logo标签列表

GitLab 初始根密码

gitlabgitlab-omnibus
25
我正在尝试自动部署预配置好的GitLab,需要指定初始根密码,以便首次登录不会提示密码重置屏幕。我在模板中看到了omnibus配置选项:https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L509
506 #### Change the initial default admin password and shared runner registration tokens.
507 ####! **Only applicable on initial setup, changing these settings after database
508 ####!   is created and seeded won't yield any change.**
509 # gitlab_rails['initial_root_password'] = "password"

然而,正如文档所说,安装后此选项将不会生效。因此,使用gitlab-ctl reconfigure不能部署这些更改,我已经测试过了。

当我尝试此帖子中的解决方案时:

$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="gitlab@domain.com" DISABLE_DATABASE_ENVIRONMENT_CHECK=1
This will create the necessary database tables and seed the database.
You will lose any previous data stored in the database.
Do you want to continue (yes/no)? yes

PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
: DROP DATABASE IF EXISTS "gitlabhq_production"
Couldn't drop database 'gitlabhq_production'
rake aborted!
ActiveRecord::StatementInvalid: PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
: DROP DATABASE IF EXISTS "gitlabhq_production"
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'

Caused by:
PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
Tasks: TOP => db:drop:_unsafe
(See full trace by running task with --trace)

当我尝试使用gitlab-ctl stop停止gitlab以使没有用户访问它时,它会失败并出现以下错误:
$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="gitlab@domain.com" DISABLE_DATABASE_ENVIRONMENT_CHECK=1
rake aborted!
PG::ConnectionBad: could not connect to server: No such file or directory
        Is the server running locally and accepting
        connections on Unix domain socket "/var/opt/gitlab/postgresql/.s.PGSQL.5432"?
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:261:in `load_license'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:250:in `current'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:254:in `feature_available?'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/ee/gitlab/auth/ldap/config.rb:19:in `_available_servers'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/auth/ldap/config.rb:39:in `available_servers'
/opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:3:in `<module:Strategies>'
/opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:2:in `<top (required)>'
/opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:6:in `<top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
Tasks: TOP => gitlab:setup => gitlab_environment => environment
(See full trace by running task with --trace)

我该如何在omnibus安装的GitLab中设置初始root密码?
你修复过这个问题吗?我也遇到了同样的问题。 - P Burke
我也遇到了同样的问题,你最终解决了吗? - JavaHead
6个回答
56

我遇到了类似的问题。即使我设置了环境变量,我的Gitlab CE 仍然无法登录。所以我使用“root”用户重置了密码。

# dir: /etc/gitlab
gitlab-rake "gitlab:password:reset[root]"

等待10分钟。然后获取结果。

Enter password:
Confirm password:
Password successfully updated for user with username root.

然后一切照常进行。

20
"等待十分钟"让我微笑。 - angabriel
2
为了更加清晰明确:只需复制粘贴Khai Vu输入的内容,不要更改任何密码、用户名等信息。 - mistige
10分钟的等待时间可不是开玩笑的... 至少对于一个中型的EC2 AWS实例来说... - undefined
6

我经过尝试并成功实践,详情请参考这里

    docker run -d  \
-v $GITLAB_HOME/config:/etc/gitlab \
-v $GITLAB_HOME/logs:/var/log/gitlab \
-v $GITLAB_HOME/data:/var/opt/gitlab \
--hostname example.com \
-p 443:443 -p 80:80 -p 2222:22 \
-e GITLAB_ROOT_EMAIL="root@local" -e GITLAB_ROOT_PASSWORD="gitlab_root_password" -e EXTERNAL_URL="http://example.com" \
--name gitlab --restart unless-stopped gitlab/gitlab-ce:latest

因此,对于综合安装,您可以将以下内容设置为环境变量,然后使用yum/apt安装gitlab-ce或gitlab-ee:

GITLAB_ROOT_EMAIL="root@local"
GITLAB_ROOT_PASSWORD="gitlab_root_password" 
EXTERNAL_URL="http://example.com"

