Geo: make SSH replication setup automatic
Description
http://docs.gitlab.com/ee/gitlab-geo/configuration.html and https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/geo.md include a number of manual steps required to get the secondaries successfully fetching repository data from the primaries over SSH.
This covers some difficult-to-explain territory (SSH public-key auth) and the setup is likely to be error-prone and a support burden as a result.
Proposal
Rework Geo to re-use the SSH public-key authentication niceties we added in https://gitlab.com/gitlab-org/gitlab-ee/issues/98 . In particular:
- Each Geo secondary can be assigned an SSH keypair
- The primary can generate the necessary
known_hostsdata for the secondaries to use automatically - We can communicate both these items through a trusted channel (postgres replication)
- The
fetch_remoteGitLab Shell call now allows an SSH key andknown_hostsdata to be specified explicitly, so we don't need to change the ssh config of thegitusers on the secondary nodes
Links / references
Documentation blurb
Overview
What is it? Why should someone use this feature? What is the underlying (business) problem? How do you use this feature?
Use cases
Who is this for? Provide one or more use cases.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
- Feature assurance
- Documentation
- Added to features.yml