Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
GitLab error OpenSSL::Cipher::CipherError () in app/controllers/admin/application_settings_controller.rb:40:in `update'

The issue

It happened after secrets file was lost during GitLab upgrade.

The case described in documentation When the secrets file is lost

But not completely clear.

From log file /var/log/gitlab/gitlab-rails/production.log:

Started PATCH "/admin/application_settings" for ::1 at 2019-08-01 17:14:35 +0200
Processing by Admin::ApplicationSettingsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "application_setting"=>{"allow_local_requests_from_hooks_and_services"=>"[FILTERED]"}}
Completed 500 Internal Server Error in 47ms (ActiveRecord: 20.2ms)
  
OpenSSL::Cipher::CipherError ():
  
lib/gitlab/crypto_helper.rb:27:in `aes256_gcm_decrypt'
app/models/concerns/token_authenticatable_strategies/encrypted.rb:55:in `get_token'
app/models/concerns/token_authenticatable_strategies/base.rb:27:in `ensure_token'
app/models/concerns/token_authenticatable_strategies/encrypted.rb:42:in `ensure_token'
app/models/concerns/token_authenticatable.rb:38:in `block in add_authentication_token_field'
app/services/application_settings/update_service.rb:18:in `execute'
app/controllers/admin/application_settings_controller.rb:40:in `update'

Issue reported on bug tracker (I just found it)

Getting 500 Internal error on /admin/application_settings after Gitlab upgrade [11.5.2->11.6.2]

Solution

Solution has been provided in one of the comments:

sudo gitlab-rails c


-------------------------------------------------------------------------------------
 GitLab:       11.7.0 (1d9280e)
 GitLab Shell: 8.4.4
 postgresql:   9.6.11
-------------------------------------------------------------------------------------
Loading production environment (Rails 5.0.7.1)
irb(main):001:0> 
irb(main):002:0> 
irb(main):003:0> settings = ApplicationSetting.last
......
irb(main):004:0> settings.update_column(:runners_registration_token_encrypted, nil)
=> true
irb(main):005:0> exit

gitlab-ctl restart

Proof:

Started PATCH "/admin/application_settings" for ::1 at 2019-08-01 17:52:17 +0200
Processing by Admin::ApplicationSettingsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "application_setting"=>{"allow_local_requests_from_hooks_and_services"=>"[FILTERED]"}}
Redirected to https://gitlab.company.com/admin/application_settings/network
Completed 302 Found in 64ms (ActiveRecord: 25.9ms)
@alexpts
Copy link

alexpts commented Sep 4, 2021

Me help reset:
settings.update_column(:runners_registration_token_encrypted, nil)
settings.update_column(:encrypted_ci_jwt_signing_key, nil)

@mbogner
Copy link

mbogner commented Feb 28, 2022

sudo gitlab-rails c
settings = ApplicationSetting.last
settings.update_column(:runners_registration_token_encrypted, nil)
settings.update_column(:encrypted_ci_jwt_signing_key, nil)
settings.save!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment