debian-mirror-gitlab/lib/tasks/gitlab/check.rake

458 lines
14 KiB
Ruby
Raw Normal View History

2014-09-02 18:07:02 +05:30
namespace :gitlab do
2017-09-10 17:25:29 +05:30
desc 'GitLab | Check the configuration of GitLab and its environment'
2015-09-11 14:41:01 +05:30
task check: %w{gitlab:gitlab_shell:check
2014-09-02 18:07:02 +05:30
gitlab:sidekiq:check
2015-09-25 12:07:36 +05:30
gitlab:incoming_email:check
2014-09-02 18:07:02 +05:30
gitlab:ldap:check
gitlab:app:check}
namespace :app do
2017-09-10 17:25:29 +05:30
desc 'GitLab | Check the configuration of the GitLab Rails app'
2018-03-17 18:26:18 +05:30
task check: :gitlab_environment do
2014-09-02 18:07:02 +05:30
warn_user_is_not_gitlab
2017-09-10 17:25:29 +05:30
checks = [
SystemCheck::App::GitConfigCheck,
SystemCheck::App::DatabaseConfigExistsCheck,
SystemCheck::App::MigrationsAreUpCheck,
SystemCheck::App::OrphanedGroupMembersCheck,
SystemCheck::App::GitlabConfigExistsCheck,
SystemCheck::App::GitlabConfigUpToDateCheck,
SystemCheck::App::LogWritableCheck,
SystemCheck::App::TmpWritableCheck,
SystemCheck::App::UploadsDirectoryExistsCheck,
SystemCheck::App::UploadsPathPermissionCheck,
SystemCheck::App::UploadsPathTmpPermissionCheck,
SystemCheck::App::InitScriptExistsCheck,
SystemCheck::App::InitScriptUpToDateCheck,
SystemCheck::App::ProjectsHaveNamespaceCheck,
SystemCheck::App::RedisVersionCheck,
SystemCheck::App::RubyVersionCheck,
SystemCheck::App::GitVersionCheck,
2018-03-17 18:26:18 +05:30
SystemCheck::App::GitUserDefaultSSHConfigCheck,
2017-09-10 17:25:29 +05:30
SystemCheck::App::ActiveUsersCheck
]
SystemCheck.run('GitLab', checks)
2014-09-02 18:07:02 +05:30
end
end
namespace :gitlab_shell do
2015-09-11 14:41:01 +05:30
desc "GitLab | Check the configuration of GitLab Shell"
2018-03-17 18:26:18 +05:30
task check: :gitlab_environment do
2014-09-02 18:07:02 +05:30
warn_user_is_not_gitlab
start_checking "GitLab Shell"
check_gitlab_shell
check_repo_base_exists
check_repo_base_is_not_symlink
check_repo_base_user_and_group
check_repo_base_permissions
2015-04-26 12:48:37 +05:30
check_repos_hooks_directory_is_link
2014-09-02 18:07:02 +05:30
check_gitlab_shell_self_test
finished_checking "GitLab Shell"
end
# Checks
########################
def check_repo_base_exists
2016-08-24 12:49:21 +05:30
puts "Repo base directory exists?"
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
Gitlab.config.repositories.storages.each do |name, repository_storage|
repo_base_path = repository_storage['path']
2016-08-24 12:49:21 +05:30
print "#{name}... "
2014-09-02 18:07:02 +05:30
2016-09-13 17:45:13 +05:30
if File.exist?(repo_base_path)
2016-08-24 12:49:21 +05:30
puts "yes".color(:green)
else
puts "no".color(:red)
puts "#{repo_base_path} is missing".color(:red)
try_fixing_it(
"This should have been created when setting up GitLab Shell.",
"Make sure it's set correctly in config/gitlab.yml",
"Make sure GitLab Shell is installed correctly."
)
for_more_information(
see_installation_guide_section "GitLab Shell"
)
fix_and_rerun
end
2014-09-02 18:07:02 +05:30
end
end
def check_repo_base_is_not_symlink
2016-08-24 12:49:21 +05:30
puts "Repo storage directories are symlinks?"
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
Gitlab.config.repositories.storages.each do |name, repository_storage|
repo_base_path = repository_storage['path']
2016-08-24 12:49:21 +05:30
print "#{name}... "
2014-09-02 18:07:02 +05:30
2016-09-13 17:45:13 +05:30
unless File.exist?(repo_base_path)
2016-08-24 12:49:21 +05:30
puts "can't check because of previous errors".color(:magenta)
2017-08-17 22:00:37 +05:30
break
2016-08-24 12:49:21 +05:30
end
unless File.symlink?(repo_base_path)
puts "no".color(:green)
else
puts "yes".color(:red)
try_fixing_it(
"Make sure it's set to the real directory in config/gitlab.yml"
)
fix_and_rerun
end
2014-09-02 18:07:02 +05:30
end
end
def check_repo_base_permissions
2016-08-24 12:49:21 +05:30
puts "Repo paths access is drwxrws---?"
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
Gitlab.config.repositories.storages.each do |name, repository_storage|
repo_base_path = repository_storage['path']
2016-08-24 12:49:21 +05:30
print "#{name}... "
2014-09-02 18:07:02 +05:30
2016-09-13 17:45:13 +05:30
unless File.exist?(repo_base_path)
2016-08-24 12:49:21 +05:30
puts "can't check because of previous errors".color(:magenta)
2017-08-17 22:00:37 +05:30
break
2016-08-24 12:49:21 +05:30
end
if File.stat(repo_base_path).mode.to_s(8).ends_with?("2770")
puts "yes".color(:green)
else
puts "no".color(:red)
try_fixing_it(
"sudo chmod -R ug+rwX,o-rwx #{repo_base_path}",
"sudo chmod -R ug-s #{repo_base_path}",
"sudo find #{repo_base_path} -type d -print0 | sudo xargs -0 chmod g+s"
)
for_more_information(
see_installation_guide_section "GitLab Shell"
)
fix_and_rerun
end
2014-09-02 18:07:02 +05:30
end
end
def check_repo_base_user_and_group
gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user
2017-08-17 22:00:37 +05:30
puts "Repo paths owned by #{gitlab_shell_ssh_user}:root, or #{gitlab_shell_ssh_user}:#{Gitlab.config.gitlab_shell.owner_group}?"
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
Gitlab.config.repositories.storages.each do |name, repository_storage|
repo_base_path = repository_storage['path']
2016-08-24 12:49:21 +05:30
print "#{name}... "
2014-09-02 18:07:02 +05:30
2016-09-13 17:45:13 +05:30
unless File.exist?(repo_base_path)
2016-08-24 12:49:21 +05:30
puts "can't check because of previous errors".color(:magenta)
2017-08-17 22:00:37 +05:30
break
2016-08-24 12:49:21 +05:30
end
2017-08-17 22:00:37 +05:30
user_id = uid_for(gitlab_shell_ssh_user)
root_group_id = gid_for('root')
group_ids = [root_group_id, gid_for(Gitlab.config.gitlab_shell.owner_group)]
if File.stat(repo_base_path).uid == user_id && group_ids.include?(File.stat(repo_base_path).gid)
2016-08-24 12:49:21 +05:30
puts "yes".color(:green)
else
puts "no".color(:red)
2017-08-17 22:00:37 +05:30
puts " User id for #{gitlab_shell_ssh_user}: #{user_id}. Groupd id for root: #{root_group_id}".color(:blue)
2016-08-24 12:49:21 +05:30
try_fixing_it(
2017-08-17 22:00:37 +05:30
"sudo chown -R #{gitlab_shell_ssh_user}:root #{repo_base_path}"
2016-08-24 12:49:21 +05:30
)
for_more_information(
see_installation_guide_section "GitLab Shell"
)
fix_and_rerun
end
2014-09-02 18:07:02 +05:30
end
end
2015-04-26 12:48:37 +05:30
def check_repos_hooks_directory_is_link
print "hooks directories in repos are links: ... "
2014-09-02 18:07:02 +05:30
gitlab_shell_hooks_path = Gitlab.config.gitlab_shell.hooks_path
unless Project.count > 0
puts "can't check, you have no projects".color(:magenta)
2014-09-02 18:07:02 +05:30
return
end
2018-03-17 18:26:18 +05:30
2014-09-02 18:07:02 +05:30
puts ""
Project.find_each(batch_size: 100) do |project|
print sanitized_message(project)
2015-04-26 12:48:37 +05:30
project_hook_directory = File.join(project.repository.path_to_repo, "hooks")
2014-09-02 18:07:02 +05:30
if project.empty_repo?
