like below:
````
Configuring gitlab::feature_flags...
- Launching rails runner to set feature flags. This will take some time....
- Specified feature flags to be disabled:
--- "auto_devops_banner_disabled"
--- "invalid_flag_name"
- Specified feature flags to be enabled
--- "git_push_create_all_pipelines"
--- "another_invalid_flag_name"
- Following flags are probably invalid and have been ignored
--- invalid_flag_name
--- another_invalid_flag_name
- Apply user defined feature flags:
--- auto_devops_banner_disabled : off
--- git_push_create_all_pipelines : on
````
- Do not `puts` parsed options (formatted by ruby's `.to_s`),
`puts` each specified target with three hyphens instead
- `puts` each ignored target on each line with three hyphens instead of single line csv
- It requires database is set up because
feature flags are stored to DB (table `application_settings`)
- Add configuration parameter GITLAB_FEATURE_FLAGS_ENABLE_TARGETS
and GITLAB_FEATURE_FLAGS_DISABLE_TARGETS
- Add ruby script to configure feature flags from command line
and invoke runtime (from configure_gitlab())
Backport: fix behavior of `SecureRandom.gen_random_openssl(n)`
commit:
64e503eb62
This has been merged into the Ruby 3.3 release, but Ruby (at least) 3.0 and later are affected by the issues fixed by this commit.
`Dir.exists?(file_name) -> bool` have been deprecated since Ruby 2.1
and removed on Ruby 3.2.
See https://bugs.ruby-lang.org/issues/17391
Replacement is `Dir.exist?(file_name) -> bool`.
GitLab does not launch after second run if relative url is used.
This is caused by following upstream change to remove assets directory on assets compile.
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/103715
This is introduced on v15.6.0
````sh
$ git -C ../gitlab.git/ tag --contains e46d92c0 | sort --version-sort | head -n 1
v15.6.0-ee
````
1. `sameersbn/gitlab` create symbolic link /home/git/gitlab/public/assets/
to point /home/git/data/tmp/assets if relative url is used.
This is to store assets in the docker volume to avoid unnecessary recompilations.
These assets are removed and recompiled only when the gitlab version or relative url root is changed.
2. By the change provided by gitlab.com/gitlab-org/gitlab!103715,
rake task `gitlab:assets:compile` became to remove assets directory directly (by `FileUtils.rm_rf()`).
It does not remove compiled assets itself, but remove symlink /home/git/gitlab/public/assets .
Then it compiles assets as usual, but they will be stored in newly-created normal directory /home/git/gitlab/public/assets/
3. On container down, whole container statement (except volumes) will be reset.
These compiled assets will be removed as well because they are not in docker volume.
4. As we store version info and relative url root path to /home/git/data/tmp/,
we cannot recognize we have to recompile assets (that have been removed by mistake)
To avoid the issue, this commit add a build time patch to change the behavior of rake task `gitlab:assets:compile`
to empty assets instead of removing assets directory itself.
There was an issue that `ajv` is not installed by mistake.
This issue have been fixed on upstream, a few years ago.
Now, we can revert the change.
This commit partially reverts 985d57afb9673b2f5acb1f12cbc13f230f6ec074
See sameersbn/gitlab#1358
It seems that fix MR on upstream is https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/14543
but we cannot check diff because source / target branch removed by mistake
Anyway, no need to add ajv as an explicit dependency with (at least) gitlab v11 or later
note: Only affected if using the relative_url feature
`gitlab/script/frontent/preinstall.mjs` is introduced since v16.4.0.
This script is executed on container startup, if using the relative url.
This script removes `NODE_MODULES` (/home/git/gitlab/node_modules) when
"the folder seems to end up being a corrupted somehow"
See more detail:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130938
On sameersbn/gitlab, the folder node_modules is declared as volume.
The volume is always busy so that cannot be removed in the container.
You can see following error reported on container startup
(sameersbn/gitlab:16.4.0 or later).
````
yarn install v1.22.19
$ node ./scripts/frontend/preinstall.mjs
[WARNING] package.json changed significantly. Removing node_modules to be sure there are no problems. node:internal/process/esm_loader:97
internalBinding('errors').triggerUncaughtException(
^
[Error: EBUSY: resource busy or locked, rmdir '/home/git/gitlab/node_modules'] {
errno: -16,
code: 'EBUSY',
syscall: 'rmdir',
path: '/home/git/gitlab/node_modules'
}
Node.js v18.17.1
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command. -----
````
This PR add a build time patch to change the behavior of
script/frontend/preinstall.mjs to not to remove node_modules directly,
but empty it instead.
see sameersbn/docker-gitlab#2828
The current setup also accepts multiple hosts,
but the syntax is a bit strange.
