Gitlab 迁移/升级后部分页面500

表现

在保存管理员设置时，或访问 Repo 的 CI/CD 页面时 500 错误 查看 Monitoring -> Log -> production.log 时，日志如下

OpenSSL::Cipher::CipherError ():

lib/gitlab/crypto_helper.rb:27:in `aes256_gcm_decrypt'
<...后略...>

原因

db 中有部分字段是被 secret 加密的 因为 secret token 在迁移/升级过程中没有正确备份并恢复导致了该问题 如果token还在，可以重新设置为正确的token，然后重启Gitlab 如果token不在了，可以清空相关的字段数据:

-- Check tokens
SELECT runners_token, runners_token_encrypted FROM projects;
SELECT runners_token, runners_token_encrypted FROM namespaces;
SELECT runners_registration_token_encrypted FROM application_settings;
SELECT token, token_encrypted FROM ci_runners;
SELECT token, token_encrypted FROM ci_builds;

-- Clear project tokens
UPDATE projects SET runners_token = null, runners_token_encrypted = null;
-- Clear group tokens
UPDATE namespaces SET runners_token = null, runners_token_encrypted = null; 
-- Clear instance tokens
UPDATE application_settings SET runners_registration_token_encrypted = null;
-- Clear runner tokens
UPDATE ci_runners SET token = null, token_encrypted = null;
-- Clear build tokens
UPDATE ci_builds SET token = null, token_encrypted = null;

参考

https://docs.gitlab.com/ee/raketasks/backup_restore.html#when-the-secrets-file-is-lost https://gitlab.com/gitlab-org/gitlab-foss/-/issues/59623 https://gitlab.com/gitlab-org/gitlab-foss/-/issues/56403 https://gitlab.com/gitlab-org/gitlab-foss/-/issues/55596