Problems with GitLab-CE self-managed installation on AD domain joined Linux server

panc · January 10, 2024, 12:34pm

I’m trying to install gitlab-ce on an active directory domain joined Linux server. It’s installed but some/most (varies upon reboot) gitlab services are not started; to be more accurate, it seems that they delay way too much (a couple of hours until the web interface is up for example). No customizations, standard setup according to gitlab’s instructions.

Local users needed by gitlab installation are created, I’m wondering if they are looked up in active directory. An error I could locate in the logs is .socket files that are not created.

I tried to install gitlab-ee also, same behaviour.

To rule out other possible causes, I repeated the installation on a cloned VM, same config and specs, but not joined to domain; gitlab-ce was installed without problems.

Errors returned after initial installation:

== Seed from /opt/gitlab/embedded/service/gitlab-rails/db/fixtures/production/010_settings.rb
Could not save CI JWT signing key

--> Help page documentation base url is blocked: execution expired
--> Diagramsnet url is blocked: execution expired
--> Public runner releases url is blocked: execution expired
STDERR:
---- End output of "bash"  ----
Ran "bash"  returned 1
warning: %posttrans(gitlab-ce-16.7.0-ce.0.el8.x86_64) scriptlet failed, exit status 1

panc · January 24, 2024, 7:32am

For anybody having similar problem: The issue seems to be network connectivity, not AD domain membership! After adding gitlab-ce repo, I downloaded the package instead of installing it. Next step, disconnected server from network by unplugging the (virtual) cable. Afterwards the installation went smoothly.

Some info on the enterprise network setup. Proxy server to access the internet, DNS servers do not resolve internet urls-addresses. Could these produce the problem? I didn’t investigate further.

panc · February 21, 2024, 9:33am

Yet the problem is not solved: gitlab-ce is installed by delays and I cannot change some preferences.
I suspect that due to being installed to a closed network, no Internet access, there are some connectivity issues. I still get in Preferences.

The form contains the following errors:

  · Help page documentation base url is blocked: execution expired
  · Diagramsnet url is blocked: execution expired
  · Public runner releases url is blocked: execution expired

Pravin123 · February 22, 2024, 11:05am

You are trying to install the gitlab or you have upgraded the gitlab.
Please tell me the Gitlab version also.

rypgl76 · March 5, 2024, 10:38pm

I came across a solution for this.

Disable integration by using gitlab-psql:

gitlab-psql

Should start a psql REPL

update application_settings set diagramsnet_enabled=false;
update application_settings set update_runner_versions_enabled=false;
\q

Once that is done, delete the documentation base url and save settings.
It should work fine after that.

Pravin123 · March 6, 2024, 12:06pm

Hi @rypgl76
I have upgraded the gitlab, after that I am not able to save the admin settings.
as I try to save the settings it gives me below errors:

The form contains the following errors:

Help page documentation base url is blocked: execution expired*
Diagramsnet url is blocked: execution expired*
Public runner releases url is blocked: execution expired*

I also raised the question on stackoverflow community below is the link.

Thanks in advance!!

rypgl76 · March 6, 2024, 12:35pm

I wasn’t too clear.

The solution is to run psql commands and directly change the boolean values for two of the properties. This is done via the gitlab-psql command.

gitlab-psql
update application_settings set diagramsnet_enabled=false;
update application_settings set update_runner_versions_enabled=false;
\q

Next delete the help page url manually from the application.

Pravin123 · March 18, 2024, 4:49am

Hi @rypgl76 My issue is resolved by the following the above solution.
Thanks.

panc · April 2, 2024, 7:21am

Apparently @rypgl76 's solution seems to be the proper one. In the meantime I had solved the problem with this workaround:

I noticed using tcpdump that the gitlab server tried to connect to certain IPs to the internet. So I added these in /etc/hosts, since no internet dns resolving is possible inside the company network:

172.65.251.78 gitlab.com
35.185.44.232 docs.gitlab.com
104.22.70.207 embed.diagrams.net
104.22.71.207 embed.diagrams.net

In my setup, they still cannot be accessed, only resolved. This somehow had solved the issue. Nevertheless I executed the commands in psql as a more proper solution.

Thank you all!

panc · April 2, 2024, 7:22am

It’s a new installation, gitlab-ce 16.10.

stanhu · June 21, 2024, 3:29pm

This issue should be fixed in GitLab 17.2: Skip IP lookups in validating URLs on certain conditions (!156547) · Merge requests · GitLab.org / GitLab · GitLab