RHEL 8 Self-Managed Installation Fails on Reconfigure -- semodule

nasadan · April 25, 2024, 12:40pm

I am trying to install GitLab on a RHEL 8.9 server.

The first problem is that I am behind a proxy that won’t let me get to the ultimate location of the repositories. Too many redirects.

Then, the script seems to be unable to deal with RHEL 8.

It tries to install pygpgme, which is unavailable past RHEL 7
It tries and fails to install “yum-utils”. I do not know why it fails as that package is available.

Here’s the script’s output:

Detected operating system as rhel/8.
Checking for curl...
Detected curl...
Downloading repository file: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/config_file.repo?os=rhel&dist=8&source=script
done.
Installing pygpgme to verify GPG signatures...
Updating Subscription Management repositories.
Extra Packages for Enterprise Linux 8 - x86_64                                           42 kB/s |  26 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                                          1.0 MB/s |  16 MB     00:16    
gitlab_gitlab-ee-source                                                                 0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'gitlab_gitlab-ee-source':
  - Curl error (56): Failure when receiving data from the peer for https://d20rj4el6vkp4c.cloudfront.net/empty/rpm/repomd.xml?t=1714045485_2613ad2605241222a791fa6ecdd3b8b2971f0123 [Received HTTP code 403 from proxy after CONNECT]
Error: Failed to download metadata for repo 'gitlab_gitlab-ee-source': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

WARNING: 
The pygpgme package could not be installed. This means GPG verification is not possible for any RPM installed on your system. 
To fix this, add a repository with pygpgme. Usualy, the EPEL repository for your system will have this. 
More information: https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F

Installing yum-utils...
Updating Subscription Management repositories.
gitlab_gitlab-ee-source                                                                 0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'gitlab_gitlab-ee-source':
  - Curl error (56): Failure when receiving data from the peer for https://d20rj4el6vkp4c.cloudfront.net/empty/rpm/repomd.xml?t=1714045488_e6172bd52223b12cc35df549a1636459f0f7187f [Received HTTP code 403 from proxy after CONNECT]
  - Curl error (56): Failure when receiving data from the peer for https://d20rj4el6vkp4c.cloudfront.net/empty/rpm/repomd.xml?t=1714045489_a71014ea31a4c46b495fb7902afad784d9e2d971 [Received HTTP code 403 from proxy after CONNECT]
Error: Failed to download metadata for repo 'gitlab_gitlab-ee-source': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

WARNING: 
The yum-utils package could not be installed. This means you may not be able to install source RPMs or use other yum features.

Generating yum cache for gitlab_gitlab-ee...
Error: Failed to download metadata for repo 'gitlab_gitlab-ee': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Generating yum cache for gitlab_gitlab-ee-source...
Error: Failed to download metadata for repo 'gitlab_gitlab-ee-source': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

The repository is setup! You can now install packages.

I am downloading the RPM’s to try a manual, local install.

nasadan · April 25, 2024, 1:04pm

This is getting very frustrating.

The reconfigure failed.

Recipe: gitlab::selinux
  * execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] action run
    [execute] libsepol.context_from_record: type gitlab_shell_t is not defined (No such file or directory).
              libsepol.context_from_record: could not create context structure (Invalid argument).
              libsemanage.validate_handler: invalid context system_u:object_r:gitlab_shell_t:s0 specified for /var/opt/gitlab/.ssh(/.*)? [all files] (Invalid argument).
              libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
              semodule:  Failed!
    
    ================================================================================
    Error executing action `run` on resource 'execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp]'
    ================================================================================

---- Begin output of semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp ----
STDOUT: 
STDERR: libsepol.context_from_record: type gitlab_shell_t is not defined (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context system_u:object_r:gitlab_shell_t:s0 specified for /var/opt/gitlab/.ssh(/.*)? [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
semodule:  Failed!
---- End output of semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp ----

Why does the package contain RHEL 7 SELinux-PP files and not RHEL 8 ?

I listed the RPM contents.
Only /opt/gitlab/embedded/selinux/rhel/7/
No /opt/gitlab/embedded/selinux/rhel/8/

What am I supposed to do with this now ?
How might I define gitlab_shell_t ?

nasadan · April 25, 2024, 6:26pm

Created an issue: RHEL 8 Installation Fails in Multiple Places (#458268) · Issues · GitLab.org / GitLab · GitLab

gitlab-greg · April 26, 2024, 4:44pm

These issues seem relevant to the problem you’re having:

nasadan · April 30, 2024, 2:23pm

I got past the SELinux stuff.

Now I think it is failing trying to migrate a database that does not exist.