puts "repository is empty".color(:magenta)
2015-09-11 14:41:01 +05:30
elsif File.directory?(project_hook_directory) && File.directory?(gitlab_shell_hooks_path) &&
(File.realpath(project_hook_directory) == File.realpath(gitlab_shell_hooks_path))
puts 'ok'.color(:green)
2014-09-02 18:07:02 +05:30
else
puts "wrong or missing hooks".color(:red)
2015-04-26 12:48:37 +05:30
try_fixing_it(
2016-08-24 12:49:21 +05:30
sudo_gitlab("#{File.join(gitlab_shell_path, 'bin/create-hooks')} #{repository_storage_paths_args.join(' ')}"),
2015-04-26 12:48:37 +05:30
'Check the hooks_path in config/gitlab.yml',
'Check your gitlab-shell installation'
)
for_more_information(
see_installation_guide_section "GitLab Shell"
)
fix_and_rerun
2014-09-02 18:07:02 +05:30
end
end
end
def check_gitlab_shell_self_test
gitlab_shell_repo_base = gitlab_shell_path
check_cmd = File.expand_path('bin/check', gitlab_shell_repo_base)
puts "Running #{check_cmd}"
2018-03-17 18:26:18 +05:30
2014-09-02 18:07:02 +05:30
if system(check_cmd, chdir: gitlab_shell_repo_base)
puts 'gitlab-shell self-check successful'.color(:green)
2014-09-02 18:07:02 +05:30
else
puts 'gitlab-shell self-check failed'.color(:red)
2014-09-02 18:07:02 +05:30
try_fixing_it(
'Make sure GitLab is running;',
'Check the gitlab-shell configuration file:',
sudo_gitlab("editor #{File.expand_path('config.yml', gitlab_shell_repo_base)}")
)
fix_and_rerun
end
end
# Helper methods
########################
def gitlab_shell_path
Gitlab.config.gitlab_shell.path
end
def gitlab_shell_version
Gitlab::Shell.new.version
end
def gitlab_shell_major_version
2015-04-26 12:48:37 +05:30
Gitlab::Shell.version_required.split('.')[0].to_i
2014-09-02 18:07:02 +05:30
end
def gitlab_shell_minor_version
2015-04-26 12:48:37 +05:30
Gitlab::Shell.version_required.split('.')[1].to_i
2014-09-02 18:07:02 +05:30
end
def gitlab_shell_patch_version
2015-04-26 12:48:37 +05:30
Gitlab::Shell.version_required.split('.')[2].to_i
2014-09-02 18:07:02 +05:30
end
end
namespace :sidekiq do
2015-09-11 14:41:01 +05:30
desc "GitLab | Check the configuration of Sidekiq"
2018-03-17 18:26:18 +05:30
task check: :gitlab_environment do
2014-09-02 18:07:02 +05:30
warn_user_is_not_gitlab
start_checking "Sidekiq"
check_sidekiq_running
only_one_sidekiq_running
finished_checking "Sidekiq"
end
# Checks
########################
def check_sidekiq_running
print "Running? ... "
if sidekiq_process_count > 0
puts "yes".color(:green)
2014-09-02 18:07:02 +05:30
else
puts "no".color(:red)
2014-09-02 18:07:02 +05:30
try_fixing_it(
sudo_gitlab("RAILS_ENV=production bin/background_jobs start")
)
for_more_information(
see_installation_guide_section("Install Init Script"),
"see log/sidekiq.log for possible errors"
)
fix_and_rerun
end
end
def only_one_sidekiq_running
process_count = sidekiq_process_count
return if process_count.zero?
