gitlab-exporter 11.16.0 → 11.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.gitlab-ci.yml +2 -1
- data/Gemfile.lock +9 -9
- data/config/gitlab-exporter.yml.example +5 -1
- data/lib/gitlab_exporter/database/row_count.rb +3 -3
- data/lib/gitlab_exporter/tls_helper.rb +39 -0
- data/lib/gitlab_exporter/version.rb +1 -1
- data/lib/gitlab_exporter/web_exporter.rb +45 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 885bd06ee8dbcc064e6f1f05fb13d2b216d8f371f2781d4fb6118ac1ab073236
|
|
4
|
+
data.tar.gz: 2257a1c7eaf0caecd81adc4f7db1b66f2d4176fe3d594969be15add4fb190ce9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3c7683f8f49f4d600bff7612eb1a7608b994ab19a5e8c220ebc78115ffd05ac8f778d2d57a2036a444570254eae1d0278f3bfcc5716ea79134ac9b87e6bde417
|
|
7
|
+
data.tar.gz: 336f305f91b21446789b8152d255929419bf494ed6f1c74faf03e7c4b89e4b117b02e584170ec5d64efddd64c4ad6f0adc1a8037b00f7c26fcb2835ddc9a49ff
|
data/.gitignore
CHANGED
data/.gitlab-ci.yml
CHANGED
|
@@ -25,7 +25,8 @@ default:
|
|
|
25
25
|
.before_scripts: &before_scripts
|
|
26
26
|
- git config --global user.email "bot@gitlab.com"
|
|
27
27
|
- git config --global user.name "Bot User"
|
|
28
|
-
- bundle
|
|
28
|
+
- bundle config set --local deployment true
|
|
29
|
+
- bundle install -j $(nproc)
|
|
29
30
|
|
|
30
31
|
workflow:
|
|
31
32
|
rules: &workflow_rules
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
gitlab-exporter (11.
|
|
4
|
+
gitlab-exporter (11.18.0)
|
|
5
5
|
connection_pool (= 2.2.5)
|
|
6
6
|
faraday (~> 1.8.0)
|
|
7
7
|
pg (= 1.2.3)
|
|
@@ -37,8 +37,8 @@ GEM
|
|
|
37
37
|
faraday-net_http_persistent (1.2.0)
|
|
38
38
|
faraday-patron (1.0.0)
|
|
39
39
|
faraday-rack (1.0.0)
|
|
40
|
-
multipart-post (2.
|
|
41
|
-
mustermann (
|
|
40
|
+
multipart-post (2.2.3)
|
|
41
|
+
mustermann (2.0.2)
|
|
42
42
|
ruby2_keywords (~> 0.0.1)
|
|
43
43
|
nio4r (2.5.8)
|
|
44
44
|
parallel (1.20.1)
|
|
@@ -48,8 +48,8 @@ GEM
|
|
|
48
48
|
puma (5.6.2)
|
|
49
49
|
nio4r (~> 2.0)
|
|
50
50
|
quantile (0.2.1)
|
|
51
|
-
rack (2.2.
|
|
52
|
-
rack-protection (2.2.
|
|
51
|
+
rack (2.2.4)
|
|
52
|
+
rack-protection (2.2.2)
|
|
53
53
|
rack
|
|
54
54
|
rainbow (3.0.0)
|
|
55
55
|
redis (4.4.0)
|
|
@@ -87,12 +87,12 @@ GEM
|
|
|
87
87
|
connection_pool (>= 2.2.2)
|
|
88
88
|
rack (~> 2.0)
|
|
89
89
|
redis (>= 4.2.0)
|
|
90
|
-
sinatra (2.2.
|
|
91
|
-
mustermann (~>
|
|
90
|
+
sinatra (2.2.2)
|
|
91
|
+
mustermann (~> 2.0)
|
|
92
92
|
rack (~> 2.2)
|
|
93
|
-
rack-protection (= 2.2.
|
|
93
|
+
rack-protection (= 2.2.2)
|
|
94
94
|
tilt (~> 2.0)
|
|
95
|
-
tilt (2.0.
