►
From YouTube: Orchestrator 2020-05-29
Description
GitLab Orchestrator: Running on latest from Geo Playbook Merge Request branch https://gitlab.com/gitlab-org/gitlab-orchestrator/-/merge_requests/8
A
Hello,
everyone
and
welcome
to
the
Friday
May
29th
demo
for
distribution
team.
My
name
is
Robert
Marshall
I'm
going
to
be
demoing
the
current
state
of
the
orchestrator
so
on
the
plate.
Today
we're
going
to
set
up
two
clusters:
one
is
to
have
an
application.
Node
three
council
nodes
to
database
notes,
and
that
will
be
a
primary
cluster
named
main
as
seen
here
in
this
description
and
the
secondary
cluster
named
go1
is
gonna.
Have
it
with
one
database,
one
application
node
down.
A
So
it's
going
to
provision
to
terraform,
laying
it
out
lay
showing
this
down
here.
This
bottom
left
corner
of
my
screen,
so
this
is
a
description
file.
This
is
what's
going
on
when
we're
doing
geo,
we
added
config
set
set
up
yeah.
We
have
cluster
descriptions
which
describes
the
cluster
and
then
we're
in
add
geo,
which
isn't
says
our
enablement
and
then
names
which
of
these
define
here,
which
of
these
clusters
is
our
primary
cluster
and
then
also
defines
a
listing
of
our
secondaries.
A
Making.
This
more
explicit
helps
us
in
the
cases
where
you
maybe
have
multiple
clusters,
because
this
bull
is
saw
multiple.
So
if
I
want
to
say
install,
you
know,
tus
Custer's,
for
two
teams
now
in
an
NGO
cluster
for
the
main
org
I
can
do
that.
Have
three
standalone
clusters,
one
of
them
having
a
Geo
setup.
So
the
configuration
today
is
much
smaller
to
keep
it
from
running,
for
it
keep
the
demo
from
running
a
long
time
now.
A
What
I'm
expecting
is
that
one
of
two
things
is
going
to
happen
on
the
secondary
one,
there's
going
to
be
a
global
database,
migrations
Pistor.
When
I
was
testing
yesterday,
there
was
a
a
glitch
where
it
didn't
set
up
correctly
because
they
didn't
go
in
the
right
order.
I
fixed
that
manually
and
I
fixed
the
order
in
the
in
the
playbook.
A
So
this
will
be
my
first
time
running
it
with
all
the
fixes
applied
all
in
line
and
run
at
once,
like
I
added
everything,
I
think
along
the
way
to
the
play
books,
but
this
will
be
the
first
end
end
with
all
those
fixes
to
play
I've
also
fixed
things.
This
adds
there's
a
SSH,
fast
keys,
so
that's
gonna
get
installed
today
and
we
managed
by
Orchestrator
and.
A
That's
where
that's
where
this
is
going.
While
this
is
running
something
we
can
do,
I'm
gonna
think
this
is
a
lot
bigger.
A
So
this
is
just
a
sample
of
what
the
configs
look
like
when
they
come
out.
This
is
from
my
cluster
from
last
night,
so
I
tore
this
down,
so
all
these
IP
addresses
are
safe
to
have
out
there
because
they
no
longer
exist
and
all
the
passwords
are
ephemeral
and
they're
protesting
only
so
this
is
the
setup
you
can
see
down
here.
What's
going
through.
This
is
which
note
it
is
so
this
is
the
Geo
one
clusters
application
node.
So
this
is
what
the
rendered
files
are.
Gonna
look
like
when
they
get
up.
A
Main
application
note-
and
you
can
see
that
we're
also
a
part
of
this
we're
going
through
PG
balancer
to
get
the
pooling
benefit.
So
by
default
you
know,
even
if
you're
not
using
the
clustered
form
of
postcards,
you
are
getting
the
bullying
which
we
know
improves
your
performance.
So
that's
a
already
established
in
here
and
console
these
are
all
trying
to
go
with
minimum
configuration.
We're
trying
to
go
with
the
idea
that
we
don't
want
to
over
configure
these
notes,
keep
them
as
simple
as
possible.
A
Here's
database
one
for
the
prime
primarily
has
a
lot
more
can
say
because
there's
a
lot
more
nodes,
that's
why
it's
so
much
longer
application
slots
is
already
calculated,
and
you
can
see
here
that
that
config
does
gets
these.
