gitlab-org--gitlab-foss/lib/tasks/gitlab/cleanup.rake

# frozen_string_literal: true
require 'set'

namespace :gitlab do
  namespace :cleanup do
    desc "GitLab | Cleanup | Block users that have been removed in LDAP"
    task block_removed_ldap_users: :gitlab_environment do
      warn_user_is_not_gitlab
      block_flag = ENV['BLOCK']

      User.find_each do |user|
        next unless user.ldap_user?

        print "#{user.name} (#{user.ldap_identity.extern_uid}) ..."

        if Gitlab::Auth::LDAP::Access.allowed?(user)
          puts " [OK]".color(:green)
        else
          if block_flag
            user.block! unless user.blocked?
            puts " [BLOCKED]".color(:red)
          else
            puts " [NOT IN LDAP]".color(:yellow)
          end
        end
      end

      unless block_flag
        puts "To block these users run this command with BLOCK=true".color(:yellow)
      end
    end

    desc "GitLab | Cleanup | Clean orphaned project uploads"
    task project_uploads: :gitlab_environment do
      warn_user_is_not_gitlab

      cleaner = Gitlab::Cleanup::ProjectUploads.new(logger: logger)
      cleaner.run!(dry_run: dry_run?)

      if dry_run?
        logger.info "To clean up these files run this command with DRY_RUN=false".color(:yellow)
      end
    end

    desc 'GitLab | Cleanup | Clean orphan remote upload files that do not exist in the db'
    task remote_upload_files: :environment do
      cleaner = Gitlab::Cleanup::RemoteUploads.new(logger: logger)
      cleaner.run!(dry_run: dry_run?)

      if dry_run?
        logger.info "To cleanup these files run this command with DRY_RUN=false".color(:yellow)
      end
    end

    desc 'GitLab | Cleanup | Clean orphan job artifact files'
    task orphan_job_artifact_files: :gitlab_environment do
      warn_user_is_not_gitlab

      cleaner = Gitlab::Cleanup::OrphanJobArtifactFiles.new(limit: limit, dry_run: dry_run?, niceness: niceness, logger: logger)
      cleaner.run!

      if dry_run?
        logger.info "To clean up these files run this command with DRY_RUN=false".color(:yellow)
      end
    end

    namespace :sessions do
      desc "GitLab | Cleanup | Sessions | Clean ActiveSession lookup keys"
      task active_sessions_lookup_keys: :gitlab_environment do
        session_key_pattern = "#{Gitlab::Redis::SharedState::USER_SESSIONS_LOOKUP_NAMESPACE}:*"
        last_save_check = Time.at(0)
        wait_time = 10.seconds
        cursor = 0
        total_users_scanned = 0

        Gitlab::Redis::SharedState.with do |redis|
          begin
            cursor, keys = redis.scan(cursor, match: session_key_pattern)
            total_users_scanned += keys.count

            if last_save_check < Time.now - 1.second
              while redis.info('persistence')['rdb_bgsave_in_progress'] == '1'
                puts "BGSAVE in progress, waiting #{wait_time} seconds"
                sleep(wait_time)
              end
              last_save_check = Time.now
            end

            keys.each do |key|
              user_id = key.split(':').last

              lookup_key_count = redis.scard(key)

              session_ids = ActiveSession.session_ids_for_user(user_id)
              entries = ActiveSession.raw_active_session_entries(redis, session_ids, user_id)
              session_ids_and_entries = session_ids.zip(entries)

              inactive_session_ids = session_ids_and_entries.map do |session_id, session|
                session_id if session.nil?
              end.compact

              redis.pipelined do |conn|
                inactive_session_ids.each do |session_id|
                  conn.srem(key, session_id)
                end
              end

              if inactive_session_ids
                puts "deleted #{inactive_session_ids.count} out of #{lookup_key_count} lookup keys for User ##{user_id}"
              end
            end
          end while cursor.to_i != 0

          puts "--- All done! Total number of scanned users: #{total_users_scanned}"
        end
      end
    end

