Skip to content

Upgrade GitLab CE to 18.0.0 #3107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
May 19, 2025
Merged

Upgrade GitLab CE to 18.0.0 #3107

merged 21 commits into from
May 19, 2025

Conversation

sachilles
Copy link
Collaborator

GitLab 18.0 Release (for more details see https://about.gitlab.com/releases/2025/05/15/gitlab-18-0-released/)

@sachilles
Copy link
Collaborator Author

sachilles commented May 16, 2025
edited
Loading

Todos:

  • Use supported docker image for postgresql. Otherwise we can't test the image.
  • Find out why the image with a supported PostgreSQL database does not start correctly

Hints:

  • The container is currently being built, but starts and hangs with error messages. Further tests are required.
  • Fix by PostgreSQL 16:
    • Error message: You are using PostgreSQL 14.8 for the main database, but this version of GitLab requires PostgreSQL >= 16 in the circle-ci pipeline due to unsupported PostgreSQL container.

@sachilles sachilles mentioned this pull request May 16, 2025
Closed
@sachilles
Copy link
Collaborator Author

@kkimurak Just followed the discussion in #3096. Can we temporarily use your docker images for the circle-ci pipelines and for the dockerfiles in this project?

@kkimurak
Copy link
Contributor

@sachilles Yes of course.

Can we temporarily use your docker images for the circle-ci pipelines and for the dockerfiles in this project?

@sachilles
Copy link
Collaborator Author

@sachilles Yes of course.

Can we temporarily use your docker images for the circle-ci pipelines and for the dockerfiles in this project?

Thank you very much!

