Omnibus overwrites gitlab-secrets.json

[chriscowley]

I am currently using version 1.11.0 from the forge. In Hiera I have:

gitlab::secrets:
  gitlab_ci:
    db_base_key: <my-long-key>
<my-long-key>
gitlab::gitlab_rails:
  secret_key_base: <stuff>
  otp_key_base: <stuff>

This creates a gitlab-secrets.json that contains:

{
  "gitlab_ci": {
    "db_base_key": "<my-long-key>"
  }
}

This then triggers the gitlab_reconfigure resource which proceeds to overwrite gitlab-secrets.json with:

{
  "gitlab_workhorse": {
    "secret_token": "<stuff>"
  },
  "gitlab_shell": {
    "secret_token": "<stuff>"
  },
  "gitlab_rails": {
    "secret_key_base": "<stuff>",
    "db_key_base": "<stuff>",
    "otp_key_base": "<stuff>i"
  },
  "registry": {
    "http_secret": "<stuff>",
    "internal_certificate": "<stuff>",
    "internal_key": "<stuff>
  },
  "mattermost": {
    "email_invite_salt": "<stuff>",
    "file_public_link_salt": "<stuff>",
    "email_password_reset_salt": "<stuff>",
    "sql_at_rest_encrypt_key": "<stuff>"
  }
}

The gitlab_rails['otp_key_base'] and gitlab_rails['secret_key_base' are both being finding their way into secrets.yml correctly. It is just the db_base_key that is being overwritten. I suppose the issue is:

I am not using the gitlab_ci parameter to specify the gitlab_server, so as far as I understand, hint 2 in the README is not relevant here.

• The README is currently misleading perhaps?
• Where does this value need to go for Omnibus to put is correctly in secrets.yml

[chriscowley]

After a discussion with someone at Gitlab, the README is out of date. PR incoming at a later date