    def remove?
      ENV['REMOVE'] == 'true'
    end

    def dry_run?
      ENV['DRY_RUN'] != 'false'
    end

    def debug?
      ENV['DEBUG'].present?
    end

    def limit
      ENV['LIMIT']&.to_i
    end

    def niceness
      ENV['NICENESS'].presence
    end

    # rubocop:disable Gitlab/RailsLogger
    def logger
      return @logger if defined?(@logger)

      @logger = if Rails.env.development? || Rails.env.production?
                  Logger.new(STDOUT).tap do |stdout_logger|
                    stdout_logger.extend(ActiveSupport::Logger.broadcast(Rails.logger))
                    stdout_logger.level = debug? ? Logger::DEBUG : Logger::INFO
                  end
                else
                  Rails.logger
                end
    end
    # rubocop:enable Gitlab/RailsLogger
  end
end
Port cleanup tasks to use Gitaly Rake tasks cleaning up the Git storage were still using direct disk access, which won't work if these aren't attached. To mitigate a migration issue was created. To port gitlab:cleanup:dirs, and gitlab:cleanup:repos, a new RPC was required, ListDirectories. This was implemented in Gitaly, through https://gitlab.com/gitlab-org/gitaly/merge_requests/868. To be able to use the new RPC the Gitaly server was bumped to v0.120. This is an RPC that will not use feature gates, as this doesn't scale on .com so there is no way to test it at scale. Futhermore, we _know_ it doesn't scale, but this might be a useful task for smaller instances. Lastly, the tests are slightly updated to also work when the disk isn't attached. Eventhough this is not planned, it was very little effort and thus I applied the boy scout rule. Closes https://gitlab.com/gitlab-org/gitaly/issues/954 Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/40529 2018-09-07 05:16:34 -04:00			`# frozen_string_literal: true`
			`require 'set'`

Cleanup service tasks 2012-12-24 23:14:05 -05:00			`namespace :gitlab do`
			`namespace :cleanup do`
Replace GITLAB with GitLab in rake task descriptions 2015-06-23 10:52:40 -04:00			`desc "GitLab \| Cleanup \| Block users that have been removed in LDAP"`
Eliminate the warnings from task helpers 2018-01-24 03:12:33 -05:00			`task block_removed_ldap_users: :gitlab_environment do`
adds rake task to clean up deleted LDAP users 2014-06-26 09:38:11 -04:00			`warn_user_is_not_gitlab`
			`block_flag = ENV['BLOCK']`

fixed rake task to block removed ldap users 2015-02-16 04:00:25 -05:00			`User.find_each do \|user\|`
			`next unless user.ldap_user?`
Adds Rubocop rule for line break after guard clause Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses. 2017-11-14 04:02:39 -05:00
fixed rake task to block removed ldap users 2015-02-16 04:00:25 -05:00			`print "#{user.name} (#{user.ldap_identity.extern_uid}) ..."`
Adds Rubocop rule for line break around conditionals 2018-01-11 11:34:01 -05:00
Moved o_auth/saml/ldap modules under gitlab/auth 2018-02-23 07:10:39 -05:00			`if Gitlab::Auth::LDAP::Access.allowed?(user)`
Replace colorize gem with rainbow. Colorize is a gem licensed under the GPLv2, so we can’t use it in GitLab without relicensing GitLab under the terms of the GPL. Rainbow is licensed under the MIT license and does the exact same thing as Colorize, so Rainbow was added in place of Colorize. The syntax is slightly different for Rainbow vs. Colorize, and was updated in accordance. The gem is still a dependency of Spinach, so it’s included in the development/test environments, but won’t be packaged with the actual product, and therefore doesn’t require we relicense the product. An attempt at relicensing Colorize was made, but didn’t succeed as the library owner never responded. Rainbow library: https://github.com/sickill/rainbow Relevant issue regarding licensing in GitLab's gems: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3775 2016-06-01 18:37:15 -04:00			`puts " [OK]".color(:green)`
adds rake task to clean up deleted LDAP users 2014-06-26 09:38:11 -04:00			`else`
			`if block_flag`
fixed rake task to block removed ldap users 2015-02-16 04:00:25 -05:00			`user.block! unless user.blocked?`
Replace colorize gem with rainbow. Colorize is a gem licensed under the GPLv2, so we can’t use it in GitLab without relicensing GitLab under the terms of the GPL. Rainbow is licensed under the MIT license and does the exact same thing as Colorize, so Rainbow was added in place of Colorize. The syntax is slightly different for Rainbow vs. Colorize, and was updated in accordance. The gem is still a dependency of Spinach, so it’s included in the development/test environments, but won’t be packaged with the actual product, and therefore doesn’t require we relicense the product. An attempt at relicensing Colorize was made, but didn’t succeed as the library owner never responded. Rainbow library: https://github.com/sickill/rainbow Relevant issue regarding licensing in GitLab's gems: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3775 2016-06-01 18:37:15 -04:00			`puts " [BLOCKED]".color(:red)`
adds rake task to clean up deleted LDAP users 2014-06-26 09:38:11 -04:00			`else`
Replace colorize gem with rainbow. Colorize is a gem licensed under the GPLv2, so we can’t use it in GitLab without relicensing GitLab under the terms of the GPL. Rainbow is licensed under the MIT license and does the exact same thing as Colorize, so Rainbow was added in place of Colorize. The syntax is slightly different for Rainbow vs. Colorize, and was updated in accordance. The gem is still a dependency of Spinach, so it’s included in the development/test environments, but won’t be packaged with the actual product, and therefore doesn’t require we relicense the product. An attempt at relicensing Colorize was made, but didn’t succeed as the library owner never responded. Rainbow library: https://github.com/sickill/rainbow Relevant issue regarding licensing in GitLab's gems: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3775 2016-06-01 18:37:15 -04:00			`puts " [NOT IN LDAP]".color(:yellow)`
adds rake task to clean up deleted LDAP users 2014-06-26 09:38:11 -04:00			`end`
			`end`
			`end`

