uninitialized constant Rackup::Handler::WEBrick (NameError)

[arrowcircle]

Hey, I recently started to see this error in the logs. This is sidekiq process, sidekiq starts, but metrics server definitely don't.
This happens with sidekiq 7.3.5 and webrick 1.8.0 and 1.9.0 and latest versions of yabeda*. Any ideas how to fix this?

#<Thread:0x00007ff9e68293e8 /usr/local/bundle/gems/yabeda-prometheus-0.9.1/lib/yabeda/prometheus/exporter.rb:23 run> terminated with exception (report_on_exception is true):
/usr/local/bundle/gems/yabeda-prometheus-0.9.1/lib/yabeda/prometheus/exporter.rb:47:in `rack_handler': uninitialized constant Rackup::Handler::WEBrick (NameError)

            ::Rackup::Handler::WEBrick
                             ^^^^^^^^^
	from /usr/local/bundle/gems/yabeda-prometheus-0.9.1/lib/yabeda/prometheus/exporter.rb:25:in `block in start_metrics_server!'

[brtz]

Hi,
ran into the same issue, looks like this change on rackup introduced this behaviour. See:

https://github.com/rack/rackup/pull/23/files

and the discussion around it (webrick should not be used because of security concerns).

It shows up more frequently now, as Rails 8 was just released and uses rackup 2.2.0 (which includes the change). To hotfix this in your app, you can downgrade to 2.1.0 like this:

gem "rackup", "2.1.0"

I think the "soft deprecation" on rackup simply failed and wasn't tested thoroughly. Even if you explicitly install webrick through your Gemfile, it will fail with 2.2.0. rackup's maintainers ask every library to not use rackup basically any longer and yabeda-prometheus has ::Rackup::Handler::WEBrick hardcoded.

https://github.com/yabeda-rb/yabeda-prometheus/blob/master/lib/yabeda/prometheus/exporter.rb#L46-L47

There is a hint on using Yabeda::Prometheus::Exporter.rack_app in the readme though. Cannot get this to work, a working example for a standalone app would be greatly appreciated.

In my humble opinion this whole thing is a bloody mess: the cve on webrick is not really a cve, the fix was implemented the day after report, the fixed webrick gem was released a week after. Ruby's maintainer clearly state that you should not use webrick in production. But there is a very valid reason to run webrick as a dedicated thread: If you do not wish to have a "second class citizen service" like a prometheus exporter running on the same webserver as your main application. Let's say you have a misconfigured scrape config that results in dosing your own prometheus exporter. This will then also dos your main app. If the exporter runs on it's own webrick instead, it will just kill that and the main app will be less affected. Another fully valid use case is to run your prometheus exporter with webrick in an app like solidqueue's workers (bin/jobs). That does not need a fancy webserver like puma or falcon, it just needs something that can handle a few http requests.

[ioquatix]

We have released Rackup v2.2.1 which tries to load webrick and rackup/handler/webrick if possible. This should restore the compatibility for versions of ruby that come with webrick by default.

In Ruby 3.4, webrick is no longer included by default, and you'll need to add this explicit dependency - IIUC there have been warnings in place since Ruby 3.0.

> chruby 3.3
> irb
irb(main):001> require 'webrick'
/home/samuel/.rubies/ruby-3.3.6/bin/irb:25: warning: webrick is not part of the default gems starting from Ruby 3.0.0. Install webrick from RubyGems.

> chruby head
> irb
irb(main):001> require 'webrick'
<internal:/home/samuel/.rubies/ruby-head/lib/ruby/3.4.0+0/rubygems/core_ext/kernel_require.rb>:136:in 'Kernel#require': cannot load such file -- webrick (LoadError)

To fix this properly, please use the main public interface of rackup: Rackup::Handler.get(:webrick). I would advise you to update any code that directly references Rackup::Handler::WEBrick to this approach, and if you explicitly depend on webrick to ensure it's in your gemfile.