Add internal upload to external storage

This adds inline uploading capability to multipart handler.

API from GitLab exposes two pre-signed URLs (for S3 upload): 1. to upload the file, 2. to delete the file after the operation.

GitLab would generate these URLs with authorizing. One upload finish GitLab would handle these URLs and "COPY" file using S3 API to the valid path.

We still save file to disk in order to generate metadata.

It is to solve this problem: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9860#note_26534204.

assigned to @jacobvosmaer-gitlab

@ayufan this makes sense to me, uploads are slow, workhorse can do them. Not sure what I think about io.Pipe() but I see how it is a quick solution to be able to present an io.Reader to the upload POST.

Upload parameters should go into a sub-struct instead of loose fields in the API response struct.

Where exactly is the preauth API request made?

assigned to @ayufan

Where exactly is the preauth API request made?

It is not yet made. It will in next MR on top of: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9860

added 3 commits

• 8dc31942 - Support UploadPath
• 52e2ce4d - Revert most of changes
• b53b77f2 - Make upload to be synchronous process

Compare with previous version

resolved all discussions

@jacobvosmaer-gitlab @nick.thomas

I had to change upload process to be after download as we do not know Content-Length at this moment and S3 doesn't accept requests without content-lengths.

It makes it less robust, but allows us in the future to use multipart uploads.

assigned to @jacobvosmaer-gitlab

marked as a Work In Progress

assigned to @ayufan

@jacobvosmaer-gitlab We will finish that for %9.2.

changed milestone to %9.2

added 49 commits

• b53b77f2...eacd5b7a - 43 commits from branch master
• 11f0faad - Add internal upload to external storage
• 6ff08fbc - Support UploadPath
• 597a2c68 - Revert most of changes
• abbf0987 - Make upload to be synchronous process
• a280c528 - Update code after review
• 890c1ff6 - go fmt

Compare with previous version

assigned to @jacobvosmaer-gitlab

Looks nice @ayufan . What about tests?

assigned to @ayufan

Will be done in about 2h.

added 1 commit

• c87a2ec4 - Fix current tests

Compare with previous version

added 1 commit

• 5dc31408 - Added Prometheus metrics

Compare with previous version

added 1 commit

• 685d6e83 - go fmt

Compare with previous version

assigned to @jacobvosmaer-gitlab

added 1 commit

• 68f7d87e - Add artifacts store tests

Compare with previous version

unmarked as a Work In Progress

added 1 commit

• 8427eced - Added ObjectStoreTimeout

Compare with previous version

assigned to @ayufan

added 2 commits

• c1c610de - Revert objectStoreTimeout option
• ee736e9d - Introduce Timeout support, but received with API call

Compare with previous version

assigned to @jacobvosmaer-gitlab

added 1 commit

• 553f2efc - Fix body testing for uploader

Compare with previous version

Apart from that one test problem (I wonder if that is why the MR is red) this looks good to me. @ayufan please assign to Nick on the next round.

@nick.thomas am I supposed to click the 'Approve' button now? :)

@jacobvosmaer-gitlab Test is fixed.

resolved all discussions

assigned to @nick.thomas

added 1 commit

• 07898950 - Fix broken test

Compare with previous version

@jacobvosmaer-gitlab yep, ideally the approver would always be different to the merger. So if you hit approve, and I merge, all is good.

Of course, if I request changes, your approval disappears automatically on push...

resolved all discussions

I do have a problem with this approach in general, which is that it can double the amount of time an artifact upload takes, and we already have complaints about that.

The bytes must be streamed from the CI runner to gitlab, and then from gitlab to the object store, before the job is considered complete.

An alternative implementation would be to pass the upload URL all the way to the runner. It would stream the bytes directly to the object store. When the runner tells gitlab the job is completed, it could then enqueue a sidekiq job to asynchronously download the ZIP file from the store and create the metadata.

It's a big rethink of the architecture, so maybe we can consider it as a second iteration?

@nick.thomas

I agree with you. I even tried to do that now, but I was hit by missing Content-Length thingy.

Yes. This is next iteration. It does require changes on Runner side, so it cannot be done "now" as this would require compatible runner too.

Having that split, and then exposing API for getting /authorize out of Rails, the same way as Workhorse gets it, makes it possible to do it fully asynchronous.

But still having support for older versions for some time. Otherwise we would be also hit by synchronous CarrierWave upload.

Thanks that you did ask about that :)

OK, can you get this into a new issue as a future enhancement, and make sure a note on the performance is included in the docs, wherever they are?

Yes. I will make sure about that.

One thing to note is that this implementation is best used with:

• object-storage local to server, in the same zone,
• this allows to avoid extra spending on egress traffic,
• and reduces the amount of time needed to do post-upload store in object storage.

cc @axil

I'd suggest we not use this on GitLab.com until the second iteration ;)

@nick.thomas We will have a test drive on dev before enabling that. So, belive me, it is 2-3 months process :)

I thought the point of this change was to avoid running out of NFS server disk space for artifact uploads. Isn't that orthogonal to how fast the uploads are?

assigned to @ayufan

added 1 commit

• 65215ee6 - Resolve Nick's comments

Compare with previous version

approved this merge request

enabled an automatic merge when the pipeline for 65215ee6 succeeds

OK, LGTM

mentioned in commit 1390af67

merged