gitlab-org--gitlab-foss/lib/tasks/gitlab/shell.rake

# frozen_string_literal: true

namespace :gitlab do
  namespace :shell do
    desc "GitLab | Shell | Install or upgrade gitlab-shell"
    task :install, [:repo] => :gitlab_environment do |t, args|
      warn_user_is_not_gitlab

      default_version = Gitlab::Shell.version_required
      args.with_defaults(repo: 'https://gitlab.com/gitlab-org/gitlab-shell.git')

      gitlab_url = Gitlab.config.gitlab.url
      # gitlab-shell requires a / at the end of the url
      gitlab_url += '/' unless gitlab_url.end_with?('/')
      target_dir = Gitlab.config.gitlab_shell.path

      checkout_or_clone_version(version: default_version, repo: args.repo, target_dir: target_dir, clone_opts: %w[--depth 1])

      # Make sure we're on the right tag
      Dir.chdir(target_dir) do
        config = {
          user: Gitlab.config.gitlab.user,
          gitlab_url: gitlab_url,
          auth_file: File.join(user_home, ".ssh", "authorized_keys"),
          log_level: "INFO",
          audit_usernames: false
        }.stringify_keys

        # Generate config.yml based on existing gitlab settings
        File.open("config.yml", "w+") { |f| f.puts config.to_yaml }

        [
          %w(bin/install) + repository_storage_paths_args,
          %w(make build)
        ].each do |cmd|
          unless Kernel.system(*cmd)
            raise "command failed: #{cmd.join(' ')}"
          end
        end
      end

      Gitlab::Shell.ensure_secret_token!
    end

    desc "GitLab | Shell | Setup gitlab-shell"
    task setup: :gitlab_environment do
      setup
    end

    desc "GitLab | Shell | Build missing projects"
    task build_missing_projects: :gitlab_environment do
      Project.find_each(batch_size: 1000) do |project|
        path_to_repo = project.repository.path_to_repo
        if File.exist?(path_to_repo)
          print '-'
        else
          if Gitlab::Shell.new.create_repository(project.repository_storage,
                                              project.disk_path)
            print '.'
          else
            print 'F'
          end
        end
      end
    end
  end

  def setup
    warn_user_is_not_gitlab

    ensure_write_to_authorized_keys_is_enabled

    unless ENV['force'] == 'yes'
      puts "This task will now rebuild the authorized_keys file."
      puts "You will lose any data stored in the authorized_keys file."
      ask_to_continue
      puts ""
    end

    authorized_keys = Gitlab::AuthorizedKeys.new

    authorized_keys.clear

    Key.find_in_batches(batch_size: 1000) do |keys|
      unless authorized_keys.batch_add_keys(keys)
        puts "Failed to add keys...".color(:red)
        exit 1
      end
    end
  rescue Gitlab::TaskAbortedByUserError
    puts "Quitting...".color(:red)
    exit 1
  end

  def ensure_write_to_authorized_keys_is_enabled
    return if Gitlab::CurrentSettings.authorized_keys_enabled?

    puts authorized_keys_is_disabled_warning

    unless ENV['force'] == 'yes'
      puts 'Do you want to permanently enable the "Write to authorized_keys file" setting now?'
      ask_to_continue
    end

    puts 'Enabling the "Write to authorized_keys file" setting...'
    Gitlab::CurrentSettings.update!(authorized_keys_enabled: true)

    puts 'Successfully enabled "Write to authorized_keys file"!'
    puts ''
  end

  def authorized_keys_is_disabled_warning
    <<-MSG.strip_heredoc
      WARNING

      The "Write to authorized_keys file" setting is disabled, which prevents
      the file from being rebuilt!

      It should be enabled for most GitLab installations. Large installations
      may wish to disable it as part of speeding up SSH operations.

