gitlab初始root密码

Posted 2023-02-19

【中文标题】gitlab初始root密码

【英文标题】：gitlab initial root password

【发布时间】：2020-05-20 13:22:19

【问题描述】：

我正在尝试自动部署 gitlab，它已预先配置了所有内容。我需要指定一个初始 root 密码，以便密码重置屏幕不会提示首次登录。我在模板中看到了综合配置选项：https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L509

506 #### Change the initial default admin password and shared runner registration tokens.
507 ####! **Only applicable on initial setup, changing these settings after database
508 ####!   is created and seeded won't yield any change.**
509 # gitlab_rails['initial_root_password'] = "password"

但是，正如文档所述，此选项在安装后不会生效。所以，使用gitlab-ctl reconfigure 不会部署这些更改，正如我测试过的那样。

当我从this post 尝试解决方案时：

$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="gitlab@domain.com" DISABLE_DATABASE_ENVIRONMENT_CHECK=1
This will create the necessary database tables and seed the database.
You will lose any previous data stored in the database.
Do you want to continue (yes/no)? yes

PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
: DROP DATABASE IF EXISTS "gitlabhq_production"
Couldn't drop database 'gitlabhq_production'
rake aborted!
ActiveRecord::StatementInvalid: PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
: DROP DATABASE IF EXISTS "gitlabhq_production"
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'

Caused by:
PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
Tasks: TOP => db:drop:_unsafe
(See full trace by running task with --trace)

当我尝试停止 gitlab 以便没有用户使用 gitlab-ctl stop 访问它时，它会失败并出现以下错误：

$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="gitlab@domain.com" DISABLE_DATABASE_ENVIRONMENT_CHECK=1
rake aborted!
PG::ConnectionBad: could not connect to server: No such file or directory
        Is the server running locally and accepting
        connections on Unix domain socket "/var/opt/gitlab/postgresql/.s.PGSQL.5432"?
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:261:in `load_license'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:250:in `current'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:254:in `feature_available?'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/ee/gitlab/auth/ldap/config.rb:19:in `_available_servers'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/auth/ldap/config.rb:39:in `available_servers'
/opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:3:in `<module:Strategies>'
/opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:2:in `<top (required)>'
/opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:6:in `<top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
Tasks: TOP => gitlab:setup => gitlab_environment => environment
(See full trace by running task with --trace)

如何通过综合安装为 gitlab 设置初始 root 密码？

【问题讨论】：

你解决过这个问题吗？我*遇到了同样的问题。

我也遇到了同样的问题，你解决了吗？

【参考方案1】：

以下“当前”适用于通过 Ansible 在 centos-8 机器上进行的综合安装。如果你没有使用 ansible，你可以看到可以用另一种方式编写脚本的步骤。

我尝试设置应该设置密码的环境变量，但它们似乎不起作用，所以最后我使用rails控制台设置密码，这允许我使用用户名和密码获取 oauth 令牌，我可以将其与 gitlab API 的其余部分一起使用

---

- name: PLAYBOOK gitlab-omnibus.yml
  hosts: all
  become: yes
  vars_files:
    - vars.yml

  tasks:
    - name: install gitlab pre-reqs for centos/8 (curl, policycoreutils, openssh-server, jq)
      dnf:
        name:
          - curl
          - policycoreutils
          - openssh-server
          - jq # just used for troubleshooting

    - name: get_url https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
      get_url:
        url: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
        dest: ./script.rpm.sh
        mode: 0740
    - name: Run script to install and configure gitlab repo 
      shell: ./script.rpm.sh
       
    - name: Install the GitLab package for "https://new_hostname" WITH PROVIDED PASSWORD
      shell: sudo EXTERNAL_URL="https://new_hostname" dnf install -y gitlab-ee

    - name: use the rails console to change the password
      # ':' is to escape the colon
      shell: sudo gitlab-rails runner "user = User.where(id':' 1).first; user.password = 'gitlab_root_password'; user.password_confirmation = 'gitlab_root_password'; user.save!"

    - name: restart gitlab wait 5 mins and then try to connect to "https://new_hostname"
      command: "gitlab-ctl restart"

    - name: install pip3
      dnf:
        name: python3-pip

    - name: Install gitlab python package
      pip:
        name: python-gitlab

    - name: Wait for two mins for gitlab to restart
      pause: 
        minutes: 2

    - name: Get oauth token from https://new_hostname/oauth/token
      uri: 
        url: https://new_hostname/oauth/token?grant_type=password&username=root&password=gitlab_root_password
        method: POST
        return_content: yes
        status_code: 200
        body_format: json
        validate_certs: yes
      register: token

    - name: create a user
      uri:
        url: https://new_hostname/api/v4/users
        method: POST
        headers: 
          Authorization: "Bearer token.json.access_token"
        body_format: json
        body:
          email: any.body@gmail.com
          username: bodya
          name: "Any Body"
          password: "gitlab_root_password"
        status_code: 201, 409 # 201 is created, 409 is already exists; makes idempotent
        validate_certs: yes
      register: gitlab_users

【参考方案2】：

这对我有用详情here:

    docker run -d  \
-v $GITLAB_HOME/config:/etc/gitlab \
-v $GITLAB_HOME/logs:/var/log/gitlab \
-v $GITLAB_HOME/data:/var/opt/gitlab \
--hostname example.com \
-p 443:443 -p 80:80 -p 2222:22 \
-e GITLAB_ROOT_EMAIL="root@local" -e GITLAB_ROOT_PASSWORD="gitlab_root_password" -e EXTERNAL_URL="http://example.com" \
--name gitlab --restart unless-stopped gitlab/gitlab-ce:latest

所以对于综合安装，您可以将以下设置为环境变量，然后执行 gitlab-ce 或 gitlab-ee 的 yum/apt 安装：

GITLAB_ROOT_EMAIL="root@local"
GITLAB_ROOT_PASSWORD="gitlab_root_password" 
EXTERNAL_URL="http://example.com"

当然要相应地更改值。