From f8ab43ef7b14ae9e4bb17e058849af0d9eaf759d Mon Sep 17 00:00:00 2001 From: talyz Date: Wed, 17 Feb 2021 16:36:58 +0100 Subject: [PATCH] nixos/gitlab: Switch from unicorn to puma Puma is the new upstream default server since GitLab 13. --- .../services/misc/defaultUnicornConfig.rb | 69 ---------- nixos/modules/services/misc/gitlab.nix | 10 +- .../version-management/gitlab/default.nix | 1 + .../gitlab/remove-hardcoded-locations.patch | 124 ++++++++++++------ 4 files changed, 91 insertions(+), 113 deletions(-) delete mode 100644 nixos/modules/services/misc/defaultUnicornConfig.rb diff --git a/nixos/modules/services/misc/defaultUnicornConfig.rb b/nixos/modules/services/misc/defaultUnicornConfig.rb deleted file mode 100644 index 0b58c59c7a51..000000000000 --- a/nixos/modules/services/misc/defaultUnicornConfig.rb +++ /dev/null @@ -1,69 +0,0 @@ -worker_processes 3 - -listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024 -listen "/run/gitlab/gitlab.socket", :backlog => 1024 - -working_directory ENV["GITLAB_PATH"] - -pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid" - -timeout 60 - -# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings -# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow -preload_app true -GC.respond_to?(:copy_on_write_friendly=) and - GC.copy_on_write_friendly = true - -check_client_connection false - -before_fork do |server, worker| - # the following is highly recommended for Rails + "preload_app true" - # as there's no need for the master process to hold a connection - defined?(ActiveRecord::Base) and - ActiveRecord::Base.connection.disconnect! - - # The following is only recommended for memory/DB-constrained - # installations. It is not needed if your system can house - # twice as many worker_processes as you have configured. - # - # This allows a new master process to incrementally - # phase out the old master process with SIGTTOU to avoid a - # thundering herd (especially in the "preload_app false" case) - # when doing a transparent upgrade. The last worker spawned - # will then kill off the old master process with a SIGQUIT. - old_pid = "#{server.config[:pid]}.oldbin" - if old_pid != server.pid - begin - sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU - Process.kill(sig, File.read(old_pid).to_i) - rescue Errno::ENOENT, Errno::ESRCH - end - end - - # Throttle the master from forking too quickly by sleeping. Due - # to the implementation of standard Unix signal handlers, this - # helps (but does not completely) prevent identical, repeated signals - # from being lost when the receiving process is busy. - # sleep 1 -end - -after_fork do |server, worker| - # per-process listener ports for debugging/admin/migrations - # addr = "127.0.0.1:#{9293 + worker.nr}" - # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) - - # the following is *required* for Rails + "preload_app true", - defined?(ActiveRecord::Base) and - ActiveRecord::Base.establish_connection - - # reset prometheus client, this will cause any opened metrics files to be closed - defined?(::Prometheus::Client.reinitialize_on_pid_change) && - Prometheus::Client.reinitialize_on_pid_change - - # if preload_app is true, then you may also want to check and - # restart any other shared sockets/descriptors such as Memcached, - # and Redis. TokyoCabinet file handles are safe to reuse - # between any number of forked children (assuming your kernel - # correctly implements pread()/pwrite() system calls) -end diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 4086a11ce873..91a6cd90064c 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -142,7 +142,7 @@ let gitlabEnv = { HOME = "${cfg.statePath}/home"; - UNICORN_PATH = "${cfg.statePath}/"; + PUMA_PATH = "${cfg.statePath}/"; GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/"; SCHEMA = "${cfg.statePath}/db/structure.sql"; GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads"; @@ -725,8 +725,6 @@ in { "L+ /run/gitlab/uploads - - - - ${cfg.statePath}/uploads" "L+ /run/gitlab/shell-config.yml - - - - ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)}" - - "L+ ${cfg.statePath}/config/unicorn.rb - - - - ${./defaultUnicornConfig.rb}" ]; systemd.services.gitlab-sidekiq = { @@ -873,7 +871,9 @@ in { set -eu chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/* - chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/* + if [[ ! -z "$(ls -A '${cfg.statePath}'/config/)" ]]; then + chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/* + fi ''; preStart = '' set -eu @@ -956,7 +956,7 @@ in { "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}" "${pkgs.writeShellScript "gitlab-pre-start" preStart}" ]; - ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/unicorn -c ${cfg.statePath}/config/unicorn.rb -E production"; + ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/puma -C ${cfg.statePath}/config/puma.rb -e production"; }; }; diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index ee6c8201fa3f..b9c352a4eac4 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -137,6 +137,7 @@ stdenv.mkDerivation { sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb + mv config/puma.rb.example config/puma.rb # Always require lib-files and application.rb through their store # path, not their relative state directory path. This gets rid of # warnings and means we don't have to link back to lib from the diff --git a/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch b/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch index fcb954e38843..83e3d7fe1414 100644 --- a/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch +++ b/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch @@ -1,8 +1,8 @@ diff --git a/config/environments/production.rb b/config/environments/production.rb -index c5cbfcf64c..4d01f6fab8 100644 +index d9b3ee354b0..1eb0507488b 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb -@@ -70,10 +70,10 @@ Rails.application.configure do +@@ -69,10 +69,10 @@ config.action_mailer.delivery_method = :sendmail # Defaults to: @@ -11,17 +11,17 @@ index c5cbfcf64c..4d01f6fab8 100644 - # # arguments: '-i -t' - # # } + config.action_mailer.sendmail_settings = { -+ location: '/usr/sbin/sendmail', ++ location: '/run/wrappers/bin/sendmail', + arguments: '-i -t' + } config.action_mailer.perform_deliveries = true config.action_mailer.raise_delivery_errors = true diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example -index bd696a7f2c..44e3863736 100644 +index 92e7501d49d..4ee5a1127df 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example -@@ -590,7 +590,7 @@ production: &base +@@ -1168,7 +1168,7 @@ production: &base # CAUTION! # Use the default values unless you really know what you are doing git: @@ -31,10 +31,10 @@ index bd696a7f2c..44e3863736 100644 ## Webpack settings # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb -index 0bea8a4f4b..290248547b 100644 +index bbed08f5044..2906e5c44af 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb -@@ -177,7 +177,7 @@ Settings.gitlab['ssh_user'] ||= Settings.gitlab['user'] +@@ -183,7 +183,7 @@ Settings.gitlab['user_home'] ||= begin Etc.getpwnam(Settings.gitlab['user']).dir rescue ArgumentError # no user configured @@ -43,7 +43,7 @@ index 0bea8a4f4b..290248547b 100644 end Settings.gitlab['time_zone'] ||= nil Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil? -@@ -507,7 +507,7 @@ Settings.backup['upload']['storage_class'] ||= nil +@@ -751,7 +751,7 @@ # Git # Settings['git'] ||= Settingslogic.new({}) @@ -52,37 +52,94 @@ index 0bea8a4f4b..290248547b 100644 # Important: keep the satellites.path setting until GitLab 9.0 at # least. This setting is fed to 'rm -rf' in +diff --git a/config/puma.rb.example b/config/puma.rb.example +index 9fc354a8fe8..2352ca9b58c 100644 +--- a/config/puma.rb.example ++++ b/config/puma.rb.example +@@ -5,12 +5,8 @@ + # The default is "config.ru". + # + rackup 'config.ru' +-pidfile '/home/git/gitlab/tmp/pids/puma.pid' +-state_path '/home/git/gitlab/tmp/pids/puma.state' +- +-stdout_redirect '/home/git/gitlab/log/puma.stdout.log', +- '/home/git/gitlab/log/puma.stderr.log', +- true ++pidfile ENV['PUMA_PATH'] + '/tmp/pids/puma.pid' ++state_path ENV['PUMA_PATH'] + '/tmp/pids/puma.state' + + # Configure "min" to be the minimum number of threads to use to answer + # requests and "max" the maximum. +@@ -31,12 +27,12 @@ queue_requests false + + # Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only + # accepted protocols. +-bind 'unix:///home/git/gitlab/tmp/sockets/gitlab.socket' ++bind "unix://#{ENV['PUMA_PATH']}/tmp/sockets/gitlab.socket" + + workers 3 + +-require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events" +-require_relative "/home/git/gitlab/lib/gitlab/cluster/puma_worker_killer_initializer" ++require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/lifecycle_events" ++require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/puma_worker_killer_initializer" + + on_restart do + # Signal application hooks that we're about to restart +@@ -80,7 +76,7 @@ if defined?