      See https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html

      If you did not intentionally disable this option in Admin Area > Settings,
      then you may have been affected by the 9.3.0 bug in which the new setting
      was disabled by default.

      https://gitlab.com/gitlab-org/gitlab/issues/2738

      It was reverted in 9.3.1 and fixed in 9.3.3, however, if Settings were
      saved while the setting was unchecked, then it is still disabled.
    MSG
  end
end
Add latest changes from gitlab-org/gitlab@master 2021-02-05 07:09:31 -05:00			`# frozen_string_literal: true`

gitlab;shell init script 2013-02-07 03:06:39 -05:00			`namespace :gitlab do`
			`namespace :shell do`
Add latest changes from gitlab-org/gitlab@master 2020-01-23 01:08:32 -05:00			`desc "GitLab \| Shell \| Install or upgrade gitlab-shell"`
Eliminate the warnings from task helpers 2018-01-24 03:12:33 -05:00			`task :install, [:repo] => :gitlab_environment do \|t, args\|`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00			`warn_user_is_not_gitlab`

Factor GITLAB_SHELL_VERSION get method 2014-11-05 11:14:22 -05:00			`default_version = Gitlab::Shell.version_required`
Expand components version specification format to allow branches Currently we specify versions for Gitlab-Shell, Workhorse and Gitaly using version strings, to which we prepend 'v' and assume are tags. These changes allow branches or tags with other name formats to be specified by prepending '=' to the version string (á la govendor). We also simplify the process to reset to the given version (now a branch or tag): Right now there's a check to supposedly try to avoid fetching from the remote the version if it already exist locally. But the previous logic already clones if the directory doesn't exist or fetches if it does, so this check is pointless. We can safely assume the version exists once we get to the reset stage. 2017-04-10 19:15:48 -04:00			`args.with_defaults(repo: 'https://gitlab.com/gitlab-org/gitlab-shell.git')`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00
Use Gitlab.config instead of Settings everywhere 2014-10-10 05:06:08 -04:00			`gitlab_url = Gitlab.config.gitlab.url`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00			`# gitlab-shell requires a / at the end of the url`
Replace match with end_with: more readable, faster 2014-10-18 16:36:00 -04:00			`gitlab_url += '/' unless gitlab_url.end_with?('/')`
Fix gitlab-shell setup rake task Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-05-02 06:46:32 -04:00			`target_dir = Gitlab.config.gitlab_shell.path`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-05-14 11:08:14 -04:00			`checkout_or_clone_version(version: default_version, repo: args.repo, target_dir: target_dir, clone_opts: %w[--depth 1])`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00
			`# Make sure we're on the right tag`
			`Dir.chdir(target_dir) do`
			`config = {`
New `gitlab:workhorse:install` rake task Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-28 06:45:46 -04:00			`user: Gitlab.config.gitlab.user,`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00			`gitlab_url: gitlab_url,`
New `gitlab:workhorse:install` rake task Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-28 06:45:46 -04:00			`auth_file: File.join(user_home, ".ssh", "authorized_keys"),`
Revert "gitlab shell works if multiple rubies installed" This reverts commit 533f4cdf30b38c587f7a91f0dfd898b907ecd944. 2014-11-18 10:14:36 -05:00			`log_level: "INFO",`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00			`audit_usernames: false`
Fix gitlab-shell setup rake task Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-05-02 06:46:32 -04:00			`}.stringify_keys`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00
			`# Generate config.yml based on existing gitlab settings`
Add latest changes from gitlab-org/gitlab@master 2022-08-17 05:11:44 -04:00			`File.open("config.yml", "w+") { \|f\| f.puts config.to_yaml }`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00
Compile gitlab-shell go executables 2017-05-02 11:44:40 -04:00			`[`
			`%w(bin/install) + repository_storage_paths_args,`
Add latest changes from gitlab-org/gitlab@master 2019-10-21 11:05:58 -04:00			`%w(make build)`
Compile gitlab-shell go executables 2017-05-02 11:44:40 -04:00			`].each do \|cmd\|`
			`unless Kernel.system(*cmd)`
			`raise "command failed: #{cmd.join(' ')}"`
			`end`
			`end`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00			`end`

