FS#66774 - [gitlab] Can't push due to invalid `.gitlab_shell_secret` path
Attached to Project:
Community Packages
Opened by simonzack (simonzack) - Monday, 25 May 2020, 09:02 GMT
Last edited by Anatol Pomozov (anatolik) - Wednesday, 27 May 2020, 22:36 GMT
Opened by simonzack (simonzack) - Monday, 25 May 2020, 09:02 GMT
Last edited by Anatol Pomozov (anatolik) - Wednesday, 27 May 2020, 22:36 GMT
|
Details
Description:
I just updated today to Gitlab 13.0.0-1. When I push, I get the following errors: ``` remote: Resolving deltas: 100% (150/150), completed with 38 local objects. remote: /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/http_helper.rb:118:in `read': No such file or directory @ rb_sysopen - /home/git/gitlab-shell/.gitlab_shell_secret (Errno::ENOENT) remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/http_helper.rb:118:in `secret_token' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/http_helper.rb:51:in `http_request_for' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/http_helper.rb:68:in `request' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/http_helper.rb:99:in `post' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/gitlab_net.rb:31:in `check_access' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/gitlab_access.rb:24:in `block in exec' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/gitlab_metrics.rb:50:in `measure' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/lib/gitlab_access.rb:23:in `exec' remote: from /usr/share/webapps/gitlab-gitaly/ruby/gitlab-shell/hooks/pre-receive:26:in `<main>' ``` Additional info: * package version(s) gitlab 13.0.0-1, gitlab-shell 2:13.2.0-1 I tried to change `/etc/webapps/gitlab-shell/config.yml` and `/etc/webapps/gitlab/gitlab.yml` to no avail. My `gitlab.yml` contains: ``` ## GitLab Shell settings gitlab_shell: path: /usr/share/webapps/gitlab-shell/ authorized_keys_file: /var/lib/gitlab/.ssh/authorized_keys ``` And `config.yml` contains the following commented out: ``` # secret_file: "/var/lib/gitlab/gitlab-shell/.gitlab_shell_secret" ``` |
This task depends upon
Closed by Anatol Pomozov (anatolik)
Wednesday, 27 May 2020, 22:36 GMT
Reason for closing: Implemented
Additional comments about closing: 13.0.0-2
Wednesday, 27 May 2020, 22:36 GMT
Reason for closing: Implemented
Additional comments about closing: 13.0.0-2
```
## GitLab Shell settings
gitlab_shell:
path: /usr/share/webapps/gitlab-shell/
authorized_keys_file: /var/lib/gitlab/.ssh/authorized_keys
# File that contains the secret key for verifying access for gitlab-shell.
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
# secret_file: /var/lib/gitlab/gitlab-shell/.gitlab_shell_secret
```
The non-legacy config settings sets the environment variables in the gitlab-shell instead, and are in `/etc/gitlab-gitaly/config.toml`.
We edit it so it says:
```
secret_file = "/var/lib/gitlab/gitlab-shell/.gitlab_shell_secret"
# custom_hooks_dir = "/home/git/custom_hooks"
```
This solves one issue, and now when we push we have:
```
remote: GitLab: Failed to authorize your Git request: internal API unreachable
```
The main thing is that we need to change the GitLab URL in the config file to point to the unix socket of `/etc/webapps/gitlab/puma.rb`
First change `/etc/gitlab-gitaly/config.toml` to include the following:
```
# dir = "/home/git/gitlab/log"
secret_file = "/var/lib/gitlab/gitlab-shell/.gitlab_shell_secret"
# custom_hooks_dir = "/home/git/custom_hooks"
gitlab_url = "http+unix://%2Frun%2Fgitlab%2Fgitlab.socket"
```
Then change `/etc/webapps/gitlab-shell/config.yml` to also have:
```
gitlab_url: "http+unix://%2Frun%2Fgitlab%2Fgitlab.socket"
```
Took some effort. I think it's useful to include something in the update message so other users can solve this problem too.
https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/388
https://gitlab.com/gitlab-org/gitaly/-/merge_requests/2213
Until then, we can always replace the localhost url with the socket path.
Please try the packages from [community-testing] and let me know if it works for you.