Question posted in 
I’m getting the following error when trying to login using root and the initial password set using the Install GitLab using Docker swarm mode method. Any suggestions how how to resolve this? The error is a 401 Unauthorized, but as you can see below the root does get created with the supplied password file.
==> /var/log/gitlab/gitlab-rails/production.log <==,
Started POST "/users/sign_in" for 10.0.0.2 at 2021-02-13 02:27:11 +0000,
Processing by SessionsController#create as HTML,
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"login"=>"root", "password"=>"[FILTERED]", "remember_me"=>"1"}},
Completed 401 Unauthorized in 202ms (ActiveRecord: 32.0ms | Elasticsearch: 0.0ms | Allocations: 42688),
,
==> /var/log/gitlab/gitlab-rails/production_json.log <==,
{"method":"POST","path":"/users/sign_in","format":"html","controller":"SessionsController","action":"create","status":0,"time":"2021-02-13T02:27:11.355Z","params":[{"key":"utf8","value":"✓"},{"key":"authenticity_token","value":"[FILTERED]"},{"key":"user","value":{"login":"root","password":"[FILTERED]","remember_me":"1"}}],"remote_ip":"10.0.0.2","user_id":null,"username":null,"ua":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36","correlation_id":"01EYCKD94QJ7K2FV14BE28WF58","meta.caller_id":"SessionsController#create","meta.remote_ip":"10.0.0.2","meta.feature_category":"authentication_and_authorization","redis_calls":8,"redis_duration_s":0.003663,"redis_read_bytes":1441,"redis_write_bytes":552,"redis_cache_calls":7,"redis_cache_duration_s":0.002813,"redis_cache_read_bytes":1337,"redis_cache_write_bytes":382,"redis_shared_state_calls":1,"redis_shared_state_duration_s":0.00085,"redis_shared_state_read_bytes":104,"redis_shared_state_write_bytes":170,"db_count":12,"db_write_count":2,"db_cached_count":1,"queue_duration_s":0.019457,"cpu_s":0.19,"db_duration_s":0.03197,"view_duration_s":0.0,"duration_s":0.20219},
,
==> /var/log/gitlab/gitlab-rails/production.log <==,
Processing by SessionsController#new as HTML,
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"login"=>"root", "password"=>"[FILTERED]", "remember_me"=>"1"}},
,
==> /var/log/gitlab/gitlab-rails/application.log <==,
2021-02-13T02:27:11.449Z: Failed Login: username=root ip=10.0.0.2,
,
==> /var/log/gitlab/gitlab-rails/application_json.log <==,
{"severity":"INFO","time":"2021-02-13T02:27:11.450Z","correlation_id":"01EYCKD94QJ7K2FV14BE28WF58","message":"Failed Login: username=root ip=10.0.0.2"},
,
==> /var/log/gitlab/gitlab-rails/production.log <==,
Completed 200 OK in 91ms (Views: 22.6ms | ActiveRecord: 2.8ms | Elasticsearch: 0.0ms | Allocations: 12783),
,
==> /var/log/gitlab/gitlab-rails/production_json.log <==,
{"method":"POST","path":"/users/sign_in","format":"html","controller":"SessionsController","action":"new","status":200,"time":"2021-02-13T02:27:11.451Z","params":[{"key":"utf8","value":"✓"},{"key":"authenticity_token","value":"[FILTERED]"},{"key":"user","value":{"login":"root","password":"[FILTERED]","remember_me":"1"}}],"remote_ip":"10.0.0.2","user_id":null,"username":null,"ua":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36","correlation_id":"01EYCKD94QJ7K2FV14BE28WF58","meta.caller_id":"SessionsController#new","meta.remote_ip":"10.0.0.2","meta.feature_category":"authentication_and_authorization","redis_calls":11,"redis_duration_s":0.004477,"redis_read_bytes":1679,"redis_write_bytes":826,"redis_cache_calls":10,"redis_cache_duration_s":0.003627,"redis_cache_read_bytes":1573,"redis_cache_write_bytes":535,"redis_shared_state_calls":1,"redis_shared_state_duration_s":0.00085,"redis_shared_state_read_bytes":106,"redis_shared_state_write_bytes":291,"db_count":18,"db_write_count":2,"db_cached_count":3,"queue_duration_s":0.019457,"cpu_s":0.29,"db_duration_s":0.00281,"view_duration_s":0.02265,"duration_s":0.09165},
,
==> /var/log/gitlab/gitlab-workhorse/current <==,
{"content_type":"text/html; charset=utf-8","correlation_id":"01EYCKD94QJ7K2FV14BE28WF58","duration_ms":326,"host":"192.168.1.225:8778","level":"info","method":"POST","msg":"access","proto":"HTTP/1.1","referrer":"http://192.168.1.225:8778/users/sign_in","remote_addr":"127.0.0.1:0","remote_ip":"127.0.0.1","route":"","status":200,"system":"http","time":"2021-02-13T02:27:11Z","ttfb_ms":326,"uri":"/users/sign_in","user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36","written_bytes":54237},
,
==> /var/log/gitlab/nginx/gitlab_access.log <==,
10.0.0.2 - - [13/Feb/2021:02:27:11 +0000] "POST /users/sign_in HTTP/1.1" 200 14901 "http://192.168.1.225:8778/users/sign_in" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36" 3.64