@sachilles
Copy link
Collaborator Author

sachilles commented May 17, 2025
edited
Loading

Error on startup of the microservice

WARN[00WARN[0000] /home/circleci/project/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
redis-1  | 1:C 17 May 2025 07:41:45.323 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis-1  | 1:C 17 May 2025 07:41:45.323 # Redis version=6.2.18, bits=64, commit=00000000, modified=0, pid=1, just started
redis-1  | 1:C 17 May 2025 07:41:45.323 # Configuration loaded
redis-1  | 1:M 17 May 2025 07:41:45.324 # Server initialized
redis-1  | 1:M 17 May 2025 07:41:45.324 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
postgresql-1  | Initializing datadir...
postgresql-1  | Initializing certdir...
postgresql-1  | Initializing logdir...
postgresql-1  | Initializing rundir...
postgresql-1  | Setting resolv.conf ACLs...
postgresql-1  | Initializing database...
postgresql-1  | Configuring hot standby...
postgresql-1  | ‣ Setting postgresql.conf parameter: wal_level = 'hot_standby'
postgresql-1  | ‣ Setting postgresql.conf parameter: max_wal_senders = '16'
postgresql-1  | ‣ Setting postgresql.conf parameter: checkpoint_segments = '8'
postgresql-1  | ‣ Setting postgresql.conf parameter: wal_keep_segments = '32'
postgresql-1  | ‣ Setting postgresql.conf parameter: hot_standby = 'on'
postgresql-1  | ‣ Setting postgresql.conf parameter: data_directory = '/var/lib/postgresql/16/main'
postgresql-1  | ‣ Setting postgresql.conf parameter: log_directory = '/var/log/postgresql'
postgresql-1  | ‣ Setting postgresql.conf parameter: log_filename = 'postgresql-16-main.log'
postgresql-1  | ‣ Setting postgresql.conf parameter: ssl = 'off'
postgresql-1  | Creating database user: gitlab
postgresql-1  | Creating database: gitlabhq_production...
postgresql-1  | ‣ Loading pg_trgm extension...
postgresql-1  | ‣ Loading btree_gist extension...
postgresql-1  | ‣ Granting access to gitlab user...
postgresql-1  | Starting PostgreSQL 16...
postgresql-1  | 2025-05-17 07:41:47.199 UTC [1] LOG:  starting PostgreSQL 16.9 (Ubuntu 16.9-1.pgdg22.04+1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, 64-bit
postgresql-1  | 2025-05-17 07:41:47.199 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
postgresql-1  | 2025-05-17 07:41:47.199 UTC [1] LOG:  listening on IPv6 address "::", port 5432
postgresql-1  | 2025-05-17 07:41:47.205 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgresql-1  | 2025-05-17 07:41:47.215 UTC [159] LOG:  database system was shut down at 2025-05-17 07:41:47 UTC
postgresql-1  | 2025-05-17 07:41:47.224 UTC [1] LOG:  database system is ready to accept connections
postgresql-1  | 2025-05-17 07:42:20.212 UTC [167] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:42:20.212 UTC [167] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:42:20.215 UTC [167] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:42:20.215 UTC [167] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:42:20.228 UTC [168] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:42:20.228 UTC [168] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:42:20.229 UTC [168] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:42:20.229 UTC [168] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:42:24.866 UTC [174] ERROR:  relation "feature_gates" does not exist at character 523
postgresql-1  | 2025-05-17 07:42:24.866 UTC [174] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"feature_gates"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:42:34.013 UTC [177] ERROR:  database "gitlabhq_production" already exists
postgresql-1  | 2025-05-17 07:42:34.013 UTC [177] STATEMENT:  /*application:web,db_config_database:postgres,db_config_name:primary*/ CREATE DATABASE "gitlabhq_production" ENCODING = 'unicode'
postgresql-1  | 2025-05-17 07:42:34.319 UTC [183] ERROR:  permission denied for schema public
postgresql-1  | 2025-05-17 07:42:34.319 UTC [183] STATEMENT:  CREATE FUNCTION assign_ci_runner_machines_id_value() RETURNS trigger
postgresql-1  |             LANGUAGE plpgsql
postgresql-1  |             AS $$
postgresql-1  |         BEGIN
postgresql-1  |         IF NEW."id" IS NOT NULL THEN
postgresql-1  |           RAISE WARNING 'Manually assigning ids is not allowed, the value will be ignored';
postgresql-1  |         END IF;
postgresql-1  |         NEW."id" := nextval('ci_runner_machines_id_seq'::regclass);
postgresql-1  |         RETURN NEW;
postgresql-1  | 
postgresql-1  |         END
postgresql-1  |         $$;
postgresql-1  | 2025-05-17 07:43:05.548 UTC [188] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:43:05.548 UTC [188] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:43:05.550 UTC [188] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:43:05.550 UTC [188] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:43:06.513 UTC [192] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:43:06.513 UTC [192] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:43:06.515 UTC [192] ERROR:  relation "application_settings" does not exist at character 523
postgresql-1  | 2025-05-17 07:43:06.515 UTC [192] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"application_settings"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:43:09.132 UTC [196] ERROR:  relation "feature_gates" does not exist at character 523
postgresql-1  | 2025-05-17 07:43:09.132 UTC [196] STATEMENT:  SELECT a.attname, format_type(a.atttypid, a.atttypmod),
postgresql-1  |                pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod,
postgresql-1  |                c.collname, col_description(a.attrelid, a.attnum) AS comment,
