Skip to content

Permissions issues with gitlab-secrets.json

I'm trying to run GitLab on my local Mac OSX machine using a docker container. When running gitlab-ctl reconfigure, there are permissions issues with /etc/gitlab/gitlab-secrets.json even though it has mod 777. Is there something wrong with my permission configuration?

$ docker exec -it gitlab ls -al /etc/gitlab
total 136
drwxrwxrwx 10 root root   320 Jun 18 21:02 .
drwxr-xr-x  1 root root  4096 Jun 19 13:58 ..
-rwxrwxrwx  1 root root 15370 Jun 19 14:16 gitlab-secrets.json
-rwxrwxrwx  1 root root 91805 Jun 18 21:02 gitlab.rb
-rwxrwxrwx  1 root root   227 Jun 18 21:02 ssh_host_ecdsa_key
-rwxrwxrwx  1 root root   185 Jun 18 21:02 ssh_host_ecdsa_key.pub
-rwxrwxrwx  1 root root   419 Jun 18 21:02 ssh_host_ed25519_key
-rwxrwxrwx  1 root root   105 Jun 18 21:02 ssh_host_ed25519_key.pub
-rwxrwxrwx  1 root root  1675 Jun 18 21:02 ssh_host_rsa_key
-rwxrwxrwx  1 root root   405 Jun 18 21:02 ssh_host_rsa_key.pub

The error I'm getting is this one:

123:      end
124:  
125:      nil
126:    end
127:  end
128:  

System Info:
------------
chef_version=13.6.4
platform=ubuntu
platform_version=16.04
ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client


Running handlers:
There was an error running gitlab-ctl reconfigure:

Operation not permitted @ rb_file_chmod - /etc/gitlab/gitlab-secrets.json

Running handlers complete
Chef Client failed. 0 resources updated in 06 seconds
SIGTERM signal received, try to gracefully shutdown all services...
ok: down: sshd: 1s, normally up
Thank you for using GitLab Docker Image!
Current version: gitlab-ce=11.11.3-ce.0

Configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
And restart this container to reload settings.
To do it use docker exec:

  docker exec -it gitlab vim /etc/gitlab/gitlab.rb
  docker restart gitlab

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

If this container fails to start due to permission problems try to fix it by executing:

  docker exec -it gitlab update-permissions
  docker restart gitlab

Cleaning stale PIDs & sockets
Preparing services...
Starting services...
Configuring GitLab...
/opt/gitlab/embedded/bin/runsvdir-start: line 24: ulimit: pending signals: cannot modify limit: Operation not permitted
/opt/gitlab/embedded/bin/runsvdir-start: line 37: /proc/sys/fs/file-max: Read-only file system
Starting Chef Client, version 13.6.4
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - package (0.1.0)
  - redis (0.1.0)
  - mattermost (0.1.0)
  - gitaly (0.1.0)
  - nginx (0.1.0)
  - runit (4.3.0)
  - postgresql (0.1.0)
  - consul (0.1.0)
  - acme (3.1.0)
  - letsencrypt (0.1.0)
  - crond (0.1.0)
  - registry (0.1.0)
  - compat_resource (12.19.1)
  - gitlab (0.0.1)
Installing Cookbook Gems:
Compiling Cookbooks...

================================================================================
Recipe Compile Error in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/default.rb
================================================================================

Errno::EPERM
------------
Operation not permitted @ rb_file_chmod - /etc/gitlab/gitlab-secrets.json

Cookbook Trace:
---------------
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:121:in `chmod'
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:121:in `block in write_to_gitlab_secrets'
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:119:in `open'
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:119:in `write_to_gitlab_secrets'
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/settings_helper.rb:163:in `generate_secrets'
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/settings_helper.rb:167:in `generate_config'
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/config.rb:26:in `from_file'
  /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/default.rb:26:in `from_file'

Relevant File Content:
----------------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:

There was an error running gitlab-ctl reconfigure:

Operation not permitted @ rb_file_chmod - /etc/gitlab/gitlab-secrets.json

114:  
115:    def self.write_to_gitlab_secrets
116:      secret_tokens = gather_gitlab_secrets
117:  
118:      if File.directory?('/etc/gitlab')
119:        File.open('/etc/gitlab/gitlab-secrets.json', 'w', 0600) do |f|
120:          f.puts(Chef::JSONCompat.to_json_pretty(secret_tokens))
121>>         f.chmod(0600)
122:        end
123:      end
124:  
125:      nil
126:    end
127:  end
128:  

System Info:
------------
chef_version=13.6.4
platform=ubuntu
platform_version=16.04
ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client