Commit 27097a63 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'mk/refactor-gitlab-check-rake-tasks' into 'master'

Run Geo check during gitlab check task, plus refactors

See merge request gitlab-org/gitlab-ee!8616
parents 996e5ac9 d42857ce
---
title: Run geo check task from gitlab check
merge_request: 8616
author:
type: changed
# frozen_string_literal: true
module EE
module SystemCheck
module RakeTask
module AppTask
extend ActiveSupport::Concern
class_methods do
extend ::Gitlab::Utils::Override
override :checks
def checks
super + [
::SystemCheck::App::ElasticsearchCheck
]
end
end
end
end
end
end
# frozen_string_literal: true
module EE
module SystemCheck
module RakeTask
module GitlabTask
extend ActiveSupport::Concern
class_methods do
extend ::Gitlab::Utils::Override
override :subtasks
def subtasks
existing = super
existing << ::SystemCheck::RakeTask::GeoTask if ::Gitlab::Geo.enabled?
existing
end
end
end
end
end
end
......@@ -78,6 +78,10 @@ module SystemCheck
$stdout.puts ' Reason:'.color(:blue)
$stdout.puts " #{exception.message}"
end
def see_custom_certificate_doc
'https://docs.gitlab.com/omnibus/common_installation_problems/README.html#using-self-signed-certificate-or-custom-certificate-authorities'
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:geo:check rake task
module GeoTask
extend RakeTaskHelpers
def self.name
'Geo'
end
def self.checks
[
SystemCheck::Geo::LicenseCheck,
SystemCheck::Geo::EnabledCheck,
SystemCheck::Geo::GeoDatabaseConfiguredCheck,
SystemCheck::Geo::DatabaseReplicationCheck,
SystemCheck::Geo::FdwEnabledCheck,
SystemCheck::Geo::FdwSchemaUpToDateCheck,
SystemCheck::Geo::HttpConnectionCheck,
SystemCheck::Geo::HTTPCloneEnabledCheck,
SystemCheck::Geo::ClocksSynchronizationCheck,
SystemCheck::App::GitUserDefaultSSHConfigCheck,
SystemCheck::Geo::AuthorizedKeysCheck,
SystemCheck::Geo::AuthorizedKeysFlagCheck
]
end
end
end
end
# frozen_string_literal: true
namespace :gitlab do
namespace :geo do
desc 'GitLab | Check Geo configuration and dependencies'
task check: :gitlab_environment do
SystemCheck::Geo.run!
end
end
end
# frozen_string_literal: true
module SystemCheck
class GitalyCheck < BaseCheck
set_name 'Gitaly:'
def multi_check
Gitlab::HealthChecks::GitalyCheck.readiness.each do |result|
$stdout.print "#{result.labels[:shard]} ... "
if result.success
$stdout.puts 'OK'.color(:green)
else
$stdout.puts "FAIL: #{result.message}".color(:red)
end
end
end
end
end
# frozen_string_literal: true
module SystemCheck
# Used by gitlab:gitlab_shell:check rake task
class GitlabShellCheck < BaseCheck
set_name 'GitLab Shell:'
def multi_check
check_gitlab_shell
check_gitlab_shell_self_test
end
private
def check_gitlab_shell
required_version = Gitlab::VersionInfo.parse(Gitlab::Shell.version_required)
current_version = Gitlab::VersionInfo.parse(gitlab_shell_version)
$stdout.print "GitLab Shell version >= #{required_version} ? ... "
if current_version.valid? && required_version <= current_version
$stdout.puts "OK (#{current_version})".color(:green)
else
$stdout.puts "FAIL. Please update gitlab-shell to #{required_version} from #{current_version}".color(:red)
end
end
def check_gitlab_shell_self_test
gitlab_shell_repo_base = gitlab_shell_path
check_cmd = File.expand_path('bin/check', gitlab_shell_repo_base)
$stdout.puts "Running #{check_cmd}"
if system(check_cmd, chdir: gitlab_shell_repo_base)
$stdout.puts 'gitlab-shell self-check successful'.color(:green)
else
$stdout.puts 'gitlab-shell self-check failed'.color(:red)
try_fixing_it(
'Make sure GitLab is running;',
'Check the gitlab-shell configuration file:',
sudo_gitlab("editor #{File.expand_path('config.yml', gitlab_shell_repo_base)}")
)
fix_and_rerun
end
end
# Helper methods
########################
def gitlab_shell_path
Gitlab.config.gitlab_shell.path
end
def gitlab_shell_version
Gitlab::Shell.new.version
end
end
end
# frozen_string_literal: true
module SystemCheck
# Used by gitlab:incoming_email:check rake task
class IncomingEmailCheck < BaseCheck
set_name 'Incoming Email:'
def multi_check
if Gitlab.config.incoming_email.enabled
checks = [
SystemCheck::IncomingEmail::ImapAuthenticationCheck
]
if Rails.env.production?