postgresql-1  |                attidentity AS identity,
postgresql-1  |                attgenerated as attgenerated
postgresql-1  |           FROM pg_attribute a
postgresql-1  |           LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum
postgresql-1  |           LEFT JOIN pg_type t ON a.atttypid = t.oid
postgresql-1  |           LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation
postgresql-1  |          WHERE a.attrelid = '"feature_gates"'::regclass
postgresql-1  |            AND a.attnum > 0 AND NOT a.attisdropped
postgresql-1  |          ORDER BY a.attnum
postgresql-1  | 
postgresql-1  | 2025-05-17 07:43:16.724 UTC [198] ERROR:  database "gitlabhq_production" already exists
postgresql-1  | 2025-05-17 07:43:16.724 UTC [198] STATEMENT:  /*application:web,db_config_database:postgres,db_config_name:primary*/ CREATE DATABASE "gitlabhq_production" ENCODING = 'unicode'
postgresql-1  | 2025-05-17 07:43:17.075 UTC [204] ERROR:  permission denied for schema public
postgresql-1  | 2025-05-17 07:43:17.075 UTC [204] STATEMENT:  CREATE FUNCTION assign_ci_runner_machines_id_value() RETURNS trigger
postgresql-1  |             LANGUAGE plpgsql
postgresql-1  |             AS $$
postgresql-1  |         BEGIN
postgresql-1  |         IF NEW."id" IS NOT NULL THEN
postgresql-1  |           RAISE WARNING 'Manually assigning ids is not allowed, the value will be ignored';
postgresql-1  |         END IF;
postgresql-1  |         NEW."id" := nextval('ci_runner_machines_id_seq'::regclass);
postgresql-1  |         RETURN NEW;
postgresql-1  | 
postgresql-1  |         END
postgresql-1  |         $$;
gitlab-1      | Loading /etc/docker-gitlab/runtime/env-defaults
gitlab-1      | Initializing logdir...
gitlab-1      | Initializing datadir...
gitlab-1      | Generating OpenSSH host keys... RSA DSA ECDSA ED25519 
gitlab-1      | Container TimeZone -> Asia/Kolkata
gitlab-1      | Installing configuration templates...
gitlab-1      | Configuring gitlab...
gitlab-1      | Configuring gitlab::database
gitlab-1      | Configuring /home/git/.postgresqlrc to avoid version mismatch on dumping
gitlab-1      | - Detected server version: 160009
gitlab-1      | - Generating /home/git/.postgresqlrc
gitlab-1      | 16 postgresql:5432 gitlabhq_production
gitlab-1      | - Uninstalling unused client(s): postgresql-client-13 postgresql-client-14 postgresql-client-15 postgresql-client-17 
gitlab-1      | Configuring gitlab::redis
gitlab-1      | Configuring gitlab::actioncable
gitlab-1      | Configuring gitlab::secrets...
gitlab-1      | Configuring gitlab::sidekiq...
gitlab-1      | Configuring gitlab::gitaly...
gitlab-1      | Configuring gitlab::monitoring...
gitlab-1      | Configuring gitlab::gitlab-workhorse...
gitlab-1      | Configuring gitlab::puma...
gitlab-1      | Configuring gitlab::timezone...
gitlab-1      | Configuring gitlab::rack_attack...
gitlab-1      |  Validating RACK_ATTACK_WHITELIST...
gitlab-1      |   input=127.0.0.1, to_range=127.0.0.1..127.0.0.1
gitlab-1      | Configuring gitlab::ci...
gitlab-1      | Configuring gitlab::artifacts...
gitlab-1      | Configuring gitlab::packages...
gitlab-1      | Configuring gitlab::terraform_state...
gitlab-1      | Configuring gitlab::lfs...
gitlab-1      | Configuring gitlab::uploads...
gitlab-1      | Configuring gitlab::mattermost...
gitlab-1      | Configuring gitlab::project_features...
gitlab-1      | Configuring gitlab::oauth...
gitlab-1      | Configuring gitlab::ldap...
gitlab-1      | Configuring gitlab::cron_jobs...
gitlab-1      | Configuring gitlab::backups...
gitlab-1      | Configuring gitlab::backups::schedule...
gitlab-1      | Configuring gitlab::registry...
gitlab-1      | Configuring gitlab::pages...
gitlab-1      | Configuring gitlab::sentry...
gitlab-1      | Configuring gitlab::content_security_policy...
gitlab-1      | Configuring gitlab-shell...
gitlab-1      | Configuring nginx...
gitlab-1      | Configuring nginx::gitlab...
gitlab-1      | Setting up GitLab for firstrun. Please be patient, this could take a while...
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,015 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,016 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
gitlab-1      | 2025-05-17 13:11:50,016 INFO Set uid to user 0 succeeded
gitlab-1      | 2025-05-17 13:11:50,023 INFO RPC interface 'supervisor' initialized
gitlab-1      | 2025-05-17 13:11:50,024 INFO supervisord started with pid 823
gitlab-1      | 2025-05-17 13:11:51,026 INFO spawned: 'gitaly' with pid 835
gitlab-1      | 2025-05-17 13:11:51,030 INFO spawned: 'puma' with pid 836
gitlab-1      | 2025-05-17 13:11:51,033 INFO spawned: 'gitlab-workhorse' with pid 837
gitlab-1      | 2025-05-17 13:11:51,040 INFO spawned: 'sidekiq' with pid 838
gitlab-1      | 2025-05-17 13:11:51,042 INFO spawned: 'sshd' with pid 839
gitlab-1      | 2025-05-17 13:11:51,046 INFO spawned: 'nginx' with pid 843
gitlab-1      | 2025-05-17 13:11:51,054 INFO spawned: 'cron' with pid 849
gitlab-1      | 2025-05-17 13:11:52,995 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:11:52,995 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:11:52,995 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:11:52,995 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:11:52,995 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:11:52,995 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:11:52,995 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | Missing Rails.application.credentials.openid_connect_signing_key for production environment. The secret will be generated and stored in config/secrets.yml.