The leading/trailing double quotes are embedded
in the configuration file itself,
so users should expect double quotes around the string they set.
In other words, when setting two hosts 0.0.0.0 and 1.1.1.1,
you will set the strings 0.0.0.0","1.1.1.1 in the
environment variables. This is not intuitive.
This commit removes double quote around corresponding config
and set backward compatibility fallback process
to surround whole with [], each host with double quote.
Also, validation script (written in ruby) will be executed during configuration.
Example docker-compose.yml
````yaml
services:
gitlab:
image: sameersbn/gitlab:latest
environment:
- RACK_ATTACK_WHITELIST='["127.0.0.1","0.0.0.0"]'
````
Co-authored-by: Mikhail Khadarenka <chodorenko@mail.ru>
Handle the case where the target does not exist
in the process of deleting unused clients.
Such a situation will not occur in newly launched containers,
but will occur if they are restarted.
During container restarts, container status are preserved.
If the unused database client was deleted in the last run,
grep will not match anything.
It returns non-zero code and the container stops there
because entrypoint sets option `-e`
(exit immediately on non-zero exit code excluding some special cases)
This commit make the uninstall process to handle the case
UNUSED_DB_CLIENTS is empty.
Unused clients are determinate by checking ~/.postgresqlrc
Uninstall logs like the following will appear in the docker log:
- Uninstalling unused version(s) of client: postgresql-client-12
It is intended to work even in environments without an internet connection.
- Use latest version of pg_isready on checking database connection
- Switch postgresql-client version checking server on startup
- If the server versions do not match exactly, use the latest installed client
and warn on docker log
From postgresql documentation:
https://www.postgresql.org/docs/15/app-pgdump.html#PG-DUMP-NOTES
> Also, it is not guaranteed that pg_dump's output can be loaded
> into a server of an older major version — not even if the dump
> was taken from a server of that version.
To switch client version, generate a file ~/.postgresqlrc with content like:
{server side major version} {server hostname}:{server port} {default database}
See detail on:
https://manpages.ubuntu.com/manpages/bionic/man5/postgresqlrc.5.html
Following messages appear on docker log:
- Detected server version: 140007
- Generating /home/git/.postgresqlrc
`assets/build/config/database.yml.postgresql` is owned by root:root,
and permission is rwxrw----
so the user `git` (`${GILTAB_USER}`) doesn't have a permission to copy the file.
This raises an error while building.
This allows to the client to explicitly select protocol version 2, which is much more efficient. Without allowing that environment variable it seems that SSH connections are always stuck in version1. See https://docs.gitlab.com/ee/administration/git_protocol.html on how to check if protocol 2 is used.
Sidekiq is updated to v6.0 here (first contained tag: v14.4.0-ee)
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69655
In Sidekiq 6.0, these options have been marked as "deprecated":
-P (set pid file)
-L (set log file)
See https://github.com/sidekiq/sidekiq/commit/3f5b1c5
Now, we can see error message in {GITLAB_LOGS_DIR}/supervisor/sidekiq.log
like below:
----
ERROR: PID file creation was removed in Sidekiq 6.0, please use a proper process supervisor to start and manage your services
ERROR: Logfile redirection was removed in Sidekiq 6.0, Sidekiq will only log to STDOUT
----
Just stop using this option.
There are many warnings like below
recorded in {GITLAB_LOG_DIR}/supervisord/sidekiq.log.
This can be avoided by simply increasing SIDEKIQ_MEMORY_KILLER_MAX_RSS.
----
{
"severity": "WARN",
"time": "[MASKED]",
"class": "Gitlab::SidekiqDaemon::MemoryKiller",
"pid": [MASKED],
"message": "Sidekiq worker RSS out of range",
"current_rss": 1009636,
"soft_limit_rss": 1000000,
"hard_limit_rss": [MASKED],
"memory_total_kb": [MASKED],
"reason": "current_rss(1009636) \u003e soft_limit_rss(1000000)",
"running_jobs": [],
"retry": 0
}
----
For sameersbn/gitlab, this parameter have been introduced with
following commit on May 21, 2015 and never updated until today:
e4008cc7ab9efd626511af4c43e52e2a9490d612
On upstream, the default setting documentation is updated here:
https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31682
but it is said "the documentation is outdated" at this time.
I could not find out when the value is increased.
At least, In omnibus-gitlab, this have been introduced in MR 2360
(release 11.10.0+ce.0 / 11.10.0+ee.0)
https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2360
