package main import ( "flag" "fmt" "io/ioutil" "net" "net/http" _ "net/http/pprof" "os" "syscall" "time" "gitlab.com/gitlab-org/labkit/log" "gitlab.com/gitlab-org/labkit/monitoring" "gitlab.com/gitlab-org/labkit/tracing" "gitlab.com/gitlab-org/gitlab-workhorse/internal/config" "gitlab.com/gitlab-org/gitlab-workhorse/internal/queueing" "gitlab.com/gitlab-org/gitlab-workhorse/internal/redis" "gitlab.com/gitlab-org/gitlab-workhorse/internal/secret" "gitlab.com/gitlab-org/gitlab-workhorse/internal/upstream" ) // Version is the current version of GitLab Workhorse var Version = "(unknown version)" // Set at build time in the Makefile // BuildTime signifies the time the binary was build var BuildTime = "19700101.000000" // Set at build time in the Makefile type bootConfig struct { secretPath string listenAddr string listenNetwork string listenUmask int pprofListenAddr string prometheusListenAddr string logFile string logFormat string printVersion bool } func main() { boot, cfg, err := buildConfig(os.Args[0], os.Args[1:]) if err == (alreadyPrintedError{flag.ErrHelp}) { os.Exit(0) } if err != nil { if _, alreadyPrinted := err.(alreadyPrintedError); !alreadyPrinted { fmt.Fprintln(os.Stderr, err) } os.Exit(2) } if boot.printVersion { fmt.Printf("gitlab-workhorse %s-%s\n", Version, BuildTime) os.Exit(0) } log.WithError(run(*boot, *cfg)).Fatal("shutting down") } type alreadyPrintedError struct{ error } // buildConfig may print messages to os.Stderr if err != nil. If err is // of type alreadyPrintedError it has already been printed. func buildConfig(arg0 string, args []string) (*bootConfig, *config.Config, error) { boot := &bootConfig{} cfg := &config.Config{Version: Version} fset := flag.NewFlagSet(arg0, flag.ContinueOnError) fset.Usage = func() { fmt.Fprintf(fset.Output(), "Usage of %s:\n", arg0) fmt.Fprintf(fset.Output(), "\n %s [OPTIONS]\n\nOptions:\n", arg0) fset.PrintDefaults() } configFile := fset.String("config", "", "TOML file to load config from") fset.StringVar(&boot.secretPath, "secretPath", "./.gitlab_workhorse_secret", "File with secret key to authenticate with authBackend") fset.StringVar(&boot.listenAddr, "listenAddr", "localhost:8181", "Listen address for HTTP server") fset.StringVar(&boot.listenNetwork, "listenNetwork", "tcp", "Listen 'network' (tcp, tcp4, tcp6, unix)") fset.IntVar(&boot.listenUmask, "listenUmask", 0, "Umask for Unix socket") fset.StringVar(&boot.pprofListenAddr, "pprofListenAddr", "", "pprof listening address, e.g. 'localhost:6060'") fset.StringVar(&boot.prometheusListenAddr, "prometheusListenAddr", "", "Prometheus listening address, e.g. 'localhost:9229'") fset.StringVar(&boot.logFile, "logFile", "", "Log file location") fset.StringVar(&boot.logFormat, "logFormat", "text", "Log format to use defaults to text (text, json, structured, none)") fset.BoolVar(&boot.printVersion, "version", false, "Print version and exit") // gitlab-rails backend authBackend := fset.String("authBackend", upstream.DefaultBackend.String(), "Authentication/authorization backend") fset.StringVar(&cfg.Socket, "authSocket", "", "Optional: Unix domain socket to dial authBackend at") // actioncable backend cableBackend := fset.String("cableBackend", upstream.DefaultBackend.String(), "ActionCable backend") fset.StringVar(&cfg.CableSocket, "cableSocket", "", "Optional: Unix domain socket to dial cableBackend at") fset.StringVar(&cfg.DocumentRoot, "documentRoot", "public", "Path to static files content") fset.DurationVar(&cfg.ProxyHeadersTimeout, "proxyHeadersTimeout", 5*time.Minute, "How long to wait for response headers when proxying the request") fset.BoolVar(&cfg.DevelopmentMode, "developmentMode", false, "Allow the assets to be served from Rails app") fset.UintVar(&cfg.APILimit, "apiLimit", 0, "Number of API requests allowed at single time") fset.UintVar(&cfg.APIQueueLimit, "apiQueueLimit", 0, "Number of API requests allowed to