checks << SystemCheck::IncomingEmail::InitdConfiguredCheck
checks << SystemCheck::IncomingEmail::MailRoomRunningCheck
else
checks << SystemCheck::IncomingEmail::ForemanConfiguredCheck
end
SystemCheck.run('Reply by email', checks)
else
$stdout.puts 'Reply by email is disabled in config/gitlab.yml'
end
end
end
end
# frozen_string_literal: true
module SystemCheck
# Used by gitlab:ldap:check rake task
class LdapCheck < BaseCheck
set_name 'LDAP:'
def multi_check
if Gitlab::Auth::LDAP::Config.enabled?
# Only show up to 100 results because LDAP directories can be very big.
# This setting only affects the `rake gitlab:check` script.
limit = ENV['LDAP_CHECK_LIMIT']
limit = 100 if limit.blank?
check_ldap(limit)
else
$stdout.puts 'LDAP is disabled in config/gitlab.yml'
end
end
private
def check_ldap(limit)
servers = Gitlab::Auth::LDAP::Config.providers
servers.each do |server|
$stdout.puts "Server: #{server}"
begin
Gitlab::Auth::LDAP::Adapter.open(server) do |adapter|
check_ldap_auth(adapter)
$stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)"
users = adapter.users(adapter.config.uid, '*', limit)
users.each do |user|
$stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
end
end
rescue Net::LDAP::ConnectionRefusedError, Errno::ECONNREFUSED => e
$stdout.puts "Could not connect to the LDAP server: #{e.message}".color(:red)
end
end
end
def check_ldap_auth(adapter)
auth = adapter.config.has_auth?
message = if auth && adapter.ldap.bind
'Success'.color(:green)
elsif auth
'Failed. Check `bind_dn` and `password` configuration values'.color(:red)
else
'Anonymous. No `bind_dn` or `password` configured'.color(:yellow)
end
$stdout.puts "LDAP authentication... #{message}"
end
end
end
......@@ -4,7 +4,6 @@ module SystemCheck
module Orphans
class RepositoryCheck < SystemCheck::BaseCheck
set_name 'Orphaned repositories:'
attr_accessor :orphans
def multi_check
Gitlab::GitalyClient::StorageSettings.allow_disk_access do
......
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:app:check rake task
module AppTask
extend RakeTaskHelpers
def self.name
'GitLab App'
end
def self.checks
[
SystemCheck::App::GitConfigCheck,
SystemCheck::App::DatabaseConfigExistsCheck,
SystemCheck::App::MigrationsAreUpCheck,
SystemCheck::App::OrphanedGroupMembersCheck,
SystemCheck::App::GitlabConfigExistsCheck,
SystemCheck::App::GitlabConfigUpToDateCheck,
SystemCheck::App::LogWritableCheck,
SystemCheck::App::TmpWritableCheck,
SystemCheck::App::UploadsDirectoryExistsCheck,
SystemCheck::App::UploadsPathPermissionCheck,
SystemCheck::App::UploadsPathTmpPermissionCheck,
SystemCheck::App::InitScriptExistsCheck,
SystemCheck::App::InitScriptUpToDateCheck,
SystemCheck::App::ProjectsHaveNamespaceCheck,
SystemCheck::App::RedisVersionCheck,
SystemCheck::App::RubyVersionCheck,
SystemCheck::App::GitVersionCheck,
SystemCheck::App::GitUserDefaultSSHConfigCheck,
SystemCheck::App::ActiveUsersCheck
]
end
end
end
end
SystemCheck::RakeTask::AppTask.prepend(EE::SystemCheck::RakeTask::AppTask)
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:gitaly:check rake task
class GitalyTask
extend RakeTaskHelpers
def self.name
'Gitaly'
end
def self.checks
[SystemCheck::GitalyCheck]
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:gitlab_shell:check rake task
class GitlabShellTask
extend RakeTaskHelpers
def self.name
'GitLab Shell'
end
def self.checks
[SystemCheck::GitlabShellCheck]
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:check rake task
class GitlabTask
extend RakeTaskHelpers
def self.name
'GitLab'
end
def self.manual_run_checks!