|
|
95
|
+
tilt (2.0.11)
|
|
96
96
|
unicode-display_width (1.7.0)
|
|
97
97
|
webrick (1.7.0)
|
|
98
98
|
|
|
@@ -6,11 +6,15 @@ db_common: &db_common
|
|
|
6
6
|
|
|
7
7
|
# Web server config
|
|
8
8
|
server:
|
|
9
|
-
name:
|
|
9
|
+
name: webrick # cf. https://github.com/sinatra/sinatra#available-settings
|
|
10
10
|
listen_address: 0.0.0.0
|
|
11
11
|
listen_port: 9168
|
|
12
12
|
# Maximum amount of memory to use in megabytes, after which the process is killed
|
|
13
13
|
memory_threshold: 1024
|
|
14
|
+
# TLS settings
|
|
15
|
+
tls_enabled: false
|
|
16
|
+
tls_cert_path: /tmp/server.crt
|
|
17
|
+
tls_key_path: /tmp/server.key
|
|
14
18
|
|
|
15
19
|
# Probes config
|
|
16
20
|
probes:
|
|
@@ -136,7 +136,7 @@ module GitLab
|
|
|
136
136
|
select: :container_repositories,
|
|
137
137
|
where: <<~SQL
|
|
138
138
|
migration_state <> 'import_done'
|
|
139
|
-
AND created_at < '2022-
|
|
139
|
+
AND created_at < '2022-08-17 00:00:00'
|
|
140
140
|
SQL
|
|
141
141
|
},
|
|
142
142
|
container_repositories_pre_importing: {
|
|
@@ -174,7 +174,7 @@ module GitLab
|
|
|
174
174
|
select: :container_repositories,
|
|
175
175
|
where: <<~SQL
|
|
176
176
|
migration_state <> 'import_done'
|
|
177
|
-
AND created_at < '2022-
|
|
177
|
+
AND created_at < '2022-08-17 00:00:00'
|
|
178
178
|
AND (migration_plan IN ('free', 'early_adopter')
|
|
179
179
|
OR migration_plan IS NULL)
|
|
180
180
|
SQL
|
|
@@ -182,7 +182,7 @@ module GitLab
|
|
|
182
182
|
container_repositories_import_done_free: {
|
|
183
183
|
select: :container_repositories,
|
|
184
184
|
where: <<~SQL
|
|
185
|
-
(migration_state = 'import_done' OR created_at >= '2022-
|
|
185
|
+
(migration_state = 'import_done' OR created_at >= '2022-08-17 00:00:00')
|
|
186
186
|
AND (migration_plan IN ('free', 'early_adopter')
|
|
187
187
|
OR migration_plan IS NULL)
|
|
188
188
|
SQL
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# Contains helper methods to generate TLS related configuration for web servers
|
|
2
|
+
module TLSHelper
|
|
3
|
+
CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
|
|
4
|
+
|
|
5
|
+
def validate_tls_config(config)
|
|
6
|
+
%i[tls_cert_path tls_key_path].each do |key|
|
|
7
|
+
fail "TLS enabled, but #{key} not specified in config" unless config.key?(key)
|
|
8
|
+
|
|
9
|
+
fail "File specified via #{key} not found: #{config[key]}" unless File.exist?(config[key])
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def webrick_tls_config(config)
|
|
14
|
+
# This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
|
|
15
|
+
require "webrick/ssl"
|
|
16
|
+
|
|
17
|
+
certs = load_ca_certs_bundle(File.binread(config[:tls_cert_path]))
|
|
18
|
+
|
|
19
|
+
{
|
|
20
|
+
SSLEnable: true,
|
|
21
|
+
SSLCertificate: certs.shift,
|
|
22
|
+
SSLPrivateKey: OpenSSL::PKey.read(File.binread(config[:tls_key_path])),
|
|
23
|
+
# SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
|
|
24
|
+
# SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
|
|
25
|
+
SSLStartImmediately: true,
|
|
26
|
+
SSLExtraChainCert: certs
|
|
27
|
+
}
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# In Ruby OpenSSL v3.0.0, this can be replaced by OpenSSL::X509::Certificate.load
|
|
31
|
+
# https://github.com/ruby/openssl/issues/254
|
|