Load Github::Shell's secret token from file on initialization instead of every request. 2016-09-29 12:46:54 -04:00			`Gitlab::Shell.ensure_secret_token!`
Add rake task to install or upgrade gitlab-shell installation. 2014-04-05 15:31:07 -04:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-01-23 01:08:32 -05:00			`desc "GitLab \| Shell \| Setup gitlab-shell"`
Eliminate the warnings from task helpers 2018-01-24 03:12:33 -05:00			`task setup: :gitlab_environment do`
gitlab;shell init script 2013-02-07 03:06:39 -05:00			`setup`
			`end`
task to build missing projects with gitlab-shell 2013-02-09 05:30:49 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-01-23 01:08:32 -05:00			`desc "GitLab \| Shell \| Build missing projects"`
Eliminate the warnings from task helpers 2018-01-24 03:12:33 -05:00			`task build_missing_projects: :gitlab_environment do`
task to build missing projects with gitlab-shell 2013-02-09 05:30:49 -05:00			`Project.find_each(batch_size: 1000) do \|project\|`
Factor using Repository#path_to_repo 2014-11-05 11:51:08 -05:00			`path_to_repo = project.repository.path_to_repo`
Use `File::exist?` instead of `File::exists?` Since version ruby-2.2.0, method `File::exists?` is deprecated. 2016-08-09 17:23:25 -04:00			`if File.exist?(path_to_repo)`
task to build missing projects with gitlab-shell 2013-02-09 05:30:49 -05:00			`print '-'`
			`else`
Change Gitlab::Shell#add_namespace to #create_namespace Prior to this change, this method was called add_namespace, which broke the CRUD convention and made it harder to grep for what I was looking for. Given the change was a find and replace kind of fix, this was changed without opening an issue and on another feature branch. If more dynamic calls are made to add_namespace, these could've been missed which might lead to incorrect bahaviour. However, going through the commit log it seems thats not the case. 2018-03-14 04:56:22 -04:00			`if Gitlab::Shell.new.create_repository(project.repository_storage,`
Rename more path_with_namespace -> full_path or disk_path 2017-07-21 20:37:22 -04:00			`project.disk_path)`
task to build missing projects with gitlab-shell 2013-02-09 05:30:49 -05:00			`print '.'`
			`else`
			`print 'F'`
			`end`
			`end`
			`end`
			`end`
gitlab;shell init script 2013-02-07 03:06:39 -05:00			`end`

			`def setup`
			`warn_user_is_not_gitlab`

Enable write to auth_keys file during restore Fast lookup of authorized SSH keys in the database was ported to CE in v10.4. This change adds the option to enable the setting via the restore rake task and assumes yes if the force env variable is set. 2018-09-19 16:50:31 -04:00			`ensure_write_to_authorized_keys_is_enabled`

fixes for gitlab restore with non-standard backup and repo dirs These fixes will allow a restore of gitlab when the backups and repositories directories are in non-standard locations (ie sub-dirs of gitlabhq). Also allows the restore to be run from script overriding the need of a user to confirm the rebuild of the authorized_keys file. 2013-05-29 15:19:23 -04:00			`unless ENV['force'] == 'yes'`
Enable write to auth_keys file during restore Fast lookup of authorized SSH keys in the database was ported to CE in v10.4. This change adds the option to enable the setting via the restore rake task and assumes yes if the force env variable is set. 2018-09-19 16:50:31 -04:00			`puts "This task will now rebuild the authorized_keys file."`
			`puts "You will lose any data stored in the authorized_keys file."`
fixes for gitlab restore with non-standard backup and repo dirs These fixes will allow a restore of gitlab when the backups and repositories directories are in non-standard locations (ie sub-dirs of gitlabhq). Also allows the restore to be run from script overriding the need of a user to confirm the rebuild of the authorized_keys file. 2013-05-29 15:19:23 -04:00			`ask_to_continue`
			`puts ""`
			`end`
gitlab;shell init script 2013-02-07 03:06:39 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`authorized_keys = Gitlab::AuthorizedKeys.new`

