docker-gitlab: [Sign In/Sign Out - v14.0.0] Problem with Ruby on Sign In and Sign out

Based on your suggestion, I’m using one additional entry in the file docker-compose.yml as an environmental variable (see README.md in the root of this repository):

    environment:
      - ...
      - RACK_ATTACK_ENABLED=false

So far, after this additional configuration (and after restarting the gitlab microservices) any sign in/sign out works without any issues. However, this is just a temporary workaround.

Was now also mentioned in official gitlab issue tracker: https://gitlab.com/gitlab-org/gitlab/-/issues/334681

(Since someone linked this ticket in there, I guess a “link back” to the gitlab issue tracker might be helpful as well)

I noticed that updating config/initializers/rack_attack.rb to the version from the repository helps in our source based installation, perhaps it might be useful here too (see gitlab bug).

According to https://gitlab.com/gitlab-org/gitlab/-/issues/334681#note_624402042,

Disabling Rack Attack fixes the issue (but is obviously only a temporary workaround).

The next question (until the issue is fixed upstream) is how to disable this in docker-gitlab, I’ll have a try later today if possible.

According to a comment updating the config/initializers/rack_attack.rb file fixes the issue.

Source: https://gitlab.com/gitlab-org/gitlab/-/issues/334681#note_641824184

Can the issue be fixed by overriding the file during the docker build?

Thanks for the tip!

@sameersbn and @solidnerd do you think that template file can be replaced or reduced without major problems?

@omueller logs are the same

Started POST "/users/sign_in" for 10.60.12.152 at 2021-07-12 07:21:47 +0000

ArgumentError (marshal data too short):

lib/gitlab/middleware/read_only/controller.rb:50:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/same_site_cookies.rb:27:in `call'
lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:21:in `call'
config/initializers/fix_local_cache_middleware.rb:11:in `call'
lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:74:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'
Started GET "/favicon.ico" for 10.60.12.152 at 2021-07-12 07:21:47 +0000

I apologize. While browsing the contents of docker-compose.yml, I noticed that the RACK_ATTACK_ENABLED variable is being overridden twice. Removed duplicate entry.

+1, same issue here (sometimes just after login, sometimes only after 2FA validation), also after 14.0.5 upgrade.

It should have been fixed in #2426.

+1 for @taladar , Removing installation of rack_attack.rb works for me (tested on self build image based on sameersbn/gitlab:14.0.0 and sameersbn/gitlab:14.1.1-1, still working for a few days).

Not sure anything will happen here unfortunately… On gitlab, the issue was tagged as: “Backlog - Issues that we want to do but are not planned right now. Open for contribution from the community.”, with 26’002 other issues of the same category.

14.0.6 will most probably also do nothing here (https://about.gitlab.com/releases/2021/07/20/gitlab-14-0-6-released/). The temporary workaround will need to remain a bit longer…