running /usr/bin/gpg-agent failed because of /var/opt/gitlab permissions
Summary
running /usr/bin/gpg-agent failed because of /var/opt/gitlab permissions
Steps to reproduce
Do a git command that call ou GitLab server, like git fetch.
What is the current bug behavior?
On ssh git connection, there is some errors with gpg.
Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: gpgconf: running /usr/bin/gpg-agent failed (exitcode=2): General error
Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: gpgconf: fatal error (exit status 1)What is the expected correct behavior?
No errors?
Relevant logs
Relevant logs
Oct 17 12:08:01 gitlab.domain.tld sshd[22008]: Accepted publickey for git from X.X.X.X port 59773 ssh2: RSA SHA256:XXXXXXXXXXXXX Oct 17 12:08:01 gitlab.domain.tld sshd[22008]: pam_unix(sshd:session): session opened for user git by (uid=0) Oct 17 12:08:01 gitlab.domain.tld systemd[1]: Created slice User Slice of git. Oct 17 12:08:01 gitlab.domain.tld systemd[1]: Starting User Manager for UID 998... Oct 17 12:08:01 gitlab.domain.tld systemd-logind[477]: New session 27083 of user git. Oct 17 12:08:01 gitlab.domain.tld systemd[1]: Started Session 27083 of user git. Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: pam_unix(systemd-user:session): session opened for user git by (uid=0) Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: gpgconf: running /usr/bin/gpg-agent failed (exitcode=2): General error Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: gpgconf: fatal error (exit status 1) Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Reached target Paths. Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Listening on GnuPG cryptographic agent and passphrase cache. Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Listening on GnuPG network certificate management daemon. Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Reached target Timers. Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Reached target Sockets. Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Reached target Basic System. Oct 17 12:08:01 gitlab.domain.tld systemd[22010]: Reached target Default.
Details of package version
Provide the package version installation details
$ dpkg-query -l "gitlab-*" Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-========================================-=========================-=========================-===================================================================================== ii gitlab-ce 12.3.5-ce.0 amd64 GitLab Community Edition (including NGINX, Postgres, Redis) un gitlab-ee <none> <none> (no description available)
Environment details
- Operating System:
ubuntu 18.04 LTS - Installation Target, remove incorrect values: Bare Metal Machine
- Installation Type, remove incorrect values: existing installation and up to date on
12.3.5 - Is there any other software running on the machine:
no - Is this a single or multiple node installation?
single node - Resources
- CPU:
8 - Memory total:
16.0GB
- CPU:
Configuration details
Provide the relevant sections of `/etc/gitlab/gitlab.rb`
external_url "https://git.domain.tld" registry_external_url "https://registry.gitlab.domain.tld" mattermost_external_url "https://chat.domain.tld" gitlab_rails['time_zone'] = "Paris" gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = '' gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = '' gitlab_rails['smtp_password'] = '' gitlab_rails['smtp_domain'] = 'git.domain.tld' gitlab_rails['smtp_authentication'] = 'plain' gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true gitlab_rails['smtp_openssl_verify_mode'] = 'none' gitlab_rails['smtp_ca_path'] = '/etc/ssl/certs' gitlab_rails['smtp_ca_file'] = '/etc/ssl/certs/ca-certificates.crt' gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = "gitlab@domain.tld" gitlab_rails['gitlab_default_can_create_group'] = false gitlab_rails['gitlab_username_changing_enabled'] = false gitlab_rails['gitlab_default_theme'] = "2" gitlab_rails['gitlab_default_projects_features_issues'] = true gitlab_rails['gitlab_default_projects_features_merge_requests'] = true gitlab_rails['gitlab_default_projects_features_wiki'] = false gitlab_rails['gitlab_default_projects_features_snippets'] = false gitlab_rails['gitlab_default_projects_features_builds'] = false gitlab_rails['gitlab_default_projects_features_container_registry'] = false gitlab_rails['sentry_enabled'] = true gitlab_rails['sentry_dsn'] = "" gitlab_rails['sentry_clientside_dsn'] = "" gitlab_rails['sentry_environment'] = "production" gitlab_rails['incoming_email_enabled'] = true gitlab_rails['incoming_email_address'] = "reply+%{key}@gitlab.domain.tld" gitlab_rails['incoming_email_email'] = "" gitlab_rails['incoming_email_password'] = "" gitlab_rails['incoming_email_host'] = "" gitlab_rails['incoming_email_port'] = 993 gitlab_rails['incoming_email_ssl'] = true gitlab_rails['incoming_email_mailbox_name'] = "INBOX/GitLab" gitlab_rails['backup_keep_time'] = 79200 gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" gitlab_rails['backup_upload_connection'] = {} gitlab_rails['backup_upload_remote_directory'] = '' gitlab_rails['usage_ping_enabled'] = false git_data_dirs({"default" => {"path" => "/var/opt/gitlab/git-data"} }) nginx['redirect_http_to_https_port'] = 80 nginx['redirect_http_to_https'] = true nginx['ssl_protocols'] = "TLSv1.2" letsencrypt['enable'] = true letsencrypt['contact_emails'] = ["devops@domain.tld"] mattermost['enable'] = true mattermost['gitlab_enable'] = true mattermost['gitlab_auth_endpoint'] = "https://git.domain.tld/oauth/authorize" mattermost['gitlab_token_endpoint'] = "https://git.domain.tld/oauth/token" mattermost['gitlab_user_api_endpoint'] = "https://git.domain.tld/api/v4/user" mattermost['service_use_ssl'] = true mattermost_nginx['redirect_http_to_https'] = true mattermost_nginx['ssl_protocols'] = "TLSv1.2" mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location /.well-known {\n root /var/opt/gitlab/nginx/www;\n}\n" prometheus['listen_address'] = ':9090' node_exporter['enable'] = false
Solution
Since I manually set git as /var/opt/gitlab owner, I don't see the errors in logs anymore. (sudo chown git:git /var/opt/gitlab)
I read this that helps me https://serverfault.com/a/972889/172710.
Edited by nicolas-brousse