			`unless block_flag`
Replace colorize gem with rainbow. Colorize is a gem licensed under the GPLv2, so we can’t use it in GitLab without relicensing GitLab under the terms of the GPL. Rainbow is licensed under the MIT license and does the exact same thing as Colorize, so Rainbow was added in place of Colorize. The syntax is slightly different for Rainbow vs. Colorize, and was updated in accordance. The gem is still a dependency of Spinach, so it’s included in the development/test environments, but won’t be packaged with the actual product, and therefore doesn’t require we relicense the product. An attempt at relicensing Colorize was made, but didn’t succeed as the library owner never responded. Rainbow library: https://github.com/sickill/rainbow Relevant issue regarding licensing in GitLab's gems: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3775 2016-06-01 18:37:15 -04:00			`puts "To block these users run this command with BLOCK=true".color(:yellow)`
adds rake task to clean up deleted LDAP users 2014-06-26 09:38:11 -04:00			`end`
			`end`
Add local project uploads cleanup task 2018-07-26 17:23:33 -04:00
			`desc "GitLab \| Cleanup \| Clean orphaned project uploads"`
			`task project_uploads: :gitlab_environment do`
			`warn_user_is_not_gitlab`

			`cleaner = Gitlab::Cleanup::ProjectUploads.new(logger: logger)`
			`cleaner.run!(dry_run: dry_run?)`

			`if dry_run?`
			`logger.info "To clean up these files run this command with DRY_RUN=false".color(:yellow)`
			`end`
			`end`

Clean orphaned files in object storage 2018-07-30 14:14:38 -04:00			`desc 'GitLab \| Cleanup \| Clean orphan remote upload files that do not exist in the db'`
			`task remote_upload_files: :environment do`
			`cleaner = Gitlab::Cleanup::RemoteUploads.new(logger: logger)`
			`cleaner.run!(dry_run: dry_run?)`

			`if dry_run?`
			`logger.info "To cleanup these files run this command with DRY_RUN=false".color(:yellow)`
			`end`
			`end`

Add rake task to clean orphan artifact files This adds the rake task rake gitlab:cleanup:orphan_job_artifact_files. This rake task cleans all orphan job artifact files it can find on disk. It performs a search on the complete folder of all artifacts on disk. Then it filters out all the job artifact ID for which it could not find a record with matching ID in the database. For these, the file is deleted from disk. 2019-06-13 17:07:59 -04:00			`desc 'GitLab \| Cleanup \| Clean orphan job artifact files'`
			`task orphan_job_artifact_files: :gitlab_environment do`
			`warn_user_is_not_gitlab`

			`cleaner = Gitlab::Cleanup::OrphanJobArtifactFiles.new(limit: limit, dry_run: dry_run?, niceness: niceness, logger: logger)`
			`cleaner.run!`

			`if dry_run?`
			`logger.info "To clean up these files run this command with DRY_RUN=false".color(:yellow)`
			`end`
			`end`

Rake task to cleanup expired ActiveSession lookup keys In some cases ActiveSession.cleanup was not called after authentication, so for some user ActiveSession lookup keys grew without ever cleaning up. This Rake task manually iterates over the lookup keys and removes ones without existing ActiveSession. 2019-07-12 08:25:12 -04:00			`namespace :sessions do`
			`desc "GitLab \| Cleanup \| Sessions \| Clean ActiveSession lookup keys"`
			`task active_sessions_lookup_keys: :gitlab_environment do`
			`session_key_pattern = "#{Gitlab::Redis::SharedState::USER_SESSIONS_LOOKUP_NAMESPACE}:*"`
			`last_save_check = Time.at(0)`
			`wait_time = 10.seconds`
			`cursor = 0`
			`total_users_scanned = 0`

