more than one database.
Database server A standalone process or a cluster that provides PostgreSQL database service. Not to be confused with database objects or data.
Database objects Anything that is created with Data Definition Language (DDL), such as DATABASE, SCHEMA, ROLE, or FUNCTION. It may include reference data or indices as well. These are partially created by Omnibus GitLab and the rest are created by application-specific database migrations.
Standalone database server A single PostgreSQL database server. It can be accessed through a PgBouncer instance.
Database server cluster Encompasses multiple PostgreSQL database servers, managed by Patroni services, backed by a Consul cluster, accessible by using one or more PgBouncer instances, and may include an HAProxy (in TCP mode) as a frontend.

Levels of support

There are different levels of database support for Omnibus GitLab components. Higher levels indicate more integration into Omnibus GitLab.

Level 1

Configure the component with user-provided parameters from gitlab.rb to work with the database server. For example, database.yml is rendered with database server connection details of the Rails application or database parameters of Container Registry are passed to its config.yml.

Level 2

Create database objects and run migrations of the component. Full support at this level requires Omnibus GitLab to not only create the required database objects, such as DATABASE and ROLE, but also to run the application migration to for the component.

Level 3

Static configuration of PgBouncer. At this level, Omnibus GitLab can create a dedicated PgBouncer user for the component and configure it with user-provided (from gitlab.rb) or application-mandated connection settings.

This is not specific to clustered database server setups but it is a requirement for it. There are scenarios where PgBouncer is configured with a standalone database server. However, all clustered database server setups depend on PgBouncer configuration.

Level 4

Configuration of database server cluster in high-availability (HA) mode. At this level, Omnibus GitLab supports various deployment models, ranging from one cluster for all databases to one cluster per database.

Therefore the HA configuration of logical databases must be independent of the deployment model.

Consul services can have multiple health-checks and watches. At this level, Omnibus GitLab defines a Consul service per database cluster and a service watch per logical database.

Omnibus GitLab configures Patroni to register a Consul service. The name of the service is the scope parameter as its tag is the role of the node which can be one of master, primary, replica, or standby-leader. It uses this service name, which is the same as the scope of Patroni cluster, to address a database cluster and associate it to any logical database that the cluster serves.

This is done with Consul watches that track Patroni services. They find cluster leaders and notify PgBouncer with the details of both the database cluster and the logical database.

Level 5

Automated or assisted transition from previous deployment models. Not all components require this level of support but, in some cases, where a recommended yet deprecated database configuration is in use, Omnibus GitLab may provide specialized tools or procedures to allow transitioning to the new database model. In most cases, this is not supported unless specified.

Design overview

Each component manages every aspect of its own database requirements, except its database users. It means that component-specific implementation of database operations are done in the specific cookbooks of each component. For example, Rails or Registry database requirements are exclusively addressed in gitlab and registry cookbooks and not in postgresql, pgbouncer, or patroni cookbooks.

The database users are excluded because SUPERUSER or users with CREATEROLE privilege can create PostgreSQL users. Due to security considerations we do not grant this privilege to the users that are connected over TCP connection. So components that may connect to a remote database do not have the permission to create their users.

Hence each component creates its own database objects, except its database user. postgresql and patroni cookbooks create the database users but each component creates the rest of its database objects. The database users must have CREATEDB privilege to allow components create their own DATABASE and trusted EXTENSION.

To impose a structure and fix some of the shortcomings of this approach, such as locality and limited reusability, we use Chef resource model and leverage custom resources for database configuration and operations, including:

  • Manage lifecycle of component-specific database objects
  • Run application-specific database migrations
  • Set up PgBouncer to serve the application
  • Set up Consul watches to track Patroni clusters

Cross-cutting concerns such as central on/off switch for auto-migration, logging control, and pre-flight checks are addressed with helper classes that are available to all components. The package cookbook is a suitable place for these helpers.

Helper classes also provide a place to translate the existing user configuration model (in gitlab.rb) to the new model needed for management of multiple databases.

Implementation details

Development document provides implementation details and concrete examples for the proposed design.