reason:
It is found that the server occupies 100% of the memory. Execute the command to check the memory usage
ps aux | head -1;ps aux |grep -v PID |sort -rn -k +4 | head -20
It is found that the / tmp/juma directory occupies too much memory, but the local directory does not have the / tmp/juma directory. Through search and troubleshooting, it is the file directory in the gitlab container running docker. Consult the gitlab Version Description and find the vulnerability of this version. Details: Cve-2021-22205 in depth analysis of unauthorized access of gitlab RCE (I) - FreeBuf network security industry portal this article takes you step by step to understand the unauthorized part of RCE recently exposed by gitlab through analysis and debugging of gitlab workword and gitlab rails. After reading it, you may be the next person to dig out the vulnerability.
https://www.freebuf.com/vuls/306473.html
Solution:
Upgrade gitlab version to solve this problem, but gitlab upgrade cannot span large versions. You must upgrade to the corresponding version to upgrade to a higher version
I currently have git version 12.9.3 and need to upgrade to 13.10.3 or above
First, find the startup command of the current gitlab version, which mainly depends on the project mounting location. Otherwise, it is not our purpose to lose the project due to the upgraded version
1. First back up the server and make an image or snapshot
2. Find the command to start gitlab, which I use here https://github.com/nexdrew/rekcod Install this project and use it after installation
rekcod container id # Get the start command of gitlab docker run --name gitlab12.9.3 --runtime runc -v /home/gitlab/config:/etc/gitlab -v /home/gitlab/logs:/var/log/gitlab -v /home/gitlab/data:/var/opt/gitlab -p 222:22/tcp -p 443:443/tcp -p 80:80/tcp --restart always -h 5cd912f1ca1d --expose 22/tcp --expose 443/tcp --expose 80/tcp -e 'PATH=/opt/gitlab/embedded/bin:/opt/gitlab/bin:/assets:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' -e 'LANG=C.UTF-8' -e 'TERM=xterm' -e 'EDITOR=/bin/vi' -d image id '/assets/wrapper'
Then go to the docker warehouse to find the last version of 12. * download the image
docker pull gitlab/gitlab-ce:12.10.14-ce.0
Then stop the container of the current 12.9.3 version
docker stop container id
Start a new container using the version 12.10.14 image
docker run --name gitlab12.10.14 --runtime runc -v /home/gitlab/config:/etc/gitlab -v /home/gitlab/logs:/var/log/gitlab -v /home/gitlab/data:/var/opt/gitlab -p 222:22/tcp -p 443:443/tcp -p 80:80/tcp --restart always -h 5cd912f1ca1d --expose 22/tcp --expose 443/tcp --expose 80/tcp -e 'PATH=/opt/gitlab/embedded/bin:/opt/gitlab/bin:/assets:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' -e 'LANG=C.UTF-8' -e 'TERM=xterm' -d container id '/assets/wrapper'
Use the command to check whether there is an error log
docker logs container idÂ
If there is no error log, wait for the deployment of gitlab to be completed, and then look for the 13.0. * version of gitlab to upgrade. The steps above are not repeated
Remember not to cross levels too many versions, otherwise an error will be reported
Cleaning stale PIDs & sockets
It seems you are upgrading from major version 13 to major version 14.
It is required to upgrade to the latest 14.0.x version first before proceeding.
Please follow the upgrade documentation at https://docs.gitlab.com/ee/update/index.html#upgrading-to-a-new-major-version
Thank you for using GitLab Docker Image!
Current version: gitlab-ce=14.5.2-ce.0
Thank you for reading, there are shortcomings, welcome to leave a message to discuss