Cannot upgrade from 15.6.6 to 15.8.0

We are running GiLab 15.6.6-CE docker instance.
When I try to upgrade to 15.8.0 (change the image in docker-compose.yml) the docker instance fails to start with the following error:

initial_root_password: Length is too short, minimum is 8 characters

The root user (with id=1) has a password with enough length. I connected to docker instance’s bash and inside the instance there’s an environment variable that I believe causes the error

However I don’t know how to get rid of it. The environment variable is not set in the environment that launches the docker instance, neither it’s set in the docker-compose file.
config/gitlab.rb doesn’t have this active setting too.

How to fix it?

The log is below:

web_1 | Installing cookbook gem dependencies:
web_1 | Compiling cookbooks…
web_1 | Top level ::CompositeIO is deprecated, require ‘multipart/post’ and use Multipart::Post::CompositeReadIO instead!
web_1 | Top level ::Parts is deprecated, require ‘multipart/post’ and use Multipart::Post::Parts instead!
web_1 | Loading Cinc Auditor profile files:
web_1 | Loading Cinc Auditor input files:
web_1 | Loading Cinc Auditor waiver files:
web_1 |
web_1 | ================================================================================
web_1 | Recipe Compile Error in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/default.rb
web_1 | ================================================================================
web_1 |
web_1 | RuntimeError
web_1 | ------------
web_1 | initial_root_password: Length is too short, minimum is 8 characters
web_1 |
web_1 | Cookbook Trace: (most recent call first)
web_1 | ----------------------------------------
web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/gitlab_rails.rb:90:in parse_secrets' web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/settings_dsl.rb:174:in block in generate_secrets’
web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/settings_dsl.rb:172:in each' web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/settings_dsl.rb:172:in generate_secrets’
web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/settings_dsl.rb:181:in generate_config' web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/config.rb:24:in from_file’
web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/default.rb:26:in `from_file’
web_1 |
web_1 | Relevant File Content:
web_1 | ----------------------
web_1 | /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/gitlab_rails.rb:
web_1 |
web_1 | 83: Gitlab[‘gitlab_rails’][‘openid_connect_signing_key’] ||= SecretsHelper.generate_rsa(4096).to_pem
web_1 | 84:
web_1 | 85: Gitlab[‘gitlab_rails’][‘initial_root_password’] = ENV[‘GITLAB_ROOT_PASSWORD’] || Gitlab[‘gitlab_rails’][‘initial_root_password’]
web_1 | 86: if Gitlab[‘gitlab_rails’][‘initial_root_password’].nil?
web_1 | 87: Gitlab[‘gitlab_rails’][‘initial_root_password’] = SecretsHelper.generate_base64(32)
web_1 | 88: Gitlab[‘gitlab_rails’][‘store_initial_root_password’] = true if Gitlab[‘gitlab_rails’][‘store_initial_root_password’].nil?
web_1 | 89: elsif Gitlab[‘gitlab_rails’][‘initial_root_password’].length < 8
web_1 | 90>> raise ‘initial_root_password: Length is too short, minimum is 8 characters’
web_1 | 91: end
web_1 | 92:
web_1 | 93: if Gitlab[‘gitlab_rails’][‘ci_jwt_signing_key’]
web_1 | 94: begin
web_1 | 95: key =[‘gitlab_rails’][‘ci_jwt_signing_key’])
web_1 | 96: raise ‘ci_jwt_signing_key: The provided key is not private RSA key’ unless key.private?
web_1 | 97: rescue OpenSSL::PKey::RSAError
web_1 | 98: raise ‘ci_jwt_signing_key: The provided key is not valid RSA key’
web_1 | 99: end
web_1 |
web_1 | There was an error running gitlab-ctl reconfigure:
web_1 |
web_1 | initial_root_password: Length is too short, minimum is 8 characters
web_1 |
web_1 | System Info:
web_1 | ------------
web_1 | chef_version=17.10.0
web_1 | platform=ubuntu
web_1 | platform_version=20.04
web_1 | ruby=ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]
web_1 | program_name=/opt/gitlab/embedded/bin/cinc-client
web_1 | executable=/opt/gitlab/embedded/bin/cinc-client
web_1 |
web_1 |
web_1 | Running handlers:
web_1 | [2023-01-28T02:46:23+00:00] ERROR: Running exception handlers
web_1 | Running handlers complete
web_1 | [2023-01-28T02:46:23+00:00] ERROR: Exception handlers complete
web_1 | Infra Phase failed. 0 resources updated in 02 seconds
web_1 | [2023-01-28T02:46:23+00:00] FATAL: Stacktrace dumped to /opt/gitlab/embedded/cookbooks/cache/cinc-stacktrace.out
web_1 | [2023-01-28T02:46:23+00:00] FATAL: ---------------------------------------------------------------------------------------
web_1 | [2023-01-28T02:46:23+00:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
web_1 | [2023-01-28T02:46:23+00:00] FATAL: ---------------------------------------------------------------------------------------
web_1 | [2023-01-28T02:46:23+00:00] FATAL: RuntimeError: initial_root_password: Length is too short, minimum is 8 characters

I had this issue when upgrading from 15.6.2 to 15.9.1 with # yum install gitlab-ce-15.9.1 (CentOS 7)

During installation my terminal lost connection and even after some 60+ minutes I just had a 502-screen in the browser. I was able to confirm the new GitLab version (grep --color=never gitlab-ce /opt/gitlab/version-manifest.txt). But gitlab-ctl status returned that PostgreSQL was not starting. First an error about wal_keep_segments. After “fixing” that I got an error with wrong version (was 12 now 13.8). So I reversed this “fix”.

I was getting your error when I tried gitlab-ctl reconfigure! But I actually had a password with (exactly) 8 chars so I wasn’t sure where the error was coming from: the PostgreSQL or the password.

I checked printenv GITLAB_ROOT_PASSWORD. That gave me an empty feedback (but didn’t expect any). I also tried gitlab-rake "gitlab:password:reset" but errors occurred.

I finally solved it with
export GITLAB_ROOT_PASSWORD=<...> (enter some 8+ password)
and then
gitlab-ctl reconfigure
Everything started up and the 502-message is now gone.

But honestly I don’t think that this is the proper way of solving this issue due to the GITLAB_ROOT_PASSWORD now as clear text in the environment variable and terminal history.

After closing and reopening the terminal printenv returned nothing again. And cleaning the history should also be done. So maybe its okay this way?

In addition to my the answer above. Check with: vi /etc/gitlab/gitlab.rb if the gitlab_rails['initial_root_password'] = '<PASSWORD>' has the correct length of min. 8 chars.