print 'Number of Sidekiq processes ... '
2018-03-17 18:26:18 +05:30
2014-09-02 18:07:02 +05:30
if process_count == 1
puts '1'.color(:green)
2014-09-02 18:07:02 +05:30
else
puts "#{process_count}".color(:red)
2014-09-02 18:07:02 +05:30
try_fixing_it(
'sudo service gitlab stop',
"sudo pkill -u #{gitlab_user} -f sidekiq",
"sleep 10 && sudo pkill -9 -u #{gitlab_user} -f sidekiq",
'sudo service gitlab start'
)
fix_and_rerun
end
end
def sidekiq_process_count
2017-08-17 22:00:37 +05:30
ps_ux, _ = Gitlab::Popen.popen(%w(ps uxww))
2014-09-02 18:07:02 +05:30
ps_ux.scan(/sidekiq \d+\.\d+\.\d+/).count
end
end
2015-09-25 12:07:36 +05:30
namespace :incoming_email do
desc "GitLab | Check the configuration of Reply by email"
2018-03-17 18:26:18 +05:30
task check: :gitlab_environment do
2015-09-25 12:07:36 +05:30
warn_user_is_not_gitlab
if Gitlab.config.incoming_email.enabled
2018-03-17 18:26:18 +05:30
checks = [
SystemCheck::IncomingEmail::ImapAuthenticationCheck
]
2015-09-25 12:07:36 +05:30
if Rails.env.production?
2018-03-17 18:26:18 +05:30
checks << SystemCheck::IncomingEmail::InitdConfiguredCheck
checks << SystemCheck::IncomingEmail::MailRoomRunningCheck
2015-09-25 12:07:36 +05:30
else
2018-03-17 18:26:18 +05:30
checks << SystemCheck::IncomingEmail::ForemanConfiguredCheck
2015-09-25 12:07:36 +05:30
end
2018-03-17 18:26:18 +05:30
SystemCheck.run('Reply by email', checks)
2015-09-25 12:07:36 +05:30
else
2018-03-17 18:26:18 +05:30
puts 'Reply by email is disabled in config/gitlab.yml'
2015-09-25 12:07:36 +05:30
end
end
end
2014-09-02 18:07:02 +05:30
namespace :ldap do
2018-03-17 18:26:18 +05:30
task :check, [:limit] => :gitlab_environment do |_, args|
2014-09-02 18:07:02 +05:30
# Only show up to 100 results because LDAP directories can be very big.
# This setting only affects the `rake gitlab:check` script.
args.with_defaults(limit: 100)
warn_user_is_not_gitlab
start_checking "LDAP"
2018-03-27 19:54:05 +05:30
if Gitlab::Auth::LDAP::Config.enabled?
2017-08-17 22:00:37 +05:30
check_ldap(args.limit)
2014-09-02 18:07:02 +05:30
else
puts 'LDAP is disabled in config/gitlab.yml'
end
finished_checking "LDAP"
end
2017-08-17 22:00:37 +05:30
def check_ldap(limit)
2018-03-27 19:54:05 +05:30
servers = Gitlab::Auth::LDAP::Config.providers
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
servers.each do |server|
puts "Server: #{server}"
2017-08-17 22:00:37 +05:30
begin
2018-03-27 19:54:05 +05:30
Gitlab::Auth::LDAP::Adapter.open(server) do |adapter|
2017-08-17 22:00:37 +05:30
check_ldap_auth(adapter)
puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)"
users = adapter.users(adapter.config.uid, '*', limit)
users.each do |user|
puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
end
2015-04-26 12:48:37 +05:30
end
2017-08-17 22:00:37 +05:30
rescue Net::LDAP::ConnectionRefusedError, Errno::ECONNREFUSED => e
puts "Could not connect to the LDAP server: #{e.message}".color(:red)
2015-04-26 12:48:37 +05:30
end
2014-09-02 18:07:02 +05:30
end
end
2017-08-17 22:00:37 +05:30
def check_ldap_auth(adapter)
auth = adapter.config.has_auth?