32
|
+
def load_ca_certs_bundle(ca_certs_string)
|
|
33
|
+
return [] unless ca_certs_string
|
|
34
|
+
|
|
35
|
+
ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
|
|
36
|
+
OpenSSL::X509::Certificate.new(ca_cert_string)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
require "sinatra/base"
|
|
2
2
|
require "English"
|
|
3
|
+
require "cgi"
|
|
4
|
+
|
|
5
|
+
require_relative "tls_helper"
|
|
3
6
|
|
|
4
7
|
module GitLab
|
|
5
8
|
module Exporter
|
|
@@ -51,6 +54,8 @@ module GitLab
|
|
|
51
54
|
end
|
|
52
55
|
|
|
53
56
|
class << self
|
|
57
|
+
include TLSHelper
|
|
58
|
+
|
|
54
59
|
DEFAULT_WEB_SERVER = "webrick".freeze
|
|
55
60
|
|
|
56
61
|
def setup(config)
|
|
@@ -74,8 +79,47 @@ module GitLab
|
|
|
74
79
|
config ||= {}
|
|
75
80
|
|
|
76
81
|
set(:server, config.fetch(:name, DEFAULT_WEB_SERVER))
|
|
77
|
-
set(:bind, config.fetch(:listen_address, "0.0.0.0"))
|
|
78
82
|
set(:port, config.fetch(:listen_port, 9168))
|
|
83
|
+
|
|
84
|
+
# Depending on whether TLS is enabled or not, bind string
|
|
85
|
+
# will be different.
|
|
86
|
+
if config.fetch(:tls_enabled, "false").to_s == "true"
|
|
87
|
+
set_tls_config(config)
|
|
88
|
+
else
|
|
89
|
+
set(:bind, config.fetch(:listen_address, "0.0.0.0"))
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def set_tls_config(config) # rubocop:disable Naming/AccessorMethodName
|
|
94
|
+
validate_tls_config(config)
|
|
95
|
+
|
|
96
|
+
web_server = config.fetch(:name, DEFAULT_WEB_SERVER)
|
|
97
|
+
if web_server == "webrick"
|
|
98
|
+
set_webrick_tls(config)
|
|
99
|
+
elsif web_server == "puma"
|
|
100
|
+
set_puma_tls(config)
|
|
101
|
+
else
|
|
102
|
+
fail "TLS not supported for web server `#{web_server}`."
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
def set_webrick_tls(config) # rubocop:disable Naming/AccessorMethodName
|
|
107
|
+
server_settings = {}
|
|
108
|
+
server_settings.merge!(webrick_tls_config(config))
|
|
109
|
+
|
|
110
|
+
set(:bind, config.fetch(:listen_address, "0.0.0.0"))
|
|
111
|
+
set(:server_settings, server_settings)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
def set_puma_tls(config) # rubocop:disable Naming/AccessorMethodName
|
|
115
|
+
listen_address = config.fetch(:listen_address, "0.0.0.0")
|
|
116
|
+
listen_port = config.fetch(:listen_port, 8443)
|
|
117
|
+
tls_cert_path = CGI.escape(config.fetch(:tls_cert_path))
|
|
118
|
+
tls_key_path = CGI.escape(config.fetch(:tls_key_path))
|
|
119
|
+
|
|
120
|
+
bind_string = "ssl://#{listen_address}:#{listen_port}?cert=#{tls_cert_path}&key=#{tls_key_path}"
|
|
121
|
+
|
|
122
|
+
set(:bind, bind_string)
|
|
79
123
|
end
|
|
80
124
|
|
|
81
125
|
def setup_probes(config)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitlab-exporter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 11.
|
|
4
|
+
version: 11.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Pablo Carranza
|
|
@@ -204,6 +204,7 @@ files:
|
|
|
204
204
|
- lib/gitlab_exporter/prometheus.rb
|
|
205
205
|
- lib/gitlab_exporter/ruby.rb
|
|
206
206
|
- lib/gitlab_exporter/sidekiq.rb
|
|
207
|
+
- lib/gitlab_exporter/tls_helper.rb
|
|
207
208
|
- lib/gitlab_exporter/util.rb
|
|
208
209
|
- lib/gitlab_exporter/version.rb
|
|
209
210
|
- lib/gitlab_exporter/web_exporter.rb
|