Gitlab-ce docker: gitlab pages fails after upgrade to 14.0

After upgrading to 14.0 my gitlab pages fail with this error in the logs:

ac490fda2b15 gitlab-pages: {"correlation_id":"01F8VPE6QTV782GX9CDQ7M1BDZ","error":"Get \"https://xxxxmyhost/api/v4/internal/pages?host=xxx\": dial tcp: lookup xxxxmyhost on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address","host":"xxx,"level":"error","msg":"could not fetch domain information from a source","path":"/yyy.war","time":"2021-06-23T05:45:41Z"}

It seemd the chroot-ed gitlab-pages-daemon is not able to resolve any more. This page showd be the “solution”: GitLab Pages administration | GitLab
After executing these commands everything was ok again:

docker-compose exec bash

mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl
mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/
cp /etc/resolv.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc
cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/
cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl/ca-bundle.pem

Of course this was not persistent. So I created my Dockerfile to be used in my docker-compose.yml:

FROM gitlab/gitlab-ce:latest

# gitlab pages daemon could not resolve DNS anymore. This is a workauround.
RUN \
    mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl && \
    mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/ && \
    cp /etc/resolv.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc && \
    cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/ && \
    cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl/ca-bundle.pem

This solved the problem for me. But this really is a workaround. Is there a “real” solution?

Thank you very much.

Yep, we had a similar issue, although the specific error message was different:

{"correlation_id":"01F8VZQRVA59SKFDYKHH7AXNVP",
"error":"Get \"https://XXX/api/v4/internal/pages?host=XXX\": dial tcp: lookup XXX on [::1]:53: dial udp [::1]:53: connect: network is unreachable",
"host":"XXX",
"level":"error","msg":"could not fetch domain information from a source",
"path":"XXX","time":"2021-06-23T08:28:12Z"}

Additionally, the pages logs had this cryptic log message:

{"error":"operation not permitted","level":"info","msg":"unsharing mount namespace","time":"2021-06-23T09:13:45Z"}

Executing the commands above like you suggested fixed the error for us. Perhaps the correct way forward is to open an issue in Issues · GitLab.org / omnibus-gitlab · GitLab ?

Hi there,

Copying the /etc/ssl/ folder along with /etc/resolv.conf, /etc/nsswitch.conf and /etc/hosts to the same place as pages_path (e.g. /var/opt/gitlab/gitlab-rails/shared/pages/) will allow Pages to work in chroot mode for Docker installations.

Please refer to GitLab Pages migration feedback (#331699) · Issues · GitLab.org / GitLab · GitLab for more information/feedback regarding the latest upgrade.