message = if auth && adapter.ldap.bind
'Success'.color(:green)
elsif auth
'Failed. Check `bind_dn` and `password` configuration values'.color(:red)
else
'Anonymous. No `bind_dn` or `password` configured'.color(:yellow)
end
puts "LDAP authentication... #{message}"
end
2015-04-26 12:48:37 +05:30
end
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
namespace :repo do
2015-09-11 14:41:01 +05:30
desc "GitLab | Check the integrity of the repositories managed by GitLab"
2018-03-17 18:26:18 +05:30
task check: :gitlab_environment do
puts "This task is deprecated. Please use gitlab:git:fsck instead".color(:red)
Rake::Task["gitlab:git:fsck"].execute
end
end
2014-09-02 18:07:02 +05:30
2018-03-17 18:26:18 +05:30
namespace :orphans do
desc 'Gitlab | Check for orphaned namespaces and repositories'
task check: :gitlab_environment do
warn_user_is_not_gitlab
checks = [
SystemCheck::Orphans::NamespaceCheck,
SystemCheck::Orphans::RepositoryCheck
]
SystemCheck.run('Orphans', checks)
end
desc 'GitLab | Check for orphaned namespaces in the repositories path'
task check_namespaces: :gitlab_environment do
warn_user_is_not_gitlab
checks = [SystemCheck::Orphans::NamespaceCheck]
SystemCheck.run('Orphans', checks)
end
desc 'GitLab | Check for orphaned repositories in the repositories path'
task check_repositories: :gitlab_environment do
warn_user_is_not_gitlab
checks = [SystemCheck::Orphans::RepositoryCheck]
SystemCheck.run('Orphans', checks)
2015-12-23 02:04:40 +05:30
end
end
namespace :user do
desc "GitLab | Check the integrity of a specific user's repositories"
2018-03-17 18:26:18 +05:30
task :check_repos, [:username] => :gitlab_environment do |t, args|
username = args[:username] || prompt("Check repository integrity for username? ".color(:blue))
2015-12-23 02:04:40 +05:30
user = User.find_by(username: username)
if user
repo_dirs = user.authorized_projects.map do |p|
2017-08-17 22:00:37 +05:30
File.join(
p.repository_storage_path,
2017-09-10 17:25:29 +05:30
"#{p.disk_path}.git"
2017-08-17 22:00:37 +05:30
)
end
2015-12-23 02:04:40 +05:30
repo_dirs.each { |repo_dir| check_repo_integrity(repo_dir) }
else
puts "\nUser '#{username}' not found".color(:red)
2015-04-26 12:48:37 +05:30
end
2014-09-02 18:07:02 +05:30
end
end
# Helper methods
##########################
def check_gitlab_shell
required_version = Gitlab::VersionInfo.new(gitlab_shell_major_version, gitlab_shell_minor_version, gitlab_shell_patch_version)
current_version = Gitlab::VersionInfo.parse(gitlab_shell_version)
print "GitLab Shell version >= #{required_version} ? ... "
if current_version.valid? && required_version <= current_version
puts "OK (#{current_version})".color(:green)
2014-09-02 18:07:02 +05:30
else
puts "FAIL. Please update gitlab-shell to #{required_version} from #{current_version}".color(:red)
2014-09-02 18:07:02 +05:30
end
end
end