diff options
| author | Marcia Ramos <marcia@gitlab.com> | 2019-02-15 11:57:41 +0000 |
|---|---|---|
| committer | Marcia Ramos <marcia@gitlab.com> | 2019-02-15 11:57:41 +0000 |
| commit | 50193341d8d5bfbe0725619119e2f2c4ba5a7288 (patch) | |
| tree | 75263cab8175cbd4896a1819c07b1e4cc25e51b1 | |
| parent | bf5976239133d8b8f67abff90c05f182fbed09c4 (diff) | |
| parent | 8e69102173095743f4ae421b1f73a057111787c2 (diff) | |
| download | gitlab-ce-50193341d8d5bfbe0725619119e2f2c4ba5a7288.tar.gz | |
Merge branch '57690-encrypted-columns-are-lost' into 'master'
Document what features are broken when db_key_base is lost
Closes #57690
See merge request gitlab-org/gitlab-ce!25289
| -rw-r--r-- | doc/raketasks/backup_restore.md | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md index 037b71a27b9..b207002b668 100644 --- a/doc/raketasks/backup_restore.md +++ b/doc/raketasks/backup_restore.md @@ -806,9 +806,22 @@ If you have failed to [back up the secrets file](#storing-configuration-files), then users with 2FA enabled will not be able to log into GitLab. In that case, you need to [disable 2FA for everyone](../security/two_factor_authentication.md#disabling-2fa-for-everyone). -In the case of CI/CD, if your project has secure variables set, you might experience -some weird behavior, like stuck jobs or 500 errors. In that case, you can try -deleting the `ci_variables` table from the database. +The secrets file is also responsible for storing the encryption key for several +columns containing sensitive information. If the key is lost, GitLab will be +unable to decrypt those columns. This will break a wide range of functionality, +including (but not restricted to): + +* [CI/CD variables](../ci/variables/README.md) +* [Kubernetes / GCP integration](../user/project/clusters/index.md) +* [Custom Pages domains](../user/project/pages/getting_started_part_three.md) +* [Project error tracking](../user/project/operations/error_tracking.md) +* [Runner authentication](../ci/runners/README.md) +* [Project mirroring](../workflow/repository_mirroring.md) +* [Web hooks](../user/project/integrations/webhooks.md) + +In the case of CI/CD, variables, you might experience some weird behavior, like +stuck jobs or 500 errors. In that case, you can try removing contents of the +`ci_group_variables` and `ci_project_variables` tables from the database. CAUTION: **Warning:** Use the following commands at your own risk, and make sure you've taken a @@ -828,9 +841,10 @@ backup beforehand. sudo -u git -H bundle exec rails dbconsole RAILS_ENV=production ``` -1. Check the `ci_variables` table: +1. Check the `ci_group_variables` and `ci_variables` tables: ```sql + SELECT * FROM public."ci_group_variables"; SELECT * FROM public."ci_variables"; ``` @@ -839,6 +853,7 @@ backup beforehand. 1. Drop the table: ```sql + DELETE FROM ci_group_variables; DELETE FROM ci_variables; ``` @@ -848,5 +863,9 @@ backup beforehand. You should now be able to visit your project, and the jobs will start running again. +A similar strategy can be employed for the remaining features - by removing the +data that cannot be decrypted, GitLab can be brought back into working order, +and the lost data can be manually replaced. + [reconfigure GitLab]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source |