Database error during upgrade from 18.2.4 to 18.3.0

How to Use GitLab Upgrade
1

Problem to solve

When migrating my self-managed omnibus instance from 18.2.4 to 18.3.0 I got the following error:

gitlab  | STDOUT: Running migrate up
gitlab  | Executing command:
gitlab  | /opt/gitlab/embedded/bin/registry database migrate up /var/opt/gitlab/registry/config.yml
gitlab  | time="2025-08-22T08:20:51Z" level=error msg=Connect database=registry_database duration_ms=5 err="failed to connect to `user=registry database=registry_database`: /var/opt/gitlab/postgresql/.s.PGSQL.5432 (/var/opt/gitlab/postgresql/): failed SASL auth: FATAL: password authentication failed for user \"registry\" (SQLSTATE 28P01)" host=/var/opt/gitlab/postgresql/ port=5432
gitlab  | failed to construct database connection: verification failed: failed to connect to `user=registry database=registry_database`: /var/opt/gitlab/postgresql/.s.PGSQL.5432 (/var/opt/gitlab/postgresql/): failed SASL auth: FATAL: password authentication failed for user "registry" (SQLSTATE 28P01)
gitlab  | STDERR:

I tried to remove and restart the container but I consistently get the same error. I’d need some guidance about how to fix this, thanks in advance for any help.

2

Hello,

I have the same problem on my debian omnibus self-managed version with the registry database.

1 Like
3

Hey,

had the same problem. Since /var/opt/gitlab/postgresql/data/pg_hba.conf gets auto-generated by some process you have to change its content during update. The problem is the line:

# registry_db
local registry registry md5

it has to be replaced during update with

# registry_db
local registry registry trust

to fix the problem for now i opened a second session copying the fixed file with

watch -n 0.1 cp pg_hba.conf /var/opt/gitlab/postgresql/data/pg_hba.conf

and restarted the upgrade process.

hope this helps

4

i think the problem is the chef recipe “set password for registry postgresql user“ which sets the registry’s user password to md5registry

5

Hi @kossmac, your solution worked beautifully, thank you very much! I don’t know if it is a proper fix, i.e. if local registry registry actually has to be set to trust, or just a workaround, but it doesn’t matter. What really matters is how such a thing can pass the pre-release tests unnoticed.

6

I had meet tje same issue with Docker version of GitLab.

I found I can modify gitlab.rb configutation:

postgresql['custom_pg_hba_entries'] = {
  registry_db: [
    {
      type: 'local',
      database: 'registry',
      user: 'registry',
      method: 'trust'
    }
  ]
}

So I dont need to modify generated file pg_hba.conf.

But the same issue will happen again after reboot PC or restart gitlab docker container.

The workaround is stop and remove the docker container and recreate it.

8

Same problem with 18.3.1.

9

I have been able to resolve the issue in a persistent way, leveraging the fact that in my Omnibus deployment I use a bind mount for the /etc/gitlab container folder: fixing gitlab.rbin there as suggested by kheresy persists over container reboot/recreation, so I’m done.

Hope this might help others with similar setup.

10

Thanks for reporting. For future problems that involve the Omnibus packages and sound like a bug, please create bug report issues directly for the engineering teams.

I’ve found said problem in this thread in Bug Report: gitlab-ctl reconfigure typo modifies registry user password to append md5 (#9278) · Issues · GitLab.org / omnibus-gitlab · GitLab and linked the forum topic.