gitlab-1      | Missing Rails.application.credentials.active_record_encryption_primary_key for production environment. The secret will be generated and stored in config/secrets.yml.
gitlab-1      | Missing Rails.application.credentials.active_record_encryption_deterministic_key for production environment. The secret will be generated and stored in config/secrets.yml.
gitlab-1      | Missing Rails.application.credentials.active_record_encryption_key_derivation_salt for production environment. The secret will be generated and stored in config/secrets.yml.
gitlab-1      | Creating a backup of secrets file /home/git/gitlab/config/secrets.yml at /home/git/data/backups/secrets.yml.orig.1747467740
gitlab-1      | 2025-05-17 13:12:20,312 WARN exited: puma (exit status 1; not expected)
gitlab-1      | 2025-05-17 13:12:20,312 WARN exited: sidekiq (exit status 1; not expected)
gitlab-1      | 2025-05-17 13:12:21,224 INFO spawned: 'puma' with pid 923
gitlab-1      | 2025-05-17 13:12:21,228 INFO spawned: 'sidekiq' with pid 924
gitlab-1      | 2025-05-17 13:12:22,428 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:12:22,428 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | Database 'gitlabhq_production' already exists
gitlab-1      | psql:/home/git/gitlab/db/structure.sql:9: NOTICE:  extension "btree_gist" already exists, skipping
gitlab-1      | psql:/home/git/gitlab/db/structure.sql:11: NOTICE:  extension "pg_trgm" already exists, skipping
gitlab-1      | psql:/home/git/gitlab/db/structure.sql:24: ERROR:  permission denied for schema public
gitlab-1      | rake aborted!
gitlab-1      | failed to execute:
gitlab-1      | psql --set ON_ERROR_STOP=1 --quiet --no-psqlrc --output /dev/null --file /home/git/gitlab/db/structure.sql --single-transaction gitlabhq_production
gitlab-1      | 
gitlab-1      | Please check the output above for any errors and make sure that `psql` is installed in your PATH and has proper permissions.
gitlab-1      | 
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/postgresql_database_tasks.rb:120:in `run_cmd'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/postgresql_database_tasks.rb:84:in `structure_load'
gitlab-1      | /home/git/gitlab/lib/gitlab/database/postgresql_database_tasks/load_schema_versions_mixin.rb:10:in `structure_load'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:365:in `structure_load'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:379:in `load_schema'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:472:in `block (2 levels) in load_schema_current'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:520:in `block in with_temporary_connection'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:537:in `with_temporary_pool'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:519:in `with_temporary_connection'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:471:in `block in load_schema_current'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:578:in `block (2 levels) in each_current_configuration'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:575:in `each'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:575:in `block in each_current_configuration'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:586:in `each'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:586:in `each_current_environment'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:574:in `each_current_configuration'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:470:in `load_schema_current'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/railties/databases.rake:476:in `block (3 levels) in <top (required)>'
gitlab-1      | /home/git/gitlab/lib/tasks/gitlab/setup.rake:35:in `setup_db'
gitlab-1      | /home/git/gitlab/lib/tasks/gitlab/setup.rake:7:in `block (2 levels) in <top (required)>'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
gitlab-1      | /usr/local/bin/bundle:25:in `load'
gitlab-1      | /usr/local/bin/bundle:25:in `<main>'
gitlab-1      | Tasks: TOP => db:setup => db:schema:load
gitlab-1      | (See full trace by running task with --trace)
gitlab-1      | Loading /etc/docker-gitlab/runtime/env-defaults
gitlab-1      | Initializing logdir...
gitlab-1      | Initializing datadir...
gitlab-1      | Container TimeZone -> Asia/Kolkata
gitlab-1      | Installing configuration templates...
gitlab-1      | Configuring gitlab...
gitlab-1      | Configuring gitlab::database
gitlab-1      | Configuring /home/git/.postgresqlrc to avoid version mismatch on dumping
gitlab-1      | - Detected server version: 160009
gitlab-1      | - Generating /home/git/.postgresqlrc
gitlab-1      | 16 postgresql:5432 gitlabhq_production
gitlab-1      | - All installed version of clients are in use. Did not uninstalled any client...
gitlab-1      | Configuring gitlab::redis
gitlab-1      | Configuring gitlab::actioncable
gitlab-1      | Configuring gitlab::secrets...
gitlab-1      | Configuring gitlab::sidekiq...
gitlab-1      | Configuring gitlab::gitaly...
gitlab-1      | Configuring gitlab::monitoring...
gitlab-1      | Configuring gitlab::gitlab-workhorse...
gitlab-1      | Configuring gitlab::puma...
gitlab-1      | Configuring gitlab::timezone...
gitlab-1      | Configuring gitlab::rack_attack...
gitlab-1      |  Validating RACK_ATTACK_WHITELIST...
gitlab-1      |   input=127.0.0.1, to_range=127.0.0.1..127.0.0.1
gitlab-1      | Configuring gitlab::ci...
gitlab-1      | Configuring gitlab::artifacts...
gitlab-1      | Configuring gitlab::packages...
gitlab-1      | Configuring gitlab::terraform_state...
