We’re running an instance of Gitlab Omnibus CE on a CentOS 7 VM. It was recently updated to the 8.15.X release family from 8.14. However, I believe that some of the migrations weren’t done properly, because running gitlab-ctl reconfigure fails, and the Gitlab browser interface throws error 500.

Here’s a sample of the error output I get when running gitlab-ctl reconfigure:

Recipe: gitlab::selinux

• execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] action run
  [execute] /etc/selinux/final/targeted/contexts/files/file_contexts.local: line 4 error due to: Non-ASCII characters found
  /etc/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
  libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
  semodule: Failed!

  ================================================================================
  Error executing action run on resource ‘execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp]’

  Mixlib::ShellOut::ShellCommandFailed

  Expected process to exit with [0], but received ‘1’
  ---- Begin output of semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp ----
  STDOUT:
  STDERR: /etc/selinux/final/targeted/contexts/files/file_contexts.local: line 4 error due to: Non-ASCII characters found
  /etc/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
  libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
  semodule: Failed!
  ---- End output of semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp ----
  Ran semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp returned 1

  Resource Declaration:

  In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/selinux.rb

  20: execute “semodule -i /opt/gitlab/embedded/selinux/rhel/7/#{ssh_keygen_module}.pp” do
  21: not_if “getenforce | grep Disabled”
  22: not_if “semodule -l | grep ‘^#{ssh_keygen_module}\s’”
  23: end
  24: end

  Compiled Resource:

  Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/selinux.rb:20:in `from_file’

  execute(“semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp”) do
  action [:run]
  retries 0
  retry_delay 2
  default_guard_interpreter :execute
  command “semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp”
  backup 5
  returns 0
  declared_type :execute
  cookbook_name “gitlab”
  recipe_name “selinux”
  not_if “getenforce | grep Disabled”
  not_if “semodule -l | grep ‘^gitlab-7.2.0-ssh-keygen\s’”
  end

  Platform:

  x86_64-linux

Running handlers:
Running handlers complete
Chef Client failed. 3 resources updated in 11 seconds

Any ideas?

OK - I got around this temporarily by commenting out the directives in /opt/gitlab/embedded/cookbooks/gitlab/recipes/selinux.rb.

I was able to successfully run gitlab-ctl reconfigure. I also ran gitlab-ctl pg-upgrade to migrate to the latest release of Postgres.

However, I’m still getting Error 500 when I try to visit the Gitlab browser interface. Here’s some sample log output I grabbed with gitlab-ctl tail. It seems to have to do with Postgresql, but I don’t know how I’d go about fixing it…

http://pastebin.com/VDMk0eKr

This is a bit old so hopefully you found a workaround. But for those coming after, the suggested install exclude a required dependency - policycoreutils-python. Installing this got mine to work on Oracle Linux so hopefully it works for CentOS.