The problem occurs when it tries to run chcon
on the .ssh
dir. My fix is to set selinux to “Disabled” - permissive was not enough. Am I missing something in the omnibus? or do I need to leave SELinux disabled (not ideal).
chcon: failed to change context of ‘/srv/gitlab/home/.ssh/authorized_keys’ to ‘system_u:object_r:sshd_key_t:s0’: Operation not supported
================================================================================
Error executing action `run` on resource 'bash[Set proper security context on ssh files for selinux]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of "bash" "/tmp/chef-script20170620-16703-1ejgyak" ----
STDOUT:
STDERR: chcon: failed to change context of ‘/srv/gitlab/home/.ssh/authorized_keys’ to ‘system_u:object_r:sshd_key_t:s0’: Operation not supported
---- End output of "bash" "/tmp/chef-script20170620-16703-1ejgyak" ----
Ran "bash" "/tmp/chef-script20170620-16703-1ejgyak" returned 1
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/gitlab-shell.rb
122: bash "Set proper security context on ssh files for selinux" do
123: code <<-EOS
124: chcon --recursive --type ssh_home_t #{ssh_dir}
125: chcon --type sshd_key_t #{authorized_keys}
126: EOS
127: only_if "id -Z"
128: end