diff options
5 files changed, 65 insertions, 3 deletions
diff --git a/db/post_migrate/20230117114739_clear_duplicate_jobs_cookies.rb b/db/post_migrate/20230117114739_clear_duplicate_jobs_cookies.rb new file mode 100644 index 00000000000..6f0e26634ce --- /dev/null +++ b/db/post_migrate/20230117114739_clear_duplicate_jobs_cookies.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +# This is workaround for +# https://gitlab.com/gitlab-org/gitlab/-/issues/388253. During a +# zero-downtime upgrade, duplicate jobs cookies can fail to get deleted. +# This post-deployment migration deletes all such cookies. This can +# cause some jobs that normally would have been deduplicated to twice +# instead of once. +class ClearDuplicateJobsCookies < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + restrict_gitlab_migration gitlab_schema: :gitlab_main + + def up + Gitlab::Redis::Queues.with do |redis| # rubocop:disable Cop/RedisQueueUsage + redis.scan_each(match: "resque:gitlab:duplicate:*:cookie:v2").each_slice(100) do |keys| + redis.del(keys) + end + end + end + + def down; end +end diff --git a/db/schema_migrations/20230117114739 b/db/schema_migrations/20230117114739 new file mode 100644 index 00000000000..cb9fabfe4c4 --- /dev/null +++ b/db/schema_migrations/20230117114739 @@ -0,0 +1 @@ +f4ba0d1de73da2b7a912c06ca458898f3404235025089efc74aee9fc4caa511a
\ No newline at end of file diff --git a/doc/development/fips_compliance.md b/doc/development/fips_compliance.md index c6208d45c77..4f92bec53fd 100644 --- a/doc/development/fips_compliance.md +++ b/doc/development/fips_compliance.md @@ -441,13 +441,27 @@ def default_min_key_size(name) end ``` -## Nightly Omnibus FIPS builds +## Omnibus FIPS packages -The Distribution team has created [nightly FIPS Omnibus builds](https://packages.gitlab.com/gitlab/nightly-fips-builds). These -GitLab builds are compiled to use the system OpenSSL instead of the Omnibus-embedded version of OpenSSL. +GitLab has a dedicated repository +([`gitlab/gitlab-fips`](https://packages.gitlab.com/gitlab/gitlab-fips)) +for builds of the Omnibus GitLab which are built with FIPS compliance. +These GitLab builds are compiled to use the system OpenSSL, instead of +the Omnibus-embedded version of OpenSSL. These packages are built for: + +- RHEL 8 (and compatible) +- AmazonLinux 2 +- Ubuntu + +These are [consumed by the GitLab Environment Toolkit](#install-gitlab-with-fips-compliance) (GET). See [the section on how FIPS builds are created](#how-fips-builds-are-created). +### Nightly Omnibus FIPS builds + +The Distribution team has created [nightly FIPS Omnibus builds](https://packages.gitlab.com/gitlab/nightly-fips-builds), +which can be used for *testing* purposes. These should never be used for production environments. + ## Runner See the [documentation on installing a FIPS-compliant GitLab Runner](https://docs.gitlab.com/runner/install/#fips-compliant-gitlab-runner). diff --git a/spec/migrations/20230117114739_clear_duplicate_jobs_cookies_spec.rb b/spec/migrations/20230117114739_clear_duplicate_jobs_cookies_spec.rb new file mode 100644 index 00000000000..5c572b49d3d --- /dev/null +++ b/spec/migrations/20230117114739_clear_duplicate_jobs_cookies_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_migration! + +RSpec.describe ClearDuplicateJobsCookies, :migration, feature_category: :redis do + def with_redis(&block) + Gitlab::Redis::Queues.with(&block) + end + + it 'deletes duplicate jobs cookies' do + delete = ['resque:gitlab:duplicate:blabla:1:cookie:v2', 'resque:gitlab:duplicate:foobar:2:cookie:v2'] + keep = ['resque:gitlab:duplicate:something', 'something:cookie:v2'] + with_redis { |r| (delete + keep).each { |key| r.set(key, 'value') } } + + expect(with_redis { |r| r.exists(delete + keep) }).to eq(4) + + migrate! + + expect(with_redis { |r| r.exists(delete) }).to eq(0) + expect(with_redis { |r| r.exists(keep) }).to eq(2) + end +end diff --git a/spec/support/shared_examples/features/discussion_comments_shared_example.rb b/spec/support/shared_examples/features/discussion_comments_shared_example.rb index 68c0d06e7d0..adddd837b11 100644 --- a/spec/support/shared_examples/features/discussion_comments_shared_example.rb +++ b/spec/support/shared_examples/features/discussion_comments_shared_example.rb @@ -19,6 +19,8 @@ RSpec.shared_examples 'thread comments for commit and snippet' do |resource_name find('.js-comment-button').click + wait_for_all_requests + expect(page).to have_content(comment) new_comment = all(comments_selector).last |