当然,根据实际情况更改数值。

5
如果您正在使用Docker,您可以获取此bash:
docker exec -it gitlab_continer bash

打开 Rails 控制台。

gitlab-rails console -e production

输入下面的代码:

user = User.where(id: 1).first
user.password = 'your secret'
user.password_confirmation = 'your secret'
user.save
exit

你可以从以下链接获取更多信息: https://docs.gitlab.com/ee/security/reset_user_password.html
3
以下内容适用于在Centos-8机器上通过Ansible进行的Omnibus安装。如果您没有使用Ansible,可以查看可以以另一种方式进行脚本化的步骤。
我尝试设置应该设置密码的环境变量,但它们似乎不起作用,所以最终我使用了Rails控制台来设置密码,这使我能够使用用户名和密码获取可以与其余GitLab API一起使用的oauth令牌。
- name: PLAYBOOK gitlab-omnibus.yml
  hosts: all
  become: yes
  vars_files:
    - vars.yml

  tasks:
    - name: install gitlab pre-reqs for centos/8 (curl, policycoreutils, openssh-server, jq)
      dnf:
        name:
          - curl
          - policycoreutils
          - openssh-server
          - jq # just used for troubleshooting

    - name: get_url https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
      get_url:
        url: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
        dest: ./script.rpm.sh
        mode: 0740
    - name: Run script to install and configure gitlab repo 
      shell: ./script.rpm.sh
       
    - name: Install the GitLab package for "https://{{new_hostname}}" WITH PROVIDED PASSWORD
      shell: sudo EXTERNAL_URL="https://{{new_hostname}}" dnf install -y gitlab-ee

    - name: use the rails console to change the password
      # {{':'}} is to escape the colon
      shell: sudo gitlab-rails runner "user = User.where(id{{':'}} 1).first; user.password = '{{gitlab_root_password}}'; user.password_confirmation = '{{gitlab_root_password}}'; user.save!"

    - name: restart gitlab wait 5 mins and then try to connect to "https://{{new_hostname}}"
      command: "gitlab-ctl restart"

    - name: install pip3
      dnf:
        name: python3-pip

    - name: Install gitlab python package
      pip:
        name: python-gitlab

    - name: Wait for two mins for gitlab to restart
      pause: 
        minutes: 2

    - name: Get oauth token from https://{{new_hostname}}/oauth/token
      uri: 
        url: https://{{new_hostname}}/oauth/token?grant_type=password&username=root&password={{gitlab_root_password}}
        method: POST
        return_content: yes
        status_code: 200
        body_format: json
        validate_certs: yes
      register: token

    - name: create a user
      uri:
        url: https://{{new_hostname}}/api/v4/users
        method: POST
        headers: 
          Authorization: "Bearer {{token.json.access_token}}"
        body_format: json
        body:
          email: any.body@gmail.com
          username: bodya
          name: "Any Body"
          password: "{{gitlab_root_password}}"
        status_code: 201, 409 # 201 is created, 409 is already exists; makes idempotent
        validate_certs: yes
      register: gitlab_users
非常好的本地化方法。完美运作。 - secavfr
1

我个人遇到了所有这些方法的问题。结果发现密码太弱,不符合要求。设置一个更复杂的初始密码就足以使其正常工作。

目前你的回答不够清晰。请编辑并添加更多细节,以帮助其他人理解它如何回答所提出的问题。你可以在帮助中心找到有关如何撰写好答案的更多信息。 - Community
0

在运行安装程序之前需要设置环境变量,但它的要求非常具体,如果手动运行,则需要在同一行上。如果使用ansible运行,则可以使用environment关键字来提供变量。

手动解决方案 sudo EXTERNAL_URL="http://example.gitlab.com" GITLAB_ROOT_PASSWORD="testing1234" yum install -y gitlab-ce

Ansible解决方案

- name: Install Gitlab
  yum:
    name: gitlab-ce
    state: present
  environment:
    - EXTERNAL_URL: "http://example.gitlab.com"
    - GITLAB_ROOT_PASSWORD: "testing1234"
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接