gitlab-1      | Configuring gitlab::lfs...
gitlab-1      | Configuring gitlab::uploads...
gitlab-1      | Configuring gitlab::mattermost...
gitlab-1      | Configuring gitlab::project_features...
gitlab-1      | Configuring gitlab::oauth...
gitlab-1      | Configuring gitlab::ldap...
gitlab-1      | Configuring gitlab::cron_jobs...
gitlab-1      | Configuring gitlab::backups...
gitlab-1      | Configuring gitlab::registry...
gitlab-1      | Configuring gitlab::pages...
gitlab-1      | Configuring gitlab::sentry...
gitlab-1      | Configuring gitlab::content_security_policy...
gitlab-1      | Configuring gitlab-shell...
gitlab-1      | Configuring nginx...
gitlab-1      | Configuring nginx::gitlab...
gitlab-1      | Setting up GitLab for firstrun. Please be patient, this could take a while...
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
gitlab-1      | 2025-05-17 13:12:36,318 INFO Set uid to user 0 succeeded
gitlab-1      | 2025-05-17 13:12:36,322 INFO RPC interface 'supervisor' initialized
gitlab-1      | 2025-05-17 13:12:36,322 INFO supervisord started with pid 754
gitlab-1      | 2025-05-17 13:12:37,325 INFO spawned: 'gitaly' with pid 759
gitlab-1      | 2025-05-17 13:12:37,327 INFO spawned: 'puma' with pid 760
gitlab-1      | 2025-05-17 13:12:37,330 INFO spawned: 'gitlab-workhorse' with pid 761
gitlab-1      | 2025-05-17 13:12:37,335 INFO spawned: 'sidekiq' with pid 762
gitlab-1      | 2025-05-17 13:12:37,337 INFO spawned: 'sshd' with pid 763
gitlab-1      | 2025-05-17 13:12:37,344 INFO spawned: 'nginx' with pid 764
gitlab-1      | 2025-05-17 13:12:37,346 INFO spawned: 'cron' with pid 768
gitlab-1      | 2025-05-17 13:12:39,309 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:12:39,310 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:12:39,310 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:12:39,310 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:12:39,310 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:12:39,310 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:12:39,310 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:13:05,663 WARN exited: sidekiq (exit status 1; not expected)
gitlab-1      | 2025-05-17 13:13:05,779 INFO spawned: 'sidekiq' with pid 849
gitlab-1      | 2025-05-17 13:13:06,619 WARN exited: puma (exit status 1; not expected)
gitlab-1      | 2025-05-17 13:13:07,483 INFO spawned: 'puma' with pid 856
gitlab-1      | 2025-05-17 13:13:07,484 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | 2025-05-17 13:13:08,486 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab-1      | Database 'gitlabhq_production' already exists
gitlab-1      | psql:/home/git/gitlab/db/structure.sql:9: NOTICE:  extension "btree_gist" already exists, skipping
gitlab-1      | psql:/home/git/gitlab/db/structure.sql:11: NOTICE:  extension "pg_trgm" already exists, skipping
gitlab-1      | psql:/home/git/gitlab/db/structure.sql:24: ERROR:  permission denied for schema public
gitlab-1      | rake aborted!
gitlab-1      | failed to execute:
gitlab-1      | psql --set ON_ERROR_STOP=1 --quiet --no-psqlrc --output /dev/null --file /home/git/gitlab/db/structure.sql --single-transaction gitlabhq_production
gitlab-1      | 
gitlab-1      | Please check the output above for any errors and make sure that `psql` is installed in your PATH and has proper permissions.
gitlab-1      | 
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/postgresql_database_tasks.rb:120:in `run_cmd'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/postgresql_database_tasks.rb:84:in `structure_load'
gitlab-1      | /home/git/gitlab/lib/gitlab/database/postgresql_database_tasks/load_schema_versions_mixin.rb:10:in `structure_load'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:365:in `structure_load'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:379:in `load_schema'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:472:in `block (2 levels) in load_schema_current'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:520:in `block in with_temporary_connection'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:537:in `with_temporary_pool'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:519:in `with_temporary_connection'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:471:in `block in load_schema_current'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:578:in `block (2 levels) in each_current_configuration'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:575:in `each'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:575:in `block in each_current_configuration'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:586:in `each'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:586:in `each_current_environment'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:574:in `each_current_configuration'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/tasks/database_tasks.rb:470:in `load_schema_current'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.5.1/lib/active_record/railties/databases.rake:476:in `block (3 levels) in <top (required)>'
gitlab-1      | /home/git/gitlab/lib/tasks/gitlab/setup.rake:35:in `setup_db'
gitlab-1      | /home/git/gitlab/lib/tasks/gitlab/setup.rake:7:in `block (2 levels) in <top (required)>'
gitlab-1      | /home/git/gitlab/vendor/bundle/ruby/3.2.0/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
gitlab-1      | /usr/local/bin/bundle:25:in `load'
gitlab-1      | /usr/local/bin/bundle:25:in `<main>'
gitlab-1      | Tasks: TOP => db:setup => db:schema:load
gitlab-1      | (See full trace by running task with --trace)

