diff options
Diffstat (limited to 'config/initializers')
-rw-r--r-- | config/initializers/0_inject_feature_flags.rb | 1 | ||||
-rw-r--r-- | config/initializers/1_settings.rb | 17 | ||||
-rw-r--r-- | config/initializers/7_prometheus_metrics.rb | 6 | ||||
-rw-r--r-- | config/initializers/8_devise.rb | 2 | ||||
-rw-r--r-- | config/initializers/active_record_lifecycle.rb | 4 | ||||
-rw-r--r-- | config/initializers/backtrace_silencers.rb | 4 | ||||
-rw-r--r-- | config/initializers/carrierwave_patch.rb | 6 | ||||
-rw-r--r-- | config/initializers/deprecations.rb | 2 | ||||
-rw-r--r-- | config/initializers/direct_upload_support.rb | 6 | ||||
-rw-r--r-- | config/initializers/doorkeeper.rb | 11 | ||||
-rw-r--r-- | config/initializers/forbid_sidekiq_in_transactions.rb | 2 | ||||
-rw-r--r-- | config/initializers/gitlab_kas_secret.rb | 1 | ||||
-rw-r--r-- | config/initializers/remove_active_job_execute_callback.rb | 27 | ||||
-rw-r--r-- | config/initializers/sidekiq.rb | 4 | ||||
-rw-r--r-- | config/initializers/trusted_proxies.rb | 2 | ||||
-rw-r--r-- | config/initializers/warden.rb | 2 | ||||
-rw-r--r-- | config/initializers/webauthn.rb | 35 |
17 files changed, 107 insertions, 25 deletions
diff --git a/config/initializers/0_inject_feature_flags.rb b/config/initializers/0_inject_feature_flags.rb index 45e6546e294..5b33b3bb4ea 100644 --- a/config/initializers/0_inject_feature_flags.rb +++ b/config/initializers/0_inject_feature_flags.rb @@ -3,3 +3,4 @@ Feature.register_feature_groups Feature.register_definitions +Feature.register_hot_reloader unless Rails.configuration.cache_classes diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 628d9c65ce0..6ccd027dd5d 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -176,8 +176,8 @@ Settings.gitlab['user'] ||= 'git' Settings.gitlab['ssh_user'] ||= Settings.gitlab.user Settings.gitlab['user_home'] ||= begin Etc.getpwnam(Settings.gitlab['user']).dir -rescue ArgumentError # no user configured - '/home/' + Settings.gitlab['user'] + rescue ArgumentError # no user configured + '/home/' + Settings.gitlab['user'] end Settings.gitlab['time_zone'] ||= nil Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil? @@ -511,6 +511,12 @@ Settings.cron_jobs['update_container_registry_info_worker']['job_class'] = 'Upda Settings.cron_jobs['postgres_dynamic_partitions_creator'] ||= Settingslogic.new({}) Settings.cron_jobs['postgres_dynamic_partitions_creator']['cron'] ||= '21 */6 * * *' Settings.cron_jobs['postgres_dynamic_partitions_creator']['job_class'] ||= 'PartitionCreationWorker' +Settings.cron_jobs['ci_platform_metrics_update_cron_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['ci_platform_metrics_update_cron_worker']['cron'] ||= '47 9 * * *' +Settings.cron_jobs['ci_platform_metrics_update_cron_worker']['job_class'] = 'CiPlatformMetricsUpdateCronWorker' +Settings.cron_jobs['analytics_instance_statistics_count_job_trigger_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['analytics_instance_statistics_count_job_trigger_worker']['cron'] ||= '50 23 */1 * *' +Settings.cron_jobs['analytics_instance_statistics_count_job_trigger_worker']['job_class'] ||= 'Analytics::InstanceStatistics::CountJobTriggerWorker' Gitlab.ee do Settings.cron_jobs['adjourned_group_deletion_worker'] ||= Settingslogic.new({}) @@ -635,6 +641,12 @@ Settings['workhorse'] ||= Settingslogic.new({}) Settings.workhorse['secret_file'] ||= Rails.root.join('.gitlab_workhorse_secret') # +# GitLab KAS +# +Settings['gitlab_kas'] ||= Settingslogic.new({}) +Settings.gitlab_kas['secret_file'] ||= Rails.root.join('.gitlab_kas_secret') + +# # Repositories # Settings['repositories'] ||= Settingslogic.new({}) @@ -772,6 +784,7 @@ Settings.monitoring['ip_whitelist'] ||= ['127.0.0.1/8'] Settings.monitoring['unicorn_sampler_interval'] ||= 10 Settings.monitoring['sidekiq_exporter'] ||= Settingslogic.new({}) Settings.monitoring.sidekiq_exporter['enabled'] ||= false +Settings.monitoring.sidekiq_exporter['log_enabled'] ||= false Settings.monitoring.sidekiq_exporter['address'] ||= 'localhost' Settings.monitoring.sidekiq_exporter['port'] ||= 8082 Settings.monitoring['web_exporter'] ||= Settingslogic.new({}) diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index cec1a213ed2..d5d8587f1c8 