Add encoding for the ssh key on the url

2016-03-24T20:48:27+00:00

Change use of fingerprint for whole key

2016-03-24T20:48:27+00:00

Change API endpoint to authorized_keys

2016-03-24T20:48:27+00:00

Add authorized keys bin script to find keys by fingerprint

2016-03-24T20:48:27+00:00

Add ssh-key resource get to gitlab_net

2016-03-24T20:48:27+00:00

This provides the integration point to the internal API to get the
ssh key from the internal API.

Actually use the read_timeout config option

2016-02-09T16:29:41+00:00

Log duration of HTTP API requests

2016-02-09T16:04:53+00:00

Use an HTTP timeout of 5 minutes by default

2016-02-09T16:04:29+00:00

Add support to connect gitlab-shell to Unicorn via UNIX socket

2015-11-10T17:33:24+00:00

It is well known that UNIX sockets are faster than TCP over loopback.

E.g. on my machine according to lmbench[1] they have ~ 2 times
lower latency and ~ 2-3 times more throughput compared to TCP over
loopback:

    *Local* Communication latencies in microseconds - smaller is better
    ---------------------------------------------------------------------
    Host                 OS 2p/0K  Pipe AF     UDP  RPC/   TCP  RPC/ TCP
                            ctxsw       UNIX         UDP         TCP conn
    --------- ------------- ----- ----- ---- ----- ----- ----- ----- ----
    teco      Linux 4.2.0-1  13.8  29.2 26.8  45.0  47.9  48.5  55.5  45.

    *Local* Communication bandwidths in MB/s - bigger is better
    -----------------------------------------------------------------------------
    Host                OS  Pipe AF    TCP  File   Mmap  Bcopy  Bcopy  Mem   Mem
                                 UNIX      reread reread (libc) (hand) read write
    --------- ------------- ---- ---- ---- ------ ------ ------ ------ ---- -----
    teco      Linux 4.2.0-1 1084 4353 1493 2329.1 3720.7 1613.8 1109.2 3402 1404.

The same ratio usually holds for servers.

Also UNIX sockets, since they reside on filesystem, besides being faster with
less latency, have one another nice property: access permissions to them are
managed the same way access to files is.

Because of lower latencies and higher throughput - for performance reasons, and
for easier security, it makes sense to interconnect services on one machine via
UNIX sockets and talk via TCP only to outside world.

All internal services inside GitLab can talk to each other via UNIX socket
already and only gitlab-shell was missing support to talk to Unicorn via UNIX
socket.

Let's teach gitlab-shell to talk via UNIX sockets.

[1] http://www.bitmover.com/lmbench/

~~~~

In this patch we

- add URI::HTTPUNIX to handle http+unix:// URI scheme
- add Net::HTTPUNIX to handle "connect via unix socket and then talk http"
- adjust GitlabNet#http_client_for() accordingly
- adjust documentation in config.yml.example

The http+unix:// scheme is not reinvented anew: the idea about its structure is
quite logical an was already established at least in requests-unixsocket python
package:

    http://fixall.online/theres-no-need-to-reinvent-the-wheelhttpsgithubcommsabramorequests-unixsocketurl/241810/
    https://github.com/msabramo/requests-unixsocket

Merge pull request #212 from jirutka/patch-1

2015-04-10T18:03:37+00:00

Allow to configure location of the secret file

delta/gitlab/gitlab-shell.git/lib/gitlab_net.rb, branch gl_ee_issue_116

Add encoding for the ssh key on the url

Change use of fingerprint for whole key

Change API endpoint to authorized_keys

Add authorized keys bin script to find keys by fingerprint

Add ssh-key resource get to gitlab_net

Actually use the read_timeout config option

Log duration of HTTP API requests

Use an HTTP timeout of 5 minutes by default

Add support to connect gitlab-shell to Unicorn via UNIX socket

Merge pull request #212 from jirutka/patch-1