@kkimurak
Copy link
Contributor

may related to #2859 : In postgreSQL 15 or later, users do not have CREATE and USAGE privileges on the public schema by default.

@th-2021
Copy link
Contributor

th-2021 commented May 17, 2025

line 471 of workflow output shows:

gitlab-1 | - Ensure grants for user gitlab on schema public are correctly set
gitlab-1 | WARNING: no privileges were granted for "public"
gitlab-1 | GRANT

Not sure, whether GRANT will try to fix it.

@sachilles
Copy link
Collaborator Author

sachilles commented May 17, 2025
edited
Loading

I guess it's a problem with the privileges within the database; only the user postgres has the privileges to set some grants for the user gitlab on the database.

Not sure why does the database gitlabhq_production is owned by the user postgres and not by the user gitlab. Manually altering this (as user postgres in the image) seems to solve this issue. However, doing this is in the CI seems isn't possible.

@kkimurak
Copy link
Contributor

I'm testing locally built image. It's a strange bit but I noticed that there is no table information_schema.role_schema_grants even after GRANT .. query. so I cannot verify if it successfully done

$ docker exec -it postgresql psql -h localhost -U gitlab postgres

postgres-> \l
                                                        List of databases
        Name         |  Owner   | Encoding | Locale Provider | Collate |  Ctype  | ICU Locale | ICU Rules |   Access privileges
---------------------+----------+----------+-----------------+---------+---------+------------+-----------+-----------------------
 gitlabhq_production | postgres | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | =Tc/postgres         +
                     |          |          |                 |         |         |            |           | postgres=CTc/postgres+
                     |          |          |                 |         |         |            |           | gitlab=CTc/postgres
 postgres            | postgres | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           |
 template0           | postgres | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | =c/postgres          +
                     |          |          |                 |         |         |            |           | postgres=CTc/postgres
 template1           | postgres | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | =c/postgres          +
                     |          |          |                 |         |         |            |           | postgres=CTc/postgres
(4 rows)

postgres-> GRANT ALL ON SCHEMA public TO gitlab

postgres-> SELECLT * FROM information_schema.role_ # <- here I hit tab and following lines are the candidates displayed by tab completion
information_schema.role_column_grants   information_schema.role_table_grants    information_schema.role_usage_grants
information_schema.role_routine_grants  information_schema.role_udt_grants

@kkimurak
Copy link
Contributor

@sachilles

I guess it's a problem with the privileges within the database; only the user postgres has the privileges to set some grants for the user gitlab on the database.

