Skip to content

GitLab

GUI: Your account has been blocked

Unblock account by CLI:

gitlab-rails console -e production

user = User.where(id: 1).first
user.activate!

Unlock user

Vendor: https://docs.gitlab.com/ee/security/unlock_user.html

gitlab-rails console -e production
# 1 - user ID
user = User.where(id: 1).first
user. unlock_access!

Connect to DB console

# case 1
sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h /var/opt/gitlab/postgresql/ gitlabhq_production
# case 2
sudo gitlab-rails dbconsole

Disable 2FA for all accounts

gitlab-rails runner 'User.update_all(otp_required_for_login: false, encrypted_otp_secret: "")'
# disable settings in database
gitlab-psql
update application_settings set require_two_factor_authentication=false where id=1;

Reset root password

https://docs.gitlab.com/ee/security/reset_user_password.html?tab=Linux+package+%28Omnibus%29

sudo gitlab-rake "gitlab:password:reset"

Gitlab in docker

docker-compose.yml 

services:
  gitlab:
    image: 'gitlab/gitlab-ce:16.9.1-ce.0'
    restart: unless-stopped
    hostname: 'gitlab'
    container_name: gitlab
    volumes:
      - ./etc:/etc/gitlab
      - ./logs:/var/log/gitlab
      - ./data:/var/opt/gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.loc'
    ports:
      - '80:80'
      - '2222:22'
      - '443:443'

get initial root password 

docker exec -it gitlab 'cat /etc/gitlab/initial_root_password'

Files 

├── artifacts.tar.gz
├── backup_information.yml
├── builds.tar.gz
├── db
   └── database.sql.gz
├── lfs.tar.gz
├── packages.tar.gz
├── pages.tar.gz
├── terraform_state.tar.gz
└── uploads.tar.gz

Table users

gitlabhq_production=# SELECT column_name, data_type, character_maximum_length FROM information_schema.columns WHERE table_name = 'users';
                 column_name                  |          data_type          | character_maximum_length 
----------------------------------------------+-----------------------------+--------------------------
 id                                           | integer                     |                         
 email                                        | character varying           |                      255
 encrypted_password                           | character varying           |                      255
 reset_password_token                         | character varying           |                      255
 reset_password_sent_at                       | timestamp without time zone |                         
 remember_created_at                          | timestamp without time zone |                         
 sign_in_count                                | integer                     |                         
 current_sign_in_at                           | timestamp without time zone |                         
 last_sign_in_at                              | timestamp without time zone |                         
 current_sign_in_ip                           | character varying           |                      255
 last_sign_in_ip                              | character varying           |                      255
 created_at                                   | timestamp without time zone |                         
 updated_at                                   | timestamp without time zone |                         
 name                                         | character varying           |                      255
 admin                                        | boolean                     |                         
 projects_limit                               | integer                     |                         
 skype                                        | character varying           |                      255
 linkedin                                     | character varying           |                      255
 twitter                                      | character varying           |                      255
 failed_attempts                              | integer                     |                         
 locked_at                                    | timestamp without time zone |                         
 username                                     | character varying           |                      255
 can_create_group                             | boolean                     |                         
 can_create_team                              | boolean                     |                         
 state                                        | character varying           |                      255
 color_scheme_id                              | integer                     |                         
 password_expires_at                          | timestamp without time zone |                         
 created_by_id                                | integer                     |                         
 last_credential_check_at                     | timestamp without time zone |                         
 avatar                                       | character varying           |                      255
 confirmation_token                           | character varying           |                      255
 confirmed_at                                 | timestamp without time zone |                         
 confirmation_sent_at                         | timestamp without time zone |                         
 unconfirmed_email                            | character varying           |                      255
 hide_no_ssh_key                              | boolean                     |                         
 website_url                                  | character varying           |                      255
 notification_email                           | character varying           |                      255
 hide_no_password                             | boolean                     |                         
 password_automatically_set                   | boolean                     |                         
 location                                     | character varying           |                      255
 public_email                                 | character varying           |                      255
 encrypted_otp_secret                         | character varying           |                         
 encrypted_otp_secret_iv                      | character varying           |                         
 encrypted_otp_secret_salt                    | character varying           |                         
 otp_required_for_login                       | boolean                     |                         
 otp_backup_codes                             | text                        |                         
 dashboard                                    | integer                     |                         
 project_view                                 | integer                     |                         
 consumed_timestep                            | integer                     |                         
 layout                                       | integer                     |                         
 hide_project_limit                           | boolean                     |                         
 unlock_token                                 | character varying           |                         
 otp_grace_period_started_at                  | timestamp without time zone |                         
 external                                     | boolean                     |                         
 organization                                 | character varying           |                         
 incoming_email_token                         | character varying           |                         
 require_two_factor_authentication_from_group | boolean                     |                         
 two_factor_grace_period                      | integer                     |                         
 last_activity_on                             | date                        |                         
 notified_of_own_activity                     | boolean                     |                         
 preferred_language                           | character varying           |                         
 theme_id                                     | smallint                    |                         
 accepted_term_id                             | integer                     |                         
 feed_token                                   | character varying           |                         
 include_private_contributions                | boolean                     |                         
 private_profile                              | boolean                     |                         
 commit_email                                 | character varying           |                         
 auditor                                      | boolean                     |                         
 admin_email_unsubscribed_at                  | timestamp without time zone |                         
 email_opted_in                               | boolean                     |                         
 email_opted_in_at                            | timestamp without time zone |                         
 email_opted_in_ip                            | character varying           |                         
 email_opted_in_source_id                     | integer                     |                         
 group_view                                   | integer                     |                         
 managing_group_id                            | integer                     |                         
 note                                         | text                        |                         
 roadmap_layout                               | smallint                    |                         
 static_object_token                          | character varying           |                      255
 first_name                                   | character varying           |                      255
 last_name                                    | character varying           |                      255
 role                                         | smallint                    |                         
 user_type                                    | smallint                    |                         
 static_object_token_encrypted                | text                        |                         
 otp_secret_expires_at                        | timestamp with time zone    |                         
(84 rows)