(nakayoshi_fork) + end + + # Use json formatter +-require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter" ++require_relative ENV['GITLAB_PATH'] + "lib/gitlab/puma_logging/json_formatter" + + json_formatter = Gitlab::PumaLogging::JSONFormatter.new + log_formatter do |str| diff --git a/lib/api/api.rb b/lib/api/api.rb -index e953f3d2ec..3a8d9f076b 100644 +index ada0da28749..8a3f5824008 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb -@@ -2,7 +2,7 @@ module API - class API < Grape::API +@@ -4,7 +4,7 @@ module API + class API < ::API::Base include APIGuard - LOG_FILENAME = Rails.root.join("log", "api_json.log") + LOG_FILENAME = File.join(ENV["GITLAB_LOG_PATH"], "api_json.log") - NO_SLASH_URL_PART_REGEX = %r{[^/]+} - PROJECT_ENDPOINT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze + NO_SLASH_URL_PART_REGEX = %r{[^/]+}.freeze + NAMESPACE_OR_PROJECT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze +diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb +index 50cd15b7a10..3ac89e5b8e9 100644 +--- a/lib/gitlab/authorized_keys.rb ++++ b/lib/gitlab/authorized_keys.rb +@@ -157,7 +157,7 @@ def command(id) + raise KeyError, "Invalid ID: #{id.inspect}" + end + +- "#{File.join(Gitlab.config.gitlab_shell.path, 'bin', 'gitlab-shell')} #{id}" ++ "#{File.join('/run/current-system/sw/bin', 'gitlab-shell')} #{id}" + end + + def strip(key) diff --git a/lib/gitlab/logger.rb b/lib/gitlab/logger.rb -index a42e312b5d..ccaab9229e 100644 +index 89a4e36a232..ae379ffb27a 100644 --- a/lib/gitlab/logger.rb +++ b/lib/gitlab/logger.rb -@@ -26,7 +26,7 @@ module Gitlab +@@ -37,7 +37,7 @@ def self.build end def self.full_log_path - Rails.root.join("log", file_name) -+ File.join(ENV["GITLAB_LOG_PATH"], file_name) ++ File.join(ENV["GITLAB_LOG_PATH"], file_name) end def self.cache_key diff --git a/lib/gitlab/uploads_transfer.rb b/lib/gitlab/uploads_transfer.rb -index 7d7400bdab..cb25211d44 100644 +index e0e7084e27e..19fab855b90 100644 --- a/lib/gitlab/uploads_transfer.rb +++ b/lib/gitlab/uploads_transfer.rb -@@ -1,7 +1,7 @@ +@@ -3,7 +3,7 @@ module Gitlab class UploadsTransfer < ProjectTransfer def root_dir @@ -92,10 +149,10 @@ index 7d7400bdab..cb25211d44 100644 end end diff --git a/lib/system_check/app/log_writable_check.rb b/lib/system_check/app/log_writable_check.rb -index 3e0c436d6e..28cefc5514 100644 +index 2c108f0c18d..3a16ff52d01 100644 --- a/lib/system_check/app/log_writable_check.rb +++ b/lib/system_check/app/log_writable_check.rb -@@ -21,7 +21,7 @@ module SystemCheck +@@ -23,7 +23,7 @@ def show_error private def log_path @@ -105,10 +162,10 @@ index 3e0c436d6e..28cefc5514 100644 end end diff --git a/lib/system_check/app/uploads_directory_exists_check.rb b/lib/system_check/app/uploads_directory_exists_check.rb -index 7026d0ba07..c56e1f7ed9 100644 +index 54dff63ab61..882da702f29 100644 --- a/lib/system_check/app/uploads_directory_exists_check.rb +++ b/lib/system_check/app/uploads_directory_exists_check.rb -@@ -4,12 +4,13 @@ module SystemCheck +@@ -6,12 +6,13 @@ class UploadsDirectoryExistsCheck < SystemCheck::BaseCheck set_name 'Uploads directory exists?' def check? @@ -120,15 +177,15 @@ index 7026d0ba07..c56e1f7ed9 100644 + uploads_dir = ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads') try_fixing_it( - "sudo -u #{gitlab_user} mkdir #{Rails.root}/public/uploads" -+ "sudo -u #{gitlab_user} mkdir #{uploads_dir}" ++ "sudo -u #{gitlab_user} mkdir #{uploads_dir}" ) for_more_information( - see_installation_guide_section 'GitLab' + see_installation_guide_section('GitLab') diff --git a/lib/system_check/app/uploads_path_permission_check.rb b/lib/system_check/app/uploads_path_permission_check.rb -index 7df6c06025..bb447c16b2 100644 +index 2e1cc687c43..ca69d63bcf6 100644 --- a/lib/system_check/app/uploads_path_permission_check.rb +++ b/lib/system_check/app/uploads_path_permission_check.rb -@@ -25,7 +25,7 @@ module SystemCheck +@@ -27,7 +27,7 @@ def show_error private def rails_uploads_path @@ -138,10 +195,10 @@ index 7df6c06025..bb447c16b2 100644 def uploads_fullpath diff --git a/lib/system_check/app/uploads_path_tmp_permission_check.rb b/lib/system_check/app/uploads_path_tmp_permission_check.rb -index b276a81eac..070e3ebd81 100644 +index 567c7540777..29906b1c132 100644 --- a/lib/system_check/app/uploads_path_tmp_permission_check.rb +++ b/lib/system_check/app/uploads_path_tmp_permission_check.rb -@@ -33,7 +33,7 @@ module SystemCheck +@@ -35,7 +35,7 @@ def upload_path_tmp end def uploads_fullpath @@ -150,14 +207,3 @@ index b276a81eac..070e3ebd81 100644 end end end ---- a/lib/gitlab/authorized_keys.rb -+++ b/lib/gitlab/authorized_keys.rb -@@ -157,7 +157,7 @@ - raise KeyError, "Invalid ID: #{id.inspect}" - end - -- "#{File.join(Gitlab.config.gitlab_shell.path, 'bin', 'gitlab-shell')} #{id}" -+ "#{File.join('/run/current-system/sw/bin', 'gitlab-shell')} #{id}" - end - - def strip(key)