Manually Setting Postgres Cert Now Fails
Relevant gitlab.rb
postgresql['ssl_cert_file'] = '/etc/gitlab/ssl/gitlab.example.net.crt'
postgresql['ssl_key_file'] = '/etc/gitlab/ssl/gitlab.example.net.key'
There was an error running gitlab-ctl reconfigure:
file[/var/opt/gitlab/postgresql/data/etc/gitlab/ssl/gitlab.example.net.crt] (postgresql::enable line 98) had an error: Chef::Exceptions::EnclosingDirectoryDoesNotExist: Parent directory /var/opt/gitlab/postgresql/data/etc/gitlab/ssl does not exist.
The reason this fails is because the SSL certificate is now handled via the helper which is invoking a File.join
.
The reason for the change is that absolute_path
from the previous code would give back the specific path if it had a leading slash character as demonstrated below.
irb
2.6.6 :001 > path="/home/Users"
=> "/home/Users"
2.6.6 :002 > config_dir="/config_dir"
=> "/config_dir"
2.6.6 :003 > File.join(config_dir, path)
=> "/config_dir/home/Users"
2.6.6 :004 > File.absolute_path(path)
=> "/home/Users"
2.6.6 :005 > File.absolute_path(path, config_dir)
=> "/home/Users"
2.6.6 :006 > path="home/Users"
=> "home/Users"
2.6.6 :007 > File.absolute_path(path, config_dir)
=> "/config_dir/home/Users"
2.6.6 :008 >
Workaround
- Copy your SSL certificate and key file to the postgresql data directory
# if postgresql['dir'] is not set to a custom location cp gitlab.example.net.crt /var/opt/gitlab/postgresql/data/gitlab.example.net.crt cp gitlab.example.net.key /var/opt/gitlab/postgresql/data/gitlab.example.net.key # if postgresql['dir'] is set to a custom location such as /my/custom/path cp gitlab.example.net.crt /my/custom/path/data/gitlab.example.net.crt cp gitlab.example.net.key /my/custom/path/data/gitlab.example.net.key
- Set
postgresql['ssl_cert_file']
andpostgresql['ssl_key_file']
to just the file namespostgresql['ssl_cert_file'] = 'gitlab.example.net.crt' postgresql['ssl_key_file'] = 'gitlab.example.net.key'
- Run
gitlab-ctl reconfigure
Edited by Balasankar 'Balu' C