Then, is it a problem that needs action on postgresql image? I'll try to fix and publish if so.

@sachilles
Copy link
Collaborator Author

Manuall fixing the grants to

        Name         |  Owner   | Encoding | Locale Provider | Collate |  Ctype  | ICU Locale | ICU Rules |   Access privileges   
---------------------+----------+----------+-----------------+---------+---------+------------+-----------+-----------------------
 gitlabhq_production | gitlab   | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | =Tc/gitlab           +
                     |          |          |                 |         |         |            |           | gitlab=CTc/gitlab
 postgres            | postgres | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | 
 template0           | postgres | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | =c/postgres          +
                     |          |          |                 |         |         |            |           | postgres=CTc/postgres
 template1           | postgres | UTF8     | libc            | C.UTF-8 | C.UTF-8 |            |           | =c/postgres          +
                     |          |          |                 |         |         |            |           | postgres=CTc/postgres
(4 rows)

helps.

@sachilles
Copy link
Collaborator Author

@kkimurak Could you be so kind and check the grants mentioned in https://github.com/kkimurak/docker-postgresql?tab=readme-ov-file#granting-user-access-to-a-database ?

@sachilles
Copy link
Collaborator Author

I guess the ALTER TABLE database_name OWNER TO database_user; statement will work. (In our case this reads as ALTER TABLE gitlabhq_production OWNER TO gitlab;.)

@th-2021
Copy link
Contributor

th-2021 commented May 17, 2025

Should the grant be added to postgresql create_database*( in https://github.com/sameersbn/docker-postgresql/blob/master/runtime/functions ?
There is a grant statement for the database itself.

@sachilles
Copy link
Collaborator Author

This is strange, since at the end of https://github.com/kkimurak/docker-postgresql/blob/5c9eda05fc162eb8370448697ad5a14b5f42ac37/runtime/functions#L344 all grants are should be given to the user gitlab. But the observed database owner was postgres.

@th-2021
Copy link
Contributor

th-2021 commented May 17, 2025

This is the database grant. We need also a grant to schema public.

@th-2021
Copy link
Contributor

th-2021 commented May 17, 2025

GRANT ALL ON SCHEMA public TO gitlab;

@kkimurak
Copy link
Contributor

kkimurak commented May 17, 2025
edited
Loading

Made sure to work and pushed kkimurak/docker-postgresql@1697c40. Preparing to release images (maybe 15 (15-20250518) and 16(16-20250518))..

edit 2025-05-18T1-29 (JST: +0900) : forget to specify database on GRANT. fixed by kkimurak/docker-postgresql@c9124dd

@kkimurak
Copy link
Contributor

@sachilles

Glad it works.

Documentations need to be updated to note gitlab 18.x or later requires postgresql 16.x. It appears that you have already updated release-note.sh, so I think you only need to fix two places in README.md.

Ref (gitlab 17.x and postgresql 14.x : Pull request #3001 commit 6f43b19)

@sachilles
Copy link
Collaborator Author

@kkimurak and @th-2021 Thanks for supporting this project.

@th-2021
Copy link
Contributor

th-2021 commented May 18, 2025

I ran into the gitaly issue as well and it turned out to be a filesystem error. The "git" user from the new image is now 1001:1001 , while it was 1000:1000 in previous images. So I had to chown the volumes.

@th-2021
Copy link
Contributor

th-2021 commented May 18, 2025

1000:1000 is now "ubuntu", which is not needed in our case. So we could remove it. What do you think?
The purpose of "ubuntu" is to have a login user in the cloud image.

@sachilles
Copy link
Collaborator Author

@th-2021 If we don't need the user 'ubuntu' then we should remove the account.

@sachilles sachilles force-pushed the upgrade-to-18.0.0 branch from 9438412 to c9ec90d Compare May 18, 2025 12:20
@th-2021
Copy link
Contributor

th-2021 commented May 18, 2025

in assets/runtime/functionsL2263: max-old-space-size should be 8192 (to match install.sh)
exec_as_git bundle exec rake gitlab:assets:compile NODE_OPTIONS="--max-old-space-size=8192" >/dev/null 2>&1

@sachilles
Copy link
Collaborator Author

Note: GitLab came up without any errors. However pushing code to a repository isn't possible and results in fatal: protocol error: bad line length character. Do you have any ideas?

