Merge pull request #3002 from kkimurak/issue/2766-2992_use-ipv4-for-healcheck-url

sachilles · web-flow · commit 9f025eabb24d · 2024-09-25T16:21:18.000+02:00
Various fixes to health check scripts
diff --git a/README.md b/README.md
@@ -1611,7 +1611,7 @@ Time between sampling of unicorn socket metrics, in seconds, defaults to `10`
 
 ##### `GITLAB_MONITORING_IP_WHITELIST`
 
-IP whitelist to access monitoring endpoints, defaults to `0.0.0.0/8`
+IP whitelist to access monitoring endpoints. No defaults.
 
 ##### `GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED`
 
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
@@ -629,7 +629,7 @@ GITLAB_SHELL_CUSTOM_HOOKS_DIR=${GITLAB_SHELL_CUSTOM_HOOKS_DIR:-"$GITLAB_SHELL_IN
 
 ## MONITORING
 GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL=${GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL:-10}
-GITLAB_MONITORING_IP_WHITELIST=${GITLAB_MONITORING_IP_WHITELIST:-"0.0.0.0/8"}
+GITLAB_MONITORING_IP_WHITELIST=${GITLAB_MONITORING_IP_WHITELIST:-}
 GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED:-true}
 GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS:-"0.0.0.0"}
 GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT:-3807}
diff --git a/assets/runtime/functions b/assets/runtime/functions
@@ -351,6 +351,10 @@ gitlab_configure_gitaly() {
 gitlab_configure_monitoring() {
   echo "Configuring gitlab::monitoring..."
 
+  if [ "${GITLAB_MONITORING_IP_WHITELIST}" == "" ]; then
+    exec_as_git sed -i "/{{GITLAB_MONITORING_IP_WHITELIST}}/d" ${GITLAB_CONFIG}
+  fi
+
   update_template ${GITLAB_CONFIG} \
     GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL \
     GITLAB_MONITORING_IP_WHITELIST \
@@ -1855,13 +1859,13 @@ generate_healthcheck_script() {
   # configure healthcheck script
   ## https://docs.gitlab.com/ee/user/admin_area/monitoring/health_check.html
   local HEALTHCHECK_PROTOCOL="http"
-  if [[ "${GITLAB_HTTPS}" == true ]]; then
+  if [[ "${GITLAB_HTTPS}" == true && "${SSL_SELF_SIGNED}" == false ]]; then
     HEALTHCHECK_PROTOCOL="${HEALTHCHECK_PROTOCOL}s"
   fi
 cat > /usr/local/sbin/healthcheck <<EOF
 #!/bin/bash
-url=${HEALTHCHECK_PROTOCOL}://localhost${GITLAB_RELATIVE_URL_ROOT}/-/liveness
-options=( '--insecure' '--location' '--silent' )
+url=${HEALTHCHECK_PROTOCOL}://127.0.0.1${GITLAB_RELATIVE_URL_ROOT}/-/liveness
+options=( '--insecure' '--silent' )
 curl "\${options[@]}" \$url
 [[ "\$(curl \${options[@]} -o /dev/null -I -w '%{http_code}' \$url)" == "200" ]]
 EOF
