Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/administration/raketasks/check.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/raketasks/check.md')
-rw-r--r--doc/administration/raketasks/check.md48
1 files changed, 48 insertions, 0 deletions
diff --git a/doc/administration/raketasks/check.md b/doc/administration/raketasks/check.md
index 9ced19b53b7..ec28b6bee67 100644
--- a/doc/administration/raketasks/check.md
+++ b/doc/administration/raketasks/check.md
@@ -283,6 +283,54 @@ I, [2020-06-11T17:18:15.575711 #27148] INFO -- : Done!
<!-- vale gitlab.SentenceSpacing = YES -->
+## Reset encrypted tokens when they can't be recovered
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131893) in GitLab 16.6.
+
+WARNING:
+This operation is dangerous and can result in data-loss. Proceed with extreme caution.
+You must have knowledge about GitLab internals before you perform this operation.
+
+In some cases, encrypted tokens can no longer be recovered and cause issues.
+Most often, runner registration tokens for groups and projects might be broken on very large instances.
+
+To reset broken tokens:
+
+1. Identify the database models that have broken encrypted tokens. For example, it can be `Group` and `Project`.
+1. Identify the broken tokens. For example `runners_token`.
+1. To reset broken tokens, run `gitlab:doctor:reset_encrypted_tokens` with `VERBOSE=true MODEL_NAMES=Model1,Model2 TOKEN_NAMES=broken_token1,broken_token2`. For example:
+
+ ```shell
+ VERBOSE=true MODEL_NAMES=Project,Group TOKEN_NAMES=runners_token bundle exec rake gitlab:doctor:reset_encrypted_tokens
+ ```
+
+ You will see every action this task would try to perform:
+
+ ```plain
+ I, [2023-09-26T16:20:23.230942 #88920] INFO -- : Resetting runners_token on Project, Group if they can not be read
+ I, [2023-09-26T16:20:23.230975 #88920] INFO -- : Executing in DRY RUN mode, no records will actually be updated
+ D, [2023-09-26T16:20:30.151585 #88920] DEBUG -- : > Fix Project[1].runners_token
+ I, [2023-09-26T16:20:30.151617 #88920] INFO -- : Checked 1/9 Projects
+ D, [2023-09-26T16:20:30.151873 #88920] DEBUG -- : > Fix Project[3].runners_token
+ D, [2023-09-26T16:20:30.152975 #88920] DEBUG -- : > Fix Project[10].runners_token
+ I, [2023-09-26T16:20:30.152992 #88920] INFO -- : Checked 11/29 Projects
+ I, [2023-09-26T16:20:30.153230 #88920] INFO -- : Checked 21/29 Projects
+ I, [2023-09-26T16:20:30.153882 #88920] INFO -- : Checked 29 Projects
+ D, [2023-09-26T16:20:30.195929 #88920] DEBUG -- : > Fix Group[22].runners_token
+ I, [2023-09-26T16:20:30.196125 #88920] INFO -- : Checked 1/19 Groups
+ D, [2023-09-26T16:20:30.196192 #88920] DEBUG -- : > Fix Group[25].runners_token
+ D, [2023-09-26T16:20:30.197557 #88920] DEBUG -- : > Fix Group[82].runners_token
+ I, [2023-09-26T16:20:30.197581 #88920] INFO -- : Checked 11/19 Groups
+ I, [2023-09-26T16:20:30.198455 #88920] INFO -- : Checked 19 Groups
+ I, [2023-09-26T16:20:30.198462 #88920] INFO -- : Done!
+ ```
+
+1. If you are confident that this operation resets the correct tokens, disable dry-run mode and run the operation again:
+
+ ```shell
+ DRY_RUN=false VERBOSE=true MODEL_NAMES=Project,Group TOKEN_NAMES=runners_token bundle exec rake gitlab:doctor:reset_encrypted_tokens
+ ```
+
## Troubleshooting
The following are solutions to problems you might discover using the Rake tasks documented
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 15:25:33 +0300