Troubleshooting GitLab Duo Self-Hosted Models

Tier: Ultimate with GitLab Duo Enterprise - Start a trial Offering: Self-managed Status: Beta
History

When working with GitLab Duo Self-Hosted Models, you might encounter issues.

Before you begin troubleshooting, you should:

  • Be able to access open the gitlab-rails console.
  • Open a shell in the AI gateway Docker image.
  • Know the endpoint where your:
    • AI gateway is hosted.
    • Model is hosted.

  • Enable the feature flag expanded_ai_logging on the gitlab-rails console: 

    Feature.enable(:expanded_ai_logging)

    Now, requests and responses from GitLab to the AI gateway are logged to llm.log

Use debugging scripts

We provide two debugging scripts to help administrators verify their self-hosted model configuration.

  1. Debug the GitLab to AI gateway connection. From your GitLab instance, run the Rake task: 

    gitlab-rake gitlab:duo:verify_self_hosted_setup

  2. Debug the AI gateway setup. For your AI gateway container, run: 

    docker exec -it <ai-gateway-container> sh
poetry run python scripts/troubleshoot_selfhosted_installation.py --model-name "codegemma_7b" --model-endpoint
"http://localhost:4000"

Verify the output of the commands, and fix accordingly.

If both commands are successful, but GitLab Duo Code Suggestions is still not working, raise an issue on the issue tracker.

Check if GitLab can make a request to the model

From the GitLab Rails console, verify that GitLab can make a request to the model by running: 

model_name = "<your_model_name>"
model_endpoint = "<your_model_endpoint>"
model_api_key = "<your_model_api_key>"
body = {:prompt_components=>[{:type=>"prompt", :metadata=>{:source=>"GitLab EE", :version=>"17.3.0"}, :payload=>{:content=>[{:role=>:user, :content=>"Hello"}], :provider=>:litellm, :model=>model_name, :model_endpoint=>model_endpoint, :model_api_key=>model_api_key}}]}
ai_gateway_url = Gitlab::AiGateway.url # Verify that it's not nil
client = Gitlab::Llm::AiGateway::Client.new(User.find_by_id(1), service_name: :self_hosted_models)
client.complete(url: "#{ai_gateway_url}/v1/chat/agent", body: body)

This should return a response from the model in the format: 

{"response"=> "<Model response>",
 "metadata"=>
  {"provider"=>"litellm",
   "model"=>"<>",
   "timestamp"=>1723448920}}

If that is not the case, this might means one of the following:

Check if a user can request Code Suggestions

In the GitLab Rails console, check if a user can request Code Suggestions by running: 

User.find_by_id("<user_id>").can?(:access_code_suggestions)

If this returns false, it means some configuration is missing, and the user cannot access Code Suggestions.

This missing configuration might be because of either of the following:

Check if GitLab instance is configured to use self-hosted-models

To check if GitLab Duo was configured correctly:

  1. On the left sidebar, at the bottom, select Admin.
  2. Select Settings > General.
  3. Expand AI-powered features.
  4. Under Features, check that Code Suggestions and Code generation are set to Self-hosted model.

Check that GitLab environmental variables are set up correctly

To check if the GitLab environmental variables are set up correctly, run the following on the GitLab Rails console: 

ENV["AI_GATEWAY_URL"] == "<your-ai-gateway-endpoint>"

If the environmental variables are not set up correctly, set them by following the Linux package custom environment variables setting documentation.

Check if GitLab can make an HTTP request to the AI gateway

In the GitLab Rails console, verify that GitLab can make an HTTP request to AI Gateway by running: 

HTTParty.get('<your-aigateway-endpoint>/monitoring/healthz', headers: { 'accept' => 'application/json' }).code

If the response is not 200, this means either of the following:

  • The network is not properly configured to allow GitLab to reach the AI gateway container. Contact your network administrator to verify the setup.
  • The AI gateway is not able to process requests. To resolve this issue, check if the AI gateway can make a request to the model.

Check if the AI gateway can make a request to the model

From the AI gateway container, make an HTTP request to the AI gateway API for a Code Suggestion. Replace:

  • <your_model_name> with the name of the model you are using. For example mistral or codegemma.
  • <your_model_endpoint> with the endpoint where the model is hosted. 
docker exec -it <ai-gateway-container> sh
curl --request POST "http://localhost:5052/v1/chat/agent" \
     --header 'accept: application/json' \
     --header 'Content-Type: application/json' \
     --data '{ "prompt_components": [ { "type": "string", "metadata": { "source": "string", "version": "string" }, "payload": { "content": "Hello", "provider": "litellm", "model": "<your_model_name>", "model_endpoint": "<your_model_endpoint>" } } ], "stream": false }'

If the request fails, the:

Check if AI gateway can process requests 

docker exec -it <ai-gateway-container> sh
curl '<your-aigateway-endpoint>/monitoring/healthz'

If the response is not 200, this means that AI gateway is not installed correctly. To resolve, follow the documentation on how to install the AI gateway.

