Differences between revisions 44 and 45
Revision 44 as of 2022-08-06 18:14:46
Size: 11256
Editor: ?OndrejZary
Comment:
Revision 45 as of 2022-08-06 20:43:19
Size: 12181
Editor: ?OndrejZary
Comment: Add info about puma in 13.x
Deletions are marked like this. Additions are marked like this.
Line 258: Line 258:
Gitlab now uses Puma web server instead of Unicorn.

gitlab-shell fails as it can't connect to 127.0.0.1:8080. Puma is not listening there, only on UNIX socket. Update /etc/default/gitlab to include -authSocket parameter in gitlab_workhorse_options
{{{
rails_socket="$socket_path/gitlab.socket"
gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080 -authSocket $rails_socket"
}}}

The sysvinit init script is broken - starts everything but times out waiting for sidekiq and puma. Puma handling can be easily fixed (see below), but Sidekiq is broken as it does not support writing PID files anymore.

To fix puma start and status, change /etc/default/gitlab:
{{{
web_server_pid_path="$pid_path/puma.pid"
}}}

To fix puma stop, change /usr/share/gitlab/bin/web_puma:
{{{
puma_pidfile="$app_root/tmp/puma.pid"
}}}

Now on Stretch + gitlab 8.13.x

Gitlab 8.13.11 was available in stretch, but it was not receiving any security updates and was removed in a point release. So it is recommended to update to newer versions from stretch-backports (see below: Step 0).

# apt install gitlab

It is recommended to upgrade to stretch-backports and then to buster to receive security updates.

Step 0: Moving to Stretch Backports + gitlab 11.4.9 from Stretch

Gitlab 11.4.9 is available in stretch-backports (still affected by some security issues, many security releases behind).

As packages in stretch-backports get updated, they could become incompatible with older Gitlab versions. Using snapshot.debian.org and picking a suitable date works around the problem.

Add to /etc/apt/sources.list

deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20190220T000000Z/ stretch-backports contrib main

Now install Gitlab 11.4.9 and gitaly (it's mandatory since Gitlab 9).

# apt -t stretch-backports install gitlab gitaly

If you're running sysvinit, disable gitaly in /etc/default/gitlab (gitaly has its own init script):

gitaly_enabled=false

If you don't use snapshot.debian.org, you will get an error Could not find gem 'carrierwave (= 1.2.3)' because the ruby-carrierwave package in stretch-backports was upgraded to version 1.3.1 which is incompatible with Gitlab 11.4.9.

Step 1: Moving to Stretch Backports + gitlab 11.5.x from 11.4.9

Gitlab 11.5.10 is available for stretch-backports via personal repo of gitlab maintainer (many security releases behind) from https://people.debian.org/~praveen/gitlab

Add to /etc/apt/sources.list

deb https://people.debian.org/~praveen/gitlab stretch-backports contrib main
deb http://deb.debian.org/debian stretch-backports contrib main

Add repo signing key as trusted,

# wget https://people.debian.org/~praveen/gitlab/praveen.key.new.asc
# apt-key add praveen.key.new.asc

Now install gitlab,

# apt -t stretch-backports install gitlab

If you got an error like yarn did not find a cache folder during installation, run this command

sudo -u gitlab mkdir -p /var/lib/gitlab/.cache/yarn/v4/

It is recommended to upgrade to buster and gitlab 11.x to receive security updates (see below: Step 2).

Note: Remove unnecessary packages after upgrade (remove ruby-bootsnap if you see strange load errors).

# apt remove rails npm ruby-bootsnap

Step 2: Moving to Buster Backports + gitlab 11.x from Stretch Backports

You should first upgrade to 11.11.8 version before you can install newer versions.

Update /etc/apt/sources.list and change stretch to buster and add a new entry for buster-fasttrack and gitlab-snapshots (it is a repo created to provide exact versions required for updating from stretch to buster). Remember to update the date in snapshot.debian.org entry.

deb http://deb.debian.org/debian buster contrib main
deb http://security.debian.org/ buster/updates contrib main
deb https://people.debian.org/~praveen/gitlab buster-backports contrib main
deb https://people.debian.org/~praveen/gitlab-snapshots buster-backports contrib main
deb https://people.debian.org/~praveen/gitlab buster-fasttrack contrib main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20200122T000000Z/ buster-backports contrib main

Add gitlab-snapshots repo signing key as trusted,

# wget https://people.debian.org/~praveen/gitlab-snapshots/praveen.key.asc -O - | apt-key add

If you get permission errors with /usr/share/gitlab/Gemfile.lock and /var/lib/gitlab/yarn-error.log, you can safely remove those two files.