Both
the
Geo
and
the
pose
graphs
like
we'd,
expect
that's
database
to
database
three,
now
a
little
bit
about
the
tech
going
on
underneath
here.
A
A
So
you
know
we
don't
actually
template
out.
Add
all
these
by
themselves.
We
are
using
this.
This
is
part.
This
is
basically
part
of
what
was
originally
part
of
the
provisioner
I've
extended
a
bit
to
make
it
basic
like
a
like
overlay
file
system.
So
app
barbie
is
your
generic
app
when
console
is
enabled
when
gos
enabled
these
will
fold
over
so
here,
they're
gonna
rehearse
over.
So
these
eyes,
I
keep
pointing
at
my
screen
because
I'm
silly
these
items
will
each
get
converged.
A
So
the
first
one
anything
that's
in
the
second
one
which
here
is
the
console
RB
will
overwrite
what's
an
app
geo
overrides
both
so
basically
it's
an
overlay,
so
we
can
keep
adding
things.
So
as
we
extend
this,
as
we
add
more
features,
as
we
add
more
separation,
we
can
continue
this
pattern
to
keep
this
dry
and
keep
it
together.
A
B
A
Okay,
well,
when
you're
aligned,
what
adding
it
do
you
mean
dynamically
and
not
altering
the
run
books,
or
do
you
mean
like
if
you
want
to
if
you
there's
basically
right
now,
there's
no
way
to
inject
dynamically,
but
there
say
if
the
run
book
also
has
a
template.
So
you
could
add
a
single
one-liner
into
the
template
or
you
could
add
the
section
to
the
appropriate
place
like
say
in
the
a
Barbie.
C
A
B
The
override
is
more
or
what
is
going
to
be
injected
into
the
gate,
like
our
restructure,
less
about
what
like
any
behavior
inside
of
the
orchestrator
itself,
it's
not
a
change
to
the
code
base
of
Orchestrator.
If
the
idea
is
to
have
a
method
where
they
can
say,
merge
this
over-the-top
once
you're
done
generating
this
right,
because.
A
Like
if
we
look
at
this,
get
lab
rails
piece
right
here,
I
don't
migrate,
DB
host,
that's
getting
reflected
out
here!
That's
how
it
renders
out
those
key
names
are
actually
the
entry
points,
so
they're
not
eros
to
this
page
right.
So
if,
if
you're
following
a
documentation-
and
you
want
to
add
something-
and
you
know
what
the
top-level
key
and
then
the
sub
keys
are,
then
you
could
it
once
I've
added
the
piece
you
could
easily
put
an
override
and
I
can
just
say
this
overrides
everything
else
Jason.
Would
that
sufficiently
like?
A
B
So,
like
example,
cases
injecting
a
CA
right,
it's
not
something
where
you're
not
going
to
be
necessarily
overriding:
the
PT
bouncer,
because
the
BG
bouncer
is
going
to
be
fully
installed
and
configured
three
orchestrators
but
say
you
definitively
want
to
have
you
know
three
or
four
additional
c8,
because
you
know
your
system
will
eventually
be
reaching
out
to
internals
that
are
a
separate
system.
The
user
would
supply
those
parts
and
then
we'd
actually
have
a
way
to
add
the
additional
item
to
anything
and
if
you
love
RB,
that
is
needed
as
an
example.
A
Actually,
a
really
great
example,
because
one
of
the
next
things
that
I
would
need
to
open
up
an
issue
for
is
to
is
to
fit
the
SSL
support
in
directly,
because
right
now,
like
the
testing
is
ephemeral.
So
I
can't
use
the
let's
encrypt
setups,
so
supporting
a
fixed
SSL
and
getting
CAS
n
is
actually
a
next
step
in
the
next
iteration,
so
that
would
be
a
great
call-out
to
make
sure
that
that
functionality
exists
specifically
for
that
as
well.
A
A
B
A
There
we
go
so
the
steps
here
say
to
go
through
and
to
go
through
each
of
these
individual
steps.
But
one
of
the
interesting
things
is
that
when
you
come
here
to
like
geo
for
multiple
servers-
and
it
says
this-
but
this
is
not
a
replacement-
this
primary
role
has
to
be
in
addition
to
the
other
roles
that
were
already
set,
and
this
says
you
know
bigger
and
add
the
following.
Add
the
following,
but
this
lines
a
replacement
right.
So
that's
not.
