gitlab: Make a plan to base instance layout on gitlab-omnibus and to...

gitlab: Make a plan to base instance layout on gitlab-omnibus and to interconnect all internal services via unix sockets

Upcoming changes will follow two points:

- we try to base our gitlab setup on how it is done in
  gitlab-omnibus[1] with the idea to ease tracking upstream changes to
  instance setup.

- we will interconnect all internal services via unix sockets only.

  The reason to do it is twofold:

    1. easier security: currently files on different slapos partitions
       are isolated from each other, but there is no "in-between-partitions"
       networking isolation - thus (potentially evil) programs can
       access internal services on other slapos partition.

       permissions to access unix sockets, on the other hand, are
       managed by filesystem-level permissions, and thus unix sockets in
       one partition will be, by default, isolated from programs on
       another partitions.

    2. It is well known that UNIX sockets are faster than TCP over
       loopback. For example for our std shuttles they have 2 times lower
       latency and ~ 2-3 times more throughput compared to TCP over loopback

    More details on 1 & 2 can be found e.g. here:

    nexedi/slapos!27
    https://gitlab.com/gitlab-org/gitlab-shell/merge_requests/30

/cc @kazuhiko, @jerome

[1] https://gitlab.com/gitlab-org/omnibus-gitlab

software/gitlab/instance-gitlab.cfg.in

 # GitLab instance
+# NOTE instance/software layout is inspired by gitlab omnibus
+# NOTE all services are interconnected via unix sockets - because of easier
+#      security and performance reasons (unix has 2x less latency and more
+#      throughput compared to tcp over loopback).
 [buildout]
 parts =
     directory