If you get permission erros with /usr/share/gitlab/.bundle/config and /var/lib/gitlab/.ssh/authorized_keys change ownership of these files to gitlab user (if you chose a different user for gitlab, provide that name instead of gitlab)

# chown gitlab:gitlab /usr/share/gitlab/.bundle/config
# chown gitlab:gitlab /var/lib/gitlab/.ssh/authorized_keys

You may need to update postgresql-contrib package separately if you get errors related to postgresql service not running (make sure the new version is running on 5432 port). Use ss -aut command to list the running services.

Now update gitlab

# apt -t buster-backports install ruby-asciidoctor=1.5.8-1 asciidoctor=1.5.8-1
# apt -t buster-backports install gitlab gitaly=1.42.5+debian-1~bpo10+1 \
ruby-gitaly=1.37.0+dfsg-1~bpo10+1 ruby-default-value-for=3.1.1-3~bpo10+1 \
ruby-asciidoctor-plantuml=0.0.8-1 ruby-gitlab-sidekiq-fetcher=0.4.0-2~bpo10+1 \
ruby-asciidoctor=1.5.8-1 asciidoctor=1.5.8-1 ruby-prof=0.17.0+dfsg-3+b1 \
ruby-task-list=2.2.0-1~bpo10+1 ruby-asana=0.8.1-2~bpo10+1 \
ruby-github-linguist=6.4.0-2 ruby-prometheus-client-mmap=0.9.4-1 \
ruby-akismet=2.0.0-1 ruby-zip=1.2.2-1 \
ruby-state-machines-activerecord=0.5.1-2 ruby-rack-attack=4.4.1-1 \
ruby-chronic-duration=0.10.6-1 ruby-numerizer=0.1.1-1 ruby-chronic=0.10.2-3 \
ruby-mail-room=0.9.1-2 ruby-flipper=0.13.0-3 ruby-graphql=1.8.4-1 \
rake=12.3.1-3+deb10u1

If you got some errors during "Running final rake tasks and tweaks..." step, you may have to remove some obsolete configuration files (especially if you installed gitlab from stretch for the first time),

rm /usr/share/gitlab/config/initializers/0_license.rb
rm /usr/share/gitlab/config/initializers/0_thread_cache.rb
rm /usr/share/gitlab/config/initializers/active_record_query_cache.rb
rm /usr/share/gitlab/config/initializers/elastic_client_setup.rb
rm /usr/share/gitlab/config/initializers/geo.rb
rm /usr/share/gitlab/config/initializers/load_balancing.rb
rm /usr/share/gitlab/config/initializers/transaction_metrics.rb

If gitlab installation failed at restarting services, you may need a restart.

If unicorn does not start with in 'to_type_name': Unhandled to_type_name input:  (NilClass) (RuntimeError) and you see /usr/lib/ruby/vendor_ruby/graphql/schema/field.rb in the trace (in /var/log/gitlab/unicorn.stderr.log), make sure you have 1.8.4-1 version of the ruby-graphql package installed (1.9.16-1~bpo10+1 is not compatible).

If the installation failed at "Webpacking" stage, you can ignore the failure.

Now upgrade to gitlab 12.x following the instructions given below: Step 3.

Step 3: Moving to Buster + gitlab 12.x from Buster + gitlab 11.x

This step is required before you can upgrade to gitlab 13.x, as upstream supports only upgrading one major version at a time.

Note: Repository url and gpg signing key for personal repo of gitlab maintainer has changed.

Add transition repo which has gitlab 12.x. Remember to update the date in snapshot.debian.org entry. Additional snapshot.debian.org (experimental archive) is needed because gitlab 12 package was built with ruby 6.0.2.1 (and Bullseye version of ruby-railties conflicts with ruby-browser 2.5 required by gitlab 12).

deb https://people.debian.org/~praveen/gitlab-snapshots-12 buster-backports contrib main
deb https://people.debian.org/~praveen/gitlab-snapshots-12 buster-fasttrack contrib main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20200611T000000Z/ buster-backports main contrib
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20200505T000000Z/ experimental main contrib

and set up new signing key:

# wget https://people.debian.org/~praveen/gitlab-snapshots-12/praveen.key.new.asc -O - | apt-key add

Now install gitlab 12.x,

# apt -t buster-backports install gitlab=12.10.7-1+fto10+2 \
gitaly/buster-backports gitlab-common/buster-backports \
ruby-jira=1.7.1-1~bpo10+1 ruby-grape-entity=0.7.1-1 \
ruby-actioncable=2:6.0.2.1+dfsg-4 ruby-actionmailbox=2:6.0.2.1+dfsg-4 \
ruby-actionmailer=2:6.0.2.1+dfsg-4 ruby-actionpack=2:6.0.2.1+dfsg-4 \
ruby-actiontext=2:6.0.2.1+dfsg-4 ruby-actionview=2:6.0.2.1+dfsg-4 \
ruby-activejob=2:6.0.2.1+dfsg-4 ruby-activemodel=2:6.0.2.1+dfsg-4 \
ruby-activerecord=2:6.0.2.1+dfsg-4 ruby-activestorage=2:6.0.2.1+dfsg-4 \
ruby-activesupport=2:6.0.2.1+dfsg-4 ruby-aws-sdk=2.9.32-2 \
ruby-rails=2:6.0.2.1+dfsg-4 ruby-rails-i18n=6.0.0-2 \
ruby-railties=2:6.0.2.1+dfsg-4

If you're running sysvinit, set web server to Unicorn and disable sidekiq cluster mode in /etc/default/gitlab:

USE_UNICORN=1
SIDEKIQ_WORKERS=""

If the installation failed at "Webpacking" stage, you can ignore the failure.

Gitlab 12 cannot be installed as a new install. You'll get error schema.rb should not be used anymore, use structure.sql instead

Now update to gitlab 13.x. See Step 4.

Step 4: Move to Buster + gitlab 13.x from Buster + gitlab 12.x

If you're not running PostgreSQL 11, upgrade it now.

# apt install postgresql-contrib

and follow this guide https://blog.codetitans.pl/post/howto-migrate-postgresql-9-6-to-11-5/

Upgrade will fail if postgresql database is not upgraded.

New repo is,

deb https://people.debian.org/~praveen/gitaly buster-backports contrib main
deb https://people.debian.org/~praveen/gitaly buster-fasttrack contrib main

Make sure buster-backports repository is enabled too

deb http://deb.debian.org/debian buster-backports contrib main

Delete this file or you'll get error NameError: uninitialized constant Gitlab::ThreadMemoryCache

# rm /usr/share/gitlab/config/initializers/0_thread_cache.rb

yarnpkg 2.4.2 must be downloaded manually or you'll get error An unexpected error occurred: "Release not found: 2.4.2".

# runuser -u gitlab -- sh -c 'cd /var/lib/gitlab && wget https://repo.yarnpkg.com/2.4.2/packages/yarnpkg-cli/bin/yarn.js && node yarn.js set version 2.4.2 && rm yarn.js'

Delete this directory or webpack will fail with various errors

# rm -rf /var/lib/gitlab/.node_modules/

Now upgrade to 13.12.9

# apt install gitlab-apt-pin-preferences
# apt -t buster-fasttrack install gitlab=13.12.9+ds1-1~fto10+1 gitaly \
gitlab-workhorse=13.12.9+ds1-1~fto10+1 libjs-pdf=2.6.347+dfsg-3~bpo10+1 \
ruby-pg ruby-version-sorter ruby-ed25519 ruby-bcrypt-pbkdf ruby-redcloth \
ruby-rinku ruby-stackprof ruby-posix-spawn ruby-nio4r ruby-hitimes \
ruby-json ruby-ffi ruby-fast-blank ruby-unf-ext ruby-unicode \
ruby-timfel-krb5-auth ruby-prof ruby-concurrent-ext ruby-escape-utils \
ruby-rbtrace ruby-vmstat ruby-enumerable-statistics ruby-atomic \
ruby-gitlab-fog-azure-rm ruby-raindrops ruby-gpgme ruby-murmurhash3 \
ruby-msgpack ruby-websocket-driver ruby-redcarpet node-source-map \
ruby-regexp-property-values ruby-ms-rest-azure=0.12.0-2~bpo10+1 \
pdf.js-common=2.6.347+dfsg-3~bpo10+1 ruby-ms-rest=0.7.6-2~bpo10+1 \
ruby-timeliness=0.3.10-2~bpo10+1

Gitlab now uses Puma web server instead of Unicorn.

gitlab-shell fails as it can't connect to 127.0.0.1:8080. Puma is not listening there, only on UNIX socket. Update /etc/default/gitlab to include -authSocket parameter in gitlab_workhorse_options

rails_socket="$socket_path/gitlab.socket"
gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080 -authSocket $rails_socket"

The sysvinit init script is broken - starts everything but times out waiting for sidekiq and puma. Puma handling can be easily fixed (see below), but Sidekiq is broken as it does not support writing PID files anymore.

To fix puma start and status, change /etc/default/gitlab:

web_server_pid_path="$pid_path/puma.pid"

To fix puma stop, change /usr/share/gitlab/bin/web_puma:

puma_pidfile="$app_root/tmp/puma.pid"

Now continue to gitlab/buster.