			`Gitlab::Redis::SharedState.with do \|redis\|`
			`begin`
			`cursor, keys = redis.scan(cursor, match: session_key_pattern)`
			`total_users_scanned += keys.count`

			`if last_save_check < Time.now - 1.second`
			`while redis.info('persistence')['rdb_bgsave_in_progress'] == '1'`
			`puts "BGSAVE in progress, waiting #{wait_time} seconds"`
			`sleep(wait_time)`
			`end`
			`last_save_check = Time.now`
			`end`

			`keys.each do \|key\|`
			`user_id = key.split(':').last`

			`lookup_key_count = redis.scard(key)`

			`session_ids = ActiveSession.session_ids_for_user(user_id)`
Add latest changes from gitlab-org/gitlab@master 2019-11-27 13:06:30 -05:00			`entries = ActiveSession.raw_active_session_entries(redis, session_ids, user_id)`
Rake task to cleanup expired ActiveSession lookup keys In some cases ActiveSession.cleanup was not called after authentication, so for some user ActiveSession lookup keys grew without ever cleaning up. This Rake task manually iterates over the lookup keys and removes ones without existing ActiveSession. 2019-07-12 08:25:12 -04:00			`session_ids_and_entries = session_ids.zip(entries)`

			`inactive_session_ids = session_ids_and_entries.map do \|session_id, session\|`
			`session_id if session.nil?`
			`end.compact`

			`redis.pipelined do \|conn\|`
			`inactive_session_ids.each do \|session_id\|`
			`conn.srem(key, session_id)`
			`end`
			`end`

			`if inactive_session_ids`
			`puts "deleted #{inactive_session_ids.count} out of #{lookup_key_count} lookup keys for User ##{user_id}"`
			`end`
			`end`
			`end while cursor.to_i != 0`

			`puts "--- All done! Total number of scanned users: #{total_users_scanned}"`
			`end`
			`end`
			`end`

Add local project uploads cleanup task 2018-07-26 17:23:33 -04:00			`def remove?`
			`ENV['REMOVE'] == 'true'`
			`end`

			`def dry_run?`
			`ENV['DRY_RUN'] != 'false'`
			`end`

Add rake task to clean orphan artifact files This adds the rake task rake gitlab:cleanup:orphan_job_artifact_files. This rake task cleans all orphan job artifact files it can find on disk. It performs a search on the complete folder of all artifacts on disk. Then it filters out all the job artifact ID for which it could not find a record with matching ID in the database. For these, the file is deleted from disk. 2019-06-13 17:07:59 -04:00			`def debug?`
			`ENV['DEBUG'].present?`
			`end`

			`def limit`
			`ENV['LIMIT']&.to_i`
			`end`

			`def niceness`
			`ENV['NICENESS'].presence`
			`end`

Add a rubocop for Rails.logger Suggests to use a JSON structured log instead Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102 2019-07-10 15:26:47 -04:00			`# rubocop:disable Gitlab/RailsLogger`
Add local project uploads cleanup task 2018-07-26 17:23:33 -04:00			`def logger`
			`return @logger if defined?(@logger)`

			`@logger = if Rails.env.development? \|\| Rails.env.production?`
			`Logger.new(STDOUT).tap do \|stdout_logger\|`
			`stdout_logger.extend(ActiveSupport::Logger.broadcast(Rails.logger))`
Add rake task to clean orphan artifact files This adds the rake task rake gitlab:cleanup:orphan_job_artifact_files. This rake task cleans all orphan job artifact files it can find on disk. It performs a search on the complete folder of all artifacts on disk. Then it filters out all the job artifact ID for which it could not find a record with matching ID in the database. For these, the file is deleted from disk. 2019-06-13 17:07:59 -04:00			`stdout_logger.level = debug? ? Logger::DEBUG : Logger::INFO`
Add local project uploads cleanup task 2018-07-26 17:23:33 -04:00			`end`
			`else`
			`Rails.logger`
			`end`
			`end`
Add a rubocop for Rails.logger Suggests to use a JSON structured log instead Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102 2019-07-10 15:26:47 -04:00			`# rubocop:enable Gitlab/RailsLogger`
Cleanup service tasks 2012-12-24 23:14:05 -05:00			`end`
			`end`