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -16,7 +16,7 @@ def prometheus_default_multiproc_dir end Prometheus::Client.configure do |config| - config.logger = Rails.logger # rubocop:disable Gitlab/RailsLogger + config.logger = Gitlab::AppLogger config.initial_mmap_file_size = 4 * 1024 @@ -46,6 +46,10 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance.start Gitlab::Metrics::Samplers::ThreadsSampler.initialize_instance.start + if Gitlab::Runtime.action_cable? + Gitlab::Metrics::Samplers::ActionCableSampler.instance.start + end + if Gitlab.ee? && Gitlab::Runtime.sidekiq? Gitlab::Metrics::Samplers::GlobalSearchSampler.instance.start end diff --git a/config/initializers/8_devise.rb b/config/initializers/8_devise.rb index 2be6e535fee..b91a4622ce8 100644 --- a/config/initializers/8_devise.rb +++ b/config/initializers/8_devise.rb @@ -41,7 +41,7 @@ Devise.setup do |config| # Configure which authentication keys should be case-insensitive. # These keys will be downcased upon creating or modifying a user and when used # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [:email, :email_confirmation] + config.case_insensitive_keys = [:email] # Configure which authentication keys should have whitespace stripped. # These keys will have whitespace before and after removed upon creating or diff --git a/config/initializers/active_record_lifecycle.rb b/config/initializers/active_record_lifecycle.rb index 493d328b93e..4d63ffaf711 100644 --- a/config/initializers/active_record_lifecycle.rb +++ b/config/initializers/active_record_lifecycle.rb @@ -7,7 +7,7 @@ if defined?(ActiveRecord::Base) && !Gitlab::Runtime.sidekiq? ActiveSupport.on_load(:active_record) do ActiveRecord::Base.establish_connection - Rails.logger.debug("ActiveRecord connection established") # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.debug("ActiveRecord connection established") end end end @@ -20,6 +20,6 @@ if defined?(ActiveRecord::Base) # as there's no need for the master process to hold a connection ActiveRecord::Base.connection.disconnect! - Rails.logger.debug("ActiveRecord connection disconnected") # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.debug("ActiveRecord connection disconnected") end end diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb index f25bb7d25fa..2f892f78112 100644 --- a/config/initializers/backtrace_silencers.rb +++ b/config/initializers/backtrace_silencers.rb @@ -2,7 +2,7 @@ Rails.backtrace_cleaner.remove_silencers! # This allows us to see the proper caller of SQL calls in {development,test}.log if (Rails.env.development? || Rails.env.test?) && Gitlab.ee? - Rails.backtrace_cleaner.add_silencer { |line| line =~ %r(^ee/lib/gitlab/database/load_balancing) } + Rails.backtrace_cleaner.add_silencer { |line| %r(^ee/lib/gitlab/database/load_balancing).match?(line) } end -Rails.backtrace_cleaner.add_silencer { |line| line !~ Gitlab::APP_DIRS_PATTERN } +Rails.backtrace_cleaner.add_silencer { |line| !Gitlab::APP_DIRS_PATTERN.match?(line) } diff --git a/config/initializers/carrierwave_patch.rb b/config/initializers/carrierwave_patch.rb index 53fba307926..ad3ff36138f 100644 --- a/config/initializers/carrierwave_patch.rb +++ b/config/initializers/carrierwave_patch.rb @@ -7,7 +7,9 @@ require "carrierwave/storage/fog" # # This patch also incorporates # https://github.com/carrierwaveuploader/carrierwave/pull/2375 to -# provide Azure support. This is already in CarrierWave v2.1.x, but +# provide Azure support +# and https://github.com/carrierwaveuploader/carrierwave/pull/2397 to +# support custom expire_at. This is already in CarrierWave v2.1.x, but # upgrading this gem is a significant task: # https://gitlab.com/gitlab-org/gitlab/-/issues/216067 module CarrierWave @@ -28,7 +30,7 @@ module CarrierWave # avoid a get by using local references local_directory = connection.directories.new(key: @uploader.fog_directory) local_file = local_directory.files.new(key: path) - expire_at = ::Fog::Time.now + @uploader.fog_authenticated_url_expiration + expire_at = options[:expire_at] || ::Fog::Time.now + @uploader.fog_authenticated_url_expiration case @uploader.fog_credentials[:provider] when 'AWS', 'Google' # Older versions of fog-google do not support options as a parameter diff --git