diff options
| author | Jacob Vosmaer <jacob@gitlab.com> | 2021-10-06 19:28:00 +0300 |
|---|---|---|
| committer | Jacob Vosmaer <jacob@gitlab.com> | 2021-10-06 20:27:46 +0300 |
| commit | 9afed4db259197170992383d7710445dfca4f098 (patch) | |
| tree | f3f52be532668de0fd1ea098d305c60bd8d29670 /internal/praefect/server.go | |
| parent | 5027043f38fc5eac159135647e6d4fb03495cbb4 (diff) | |
Praefect: proxy sidechannels
This commit adds backchannel support to the main gRPC listener of
Praefect. And if clients make gRPC calls with sidechannels, Praefect
will now proxy these to the Gitaly backend.
Changelog: added
Diffstat (limited to 'internal/praefect/server.go')
| -rw-r--r-- | internal/praefect/server.go | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/internal/praefect/server.go b/internal/praefect/server.go index 7e9570a2e..cb74b14d5 100644 --- a/internal/praefect/server.go +++ b/internal/praefect/server.go @@ -13,6 +13,7 @@ import ( "gitlab.com/gitlab-org/gitaly/v14/internal/backchannel" "gitlab.com/gitlab-org/gitaly/v14/internal/gitaly/server/auth" "gitlab.com/gitlab-org/gitaly/v14/internal/helper/fieldextractors" + "gitlab.com/gitlab-org/gitaly/v14/internal/listenmux" "gitlab.com/gitlab-org/gitaly/v14/internal/log" "gitlab.com/gitlab-org/gitaly/v14/internal/middleware/cancelhandler" "gitlab.com/gitlab-org/gitaly/v14/internal/middleware/metadatahandler" @@ -29,10 +30,13 @@ import ( "gitlab.com/gitlab-org/gitaly/v14/internal/praefect/service/server" "gitlab.com/gitlab-org/gitaly/v14/internal/praefect/service/transaction" "gitlab.com/gitlab-org/gitaly/v14/internal/praefect/transactions" + "gitlab.com/gitlab-org/gitaly/v14/internal/sidechannel" "gitlab.com/gitlab-org/gitaly/v14/proto/go/gitalypb" grpccorrelation "gitlab.com/gitlab-org/labkit/correlation/grpc" grpctracing "gitlab.com/gitlab-org/labkit/tracing/grpc" "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/health" healthpb "google.golang.org/grpc/health/grpc_health_v1" "google.golang.org/grpc/keepalive" @@ -40,14 +44,17 @@ import ( // NewBackchannelServerFactory returns a ServerFactory that serves the RefTransactionServer on the backchannel // connection. -func NewBackchannelServerFactory(logger *logrus.Entry, svc gitalypb.RefTransactionServer) backchannel.ServerFactory { +func NewBackchannelServerFactory(logger *logrus.Entry, refSvc gitalypb.RefTransactionServer, registry *sidechannel.Registry) backchannel.ServerFactory { return func() backchannel.Server { + lm := listenmux.New(insecure.NewCredentials()) + lm.Register(sidechannel.NewServerHandshaker(registry)) srv := grpc.NewServer( grpc.UnaryInterceptor(grpcmw.ChainUnaryServer( commonUnaryServerInterceptors(logger)..., )), + grpc.Creds(lm), ) - gitalypb.RegisterRefTransactionServer(srv, svc) + gitalypb.RegisterRefTransactionServer(srv, refSvc) grpcprometheus.Register(srv) return srv } @@ -87,6 +94,7 @@ func NewGRPCServer( assignmentStore AssignmentStore, conns Connections, primaryGetter PrimaryGetter, + creds credentials.TransportCredentials, grpcOpts ...grpc.ServerOption, ) *grpc.Server { streamInterceptors := []grpc.StreamServerInterceptor{ @@ -122,6 +130,15 @@ func NewGRPCServer( }), }...) + // Accept backchannel connections so that we can proxy sidechannels + // from clients (e.g. Workhorse) to a backend Gitaly server. + if creds == nil { + creds = insecure.NewCredentials() + } + lm := listenmux.New(creds) + lm.Register(backchannel.NewServerHandshaker(logger, backchannel.NewRegistry(), nil)) + grpcOpts = append(grpcOpts, grpc.Creds(lm)) + warnDupeAddrs(logger, conf) srv := grpc.NewServer(grpcOpts...) |