be queued") fset.DurationVar(&cfg.APIQueueTimeout, "apiQueueDuration", queueing.DefaultTimeout, "Maximum queueing duration of requests") fset.DurationVar(&cfg.APICILongPollingDuration, "apiCiLongPollingDuration", 50*time.Second, "Long polling duration for job requesting for runners (default 50s - enabled)") fset.BoolVar(&cfg.PropagateCorrelationID, "propagateCorrelationID", false, "Reuse existing Correlation-ID from the incoming request header `X-Request-ID` if present") if err := fset.Parse(args); err != nil { return nil, nil, alreadyPrintedError{err} } if fset.NArg() > 0 { err := alreadyPrintedError{fmt.Errorf("unexpected arguments: %v", fset.Args())} fmt.Fprintln(fset.Output(), err) fset.Usage() return nil, nil, err } var err error cfg.Backend, err = parseAuthBackend(*authBackend) if err != nil { return nil, nil, fmt.Errorf("authBackend: %v", err) } cfg.CableBackend, err = parseAuthBackend(*cableBackend) if err != nil { return nil, nil, fmt.Errorf("cableBackend: %v", err) } tomlData := "" if *configFile != "" { buf, err := ioutil.ReadFile(*configFile) if err != nil { return nil, nil, fmt.Errorf("configFile: %v", err) } tomlData = string(buf) } cfgFromFile, err := config.LoadConfig(tomlData) if err != nil { return nil, nil, fmt.Errorf("configFile: %v", err) } cfg.Redis = cfgFromFile.Redis cfg.ObjectStorageCredentials = cfgFromFile.ObjectStorageCredentials cfg.ImageResizerConfig = cfgFromFile.ImageResizerConfig cfg.AltDocumentRoot = cfgFromFile.AltDocumentRoot return boot, cfg, nil } // run() lets us use normal Go error handling; there is no log.Fatal in run(). func run(boot bootConfig, cfg config.Config) error { closer, err := startLogging(boot.logFile, boot.logFormat) if err != nil { return err } defer closer.Close() tracing.Initialize(tracing.WithServiceName("gitlab-workhorse")) log.WithField("version", Version).WithField("build_time", BuildTime).Print("Starting") // Good housekeeping for Unix sockets: unlink before binding if boot.listenNetwork == "unix" { if err := os.Remove(boot.listenAddr); err != nil && !os.IsNotExist(err) { return err } } // Change the umask only around net.Listen() oldUmask := syscall.Umask(boot.listenUmask) listener, err := net.Listen(boot.listenNetwork, boot.listenAddr) syscall.Umask(oldUmask) if err != nil { return fmt.Errorf("main listener: %v", err) } finalErrors := make(chan error) // The profiler will only be activated by HTTP requests. HTTP // requests can only reach the profiler if we start a listener. So by // having no profiler HTTP listener by default, the profiler is // effectively disabled by default. if boot.pprofListenAddr != "" { l, err := net.Listen("tcp", boot.pprofListenAddr) if err != nil { return fmt.Errorf("pprofListenAddr: %v", err) } go func() { finalErrors <- http.Serve(l, nil) }() } monitoringOpts := []monitoring.Option{monitoring.WithBuildInformation(Version, BuildTime)} if boot.prometheusListenAddr != "" { l, err := net.Listen("tcp", boot.prometheusListenAddr) if err != nil { return fmt.Errorf("prometheusListenAddr: %v", err) } monitoringOpts = append(monitoringOpts, monitoring.WithListener(l)) } go func() { // Unlike http.Serve, which always returns a non-nil error, // monitoring.Start may return nil in which case we should not shut down. if err := monitoring.Start(monitoringOpts...); err != nil { finalErrors <- err } }() secret.SetPath(boot.secretPath) if cfg.Redis != nil { redis.Configure(cfg.Redis, redis.DefaultDialFunc) go redis.Process() } if err := cfg.RegisterGoCloudURLOpeners(); err != nil { return fmt.Errorf("register cloud credentials: %v", err) } accessLogger, accessCloser, err := getAccessLogger(boot.logFile, boot.logFormat) if err != nil { return fmt.Errorf("configure access logger: %v", err) } defer accessCloser.Close() up := wrapRaven(upstream.NewUpstream(cfg, accessLogger)) go func() { finalErrors <- http.Serve(listener, up) }() return <-finalErrors }