The root user does get created:
* runit_service[gitlab-kas] action disable,
* ruby_block[disable gitlab-kas] action run (skipped due to only_if),
(up to date),
Recipe: gitlab::database_migrations,
* bash[migrate gitlab-rails database] action run,
[execute] psql:/opt/gitlab/embedded/service/gitlab-rails/db/structure.sql:9: NOTICE: extension "btree_gist" already exists, skipping,
psql:/opt/gitlab/embedded/service/gitlab-rails/db/structure.sql:11: NOTICE: extension "pg_trgm" already exists, skipping,
WARNING: Active Record does not support composite primary key.,
,
user_interacted_projects has composite primary key. Composite primary key is ignored.,
WARNING: Active Record does not support composite primary key.,
,
project_authorizations has composite primary key. Composite primary key is ignored.,
,
== Seed from /opt/gitlab/embedded/service/gitlab-rails/db/fixtures/production/001_application_settings.rb,
Creating the default ApplicationSetting record.,
,
== Seed from /opt/gitlab/embedded/service/gitlab-rails/db/fixtures/production/002_admin.rb,
Administrator account created:,
,
login: root,
password: password1234,
,
,
== Seed from /opt/gitlab/embedded/service/gitlab-rails/db/fixtures/production/010_settings.rb,
Saved CI JWT signing key,
,
== Seed from /opt/gitlab/embedded/service/gitlab-rails/db/fixtures/production/998_gitlab_instance_administration_project.rb,
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/validate_url-1.0.8/lib/validate_url.rb:23: warning: URI.escape is obsolete,
Successfully created self monitoring project.,
,
== Seed from /opt/gitlab/embedded/service/gitlab-rails/db/fixtures/production/999_common_metrics.rb,
- execute "bash" "/tmp/chef-script20210213-32-1kam03j",
Here is my docker-compose.yml:
version: "3.7"
services:
gitlab:
image: gitlab/gitlab-ce:13.8.3-ce.0
depends_on:
- smtpserver
ports:
- "8778:8778"
- "8722:22"
volumes:
- type: volume
source: gitlab_data
target: /var/opt/gitlab
- type: volume
source: gitlab_log
target: /var/log/gitlab
- type: volume
source: gitlab_config
target: /etc/gitlab
environment:
GITLAB_OMNIBUS_CONFIG: "from_file('/omnibus_config.rb')"
configs:
- source: gitlab
target: /omnibus_config.rb
secrets:
- gitlab_root_password
networks:
- dev_net
gitlab-runner:
image: gitlab/gitlab-runner:alpine-v13.8.0
depends_on:
- gitlab
deploy:
mode: replicated
replicas: 1
volumes:
- type: volume
source: gitlab_runner_config
target: /etc/gitlab-runner
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
networks:
- dev_net
smtpserver:
image: devture/exim-relay:4.93-r1
user: 100:101
restart: always
hostname: ...
environment:
- SMARTHOST=...
- SMTP_USERNAME=...
- SMTP_PASSWORD=...
networks:
- dev_net
volumes:
gitlab_data:
gitlab_log:
gitlab_config:
gitlab_runner_config:
networks:
dev_net:
configs:
gitlab:
file: ./gitlab.rb
secrets:
gitlab_root_password:
file: ./root_password.txt
And ./gitlab.rb:
external_url 'http://192.168.1.225:8778'
registry_external_url 'http://192.168.1.225:8081'
gitlab_rails['initial_root_password'] = File.read('/run/secrets/gitlab_root_password')
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'devops@mydomain'
gitlab_rails['gitlab_email_display_name'] = 'Git'
gitlab_rails['gitlab_email_reply_to'] = 'devops@mydomain'
gitlab_rails['gitlab_email_subject_suffix'] = '[Git] '
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtpserver'
#gitlab_rails['smtp_address'] = ''
gitlab_rails['smtp_port'] = 8025
#gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_domain'] = 'mydomain'
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_ssl'] = false
gitlab_rails['smtp_force_ssl'] = false
gitlab_rails['gitlab_shell_ssh_port'] = 8722
gitlab_rails['time_zone'] = 'America/New_York'
nginx['client_max_body_size'] = '1g'
And root_password.txt:
password1234
3
Answers
I had the same problem, to workaround it I had to unlock the user (it was locked because password was not working):
https://docs.gitlab.com/ee/security/unlock_user.html
Then I reset the root password:
https://docs.gitlab.com/ee/security/reset_user_password.html
And I was able to access the portal.
I didn’t understand why this happened but at least I was able to use gitlab by following these steps.
My problem was similar, but the root password provided in configuration was invalid (too short).
After providing valid password in
root_password.txtI’ve reset all data and swarm stack, then executed again it worked as expected.I spent a few hours of sleep until I found that a
.stripat the end solves the problem.Correct format: