diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-12 13:13:36 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-12 13:13:36 +0000 |
| commit | c96fdaaac38fd29436eba678468be28f40c28282 (patch) | |
| tree | db585208db7909bb7c1a4b67ba2a67140a64ac60 /config | |
| parent | 65eb469990d7eb6cb974e438e8c782da9c20db8d (diff) | |
| download | gitlab-ce-c96fdaaac38fd29436eba678468be28f40c28282.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'config')
| -rw-r--r-- | config/environments/test.rb | 4 | ||||
| -rw-r--r-- | config/feature_categories.yml | 1 | ||||
| -rw-r--r-- | config/gitlab.yml.example | 2 | ||||
| -rw-r--r-- | config/initializers/0_thread_cache.rb | 3 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 1 | ||||
| -rw-r--r-- | config/initializers/cookies_serializer.rb | 2 | ||||
| -rw-r--r-- | config/initializers/rack_attack.rb.example | 29 | ||||
| -rw-r--r-- | config/initializers/rack_attack_new.rb | 8 | ||||
| -rw-r--r-- | config/prometheus/common_metrics.yml | 45 |
9 files changed, 26 insertions, 69 deletions
diff --git a/config/environments/test.rb b/config/environments/test.rb index 71cd5200415..0c9033c45bc 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,12 +1,12 @@ require 'gitlab/testing/request_blocker_middleware' require 'gitlab/testing/request_inspector_middleware' -require 'gitlab/testing/clear_thread_memory_cache_middleware' +require 'gitlab/testing/clear_process_memory_cache_middleware' Rails.application.configure do # Make sure the middleware is inserted first in middleware chain config.middleware.insert_before(ActionDispatch::Static, Gitlab::Testing::RequestBlockerMiddleware) config.middleware.insert_before(ActionDispatch::Static, Gitlab::Testing::RequestInspectorMiddleware) - config.middleware.insert_before(ActionDispatch::Static, Gitlab::Testing::ClearThreadMemoryCacheMiddleware) + config.middleware.insert_before(ActionDispatch::Static, Gitlab::Testing::ClearProcessMemoryCacheMiddleware) # Settings specified here will take precedence over those in config/application.rb diff --git a/config/feature_categories.yml b/config/feature_categories.yml index 6033a128284..010d3d14fcb 100644 --- a/config/feature_categories.yml +++ b/config/feature_categories.yml @@ -19,7 +19,6 @@ - backup_restore - behavior_analytics - billing -- chaos_engineering - chatops - cloud_native_installation - cluster_cost_optimization diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 9136bb0b569..1a042f0e349 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -770,7 +770,7 @@ production: &base # Allow smartcard authentication enabled: false - # Path to a file containing a CA certificate + # Path to a file containing a CA certificate bundle ca_file: '/etc/ssl/certs/CA.pem' # Host and port where the client side certificate is requested by the diff --git a/config/initializers/0_thread_cache.rb b/config/initializers/0_thread_cache.rb deleted file mode 100644 index feb8057132e..00000000000 --- a/config/initializers/0_thread_cache.rb +++ /dev/null @@ -1,3 +0,0 @@ -# frozen_string_literal: true - -Gitlab::ThreadMemoryCache.cache_backend diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index a4461e07861..c0cd491547a 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -701,7 +701,6 @@ Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1} Settings.rack_attack.git_basic_auth['maxretry'] ||= 10 Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute Settings.rack_attack.git_basic_auth['bantime'] ||= 1.hour -Settings.rack_attack['admin_area_protected_paths_enabled'] ||= false # # Gitaly diff --git a/config/initializers/cookies_serializer.rb b/config/initializers/cookies_serializer.rb index a04d5044f4e..fa1736dfea6 100644 --- a/config/initializers/cookies_serializer.rb +++ b/config/initializers/cookies_serializer.rb @@ -1,4 +1,4 @@ # Be sure to restart your server when you modify this file. -Rails.application.config.action_dispatch.use_cookies_with_metadata = false +Rails.application.config.action_dispatch.use_cookies_with_metadata = true Rails.application.config.action_dispatch.cookies_serializer = :hybrid diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example deleted file mode 100644 index 69052c029f2..00000000000 --- a/config/initializers/rack_attack.rb.example +++ /dev/null @@ -1,29 +0,0 @@ -# 1. Rename this file to rack_attack.rb -# 2. Review the paths_to_be_protected and add any other path you need protecting -# -# If you change this file in a Merge Request, please also create a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests - -paths_to_be_protected = [ - "#{Rails.application.config.relative_url_root}/users/password", - "#{Rails.application.config.relative_url_root}/users/sign_in", - "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", - "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", - "#{Rails.application.config.relative_url_root}/users", - "#{Rails.application.config.relative_url_root}/users/confirmation", - "#{Rails.application.config.relative_url_root}/unsubscribes/", - "#{Rails.application.config.relative_url_root}/import/github/personal_access_token" - -] - -# Create one big regular expression that matches strings starting with any of -# the paths_to_be_protected. -paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) -rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled'] - -unless Rails.env.test? || !rack_attack_enabled - Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| - if