Folder not created when running only redis
When configuring the GitLab-EE omnibus package to act only as a redis node, the .ssh
folder where the generated ssh keys are placed, is not created but required by the recipe ssh_keygen
.
The easiest way to reproduce this problem in one line is as follows:
$ docker run --env GITLAB_OMNIBUS_CONFIG="redis_master_role['enable'] = true;" gitlab/gitlab-ee
Thank you for using GitLab Docker Image!
Current version: gitlab-ee=8.15.3-ee.0
Configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
And restart this container to reload settings.
To do it use docker exec:
docker exec -it gitlab vim /etc/gitlab/gitlab.rb
docker restart gitlab
For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
If this container fails to start due to permission problems try to fix it by executing:
docker exec -it gitlab update-permissions
docker restart gitlab
Installing gitlab.rb config...
Generating ssh_host_rsa_key...
Generating public/private rsa key pair.
Your identification has been saved in /etc/gitlab/ssh_host_rsa_key.
Your public key has been saved in /etc/gitlab/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:q9eU61nvQ4rg2lQDqKZxfbyhdC8h/2zgsUsRxZpogCQ root@96f57feb6196
The key's randomart image is:
+---[RSA 2048]----+
|E... .. |
| .. . . .. |
| ...oo |
| oo.oo |
| . +.+ S o. |
| = . *+Oo. . |
| . .oBB.o.o |
| ==+=o... |
| ooo+= .o. |
+----[SHA256]-----+
Generating ssh_host_ecdsa_key...
Generating public/private ecdsa key pair.
Your identification has been saved in /etc/gitlab/ssh_host_ecdsa_key.
Your public key has been saved in /etc/gitlab/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:VRKF9OOGjYc8A3Igy/DoDeo0T0Cpx4C4q0SwGs0e7Uw root@96f57feb6196
The key's randomart image is:
+---[ECDSA 256]---+
|o.o . . .++o |
|*. = o . .+ |
|oOo.+ . o . o |
|=+BoE o + * . |
|+B.*. S B = |
|=.= o = |
|o. . |
|. |
| |
+----[SHA256]-----+
Generating ssh_host_ed25519_key...
Generating public/private ed25519 key pair.
Your identification has been saved in /etc/gitlab/ssh_host_ed25519_key.
Your public key has been saved in /etc/gitlab/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:meHmycYAigcUILiSKK9A43RLWXOG4sLZU/DS8CEDMrY root@96f57feb6196
The key's randomart image is:
+--[ED25519 256]--+
|B=o=... |
|*...B=.o |
|+E+.*++ . |
|*X O.. . + |
|B.B o . S |
|.o.. * . |
|.. * |
|. . |
| |
+----[SHA256]-----+
Preparing services...
Starting services...
Configuring GitLab package...
/opt/gitlab/embedded/bin/runsvdir-start: line 24: ulimit: pending signals: cannot modify limit: Operation not permitted
/opt/gitlab/embedded/bin/runsvdir-start: line 34: ulimit: max user processes: cannot modify limit: Operation not permitted
/opt/gitlab/embedded/bin/runsvdir-start: line 37: /proc/sys/fs/file-max: Read-only file system
Configuring GitLab...
* Moving existing certificates found in /opt/gitlab/embedded/ssl/certs
* Symlinking existing certificates found in /etc/gitlab/trusted-certs
================================================================================
Error executing action `create` on resource 'file[/var/opt/gitlab/.ssh/id_rsa]'
================================================================================
Chef::Exceptions::EnclosingDirectoryDoesNotExist
------------------------------------------------
Parent directory /var/opt/gitlab/.ssh does not exist.
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/libraries/ssh_keygen.rb:164:in `block in save_private_key'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/libraries/ssh_keygen.rb:155:in `save_private_key'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/resources/ssh_keygen.rb:41:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/resources/ssh_keygen.rb:38:in `block in class_from_file'
Resource Declaration:
---------------------
suppressed sensitive resource output
Compiled Resource:
------------------
suppressed sensitive resource output
Platform:
---------
x86_64-linux
================================================================================
Error executing action `create` on resource 'ssh_keygen[/var/opt/gitlab/.ssh/id_rsa]'
================================================================================
Chef::Exceptions::EnclosingDirectoryDoesNotExist
------------------------------------------------
file[/var/opt/gitlab/.ssh/id_rsa] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/libraries/ssh_keygen.rb line 156) had an error: Chef::Exceptions::EnclosingDirectoryDoesNotExist: Parent directory /var/opt/gitlab/.ssh does not exist.
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/libraries/ssh_keygen.rb:164:in `block in save_private_key'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/libraries/ssh_keygen.rb:155:in `save_private_key'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/resources/ssh_keygen.rb:41:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/resources/ssh_keygen.rb:38:in `block in class_from_file'
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/recipes/ssh_keys.rb
26: ssh_keygen ssh_key_path do
27: action :create
28: owner gitlab_username
29: group gitlab_group
30: secure_directory true
31: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/recipes/ssh_keys.rb:26:in `from_file'
ssh_keygen("/var/opt/gitlab/.ssh/id_rsa") do
action [:create]
retries 0
retry_delay 2
default_guard_interpreter :default
declared_type :ssh_keygen
cookbook_name "gitlab-ee"
recipe_name "ssh_keys"
owner "git"
group "git"
secure_directory true
path "/var/opt/gitlab/.ssh/id_rsa"
type "rsa"
comment "git@96f57feb6196"
end
Platform:
---------
x86_64-linux
Mind that this behavior is present installing the GitLab RPM as well and not only using the docker image.
The error is due to the lack of /var/opt/gitlab/.ssh/id_rsa
directory when gitlab-ee::ssh_keys
recipe is included.
That directory is supposed to be created by the recipe gitlab::gitlab-shell
included in the gitlab default recipe but not in this case as gitlab-rails
is not enabled (only redis service is configured to run).
This logic has been introduced by this commit.
Apart from the problem that this generates, I don't manage to understand why this is only done for gitlab-ee packages. Maybe @brodock as author of the commit can give a hand?
Thanks!