start_checking("#{name} subtasks")
subtasks.each(&:run_checks!)
finished_checking("#{name} subtasks")
end
def self.subtasks
[
SystemCheck::RakeTask::GitlabShellTask,
SystemCheck::RakeTask::GitalyTask,
SystemCheck::RakeTask::SidekiqTask,
SystemCheck::RakeTask::IncomingEmailTask,
SystemCheck::RakeTask::LdapTask,
SystemCheck::RakeTask::AppTask
]
end
end
end
end
SystemCheck::RakeTask::GitlabTask.prepend(EE::SystemCheck::RakeTask::GitlabTask)
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:incoming_email:check rake task
class IncomingEmailTask
extend RakeTaskHelpers
def self.name
'Incoming Email'
end
def self.checks
[SystemCheck::IncomingEmailCheck]
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:ldap:check rake task
class LdapTask
extend RakeTaskHelpers
def self.name
'LDAP'
end
def self.checks
[SystemCheck::LdapCheck]
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
module Orphans
# Used by gitlab:orphans:check_namespaces rake task
class NamespaceTask
extend RakeTaskHelpers
def self.name
'Orphans'
end
def self.checks
[SystemCheck::Orphans::NamespaceCheck]
end
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
module Orphans
# Used by gitlab:orphans:check_repositories rake task
class RepositoryTask
extend RakeTaskHelpers
def self.name
'Orphans'
end
def self.checks
[SystemCheck::Orphans::RepositoryCheck]
end
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:orphans:check rake task
class OrphansTask
extend RakeTaskHelpers
def self.name
'Orphans'
end
def self.checks
[
SystemCheck::Orphans::NamespaceCheck,
SystemCheck::Orphans::RepositoryCheck
]
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Provides the run! method intended to be called from system check rake tasks
module RakeTaskHelpers
include ::SystemCheck::Helpers
def run!
warn_user_is_not_gitlab
if self.respond_to?(:manual_run_checks!)
manual_run_checks!
else
run_checks!
end
end
def run_checks!
SystemCheck.run(name, checks)
end
def name
raise NotImplementedError
end
def checks
raise NotImplementedError
end
end
end
end
# frozen_string_literal: true
module SystemCheck
module RakeTask
# Used by gitlab:sidekiq:check rake task
class SidekiqTask
extend RakeTaskHelpers
def self.name
'Sidekiq'
end
def self.checks
[SystemCheck::SidekiqCheck]
end
end
end
end
# frozen_string_literal: true
module SystemCheck
# Used by gitlab:sidekiq:check rake task
class SidekiqCheck < BaseCheck
set_name 'Sidekiq:'
def multi_check
check_sidekiq_running
only_one_sidekiq_running
end
private
def check_sidekiq_running
$stdout.print "Running? ... "
if sidekiq_process_count > 0
$stdout.puts "yes".color(:green)
else
$stdout.puts "no".color(:red)
try_fixing_it(
sudo_gitlab("RAILS_ENV=production bin/background_jobs start")
)
for_more_information(
see_installation_guide_section("Install Init Script"),
"see log/sidekiq.log for possible errors"
)
fix_and_rerun
end
end
def only_one_sidekiq_running
process_count = sidekiq_process_count
return if process_count.zero?
