nixos/gitlab: Switch from unicorn to puma

Puma is the new upstream default server since GitLab 13.
This commit is contained in:
talyz 2021-02-17 16:36:58 +01:00
parent 2ec397ff9f
commit f8ab43ef7b
No known key found for this signature in database
GPG Key ID: 2DED2151F4671A2B
4 changed files with 91 additions and 113 deletions

@ -1,69 +0,0 @@
worker_processes 3
listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024
listen "/run/gitlab/gitlab.socket", :backlog => 1024
working_directory ENV["GITLAB_PATH"]
pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid"
timeout 60
# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
preload_app true
GC.respond_to?(:copy_on_write_friendly=) and
GC.copy_on_write_friendly = true
check_client_connection false
before_fork do |server, worker|
# the following is highly recommended for Rails + "preload_app true"
# as there's no need for the master process to hold a connection
defined?(ActiveRecord::Base) and
ActiveRecord::Base.connection.disconnect!
# The following is only recommended for memory/DB-constrained
# installations. It is not needed if your system can house
# twice as many worker_processes as you have configured.
#
# This allows a new master process to incrementally
# phase out the old master process with SIGTTOU to avoid a
# thundering herd (especially in the "preload_app false" case)
# when doing a transparent upgrade. The last worker spawned
# will then kill off the old master process with a SIGQUIT.
old_pid = "#{server.config[:pid]}.oldbin"
if old_pid != server.pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
end
end
# Throttle the master from forking too quickly by sleeping. Due
# to the implementation of standard Unix signal handlers, this
# helps (but does not completely) prevent identical, repeated signals
# from being lost when the receiving process is busy.
# sleep 1
end
after_fork do |server, worker|
# per-process listener ports for debugging/admin/migrations
# addr = "127.0.0.1:#{9293 + worker.nr}"
# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
# the following is *required* for Rails + "preload_app true",
defined?(ActiveRecord::Base) and
ActiveRecord::Base.establish_connection
# reset prometheus client, this will cause any opened metrics files to be closed
defined?(::Prometheus::Client.reinitialize_on_pid_change) &&
Prometheus::Client.reinitialize_on_pid_change
# if preload_app is true, then you may also want to check and
# restart any other shared sockets/descriptors such as Memcached,
# and Redis. TokyoCabinet file handles are safe to reuse
# between any number of forked children (assuming your kernel
# correctly implements pread()/pwrite() system calls)
end

@ -142,7 +142,7 @@ let
gitlabEnv = {
HOME = "${cfg.statePath}/home";
UNICORN_PATH = "${cfg.statePath}/";
PUMA_PATH = "${cfg.statePath}/";
GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/";
SCHEMA = "${cfg.statePath}/db/structure.sql";
GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads";
@ -725,8 +725,6 @@ in {
"L+ /run/gitlab/uploads - - - - ${cfg.statePath}/uploads"
"L+ /run/gitlab/shell-config.yml - - - - ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)}"
"L+ ${cfg.statePath}/config/unicorn.rb - - - - ${./defaultUnicornConfig.rb}"
];
systemd.services.gitlab-sidekiq = {
@ -873,7 +871,9 @@ in {
set -eu
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*
if [[ ! -z "$(ls -A '${cfg.statePath}'/config/)" ]]; then
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*
fi
'';
preStart = ''
set -eu
@ -956,7 +956,7 @@ in {
"+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}"
"${pkgs.writeShellScript "gitlab-pre-start" preStart}"
];
ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/unicorn -c ${cfg.statePath}/config/unicorn.rb -E production";
ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/puma -C ${cfg.statePath}/config/puma.rb -e production";
};
};

@ -137,6 +137,7 @@ stdenv.mkDerivation {
sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake
sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb
mv config/puma.rb.example config/puma.rb
# Always require lib-files and application.rb through their store
# path, not their relative state directory path. This gets rid of
# warnings and means we don't have to link back to lib from the

