Avoid instance variable re-use trouble
This is the quickest/dumbest/safest way I could think of to prevent
the instance variable reuse problems we have on dev.gitlab.org now.
See merge request !1237
https://gitlab.com/gitlab-org/gitlab-git-http-server
This change introduces the GITLAB_GRACK_AUTH_ONLY environment
variable. When set, Grack requests to GitLab will only respond with
the user's GL_ID (if the request is OK) or an error. This allows
gitlab-git-http-server to use the main GitLab application as an
authentication and authorization backend.
If we like how this works we should drop the GITLAB_GRACK_AUTH_ONLY
variable at some point in the future.
Ths commit does next:
* When we remove project we move repository to path+deleted.git
* Then we schedule removal of path+deleted with sidekiq
* If repository move failed we abort project removal
This should help us with NFS issue when project get removed but
repository stayed. The full explanation of problem is below:
* rm -rf project.git
* rm -rf removes project.git/objects/foo
* NFS server renames foo to foo.nfsXXXX because some NFS client (think
* Unicorn) still has the file open
* rm -rf exits, but project.git/objects/foo.nfsXXX still exists
* Unicorn closes the file, the NFS client closes the file (foo), and the
* NFS server removes foo.nfsXXX
* the directory project.git/objects/ still exists => problem
So now we move repository and even if repository removal failed
Repository directory is moved so no bugs with project removed but
repository directory taken. User still able to create new project with
same name. From administrator perspective you can easily find stalled
repositories by searching `*+deleted.git`
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
On some misconfigured GitLab servers, if you look in production.log it looks
like all requests come from 127.0.0.1. To avoid unwanted banning we
white-list 127.0.0.1 with this commit.
When doing an HTTP push, git (as of v1.7.9) first do an info/refs
request, and only if this request requires authentication it asks the
user for its password and authenticates further requests.
The initial request normally clears without auth on public repos as it
doesn't update any ref. This patch forces every git-receive-pack
requests to provide authentication.
Douwe Maan
Marin Jankovski
Jacob Vosmaer
Stan Hu
Robert Speicher
Dmitriy Zaporozhets
Kirilll Zaitsev
GitLab
Valery Sizov
Valery Sizov
Ciro Santilli
Sean Edge
Thomas Guyot-Sionnest