req.post? && req.path =~ paths_regex - req.ip - end - end -end diff --git a/config/initializers/rack_attack_new.rb b/config/initializers/rack_attack_new.rb index 267d4c1eda9..38e581f188f 100644 --- a/config/initializers/rack_attack_new.rb +++ b/config/initializers/rack_attack_new.rb @@ -8,17 +8,9 @@ module Gitlab::Throttle # Returns true if we should use the Admin Area protected paths throttle def self.protected_paths_enabled? - return false if should_use_omnibus_protected_paths? - self.settings.throttle_protected_paths_enabled? end - # To be removed in 13.0: https://gitlab.com/gitlab-org/gitlab/issues/29952 - def self.should_use_omnibus_protected_paths? - !Settings.rack_attack.admin_area_protected_paths_enabled && - self.omnibus_protected_paths_present? - end - def self.omnibus_protected_paths_present? Rack::Attack.throttles.key?('protected paths') end diff --git a/config/prometheus/common_metrics.yml b/config/prometheus/common_metrics.yml index 4d0ea4a345d..f0491df3db9 100644 --- a/config/prometheus/common_metrics.yml +++ b/config/prometheus/common_metrics.yml @@ -10,7 +10,7 @@ panel_groups: weight: 4 metrics: - id: system_metrics_kubernetes_container_memory_total - query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) /1024/1024/1024' + query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-(.*)",namespace="{{kube_namespace}}"}) by (job)) without (job) /1024/1024/1024' label: Total (GB) unit: GB - title: "Core Usage (Total)" @@ -19,7 +19,7 @@ panel_groups: weight: 3 metrics: - id: system_metrics_kubernetes_container_cores_total - query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job)' + query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-(.*)",namespace="{{kube_namespace}}"}[15m])) by (job)) without (job)' label: Total (cores) unit: "cores" - title: "Memory Usage (Pod average)" @@ -28,7 +28,7 @@ panel_groups: weight: 2 metrics: - id: system_metrics_kubernetes_container_memory_average - query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' + query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="{{kube_namespace}}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="{{kube_namespace}}"}) without (job)) /1024/1024' label: Pod average (MB) unit: MB - title: "Canary: Memory Usage (Pod Average)" @@ -37,7 +37,7 @@ panel_groups: weight: 2 metrics: - id: system_metrics_kubernetes_container_memory_average_canary - query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' + query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-canary-(.*)",namespace="{{kube_namespace}}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-canary-(.*)",namespace="{{kube_namespace}}"}) without (job)) /1024/1024' label: Pod average (MB) unit: MB track: canary @@ -47,7 +47,7 @@ panel_groups: weight: 1 metrics: - id: system_metrics_kubernetes_container_core_usage - query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' + query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="{{kube_namespace}}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="{{kube_namespace}}"}[15m])) by (pod_name))' label: Pod average (cores) unit: "cores" - title: "Canary: Core Usage (Pod Average)" @@ -56,7 +56,7 @@ panel_groups: weight: 1 metrics: - id: system_metrics_kubernetes_container_core_usage_canary - query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' + query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-canary-(.*)",namespace="{{kube_namespace}}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^{{ci_environment_slug}}-canary-(.*)",namespace="{{kube_namespace}}"}[15m])) by (pod_name))' label: Pod average (cores) unit: "cores" track: canary @@ -66,7 +66,7 @@ panel_groups: weight: 1 metrics: - id: system_metrics_knative_function_invocation_count - query_range: 'sum(ceil(rate(istio_requests_total{destination_service_namespace="%{kube_namespace}", destination_service=~"%{function_name}.*"}[1m])*60))' + query_range: 'sum(ceil(rate(istio_requests_total{destination_service_namespace="{{kube_namespace}}", destination_service=~"{{function_name}}.*"}[1m])*60))' label: invocations / minute unit: requests # NGINX Ingress metrics for pre-0.16.0 versions @@ -79,7 +79,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_ingress_throughput_status_code - query_range: 'sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) by (status_code)' + query_range: 'sum(rate(nginx_upstream_responses_total{upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"}[2m])) by (status_code)' unit: req / sec label: Status Code - title: "Latency" @@ -90,7 +90,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_ingress_latency_pod_average - query_range: 'avg(nginx_upstream_response_msecs_avg{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"})' + query_range: 'avg(nginx_upstream_response_msecs_avg{upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"})' label: Pod average (ms) unit: ms - title: "HTTP Error Rate" @@ -101,7 +101,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_ingress_http_error_rate - query_range: 'sum(rate(nginx_upstream_responses_total{status_code="5xx", upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) / sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) * 100' + query_range: 'sum(rate(nginx_upstream_responses_total{status_code="5xx", upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"}[2m])) / sum(rate(nginx_upstream_responses_total{upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"}[2m])) * 100' label: 5xx Errors (%) unit: "%" # NGINX Ingress metrics for post-0.16.0 versions @@ -114,7 +114,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_ingress_16_throughput_status_code - query_range: 'sum(label_replace(rate(nginx_ingress_controller_requests{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m]), "status_code", "${1}xx", "status", "(.)