@sachilles
Copy link
Collaborator Author

In Addition I found that the GitLab runners don't pick up any jobs.

Furthermore, running all checks shows that sidekiq causes some issues.

@sachilles sachilles changed the title Upgrade GitLab CE to 18.0.0 [WIP] Upgrade GitLab CE to 18.0.0 May 19, 2025
@kkimurak
Copy link
Contributor

kkimurak commented May 19, 2025
edited
Loading

@sachilles ssh to gitlab service shows some message like This account is currently not available. If the ssh command echos some string to console, git action with ssh fails with a message like fatal: protocol error: bad line length character: This ('This' is the first word in the message above).

$ ssh git@localhost -p 10022 -i ~/.ssh/id_rsa_test
PTY allocation request failed on channel 0
This account is currently not available.
Connection to localhost closed.

It seems the user git does not allowed to login as the login shell is /usr/sbin/nologin. Could you try removing --disabled-login option from adduser to check if works.

In running 17.11.2

$ docker exec -it gitlab grep "git" /etc/passwd
git:x:1000:1000:GitLab,,,:/home/git:/bin/bash

Locally built 18.0.0

$ docker exec -it gitlab-pr3107 grep "git" /etc/passwd
git:x:1000:1000:GitLab,,,:/home/git:/usr/sbin/nologin

@sachilles
Copy link
Collaborator Author

@kkimurak Thanks for pointing into the right direction. Manually correcting the entry in /etc/passwd helps. I'll prepare a commit and check this out.

@sachilles
Copy link
Collaborator Author

@kkimurak There seems to be some changes since in ubuntu 24.04 the option --disabled-login will additionally set the shell to /usr/sbin/nologin.

I guess that the option --disabled-password should be used (in ubtuntu 24.04). The manpage for adduser states: [...] Do not run passwd(1) to set a password. In most situations, logins are still possible though (for example using SSH keys or through PAM) for reasons that are beyond adduser's scope.

In ubuntu 22.04 the option --disabled-login there is no statement about modifications in the users shell. However, in both distributions the option --disabled-passwd is present and (based on the manpage contents) means the same.

@sachilles sachilles mentioned this pull request May 19, 2025
Closed
@kkimurak
Copy link
Contributor

Oh I see..

https://manpages.ubuntu.com/manpages/jammy/man8/adduser.8.html
https://manpages.ubuntu.com/manpages/noble/man8/adduser.8.html

The chagne seems to be imported from debian: https://salsa.debian.org/debian/adduser/-/merge_requests/79

@sachilles
Copy link
Collaborator Author

Finally, the last build of this PR seems to work. I have tested the following functions:

  • Login
  • Pull and push to Git repositories
  • Pull and push of Docker images to the registry

From my point of view, there is nothing to be said against the corresponding release or mixing of this PR.

@kkimurak
Copy link
Contributor

Great. If there is anything to be worried about, it would be around backups (because I have not tested yet).

@sachilles
Copy link
Collaborator Author

Taking a backup was tested by myself. But restoring from backup not.

@kkimurak
Copy link
Contributor

Additional report: I was worried that removing the runit-systemd package and not installing the alternative (runit-run was recommended when I tested) would cause problems.
In conclusion, there doesn’t seem to be any particular difference whether I installed it or not, and at least the simple initialization, WebUI login, group creation, and git push/pull that I performed in just a dozen minutes were performed successfully.

@sachilles
Copy link
Collaborator Author

Shall we install the replacement for runit-systemd, or not?

@sachilles
Copy link
Collaborator Author

I think we should release this version and if some problems are reported (hopefully) we'll manage to fix them.

@sachilles sachilles changed the title [WIP] Upgrade GitLab CE to 18.0.0 Upgrade GitLab CE to 18.0.0 May 19, 2025
@sachilles sachilles merged commit a3bbad7 into sameersbn:master May 19, 2025
3 checks passed
@kkimurak
Copy link
Contributor

Maybe not. Let's pray:)

Shall we install the replacement for runit-systemd, or not?

@kkimurak kkimurak mentioned this pull request May 22, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sachilles @kkimurak @th-2021