Gitlab-ctl reconfigure fails at gitlab::selinux module

We’re running an instance of Gitlab Omnibus CE on a CentOS 7 VM. It was recently updated to the 8.15.X release family from 8.14. However, I believe that some of the migrations weren’t done properly, because running gitlab-ctl reconfigure fails, and the Gitlab browser interface throws error 500.

Here’s a sample of the error output I get when running gitlab-ctl reconfigure:

Recipe: gitlab::selinux

  • execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] action run
    [execute] /etc/selinux/final/targeted/contexts/files/file_contexts.local: line 4 error due to: Non-ASCII characters found
    /etc/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
    libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
    semodule: Failed!

    ================================================================================
    Error executing action run on resource ‘execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp]’

    Mixlib::ShellOut::ShellCommandFailed

    Expected process to exit with [0], but received ‘1’
    ---- Begin output of semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp ----
    STDOUT:
    STDERR: /etc/selinux/final/targeted/contexts/files/file_contexts.local: line 4 error due to: Non-ASCII characters found
    /etc/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
    libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
    semodule: Failed!
    ---- End output of semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp ----
    Ran semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp returned 1

    Resource Declaration:

    In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/selinux.rb

    20: execute “semodule -i /opt/gitlab/embedded/selinux/rhel/7/#{ssh_keygen_module}.pp” do
    21: not_if “getenforce | grep Disabled”
    22: not_if “semodule -l | grep ‘^#{ssh_keygen_module}\s’”
    23: end
    24: end

    Compiled Resource:

    Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/selinux.rb:20:in `from_file’

    execute(“semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp”) do
    action [:run]
    retries 0
    retry_delay 2
    default_guard_interpreter :execute
    command “semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp”
    backup 5
    returns 0
    declared_type :execute
    cookbook_name “gitlab”
    recipe_name “selinux”
    not_if “getenforce | grep Disabled”
    not_if “semodule -l | grep ‘^gitlab-7.2.0-ssh-keygen\s’”
    end

    Platform:

    x86_64-linux

Running handlers:
Running handlers complete
Chef Client failed. 3 resources updated in 11 seconds

Any ideas?

OK - I got around this temporarily by commenting out the directives in /opt/gitlab/embedded/cookbooks/gitlab/recipes/selinux.rb.

I was able to successfully run gitlab-ctl reconfigure. I also ran gitlab-ctl pg-upgrade to migrate to the latest release of Postgres.

However, I’m still getting Error 500 when I try to visit the Gitlab browser interface. Here’s some sample log output I grabbed with gitlab-ctl tail. It seems to have to do with Postgresql, but I don’t know how I’d go about fixing it…

http://pastebin.com/VDMk0eKr

This is a bit old so hopefully you found a workaround. But for those coming after, the suggested install exclude a required dependency - policycoreutils-python. Installing this got mine to work on Oracle Linux so hopefully it works for CentOS.