$stdout.print 'Number of Sidekiq processes ... '
if process_count == 1
$stdout.puts '1'.color(:green)
else
$stdout.puts "#{process_count}".color(:red)
try_fixing_it(
'sudo service gitlab stop',
"sudo pkill -u #{gitlab_user} -f sidekiq",
"sleep 10 && sudo pkill -9 -u #{gitlab_user} -f sidekiq",
'sudo service gitlab start'
)
fix_and_rerun
end
end
def sidekiq_process_count
ps_ux, _ = Gitlab::Popen.popen(%w(ps uxww))
ps_ux.scan(/sidekiq \d+\.\d+\.\d+/).count
end
end
end
This diff is collapsed.
require 'rake_helper'
describe 'gitlab:ldap:check rake task' do
include LdapHelpers
describe 'check.rake' do
before do
Rake.application.rake_require 'tasks/gitlab/check'
stub_warn_user_is_not_gitlab
end
context 'when LDAP is not enabled' do
it 'does not attempt to bind or search for users' do
expect(Gitlab::Auth::LDAP::Config).not_to receive(:providers)
expect(Gitlab::Auth::LDAP::Adapter).not_to receive(:open)
run_rake_task('gitlab:ldap:check')
shared_examples_for 'system check rake task' do
it 'runs the check' do
expect do
subject
end.to output(/Checking #{name} ... Finished/).to_stdout
end
end
context 'when LDAP is enabled' do
let(:ldap) { double(:ldap) }
let(:adapter) { ldap_adapter('ldapmain', ldap) }
describe 'gitlab:check rake task' do
subject { run_rake_task('gitlab:check') }
let(:name) { 'GitLab subtasks' }
before do
allow(Gitlab::Auth::LDAP::Config)
.to receive_messages(
enabled?: true,
providers: ['ldapmain']
)
allow(Gitlab::Auth::LDAP::Adapter).to receive(:open).and_yield(adapter)
allow(adapter).to receive(:users).and_return([])
end
it_behaves_like 'system check rake task'
end
describe 'gitlab:gitlab_shell:check rake task' do
subject { run_rake_task('gitlab:gitlab_shell:check') }
let(:name) { 'GitLab Shell' }
it_behaves_like 'system check rake task'
end
describe 'gitlab:gitaly:check rake task' do
subject { run_rake_task('gitlab:gitaly:check') }
let(:name) { 'Gitaly' }
it_behaves_like 'system check rake task'
end
describe 'gitlab:sidekiq:check rake task' do
subject { run_rake_task('gitlab:sidekiq:check') }
let(:name) { 'Sidekiq' }
it 'attempts to bind using credentials' do
stub_ldap_config(has_auth?: true)
it_behaves_like 'system check rake task'
end
expect(ldap).to receive(:bind)
describe 'gitlab:incoming_email:check rake task' do
subject { run_rake_task('gitlab:incoming_email:check') }
let(:name) { 'Incoming Email' }
run_rake_task('gitlab:ldap:check')
it_behaves_like 'system check rake task'
end
describe 'gitlab:ldap:check rake task' do
include LdapHelpers
subject { run_rake_task('gitlab:ldap:check') }
let(:name) { 'LDAP' }
it_behaves_like 'system check rake task'
context 'when LDAP is not enabled' do
it 'does not attempt to bind or search for users' do
expect(Gitlab::Auth::LDAP::Config).not_to receive(:providers)
expect(Gitlab::Auth::LDAP::Adapter).not_to receive(:open)
subject
end
end
it 'searches for 100 LDAP users' do
stub_ldap_config(uid: 'uid')
context 'when LDAP is enabled' do
let(:ldap) { double(:ldap) }
let(:adapter) { ldap_adapter('ldapmain', ldap) }
before do
allow(Gitlab::Auth::LDAP::Config)
.to receive_messages(
enabled?: true,
providers: ['ldapmain']
)
allow(Gitlab::Auth::LDAP::Adapter).to receive(:open).and_yield(adapter)
allow(adapter).to receive(:users).and_return([])
end
it 'attempts to bind using credentials' do
stub_ldap_config(has_auth?: true)
expect(ldap).to receive(:bind)
subject
end
it 'searches for 100 LDAP users' do
stub_ldap_config(uid: 'uid')
expect(adapter).to receive(:users).with('uid', '*', 100)
expect(adapter).to receive(:users).with('uid', '*', 100)
run_rake_task('gitlab:ldap:check')
subject
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment