Upgrade self-managed 16.11.2 --> 17.00.1 "detected dubious ownership in repository at"

How to Use GitLab Upgrade
1

Hello All,

Problem to solve

Self-hosted Gitlab Instance installed in Kubernetes via official Helm chart.

Upgrading from 16.11.2. → 17.00.1

Upgrading is going well , and everything is green but when i execute
git pull on my local machine or from anywhere
i am getting following error and cant use Gitlab at all . So i have to rollback to previous version (16.11.2) and everything is working as expected

git pull
fatal: detected dubious ownership in repository at '/home/git/repositories/@hashed/45/23/4523540f1504cd17100c4835e85b7eefd49911580f8efff0599a8f283be6b9e3.git'
To add an exception for this directory, call:

        git config --global --add safe.directory /home/git/repositories/@hashed/45/23/4523540f1504cd17100c4835e85b7eefd49911580f8efff0599a8f283be6b9e3.git
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Steps to reproduce

helm upgrade gitlab gitlab/gitlab -f values.yaml

values.yaml is attached at the end of the post

Configuration

  • [-] Self-managed
    vanilla installation , with external postgres ,

helm chart values.yaml

 
############ GLOBASL ###############
global:
  appConfig:
    omniauth:
        enabled: true
        autoLinkLdapUser: true
        blockAutoCreatedUsers: false
        allowSingleSignOn: true
        providers: 
        - secret: azure-provider
          key: azure-provider.yaml

  smtp:
    enabled: true
    address: "*****************"
    port: 25
    starttls_auto: true
    authentication: ""
  
  email:
    from: "gitlab@*************"
    display_name: **************
    reply_to: "noreply@****************"

  psql:
    database: gitlab
    host: gitgres.gitlab
    username: postgres
    password:
      secret: psql-pass
      key: password

  hosts:
    domain: ***************
    externalIP: 192.168.77.20
    https: true
    ssh: ssh.gitlab.********************

  kas:
    tls:
      enabled: true
      secretName: kas.**************-certificate
      caSecretName: secret-custom-ca-**********
      
    
  registry:
    enabled: true

  ingress:
    tls:
      enabled: true
    class: nginx
    configureCertmanager: false
    annotations:
      cert-manager.io/cluster-issuer: ***********-ca
      cert-manager.io/duration: "2190h" # 3 months
      cert-manager.io/renew-before: "72h" # 1 day

  certificates:
    customCAs:
    - secret: secret-custom-ca-****************

  redis:
    storageClass: "longhorn"

certmanager:
  install: false
nginx-ingress: &nginx-ingress
  enabled: false
prometheus:
  install: false
gitlab-runner:
  install: false
postgresql:
  install: false
 enabled: false

registry:
  ingress:
    annotations:
      cert-manager.io/common-name: registry.************
    tls:
      secretName: registry.***********-certificate

minio:
  persistence:
     storageClass: nfs-client
     size: 2000Gi
  ingress:
    annotations:
      cert-manager.io/common-name: minio.********************
    tls:
      secretName: minio.***************-certificate


gitlab:
  gitlab-shell:
    service:
      type: LoadBalancer
      externalPort: 22
      loadBalancerIP: 192.168.77.23
  gitaly:
    persistence:
      size: 2000Gi
  webservice:
    workhorse:
      metrics:
        serviceMonitor:
          enabled: "true"
          additionalLabels:
            release: monitoring-stack
    metrics:
      serviceMonitor:
        enabled: "true"
        additionalLabels:
          release: monitoring-stack
    ingress:
      annotations:
        cert-manager.io/common-name: gitlab.*************
      tls:
        secretName: gitlab.*************
  kas:
    ingress:
      annotations:
        cert-manager.io/common-name: kas.**********************
      tls:
        secretName: kas.*****************-certificate

  toolbox:
    backups:
      cron:
        enabled: true
        failedJobsHistoryLimit: 1
        schedule: "0 */6 * * *"
        persistence:
          enabled: true
          accessMode: ReadWriteOnce
          size: 1000Gi
    persistence:
      enabled: true
      accessMode: ReadWriteOnce
      size: 1000Gi

Any hint will be valuable . Thank you guys :slight_smile: :bowing_man:

2

i’m having the exact same issue after upgrading to 17 and I have no idea where to start, did you ever figure this out?. I thought i screwed up the upgrade so I actually completely wiped Gitlab off my kubernetes cluster and reinstalled fresh and it’s still saying that.

3

Same problem here too, after upgrading to 17 and completely wiping Gitlab from my k3s cluster and reinstalling from scratch.
The various combinations of git config --global --add safe.directory do not help

☁  gitlab-ce-kustomization [hotfix/0.0.1] ⚡  helm list -A
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                                   APP VERSION
gitlab          gitlab          1               2024-07-25 16:52:55.527647566 +0000 UTC deployed        gitlab-8.2.1                            v17.2.1

 ☁  gitlab-ce-kustomization [hotfix/0.0.1] ⚡  git clone ssh://git@gitlab.ramos.cloud:2222/environment/teste.git
Cloning into 'teste'...
fatal: detected dubious ownership in repository at '/home/git/repositories/@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git'
To add an exception for this directory, call:

        git config --global --add safe.directory /home/git/repositories/@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

{"component": "gitaly","subcomponent":"gitaly","command.count":1,"command.cpu_time_ms":0,"command.inblock":0,"command.majflt":0,"command.maxrss":349860,"command.minflt":133,"command.oublock":0,"command.real_time_ms":3,"command.spawn_toke
n_fork_ms":0,"command.spawn_token_wait_ms":0,"command.system_time_ms":0,"command.user_time_ms":0,"component":"gitaly.UnaryServerInterceptor","correlation_id":"01J3QQN9BD93J90AV3853G67MA","error":"running upload-pack: cmd wait: exit statu
s 128, stderr: \"fatal: detected dubious ownership in repository at '/home/git/repositories/@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git'\\nTo add an exception for this directory, call:\\n\\n\\tgit c
onfig --global --add safe.directory /home/git/repositories/@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35.git\\n\"","grpc.code":"Internal","grpc.meta.auth_version":"v2","grpc.meta.client_name":"gitlab-shel
l-git-upload-pack","grpc.meta.deadline_type":"none","grpc.meta.method_operation":"accessor","grpc.meta.method_scope":"repository","grpc.meta.method_type":"unary","grpc.method":"SSHUploadPackWithSidechannel","grpc.request.fullMethod":"/gi
taly.SSHService/SSHUploadPackWithSidechannel","grpc.request.glProjectPath":"environment/teste","grpc.request.glRepository":"project-2","grpc.request.payload_bytes":201,"grpc.request.repoPath":"@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d
03019c07d8b6c51f90da3a666eec13ab35.git","grpc.request.repoStorage":"default","grpc.response.payload_bytes":0,"grpc.service":"gitaly.SSHService","grpc.start_time":"2024-07-26T14:38:30.829","grpc.time_ms":5.747,"level":"error","msg":"finis
hed unary call with code Internal","pid":17,"remote_ip":"10.42.2.2","span.kind":"server","system":"grpc","time":"2024-07-26T14:38:30.835Z","user_id":"user-2","username":"madson.ramos"}