gitlab initial root password

gitlab gitlab-omnibus

24,086

Solution 1

This worked for me details here:

    docker run -d  \
-v $GITLAB_HOME/config:/etc/gitlab \
-v $GITLAB_HOME/logs:/var/log/gitlab \
-v $GITLAB_HOME/data:/var/opt/gitlab \
--hostname example.com \
-p 443:443 -p 80:80 -p 2222:22 \
-e GITLAB_ROOT_EMAIL="root@local" -e GITLAB_ROOT_PASSWORD="gitlab_root_password" -e EXTERNAL_URL="http://example.com" \
--name gitlab --restart unless-stopped gitlab/gitlab-ce:latest

So for omnibus installation you can set following as env variables and then do a yum/apt install of gitlab-ce or gitlab-ee:

GITLAB_ROOT_EMAIL="root@local"
GITLAB_ROOT_PASSWORD="gitlab_root_password" 
EXTERNAL_URL="http://example.com"

Off course do change the values accordingly.

Solution 2

the following 'currently' works for the omnibus install via Ansible on a centos-8 machine. If you are not using ansible you can see the steps that could be scripted another way.

I tried setting the environment variables that were supposed to set the password,but they didn't seem to work, so in the end I used the rails console to set the password, and that allows me to use a username and password to get an oauth token I can use with the rest of the gitlab API

- name: PLAYBOOK gitlab-omnibus.yml
  hosts: all
  become: yes
  vars_files:
    - vars.yml

  tasks:
    - name: install gitlab pre-reqs for centos/8 (curl, policycoreutils, openssh-server, jq)
      dnf:
        name:
          - curl
          - policycoreutils
          - openssh-server
          - jq # just used for troubleshooting

    - name: get_url https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
      get_url:
        url: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
        dest: ./script.rpm.sh
        mode: 0740
    - name: Run script to install and configure gitlab repo 
      shell: ./script.rpm.sh
       
    - name: Install the GitLab package for "https://{{new_hostname}}" WITH PROVIDED PASSWORD
      shell: sudo EXTERNAL_URL="https://{{new_hostname}}" dnf install -y gitlab-ee

    - name: use the rails console to change the password
      # {{':'}} is to escape the colon
      shell: sudo gitlab-rails runner "user = User.where(id{{':'}} 1).first; user.password = '{{gitlab_root_password}}'; user.password_confirmation = '{{gitlab_root_password}}'; user.save!"

    - name: restart gitlab wait 5 mins and then try to connect to "https://{{new_hostname}}"
      command: "gitlab-ctl restart"

    - name: install pip3
      dnf:
        name: python3-pip

    - name: Install gitlab python package
      pip:
        name: python-gitlab

    - name: Wait for two mins for gitlab to restart
      pause: 
        minutes: 2

    - name: Get oauth token from https://{{new_hostname}}/oauth/token
      uri: 
        url: https://{{new_hostname}}/oauth/token?grant_type=password&username=root&password={{gitlab_root_password}}
        method: POST
        return_content: yes
        status_code: 200
        body_format: json
        validate_certs: yes
      register: token

    - name: create a user
      uri:
        url: https://{{new_hostname}}/api/v4/users
        method: POST
        headers: 
          Authorization: "Bearer {{token.json.access_token}}"
        body_format: json
        body:
          email: [email protected]
          username: bodya
          name: "Any Body"
          password: "{{gitlab_root_password}}"
        status_code: 201, 409 # 201 is created, 409 is already exists; makes idempotent
        validate_certs: yes
      register: gitlab_users

24,086

Author by

CoconutBandit

Updated on August 07, 2021

Comments

CoconutBandit almost 3 years

Im trying to do an automated deployment of gitlab that has everything pre-configured. I need to specify an initial root password so first-time logins are not prompted with the password reset screen. I see the omnibus config option in the template: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L509

506 #### Change the initial default admin password and shared runner registration tokens.
507 ####! **Only applicable on initial setup, changing these settings after database
508 ####!   is created and seeded won't yield any change.**
509 # gitlab_rails['initial_root_password'] = "password"

However, as the documentation says, this option will not take affect after installation. So, using gitlab-ctl reconfigure does not deploy these changes, as I have tested.

When I try the solution from this this post:

$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="[email protected]" DISABLE_DATABASE_ENVIRONMENT_CHECK=1
This will create the necessary database tables and seed the database.
You will lose any previous data stored in the database.
Do you want to continue (yes/no)? yes

PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
: DROP DATABASE IF EXISTS "gitlabhq_production"
Couldn't drop database 'gitlabhq_production'
rake aborted!
ActiveRecord::StatementInvalid: PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
: DROP DATABASE IF EXISTS "gitlabhq_production"
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'

Caused by:
PG::ObjectInUse: ERROR:  database "gitlabhq_production" is being accessed by other users
DETAIL:  There are 10 other sessions using the database.
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
Tasks: TOP => db:drop:_unsafe
(See full trace by running task with --trace)

When I try to stop gitlab so no users are accessing it with gitlab-ctl stop, it fails with the following error:

$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="[email protected]" DISABLE_DATABASE_ENVIRONMENT_CHECK=1
rake aborted!
PG::ConnectionBad: could not connect to server: No such file or directory
        Is the server running locally and accepting
        connections on Unix domain socket "/var/opt/gitlab/postgresql/.s.PGSQL.5432"?
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:261:in `load_license'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:250:in `current'
/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:254:in `feature_available?'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/ee/gitlab/auth/ldap/config.rb:19:in `_available_servers'
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/auth/ldap/config.rb:39:in `available_servers'
/opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:3:in `<module:Strategies>'
/opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:2:in `<top (required)>'
/opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:6:in `<top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
Tasks: TOP => gitlab:setup => gitlab_environment => environment
(See full trace by running task with --trace)

How do I set an initial root password for gitlab with the omnibus install?