Check that the AI gateway environmental variables are set up correctly

To check that the AI gateway environmental variables are set up correctly, run the following in a console on the AI gateway container: 

docker exec -it <ai-gateway-container> sh
echo $AIGW_AUTH__BYPASS_EXTERNAL # must be true
echo $AIGW_CUSTOM_MODELS__ENABLED # must be true

If the environmental variables are not set up correctly, set them by creating a container.

Check if the model is reachable from AI gateway

Create a shell on the AI gateway container and make a curl request to the model. If you find that the AI gateway cannot make that request, this might be caused by the:

  1. Model server not functioning correctly.
  2. Network settings around the container not being properly configured to allow requests to where the model is hosted.

To resolve this, contact your network administrator.

The image’s platform does not match the host

When finding the AI gateway release, you might get an error that states The requested image’s platform (linux/amd64) does not match the detected host.

To work around this error, add --platform linux/amd64 to the docker run command: 

docker run --platform linux/amd64 -e AIGW_GITLAB_URL=<your-gitlab-endpoint> <image>

LLM server is not available inside the AI gateway container

If the LLM server is installed on the same instance as the AI gateway container, it may not be accessible through the local host.

To resolve this:

  1. Include --network host in the docker run command to enable local requests from the AI gateway container.
  2. Use the -e AIGW_FASTAPI__METRICS_PORT=8083 flag to address the port conflicts. 
docker run --network host -e AIGW_GITLAB_URL=<your-gitlab-endpoint> -e AIGW_FASTAPI__METRICS_PORT=8083 <image>

vLLM 404 Error

If you encounter a 404 error while using vLLM, follow these steps to resolve the issue:

  1. Create a chat template file named chat_template.jinja with the following content: 

    {%- for message in messages %}
  {%- if message["role"] == "user" %}
    {{- "[INST] " + message["content"] + "[/INST]" }}
  {%- elif message["role"] == "assistant" %}
    {{- message["content"] }}
  {%- elif message["role"] == "system" %}
    {{- bos_token }}{{- message["content"] }}
  {%- endif %}
{%- endfor %}

  2. When running the vLLM command, ensure you specify the --served-model-name. For example: 

    vllm serve "mistralai/Mistral-7B-Instruct-v0.3" --port <port> --max-model-len 17776 --served-model-name mistral --chat-template chat_template.jinja

  3. Check the vLLM server URL in the GitLab UI to make sure that URL includes the /v1 suffix. The correct format is: 

    http(s)://<your-host>:<your-port>/v1

Code Suggestions access error

If you are experiencing issues accessing Code Suggestions after setup, try the following steps:

  1. In the Rails console, check and verify the license parameters: 

    sudo gitlab-rails console
user = User.find(id) # Replace id with the user provisioned with GitLab Duo Enterprise seat
Ability.allowed?(user, :access_code_suggestions) # Must return true

  2. Check if the necessary features are enabled and available: 

    Feature.enabled?(:self_hosted_models_beta_ended) # Should be false
::Ai::FeatureSetting.code_suggestions_self_hosted? # Should be true

  3. If any feature is enabled and does not need to be, disable it: 

    Feature.disable(:self_hosted_models_beta_ended)

Verify GitLab setup

To verify your GitLab self-managed setup, run the following command: 

gitlab-rake gitlab:duo:verify_self_hosted_setup

No logs generated in the AI gateway server

If no logs are generated in the AI gateway server, follow these steps to troubleshoot:

  1. Ensure the expanded_ai_logging feature flag is enabled: 

    Feature.enable(:expanded_ai_logging)

  2. Run the following commands to view the GitLab Rails logs for any errors: 

    sudo gitlab-ctl tail
sudo gitlab-ctl tail sidekiq

  3. Look for keywords like “Error” or “Exception” in the logs to identify any underlying issues.

SSL certificate errors and key de-serialization issues in the AI gateway Container

When attempting to initiate a Duo Chat inside the AI gateway container, SSL certificate errors and key deserialization issues may occur.

The system might encounter issues loading the PEM file, resulting in errors like: 

JWKError: Could not deserialize key data. The data may be in an incorrect format, the provided password may be incorrect, or it may be encrypted with an unsupported algorithm.

To resolve the SSL certificate error:

  • Set the appropriate certificate bundle path in the Docker container using the following environment variables:
    • SSL_CERT_FILE=/path/to/ca-bundle.pem
    • REQUESTS_CA_BUNDLE=/path/to/ca-bundle.pem