a/config/initializers/deprecations.rb b/config/initializers/deprecations.rb index 0d096e34eb7..2b07ca665e2 100644 --- a/config/initializers/deprecations.rb +++ b/config/initializers/deprecations.rb @@ -2,7 +2,7 @@ if Rails.env.development? || ENV['GITLAB_LEGACY_PATH_LOG_MESSAGE'] deprecator = ActiveSupport::Deprecation.new('11.0', 'GitLab') deprecator.behavior = -> (message, callstack) { - Rails.logger.warn("#{message}: #{callstack[1..20].join}") # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.warn("#{message}: #{callstack[1..20].join}") } ActiveSupport::Deprecation.deprecate_methods(Gitlab::GitalyClient::StorageSettings, :legacy_disk_path, deprecator: deprecator) diff --git a/config/initializers/direct_upload_support.rb b/config/initializers/direct_upload_support.rb index 94e90727f0c..919b80b79c0 100644 --- a/config/initializers/direct_upload_support.rb +++ b/config/initializers/direct_upload_support.rb @@ -1,5 +1,7 @@ class DirectUploadsValidator - SUPPORTED_DIRECT_UPLOAD_PROVIDERS = %w(Google AWS AzureRM).freeze + SUPPORTED_DIRECT_UPLOAD_PROVIDERS = [ObjectStorage::Config::GOOGLE_PROVIDER, + ObjectStorage::Config::AWS_PROVIDER, + ObjectStorage::Config::AZURE_PROVIDER].freeze ValidationError = Class.new(StandardError) @@ -24,7 +26,7 @@ class DirectUploadsValidator def provider_loaded?(provider) return false unless SUPPORTED_DIRECT_UPLOAD_PROVIDERS.include?(provider) - require 'fog/azurerm' if provider == 'AzureRM' + require 'fog/azurerm' if provider == ObjectStorage::Config::AZURE_PROVIDER true end diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index ad0b0c2008f..6b54b5074d5 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -3,6 +3,10 @@ Doorkeeper.configure do # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper orm :active_record + # Restore to pre-5.1 generator due to breaking change. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/244371 + default_generator_method :hex + # This block will be called to check whether the resource owner is authenticated or not. resource_owner_authenticator do # Put your resource owner authentication logic here. @@ -79,13 +83,6 @@ Doorkeeper.configure do # Check out the wiki for more information on customization access_token_methods :from_access_token_param, :from_bearer_authorization, :from_bearer_param - # Change the native redirect uri for client apps - # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider - # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL - # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi) - # - native_redirect_uri nil # 'urn:ietf:wg:oauth:2.0:oob' - # Specify what grant flows are enabled in array of Strings. The valid # strings and the flows they enable are: # diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb index 9bade443aae..6bcd4dbd52f 100644 --- a/config/initializers/forbid_sidekiq_in_transactions.rb +++ b/config/initializers/forbid_sidekiq_in_transactions.rb @@ -28,7 +28,7 @@ module Sidekiq Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead. MSG rescue Sidekiq::Worker::EnqueueFromTransactionError => e - ::Rails.logger.error(e.message) if ::Rails.env.production? + Gitlab::AppLogger.error(e.message) if ::Rails.env.production? Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e) end end diff --git a/config/initializers/gitlab_kas_secret.rb b/config/initializers/gitlab_kas_secret.rb new file mode 100644 index 00000000000..5e86e954684 --- /dev/null +++ b/config/initializers/gitlab_kas_secret.rb @@ -0,0 +1 @@ +Gitlab::Kas.ensure_secret! diff --git a/config/initializers/remove_active_job_execute_callback.rb b/config/initializers/remove_active_job_execute_callback.rb new file mode 100644 index 00000000000..c8efcb11202 --- /dev/null +++ b/config/initializers/remove_active_job_execute_callback.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +return unless Rails.env.test? + +Rails.application.configure do + config.after_initialize do + # We don't care about ActiveJob reloading the code in test env as we run + # jobs inline in test env. + # So in test, we remove this callback, which calls app.reloader.wrap, and + # ultimately calls FileUpdateChecker#updated? which is slow on macOS + # + # https://github.com/rails/rails/blob/6-0-stable/activejob/lib/active_job/railtie.rb#L39-L46 + def active_job_railtie_callback? + callbacks = ActiveJob::Callbacks.singleton_class.