A
So
that's
a
kind
of
a
side
piece
that
I
need
I'm
gonna
go
back
through
once
everything
is
working,
I'm
gonna
start
trying
to
help
with
the
documentation,
so
that
this
is
clear
for
the
next
person.
I,
don't
know,
I
know,
DJ
I
know
you
set
up
geo
before
so
is
anybody
else
run
into
that
same
thing?
With
this.
A
Application
role
and
the
Postgres
role
and
like
in
an
Ashes
notes,
he
creates
like
an
FTW
and
does
some
sequel
injection
I
haven't
found
that
anywhere
listed
in
the
Geo
main
documentation,
so
I'm
not
sure
if
it's
even
required
or
if
it's
just
there,
so
that's
kind
of
an
open
issue.
I
did
the
issue
last
night
before
I
was
and
asked
for
some
other
eyes.
I
bet
some
geo
and
some
support
folks
that
are
following
it.
So
is
yeah.
A
There's
just
there's
a
couple
of
things
like
there
are
four
or
five
folks
that
have
done
various
attempts
at
Geo
and
there
are
pieces
and
some
and
not
in
others,
and
a
third
of
them
aren't
even
in
the
main
documentation.
So
it's
one
of
those
do
they
need
to
be
documented
where
they
go,
what
they
mean?
Why
you
know?
Why
are
we
doing
these
things?
You
know
there's
a
lot
of
context
and
that
context
being
lost
I
think
is
one
of
the
biggest
challenges.
A
It
should
probably
tell
why
our
customers
have
a
challenge
with
it.
Cuz.
You
know
I,
it's
just
there's
a
lot
in
here
when
Eric
was
in
our
conversation
last
week
said
you
know,
there's
I
forget
how
many
hundreds
of
steps
to
to
deploy
this.
When
you
add
it
all
up,
even
condensed
a
couple
hundred
steps
or
a
thousand
steps
or
something
that
effect.
A
So
that
is
a
thing
that
I
want
to
go
through
and
clean
up
so
that
as
we
go
through
this
until
Orchestrator
is
in
GA,
the
documentation
is
a
little
bit
cleaner
and
I'll
also
help
with
just
you
know
as
we
go
through
and
troubleshoot
worker
straighter
and
get
reviews.
So
that's
just
a
piece:
let's
go
back
and
look
and
see
how
this
is
doing.
B
It
definitely
have
to
agree
that
geo
documentation
is
is
foremost
and
somewhat
indirect,
trying
to
figure
out
exactly
how
everything
works
was
an
absolute
pain
for
me
when
we
did
the
implementation
of
the
Atlantic
G
of
support
within
the
charts,
the
resulting
Docs,
that
I
wrote
it
up
being
significantly
smaller
than
the
upstream
documentation,
and
it's
very
condensed
for
it.
Now.
Admittedly,
there's
many
things
not
happening
in
the
documentation
for
the
charts.
B
But
it's
amazing
how
much
simpler
eleven
steps
are.
Then
you
know
15
pages
of
documentation,
the
come
to
the
actual
Omnibus
and
it's
basically
came
down
to
me
breaking
down
what
those
steps
actually
are.
What
features
actually
need
to
be
on
or
not
and
what
they
actually
cross
communicate.
That
being
said,
I
don't
have
Custer
involved
console
in
there,
and
it's
I
have
a
very
basic
book
standing
up
there,
Davis
Turner's
database
here
so
yeah.
A
And
that's
kind
of
a
lot
of
the
config
kind
of
cleanup
came
out
of
your
truck
documentation
Jason.
So
when
I
work
on
this
I've
got
it's
on
the
issue,
but
I
have
like
five.
There
are
five
or
six
sources
of
this
is
how
geo
should
be
installed,
so
I'm,
hoping
that
kind
of
as
a
side
effect
of
all
of
this,
that
we
can
align
those
four
with
less
overall
confusion.
A
A
A
A
Didn't
catch
like
the
last
six
words
in
this
case
you're
setting
up
like
host
files,
you're
doing
it
off
streets.
We
don't
really
know
what
you're
doing.
Oh,
no
I'm
just
copying
the
IP
addresses
to
a
text
pad
so
that
when
this
is
up,
I
can
just
copy
paste
and
I
can
go
back
and
look
again.
Okay,
when
this
is
all
done,
I
can
run
the
bench
logs
again
and
we
can
look
at
effects
fetch
config
and
we
can
look
at
all
those
and
start
working
on
diagnostic.
