Hi all
I am migrating a Docker installed Gitlab-ce to an Omnibus installed one. I am using a vshn/gitlab module Puppet module as it is tagged as ‘approved’.
I put my db_base_key in Hiera as:
gitlab::secrets:
gitlab_ci:
db_base_key: <my-long-key>
This populates /etc/gitlab/gitlab-secrets.json
with
{
"gitlab_ci": {
"db_base_key": "<my-long-key>"
}
}
So far so good (I believe).
the problem is that that Puppet will now launch gitlab-reconfigure
and all of a sudden, my gitlab-secrets.json
is wiped and replaced with:
{
"gitlab_workhorse": {
"secret_token": "<stuff>"
},
"gitlab_shell": {
"secret_token": "<stuff>"
},
"gitlab_rails": {
"secret_key_base": "<stuff>",
"db_key_base": "<stuff>",
"otp_key_base": "<stuff>i"
},
"registry": {
"http_secret": "<stuff>",
"internal_certificate": "<stuff>",
"internal_key": "<stuff>"
},
"mattermost": {
"email_invite_salt": "<stuff>",
"file_public_link_salt": "<stuff>",
"email_password_reset_salt": "<stuff>",
"sql_at_rest_encrypt_key": "<stuff>"
}
}
This is happening before the creation of secrets.yml
, so my CI builds no longer work.
Where is gitlab-ctl
getting the information to recreate my gitlab-secrets.json
file? I am also specifying gitlab_rails::otp_key_base
and gitlab_rails::secret_key_base
in Hiera to (under gitlab::gitlab_rails
and they are being correctly placed in gitlab.rb
, gitlab-ctl reconfigure
then places them in gitlab-secrets.json
where they correctly finish in secrets.yml
and everyone is happy. It is just the db_base_key
that is getting overwritten.