__callbacks[:execute] + + callbacks && + callbacks.send(:chain).size == 1 && + callbacks.first.kind == :around && + callbacks.first.raw_filter.is_a?(Proc) && + callbacks.first.raw_filter.source_location.first.ends_with?('lib/active_job/railtie.rb') + end + + if active_job_railtie_callback? + ActiveJob::Callbacks.singleton_class.reset_callbacks(:execute) + end + end +end diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index febcedfee82..a33c28090e2 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -18,7 +18,7 @@ queues_config_hash[:namespace] = Gitlab::Redis::Queues::SIDEKIQ_NAMESPACE enable_json_logs = Gitlab.config.sidekiq.log_format == 'json' enable_sidekiq_memory_killer = ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS'].to_i.nonzero? -use_sidekiq_daemon_memory_killer = ENV["SIDEKIQ_DAEMON_MEMORY_KILLER"].to_i.nonzero? +use_sidekiq_daemon_memory_killer = ENV.fetch("SIDEKIQ_DAEMON_MEMORY_KILLER", 1).to_i.nonzero? use_sidekiq_legacy_memory_killer = !use_sidekiq_daemon_memory_killer Sidekiq.configure_server do |config| @@ -70,7 +70,7 @@ Sidekiq.configure_server do |config| cron_jobs[k]['class'] = cron_jobs[k].delete('job_class') else cron_jobs.delete(k) - Rails.logger.error("Invalid cron_jobs config key: '#{k}'. Check your gitlab config file.") # rubocop:disable Gitlab/RailsLogger + Gitlab::AppLogger.error("Invalid cron_jobs config key: '#{k}'. Check your gitlab config file.") end end Sidekiq::Cron::Job.load_from_hash! cron_jobs diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb index 13896408806..93c4d2b10cc 100644 --- a/config/initializers/trusted_proxies.rb +++ b/config/initializers/trusted_proxies.rb @@ -15,7 +15,7 @@ end gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |proxy| IPAddr.new(proxy) -rescue IPAddr::InvalidAddressError + rescue IPAddr::InvalidAddressError end.compact Rails.application.config.action_dispatch.trusted_proxies = ( diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index d8a4da8cdf9..84bda81a33a 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -19,7 +19,7 @@ Rails.application.configure do |config| Warden::Manager.after_authentication(scope: :user) do |user, auth, opts| ActiveSession.cleanup(user) - Gitlab::AnonymousSession.new(auth.request.remote_ip, session_id: auth.request.session.id).cleanup_session_per_ip_entries + Gitlab::AnonymousSession.new(auth.request.remote_ip).cleanup_session_per_ip_count end Warden::Manager.after_set_user(scope: :user, only: :fetch) do |user, auth, opts| diff --git a/config/initializers/webauthn.rb b/config/initializers/webauthn.rb new file mode 100644 index 00000000000..8dc5dfd56ed --- /dev/null +++ b/config/initializers/webauthn.rb @@ -0,0 +1,35 @@ +WebAuthn.configure do |config| + # This value needs to match `window.location.origin` evaluated by + # the User Agent during registration and authentication ceremonies. + config.origin = Settings.gitlab['base_url'] + + # Relying Party name for display purposes + # config.rp_name = "Example Inc." + + # Optionally configure a client timeout hint, in milliseconds. + # This hint specifies how long the browser should wait for any + # interaction with the user. + # This hint may be overridden by the browser. + # https://www.w3.org/TR/webauthn/#dom-publickeycredentialcreationoptions-timeout + # config.credential_options_timeout = 120_000 + + # You can optionally specify a different Relying Party ID + # (https://www.w3.org/TR/webauthn/#relying-party-identifier) + # if it differs from the default one. + # + # In this case the default would be "auth.example.com", but you can set it to + # the suffix "example.com" + # + # config.rp_id = "example.com" + + # Configure preferred binary-to-text encoding scheme. This should match the encoding scheme + # used in your client-side (user agent) code before sending the credential to the server. + # Supported values: `:base64url` (default), `:base64` or `false` to disable all encoding. + # + config.encoding = :base64 + + # Possible values: "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "RS1" + # Default: ["ES256", "PS256", "RS256"] + # + # config.algorithms << "ES384" +end |