			`authorized_keys.clear`
gitlab;shell init script 2013-02-07 03:06:39 -05:00
Integrate Gitlab::Keys with Gitlab::Shell In this commit, some methods that aren't being used are removed from `Gitlab::Shell`. They are the ff: - `#remove_keys_not_found_in_db` - `#batch_read_key_ids` - `#list_key_ids` The corresponding methods in `Gitlab::Keys` have been removed as well. 2019-03-19 07:16:21 -04:00			`Key.find_in_batches(batch_size: 1000) do \|keys\|`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`unless authorized_keys.batch_add_keys(keys)`
Integrate Gitlab::Keys with Gitlab::Shell In this commit, some methods that aren't being used are removed from `Gitlab::Shell`. They are the ff: - `#remove_keys_not_found_in_db` - `#batch_read_key_ids` - `#list_key_ids` The corresponding methods in `Gitlab::Keys` have been removed as well. 2019-03-19 07:16:21 -04:00			`puts "Failed to add keys...".color(:red)`
			`exit 1`
gitlab;shell init script 2013-02-07 03:06:39 -05:00			`end`
			`end`
			`rescue Gitlab::TaskAbortedByUserError`
Replace colorize gem with rainbow. Colorize is a gem licensed under the GPLv2, so we can’t use it in GitLab without relicensing GitLab under the terms of the GPL. Rainbow is licensed under the MIT license and does the exact same thing as Colorize, so Rainbow was added in place of Colorize. The syntax is slightly different for Rainbow vs. Colorize, and was updated in accordance. The gem is still a dependency of Spinach, so it’s included in the development/test environments, but won’t be packaged with the actual product, and therefore doesn’t require we relicense the product. An attempt at relicensing Colorize was made, but didn’t succeed as the library owner never responded. Rainbow library: https://github.com/sickill/rainbow Relevant issue regarding licensing in GitLab's gems: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3775 2016-06-01 18:37:15 -04:00			`puts "Quitting...".color(:red)`
gitlab;shell init script 2013-02-07 03:06:39 -05:00			`exit 1`
			`end`
Enable write to auth_keys file during restore Fast lookup of authorized SSH keys in the database was ported to CE in v10.4. This change adds the option to enable the setting via the restore rake task and assumes yes if the force env variable is set. 2018-09-19 16:50:31 -04:00
			`def ensure_write_to_authorized_keys_is_enabled`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`return if Gitlab::CurrentSettings.authorized_keys_enabled?`
Enable write to auth_keys file during restore Fast lookup of authorized SSH keys in the database was ported to CE in v10.4. This change adds the option to enable the setting via the restore rake task and assumes yes if the force env variable is set. 2018-09-19 16:50:31 -04:00
			`puts authorized_keys_is_disabled_warning`

			`unless ENV['force'] == 'yes'`
			`puts 'Do you want to permanently enable the "Write to authorized_keys file" setting now?'`
			`ask_to_continue`
			`end`

			`puts 'Enabling the "Write to authorized_keys file" setting...'`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`Gitlab::CurrentSettings.update!(authorized_keys_enabled: true)`
Enable write to auth_keys file during restore Fast lookup of authorized SSH keys in the database was ported to CE in v10.4. This change adds the option to enable the setting via the restore rake task and assumes yes if the force env variable is set. 2018-09-19 16:50:31 -04:00
			`puts 'Successfully enabled "Write to authorized_keys file"!'`
			`puts ''`
			`end`

			`def authorized_keys_is_disabled_warning`
			`<<-MSG.strip_heredoc`
			`WARNING`

			`The "Write to authorized_keys file" setting is disabled, which prevents`
			`the file from being rebuilt!`

			`It should be enabled for most GitLab installations. Large installations`
			`may wish to disable it as part of speeding up SSH operations.`

			`See https://docs.gitlab.com/ee/administration/operations/fast_ssh_key_lookup.html`

			`If you did not intentionally disable this option in Admin Area > Settings,`
			`then you may have been affected by the 9.3.0 bug in which the new setting`
			`was disabled by default.`

Add latest changes from gitlab-org/gitlab@master 2019-09-18 10:02:45 -04:00			`https://gitlab.com/gitlab-org/gitlab/issues/2738`
Enable write to auth_keys file during restore Fast lookup of authorized SSH keys in the database was ported to CE in v10.4. This change adds the option to enable the setting via the restore rake task and assumes yes if the force env variable is set. 2018-09-19 16:50:31 -04:00
			`It was reverted in 9.3.1 and fixed in 9.3.3, however, if Settings were`
			`saved while the setting was unchecked, then it is still disabled.`
			`MSG`
			`end`
gitlab;shell init script 2013-02-07 03:06:39 -05:00			`end`