@ -1,8 +1,8 @@
diff --git a/config/environments/production.rb b/config/environments/production.rb
index c5cbfcf64c..4d01f6fab8 100644
index d9b3ee354b0..1eb0507488b 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -70,10 +70,10 @@ Rails.application.configure do
@@ -69,10 +69,10 @@
config.action_mailer.delivery_method = :sendmail
# Defaults to:
@ -11,17 +11,17 @@ index c5cbfcf64c..4d01f6fab8 100644
- # # arguments: '-i -t'
- # # }
+ config.action_mailer.sendmail_settings = {
+ location: '/usr/sbin/sendmail',
+ location: '/run/wrappers/bin/sendmail',
+ arguments: '-i -t'
+ }
config.action_mailer.perform_deliveries = true
config.action_mailer.raise_delivery_errors = true
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index bd696a7f2c..44e3863736 100644
index 92e7501d49d..4ee5a1127df 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -590,7 +590,7 @@ production: &base
@@ -1168,7 +1168,7 @@ production: &base
# CAUTION!
# Use the default values unless you really know what you are doing
git:
@ -31,10 +31,10 @@ index bd696a7f2c..44e3863736 100644
## Webpack settings
# If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 0bea8a4f4b..290248547b 100644
index bbed08f5044..2906e5c44af 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -177,7 +177,7 @@ Settings.gitlab['ssh_user'] ||= Settings.gitlab['user']
@@ -183,7 +183,7 @@
Settings.gitlab['user_home'] ||= begin
Etc.getpwnam(Settings.gitlab['user']).dir
rescue ArgumentError # no user configured
@ -43,7 +43,7 @@ index 0bea8a4f4b..290248547b 100644
end
Settings.gitlab['time_zone'] ||= nil
Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
@@ -507,7 +507,7 @@ Settings.backup['upload']['storage_class'] ||= nil
@@ -751,7 +751,7 @@
# Git
#
Settings['git'] ||= Settingslogic.new({})
@ -52,37 +52,94 @@ index 0bea8a4f4b..290248547b 100644
# Important: keep the satellites.path setting until GitLab 9.0 at
# least. This setting is fed to 'rm -rf' in
diff --git a/config/puma.rb.example b/config/puma.rb.example
index 9fc354a8fe8..2352ca9b58c 100644
--- a/config/puma.rb.example
+++ b/config/puma.rb.example
@@ -5,12 +5,8 @@
# The default is "config.ru".
#
rackup 'config.ru'
-pidfile '/home/git/gitlab/tmp/pids/puma.pid'
-state_path '/home/git/gitlab/tmp/pids/puma.state'
-
-stdout_redirect '/home/git/gitlab/log/puma.stdout.log',
- '/home/git/gitlab/log/puma.stderr.log',
- true
+pidfile ENV['PUMA_PATH'] + '/tmp/pids/puma.pid'
+state_path ENV['PUMA_PATH'] + '/tmp/pids/puma.state'
# Configure "min" to be the minimum number of threads to use to answer
# requests and "max" the maximum.
@@ -31,12 +27,12 @@ queue_requests false
# Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only
# accepted protocols.
-bind 'unix:///home/git/gitlab/tmp/sockets/gitlab.socket'
+bind "unix://#{ENV['PUMA_PATH']}/tmp/sockets/gitlab.socket"
workers 3
-require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events"
-require_relative "/home/git/gitlab/lib/gitlab/cluster/puma_worker_killer_initializer"
+require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/lifecycle_events"
+require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/puma_worker_killer_initializer"
on_restart do
# Signal application hooks that we're about to restart
@@ -80,7 +76,7 @@ if defined?(nakayoshi_fork)
end
# Use json formatter
-require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter"
+require_relative ENV['GITLAB_PATH'] + "lib/gitlab/puma_logging/json_formatter"
json_formatter = Gitlab::PumaLogging::JSONFormatter.new
log_formatter do |str|
diff --git a/lib/api/api.rb b/lib/api/api.rb
index e953f3d2ec..3a8d9f076b 100644
index ada0da28749..8a3f5824008 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -2,7 +2,7 @@ module API
class API < Grape::API
@@ -4,7 +4,7 @@ module API
class API < ::API::Base
include APIGuard
- LOG_FILENAME = Rails.root.join("log", "api_json.log")
+ LOG_FILENAME = File.join(ENV["GITLAB_LOG_PATH"], "api_json.log")
NO_SLASH_URL_PART_REGEX = %r{[^/]+}
PROJECT_ENDPOINT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze
NO_SLASH_URL_PART_REGEX = %r{[^/]+}.freeze
NAMESPACE_OR_PROJECT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze
diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb
index 50cd15b7a10..3ac89e5b8e9 100644
--- a/lib/gitlab/authorized_keys.rb
+++ b/lib/gitlab/authorized_keys.rb
@@ -157,7 +157,7 @@ def command(id)
raise KeyError, "Invalid ID: #{id.inspect}"
end
- "#{File.join(Gitlab.config.gitlab_shell.path, 'bin', 'gitlab-shell')} #{id}"
+ "#{File.join('/run/current-system/sw/bin', 'gitlab-shell')} #{id}"
end
def strip(key)
diff --git a/lib/gitlab/logger.rb b/lib/gitlab/logger.rb
index a42e312b5d..ccaab9229e 100644
index 89a4e36a232..ae379ffb27a 100644
--- a/lib/gitlab/logger.rb
+++ b/lib/gitlab/logger.rb
@@ -26,7 +26,7 @@ module Gitlab
@@ -37,7 +37,7 @@ def self.build
end
def self.full_log_path
- Rails.root.join("log", file_name)
+ File.join(ENV["GITLAB_LOG_PATH"], file_name)
+ File.join(ENV["GITLAB_LOG_PATH"], file_name)
end
def self.cache_key
diff --git a/lib/gitlab/uploads_transfer.rb b/lib/gitlab/uploads_transfer.rb
index 7d7400bdab..cb25211d44 100644
index e0e7084e27e..19fab855b90 100644
--- a/lib/gitlab/uploads_transfer.rb
+++ b/lib/gitlab/uploads_transfer.rb
@@ -1,7 +1,7 @@
@@ -3,7 +3,7 @@
module Gitlab
class UploadsTransfer < ProjectTransfer
def root_dir
@ -92,10 +149,10 @@ index 7d7400bdab..cb25211d44 100644
end
end
diff --git a/lib/system_check/app/log_writable_check.rb b/lib/system_check/app/log_writable_check.rb
index 3e0c436d6e..28cefc5514 100644
index 2c108f0c18d..3a16ff52d01 100644
--- a/lib/system_check/app/log_writable_check.rb
+++ b/lib/system_check/app/log_writable_check.rb
@@ -21,7 +21,7 @@ module SystemCheck
@@ -23,7 +23,7 @@ def show_error
private
def log_path
@ -105,10 +162,10 @@ index 3e0c436d6e..28cefc5514 100644
end
end
diff --git a/lib/system_check/app/uploads_directory_exists_check.rb b/lib/system_check/app/uploads_directory_exists_check.rb
index 7026d0ba07..c56e1f7ed9 100644
index 54dff63ab61..882da702f29 100644
--- a/lib/system_check/app/uploads_directory_exists_check.rb
+++ b/lib/system_check/app/uploads_directory_exists_check.rb
@@ -4,12 +4,13 @@ module SystemCheck
@@ -6,12 +6,13 @@ class UploadsDirectoryExistsCheck < SystemCheck::BaseCheck
set_name 'Uploads directory exists?'
def check?
@ -120,15 +177,15 @@ index 7026d0ba07..c56e1f7ed9 100644
+ uploads_dir = ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads')
try_fixing_it(
- "sudo -u #{gitlab_user} mkdir #{Rails.root}/public/uploads"
+ "sudo -u #{gitlab_user} mkdir #{uploads_dir}"
+ "sudo -u #{gitlab_user} mkdir #{uploads_dir}"
)
for_more_information(
see_installation_guide_section 'GitLab'
see_installation_guide_section('GitLab')
diff --git a/lib/system_check/app/uploads_path_permission_check.rb b/lib/system_check/app/uploads_path_permission_check.rb
index 7df6c06025..bb447c16b2 100644
index 2e1cc687c43..ca69d63bcf6 100644
--- a/lib/system_check/app/uploads_path_permission_check.rb
+++ b/lib/system_check/app/uploads_path_permission_check.rb
@@ -25,7 +25,7 @@ module SystemCheck
@@ -27,7 +27,7 @@ def show_error
private
def rails_uploads_path
@ -138,10 +195,10 @@ index 7df6c06025..bb447c16b2 100644
def uploads_fullpath
diff --git a/lib/system_check/app/uploads_path_tmp_permission_check.rb b/lib/system_check/app/uploads_path_tmp_permission_check.rb
index b276a81eac..070e3ebd81 100644
index 567c7540777..29906b1c132 100644
--- a/lib/system_check/app/uploads_path_tmp_permission_check.rb
+++ b/lib/system_check/app/uploads_path_tmp_permission_check.rb
@@ -33,7 +33,7 @@ module SystemCheck
@@ -35,7 +35,7 @@ def upload_path_tmp
end
def uploads_fullpath
@ -150,14 +207,3 @@ index b276a81eac..070e3ebd81 100644
end
end
end
--- a/lib/gitlab/authorized_keys.rb
+++ b/lib/gitlab/authorized_keys.rb
@@ -157,7 +157,7 @@
raise KeyError, "Invalid ID: #{id.inspect}"
end
- "#{File.join(Gitlab.config.gitlab_shell.path, 'bin', 'gitlab-shell')} #{id}"
+ "#{File.join('/run/current-system/sw/bin', 'gitlab-shell')} #{id}"
end
def strip(key)