Skip to content

GET deployment times out during GitLab reconfigure due to gitlab-pages::enable regeneration step even though we have Pages already set up.

GET deployment times out during GitLab reconfigure due to gitlab-pages::enable regeneration step already having Pages set up.

Summary:

When we deploy GitLab using the GitLab Environment Toolkit , the Ansible task
“Reconfigure GitLab deploy node” fails with a timeout on the GitLab Rails node.
The failure occurs during the gitlab-ctl reconfigure process, specifically inside the gitlab-pages::enable recipe.

Despite having GitLab Pages set up, credentials already defined and hard-coded in the environment’s vars.yml, the ruby_block[authorize pages with gitlab] step still runs and attempts to re-authorize Pages with the main GitLab instance.
This step takes approximately one minute, which causes GET’s SSH execution timeout and marks the host as UNREACHABLE.

Environment:

  • Deployment method: GitLab Environment Toolkit (GET)
  • Configuration management: Ansible
  • Playbook step: Reconfigure GitLab deploy node
  • Node: gitlab-community-prod-gitlab-rails-1
  • GitLab Edition: GitLab Community Edition
  • OS: CentOS / RHEL derivative
  • External URL: https://gitlab-community-vlab.noaa.gov
  • Pages URL: https://pages-gitlab-community-vlab.noaa.gov

Relevant Configuration (vars.yml):

File path:
/gitlab-environment-toolkit/ansible/environments/Gitlab-Licensed-Prod/inventory/vars.yml

gitlab_custom_secrets_json: { "gitlab_pages": { "gitlab_secret": "<REDACTED>", "gitlab_id": "<REDACTED>", "auth_secret": "<REDACTED>", "api_secret_key": "<REDACTED>", "register_as_oauth_app": false } }

All GitLab Pages secrets are pre-configured, and register_as_oauth_app is explicitly set to false.

Observed Behavior:

During GET deployment:

[ERROR]: Task failed: EXEC command 'printf '%s\n' 'jHqVZYWXXYQAMcJFVezSHOmcwJ'; echo | sudo -H -S -n -u root /bin/sh -c 'echo BECOME-SUCCESS-ddjoqvxiixzyjjushgadealbiauswlbe ; SKIP_POST_DEPLOYMENT_MIGRATIONS=true /usr/bin/python3.9 /home/centos/.ansible/tmp/ansible-tmp-1762277765.1454914-16916-215900448291521/AnsiballZ_command.py'; printf '\n%s\n%s\n' "$?" 'GaorcTkRIgpThBoKydCmJFtKhJ'; ' timeout on host: i-0c8011d0ddd71464d Origin: /gitlab-environment-toolkit/ansible/roles/gitlab_rails/tasks/main.yml:124:7

122 when: gitlab_rails_custom_config_file_path.stat.exists 123 124 - name: Reconfigure GitLab deploy node ^ column 7

fatal: [gitlab-community-dev-gitlab-rails-1]: UNREACHABLE! => changed=false msg: |- Task failed: EXEC command 'printf '%s\n' 'jHqVZYWXXYQAMcJFVezSHOmcwJ'; echo | sudo -H -S -n -u root /bin/sh -c 'echo BECOME-SUCCESS-ddjoqvxiixzyjjushgadealbiauswlbe ; SKIP_POST_DEPLOYMENT_MIGRATIONS=true /usr/bin/python3.9 /home/centos/.ansible/tmp/ansible-tmp-1762277765.1454914-16916-215900448291521/AnsiballZ_command.py'; printf '\n%s\n%s\n' "$?" 'GaorcTkRIgpThBoKydCmJFtKhJ'; ' timeout on host: i-0c8011d0ddd71464d unreachable: true

Chef logs on the Rails node show:

`Recipe: gitlab-pages::enable

  • ruby_block[authorize pages with gitlab] action run WARN: Connecting to GitLab to generate new app_id and app_secret for GitLabPages `

This step executes even though Pages is already configured and register_as_oauth_app is false, adding roughly 60 seconds to the reconfigure process and triggering Ansible’s command timeout.

Expected Behavior:

  • The reconfigure process should detect existing Pages credentials and skip re-authorization when register_as_oauth_app is false.
  • gitlab-ctl reconfigure should complete within expected runtime, allowing GET to continue successfully.

Actual Behavior:

  • The gitlab-pages::enable recipe always executes the authorization block.
  • The step pauses for ~1 minute, exceeding Ansible’s SSH timeout window.
  • GET reports the Rails node as UNREACHABLE, even though the configuration eventually completes.

Cause:

The gitlab-pages::enable recipe unconditionally runs the ruby_block[authorize pages with gitlab] action, which performs an internal OAuth validation request.
This occurs regardless of whether the credentials are already provided and register_as_oauth_app is false.
The resulting delay causes Ansible’s timeout during automated GET deployments.

Impact:

  • GET deployments consistently fail at the Rails node when GitLab Pages is enabled.
  • Causes false negatives in automation pipelines.
  • Cannot complete Gitlab Upgrades.

Proposed Fix:

  • Gitlab Version: 18.4.3
  • GET Version: 3.8
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information