After restore project homepage 500, OpenSSL Cipher Error

wjdp · August 13, 2016, 2:38pm

[gitlab-1]2016-08-13T14:34:58.019978431Z ==> /var/log/gitlab/gitlab-rails/production.log <== 
[gitlab-1]2016-08-13T14:34:58.019993134Z Started GET "/wjdp/deco" for 172.17.0.9 at 2016-08-13 14:34:58 +0000 
[gitlab-1]2016-08-13T14:34:58.023463926Z Processing by ProjectsController#show as HTML 
[gitlab-1]2016-08-13T14:34:58.023604641Z   Parameters: {"namespace_id"=>"wjdp", "id"=>"deco"} 
[gitlab-1]2016-08-13T14:34:58.107556652Z Completed 500 Internal Server Error in 84ms (ActiveRecord: 3.9ms) 
[gitlab-1]2016-08-13T14:34:58.121356237Z  
[gitlab-1]2016-08-13T14:34:58.121376645Z OpenSSL::Cipher::CipherError (bad decrypt): 
[gitlab-1]2016-08-13T14:34:58.121386022Z   app/models/project.rb:487:in `import_url' 
[gitlab-1]2016-08-13T14:34:58.121394458Z   app/models/project.rb:523:in `external_import?' 
[gitlab-1]2016-08-13T14:34:58.121402098Z   app/models/project.rb:515:in `import?' 
[gitlab-1]2016-08-13T14:34:58.121409592Z   app/models/project.rb:531:in `import_in_progress?' 
[gitlab-1]2016-08-13T14:34:58.121417257Z   app/controllers/projects_controller.rb:94:in `show' 
[gitlab-1]2016-08-13T14:34:58.121425303Z   lib/gitlab/middleware/go.rb:16:in `call' 
[gitlab-1]2016-08-13T14:34:58.121432808Z  
[gitlab-1]2016-08-13T14:34:58.121440440Z  
[gitlab-1]2016-08-13T14:34:58.122331687Z  
[gitlab-1]2016-08-13T14:34:58.122352629Z ==> /var/log/gitlab/gitlab-workhorse/current <== 
[gitlab-1]2016-08-13T14:34:58.122362802Z 2016-08-13_14:34:58.12223 2016/08/13 14:34:58 ErrorPage: serving predefined error page: 500

Getting the above when browsing to certain projects after a restore. Running the official docker image after a restore from a Debain omnibus install.

Configuration follows, I’m running GitLab behind a NGINX proxy which does SSL termination.

gitlab:
  environment:
    - |
      GITLAB_OMNIBUS_CONFIG=external_url 'https://git.domainame.com'
      nginx['listen_port'] = 80
      nginx['listen_https'] = false
      nginx['proxy_set_headers'] = {
        "X-Forwarded-Proto" => "https",
        "X-Forwarded-Ssl" => "on"
      }
    - LETSENCRYPT_EMAIL=email@domainname.com
    - LETSENCRYPT_HOST=git.domainame.com
    - VIRTUAL_HOST=git.domainame.com
  hostname: git.domainame.com
  image: 'gitlab/gitlab-ce:latest'
  ports:
    - '22:22'
  restart: always
  volumes:
    - '/srv/gitlab/etc:/etc/gitlab'
    - '/srv/gitlab/data:/var/opt/gitlab'
    - '/srv/gitlab/logs:/var/log/gitlab'

markglenfletcher · August 15, 2016, 11:47am

You’ll need to also migrate your gitlab-secrets.json file over to the new server. This contains the key that is used for the encryption of any import data that is associated with your projects.

You can find the steps for migrating this file within the backup/restore documentation: http://docs.gitlab.com/ce/raketasks/backup_restore.html#prerequisites

wjdp · August 23, 2016, 3:08pm

Have done so, rebooted the container and still getting the same

2016-08-23T14:58:18.054090654Z ==> /var/log/gitlab/gitlab-rails/production.log <== 
2016-08-23T14:58:18.054115633Z Started GET "/wjdp/deco" for 10.7.0.3 at 2016-08-23 14:58:18 +0000 
2016-08-23T14:58:18.056937893Z Processing by ProjectsController#show as HTML 
2016-08-23T14:58:18.056973726Z   Parameters: {"namespace_id"=>"wjdp", "id"=>"deco"} 
2016-08-23T14:58:18.093731637Z Completed 500 Internal Server Error in 37ms (ActiveRecord: 4.6ms) 
2016-08-23T14:58:18.106915500Z  
2016-08-23T14:58:18.106936370Z OpenSSL::Cipher::CipherError (bad decrypt): 
2016-08-23T14:58:18.106947647Z   app/models/project.rb:487:in `import_url' 
2016-08-23T14:58:18.106957135Z   app/models/project.rb:523:in `external_import?' 
2016-08-23T14:58:18.106966147Z   app/models/project.rb:515:in `import?' 
2016-08-23T14:58:18.106975384Z   app/models/project.rb:531:in `import_in_progress?' 
2016-08-23T14:58:18.106984446Z   app/controllers/projects_controller.rb:94:in `show' 
2016-08-23T14:58:18.106993896Z   lib/gitlab/middleware/go.rb:16:in `call'

markglenfletcher · August 24, 2016, 3:30pm

Can you verify that the /etc/gitlab/gitlab-secrets.json file contains the correct key for ["gitlab-rails"]["db_key_base"]?

wjdp · August 26, 2016, 10:24pm

This is a little odd: I replace the generated secrets file with that of my old server, I start the container, after a period this file gets updated.

Under the gitlab_rails hash I loose secret_key_base, db_key_base, otp_key_base. These are replaced by secret_token.

Other hashes: gitlab_shell is unchanged, gitlab_ci is created - did not exist on old server, registry is unchanged.