Praefect should only dial to Gitaly for transactions

For transactions, we require that Gitaly dials back to Praefect in order to vote on transactions. This introduces a few problems:

• Gitaly is not configured with Praefect's security token. Praefect must send call-back information, including security token, to Gitaly for all transaction related calls.
• It is not clear to customers how this dial back requirement affects supported network topologies for GitLab deployments. Sometimes, Praefect may be behind a load balancer or NAT. Being able to dial back to Praefect is not always desirable.

However, Praefect is already configured with the Gitaly node security tokens and it is clear that Praefect must be able to reach individual Gitalies on the network. Therefore, it would be more robust to have Praefect initiate the gRPC call to Gitaly for all transaction votes. This would free Gitaly from needing to know network and security details for Praefect since Praefect is already a trusted client of Gitaly.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.