..")) by (status_code)' + query_range: 'sum(label_replace(rate(nginx_ingress_controller_requests{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m]), "status_code", "${1}xx", "status", "(.)..")) by (status_code)' unit: req / sec label: Status Code - title: "Latency" @@ -123,7 +123,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_ingress_16_latency_pod_average - query_range: 'sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_sum{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) / sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_count{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) * 1000' + query_range: 'sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_sum{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) / sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_count{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) * 1000' label: Pod average (ms) unit: ms - title: "HTTP Error Rate" @@ -132,7 +132,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_ingress_16_http_error_rate - query_range: 'sum(rate(nginx_ingress_controller_requests{status=~"5.*",namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) / sum(rate(nginx_ingress_controller_requests{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) * 100' + query_range: 'sum(rate(nginx_ingress_controller_requests{status=~"5.*",namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) / sum(rate(nginx_ingress_controller_requests{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) * 100' label: 5xx Errors (%) unit: "%" - group: Response metrics (HA Proxy) @@ -144,7 +144,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_ha_proxy_throughput_status_code - query_range: 'sum(rate(haproxy_frontend_http_requests_total{%{environment_filter}}[2m])) by (code)' + query_range: 'sum(rate(haproxy_frontend_http_requests_total{ {{environment_filter}} }[2m])) by (code)' unit: req / sec label: Status Code - title: "HTTP Error Rate" @@ -153,7 +153,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_ha_proxy_http_error_rate - query_range: 'sum(rate(haproxy_frontend_http_responses_total{code="5xx",%{environment_filter}}[2m])) / sum(rate(haproxy_frontend_http_responses_total{%{environment_filter}}[2m]))' + query_range: 'sum(rate(haproxy_frontend_http_responses_total{code="5xx",{{environment_filter}} }[2m])) / sum(rate(haproxy_frontend_http_responses_total{ {{environment_filter}} }[2m]))' label: HTTP Errors (%) unit: "%" - group: Response metrics (AWS ELB) @@ -165,7 +165,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_aws_elb_throughput_requests - query_range: 'sum(aws_elb_request_count_sum{%{environment_filter}}) / 60' + query_range: 'sum(aws_elb_request_count_sum{ {{environment_filter}} }) / 60' label: Total (req/sec) unit: req / sec - title: "Latency" @@ -174,7 +174,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_aws_elb_latency_average - query_range: 'avg(aws_elb_latency_average{%{environment_filter}}) * 1000' + query_range: 'avg(aws_elb_latency_average{ {{environment_filter}} }) * 1000' label: Average (ms) unit: ms - title: "HTTP Error Rate" @@ -183,7 +183,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_aws_elb_http_error_rate - query_range: 'sum(aws_elb_httpcode_backend_5_xx_sum{%{environment_filter}}) / sum(aws_elb_request_count_sum{%{environment_filter}})' + query_range: 'sum(aws_elb_httpcode_backend_5_xx_sum{ {{environment_filter}} }) / sum(aws_elb_request_count_sum{ {{environment_filter}} })' label: HTTP Errors (%) unit: "%" - group: Response metrics (NGINX) @@ -195,7 +195,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_throughput_status_code - query_range: 'sum(rate(nginx_server_requests{server_zone!="*", server_zone!="_", %{environment_filter}}[2m])) by (code)' + query_range: 'sum(rate(nginx_server_requests{server_zone!="*", server_zone!="_", {{environment_filter}} }[2m])) by (code)' unit: req / sec label: Status Code - title: "Latency" @@ -204,7 +204,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_latency - query_range: 'avg(nginx_server_requestMsec{%{environment_filter}})' + query_range: 'avg(nginx_server_requestMsec{ {{environment_filter}} })' label: Upstream (ms) unit: ms - title: "HTTP Error Rate (Errors / Sec)" @@ -215,7 +215,7 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_http_error_rate - query_range: 'sum(rate(nginx_server_requests{code="5xx", %{environment_filter}}[2m]))' + query_range: 'sum(rate(nginx_server_requests{code="5xx", {{environment_filter}} }[2m]))' label: HTTP Errors unit: "errors / sec" - title: "HTTP Error Rate" @@ -224,7 +224,6 @@ panel_groups: weight: 1 metrics: - id: response_metrics_nginx_http_error_percentage - query_range: 'sum(rate(nginx_server_requests{code=~"5.*", host="*", %{environment_filter}}[2m])) / sum(rate(nginx_server_requests{code="total", host="*", %{environment_filter}}[2m])) * 100' + query_range: 'sum(rate(nginx_server_requests{code=~"5.*", host="*", {{environment_filter}} }[2m])) / sum(rate(nginx_server_requests{code="total", host="*", {{environment_filter}} }[2m])) * 100' label: 5xx Errors (%) unit: "%" - |