A
One
of
the
other
issues
that
we
should
open
out
of
here
that's
a
thing
that
I
know
about
I'm
gonna,
open
issue
4.
Yet
we
have
a
double
run
of
the
configuration
P
of
the
package
piece
which
we
don't
need
to
run
because
common
is
injected.
The
common
rule
is
injected,
is
injected
twice,
and
that's
just
by
virtue
of
the
fact
that,
as
I
ported
things
over,
it
was
it's
there.
So
that's
probably
another
thing
that
we
should
open
up
as
a
future
here
to
improve.
A
B
A
A
Another
thing
that
I
would
probably
appreciate
some
help,
with
probably
annex
like
6
to
4
days
when
all
this
works.
My
goal
right
now
is
to
get
this
to
where
I
can
just
manually
add
the
go1
in
the
console
over
to
the
MAF
occasion.
There
is
an
API
that
pointed
out
in
the
issue
and
I'm
not
very
well
versed
in
just
curl
calling
api's
I.
Don't
want
to
go
to
all
the
trouble
of
writing
a
Python
module
principle
for
this.
D
A
A
A
One
of
the
things
you'll
notice
from
the
last
demo
is
that
now
now
we
have
a
default
password.
That's
here
that's
set
for
us
that
can
be
that
as
both
I've
set
the
password,
but
also,
if
you
don't
set
one,
it
will
give
you
a
password
and
you
can
run
a
playbook
that'll
show
you
the
password.
That's
one
of
the
most
recent
things
merged
in
that
was
a
thanks
to
the
our
red
team
and
I
had
a
discussion
about
some
of
the
stuff
with
popping
up
with
security
pipelines
and
that's
direct
results.
A
So
thank
you
to
Chris,
Moberly
and
Paul
Harrison.
They
were
real
great
partners.
We
discussed
what
was
going
on
when
he'd
be
happening
and
no
thanks
to
them.
We
now
have
an
improvement
all
right,
so
we're
logged
in
we're
gonna
head
over
here,
also
merged
into
merged
in
and
not
just
part
of
the
work
in
progress.
We
now
have
a
license,
so
that's
just
by
default,
even
with
just
regular
clusters.
If
you
install
just
one
cluster,
not
geo,
you
can
have
your
license
installed.
A
So
that's
no
longer
here
that
was
separate
out
to
a
smaller
iteration
of
merge,
so
looking
at
geo,
you
can
see
that
geo
is
turned
on
it
does
understand.
This
primary
note
is
healthy:
okay,
yeah.
We
understand
this.
This
is
already
there
cell
peace,
current
node
and
its
primary
labeled
main
so
that
all
works
as
we
expect.
So
we've
got
that
much
far
going
so
now,
let's
go
turn
our
turn
our
faces
to
the
application
node.
So
we
are
three
minutes
to
time.
I'm
going
to
continue
going
so
just
you
know
you
need
the
drop.
A
A
B
B
A
E
B
H
A
B
E
A
B
A
Yeah
everything
yeah,
that's
a
that
was
something
that
I
asked
button
geo
last
night
because
I'm
a
documentation,
log
cursor
sounds
like
it's
a
rails
app,
but
then
it's
not
a
rails
app,
but
I
figured
out
it's
some
kind
of
a
service.
So.
G
A
B
H
A
E
E
See
above
it,
though,
it
that
it's
supposedly
created
the
database.
F
B
A
A
A
B
B
H
B
B
We've
got
one
listening
on
port
five,
four,
three
two
and
one
on
five,
four,
three
one,
and
since
that's
listening
on
the
public
IP
address
as
opposed
to
zero
zero
zero,
the
geodatabase
is
listening
on
four
five,
four,
three
one
yep
are:
we
sure
that
the
generated
configuration
is
telling
it
lab
to
connect
to
the
right
place.
We
want
to
check
our
OTT
kit
lab
get
lab
rails,
come
on
babe.
B
That
is
attempting
to
connect
to
localhost
46:43,
to
which
we
all
not
exist
correctly,
unless
you
have
something
redirecting
643
to
to
the
6131
easy
bouncer,
yeah,
okay,
so
PD
somebody
help
me
here:
where
do
we
double-checked
the
configuration
of
the
running
PG
master
on
the
node
that
we're
at
that
will
point
to
the
correct
port?
Oh.