[已解决] Gitlab 500 错误 Cipher::CipherError
于小乐
问题原因:恢复gitlab备份时未能成功恢复密钥文件
问题表现:在项目设置或系统设置时遇到500错误
解决方案:
!!在执行任何操作之前备份数据库!!
备份:
sudo gitlab-backup create 1. 按照官方文档操作
地址:https://docs.gitlab.com/ee/raketasks/backup_restore.html#fix-integrations-and-webhooks
首先诊断数据库中的加密信息是否含有错误
apt安装:
sudo gitlab-rake gitlab:doctor:secrets 编译安装:
bundle exec rake gitlab:doctor:secrets RAILS_ENV=production 进入Gitlab 数据库管理界面
14.1 之前的apt安装:
sudo gitlab-rails dbconsole
14.2 及之后的apt安装:
sudo gitlab-rails dbconsole --database main
14.1 之前的编译安装:
sudo -u git -H bundle exec rails dbconsole -e production
14.2 以及以后的编译安装:
sudo -u git -H bundle exec rails dbconsole -e production --database mainDELETE FROM ci_group_variables;
DELETE FROM ci_variables; 删除Runner密钥
-- Clear project tokens
UPDATE projects SET runners_token = null, runners_token_encrypted = null;
-- Clear group tokens
UPDATE namespaces SET runners_token = null, runners_token_encrypted = null;
-- Clear instance tokens
UPDATE application_settings SET runners_registration_token_encrypted = null;
-- Clear key used for JWT authentication
-- This may break the $CI_JWT_TOKEN job variable:
-- https://gitlab.com/gitlab-org/gitlab/-/issues/325965
UPDATE application_settings SET encrypted_ci_jwt_signing_key = null;
-- Clear runner tokens
UPDATE ci_runners SET token = null, token_encrypted = null; 删除pipeline密钥
-- Clear build tokens
UPDATE ci_builds SET token = null, token_encrypted = null; 删除Webhook
-- truncate web_hooks table
TRUNCATE integrations, chat_names, issue_tracker_data, jira_tracker_data, slack_integrations, web_hooks, zentao_tracker_data, web_hook_logs; 重启gitlab,应该不会好,之后按照某网友的方法操作:
注意:该操作会移除全部gitlab系统设置,执行后需要重新设置!
I think I’ve resolved it… I found the appropriate refs in the documentation.
In addition to the recommended steps of:
DELETE FROM ci_group_variables; DELETE FROM ci_variables; UPDATE projects SET runners_token = null, runners_token_encrypted = null; UPDATE namespaces SET runners_token = null, runners_token_encrypted = null; UPDATE application_settings SET runners_registration_token_encrypted = null; UPDATE ci_runners SET token = null, token_encrypted = null; UPDATE ci_builds SET token = null, token_encrypted = null; TRUNCATE web_hooks CASCADE;I had to reset the secret for the application_settings:
DELETE FROM application_settings;Now most of my 500 errors have been resolved, I’m able to change Application settings. I still have a few errors in my
gitlab-rake gitlab:doctor:secretsbut I’m working through these.
参考:
https://gist.github.com/aursu/fdda2c9e6e26ba7fc2d903ae5f06e4d6
https://gitlab.com/gitlab-org/gitlab-foss/-/issues/56403
https://docs.gitlab.com/ee/raketasks/backup_restore.html#when-the-secrets-file-is-lost
https://forum.gitlab.com/t/500-error-when-updating-application-settings/52113