gitlab initial root password
Solution 1
This worked for me details here:
docker run -d \
-v $GITLAB_HOME/config:/etc/gitlab \
-v $GITLAB_HOME/logs:/var/log/gitlab \
-v $GITLAB_HOME/data:/var/opt/gitlab \
--hostname example.com \
-p 443:443 -p 80:80 -p 2222:22 \
-e GITLAB_ROOT_EMAIL="root@local" -e GITLAB_ROOT_PASSWORD="gitlab_root_password" -e EXTERNAL_URL="http://example.com" \
--name gitlab --restart unless-stopped gitlab/gitlab-ce:latest
So for omnibus installation you can set following as env variables and then do a yum/apt install of gitlab-ce or gitlab-ee:
GITLAB_ROOT_EMAIL="root@local"
GITLAB_ROOT_PASSWORD="gitlab_root_password"
EXTERNAL_URL="http://example.com"
Off course do change the values accordingly.
Solution 2
the following 'currently' works for the omnibus install via Ansible on a centos-8 machine. If you are not using ansible you can see the steps that could be scripted another way.
I tried setting the environment variables that were supposed to set the password,but they didn't seem to work, so in the end I used the rails console to set the password, and that allows me to use a username and password to get an oauth token I can use with the rest of the gitlab API
- name: PLAYBOOK gitlab-omnibus.yml
hosts: all
become: yes
vars_files:
- vars.yml
tasks:
- name: install gitlab pre-reqs for centos/8 (curl, policycoreutils, openssh-server, jq)
dnf:
name:
- curl
- policycoreutils
- openssh-server
- jq # just used for troubleshooting
- name: get_url https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
get_url:
url: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh
dest: ./script.rpm.sh
mode: 0740
- name: Run script to install and configure gitlab repo
shell: ./script.rpm.sh
- name: Install the GitLab package for "https://{{new_hostname}}" WITH PROVIDED PASSWORD
shell: sudo EXTERNAL_URL="https://{{new_hostname}}" dnf install -y gitlab-ee
- name: use the rails console to change the password
# {{':'}} is to escape the colon
shell: sudo gitlab-rails runner "user = User.where(id{{':'}} 1).first; user.password = '{{gitlab_root_password}}'; user.password_confirmation = '{{gitlab_root_password}}'; user.save!"
- name: restart gitlab wait 5 mins and then try to connect to "https://{{new_hostname}}"
command: "gitlab-ctl restart"
- name: install pip3
dnf:
name: python3-pip
- name: Install gitlab python package
pip:
name: python-gitlab
- name: Wait for two mins for gitlab to restart
pause:
minutes: 2
- name: Get oauth token from https://{{new_hostname}}/oauth/token
uri:
url: https://{{new_hostname}}/oauth/token?grant_type=password&username=root&password={{gitlab_root_password}}
method: POST
return_content: yes
status_code: 200
body_format: json
validate_certs: yes
register: token
- name: create a user
uri:
url: https://{{new_hostname}}/api/v4/users
method: POST
headers:
Authorization: "Bearer {{token.json.access_token}}"
body_format: json
body:
email: [email protected]
username: bodya
name: "Any Body"
password: "{{gitlab_root_password}}"
status_code: 201, 409 # 201 is created, 409 is already exists; makes idempotent
validate_certs: yes
register: gitlab_users
CoconutBandit
Updated on August 07, 2021Comments
-
CoconutBandit almost 3 years
Im trying to do an automated deployment of gitlab that has everything pre-configured. I need to specify an initial root password so first-time logins are not prompted with the password reset screen. I see the omnibus config option in the template: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template#L509
506 #### Change the initial default admin password and shared runner registration tokens. 507 ####! **Only applicable on initial setup, changing these settings after database 508 ####! is created and seeded won't yield any change.** 509 # gitlab_rails['initial_root_password'] = "password"
However, as the documentation says, this option will not take affect after installation. So, using
gitlab-ctl reconfigure
does not deploy these changes, as I have tested.When I try the solution from this this post:
$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="[email protected]" DISABLE_DATABASE_ENVIRONMENT_CHECK=1 This will create the necessary database tables and seed the database. You will lose any previous data stored in the database. Do you want to continue (yes/no)? yes PG::ObjectInUse: ERROR: database "gitlabhq_production" is being accessed by other users DETAIL: There are 10 other sessions using the database. : DROP DATABASE IF EXISTS "gitlabhq_production" Couldn't drop database 'gitlabhq_production' rake aborted! ActiveRecord::StatementInvalid: PG::ObjectInUse: ERROR: database "gitlabhq_production" is being accessed by other users DETAIL: There are 10 other sessions using the database. : DROP DATABASE IF EXISTS "gitlabhq_production" /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>' /opt/gitlab/embedded/bin/bundle:23:in `load' /opt/gitlab/embedded/bin/bundle:23:in `<main>' Caused by: PG::ObjectInUse: ERROR: database "gitlabhq_production" is being accessed by other users DETAIL: There are 10 other sessions using the database. /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:33:in `setup_db' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/setup.rake:5:in `block (2 levels) in <top (required)>' /opt/gitlab/embedded/bin/bundle:23:in `load' /opt/gitlab/embedded/bin/bundle:23:in `<main>' Tasks: TOP => db:drop:_unsafe (See full trace by running task with --trace)
When I try to stop gitlab so no users are accessing it with
gitlab-ctl stop
, it fails with the following error:$ sudo gitlab-rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="Pa$$w0rd!" GITLAB_ROOT_EMAIL="[email protected]" DISABLE_DATABASE_ENVIRONMENT_CHECK=1 rake aborted! PG::ConnectionBad: could not connect to server: No such file or directory Is the server running locally and accepting connections on Unix domain socket "/var/opt/gitlab/postgresql/.s.PGSQL.5432"? /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:261:in `load_license' /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:250:in `current' /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb:254:in `feature_available?' /opt/gitlab/embedded/service/gitlab-rails/ee/lib/ee/gitlab/auth/ldap/config.rb:19:in `_available_servers' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/auth/ldap/config.rb:39:in `available_servers' /opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:3:in `<module:Strategies>' /opt/gitlab/embedded/service/gitlab-rails/config/initializers/omniauth.rb:2:in `<top (required)>' /opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:6:in `<top (required)>' /opt/gitlab/embedded/bin/bundle:23:in `load' /opt/gitlab/embedded/bin/bundle:23:in `<main>' Tasks: TOP => gitlab:setup => gitlab_environment => environment (See full trace by running task with --trace)
How do I set an initial root password for gitlab with the omnibus install?
-
secavfr almost 2 yearsGreat native way to do so. Works perfectly.