Unified Backups: Investigate how to support backing up Omnibus configuration and secrets
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
The backup functionality today doesn't provide support for backing infrastructure specific data, like the local omnibus configuration and secrets.
If we had the correct infrastructure support as part of the product (ship with service discovery and a unified configuration utility) this would be less of an issue, but considering that in order to restore a backup we tell out users to manually backup additional data that is required to restore/run GitLab, we should include that into our unified solution somehow.
One possible approach is to include omnibus configuration as a new "component" (and decide whether that will be include by default or not, considering any possible security concerns).
A good point to consider in favor of including at least the secrets together is that, in case the user does have secrets rotation at some point in time, they may want to keep in the same "package" the backup and secrets used for a specific version. Not having those two in place, means you cannot fully restore a specific data before the rotation (if you don't also keep the previous secret stored somewhere).
Additional considerations when proposing a solution:
- We should avoid solutions that is couples to specific Omnibus versions
- We need to support a variety of them to allow backing up and restoring from and old version to a new one in the future
- Should we consider saving them in a structured way that allows backing up from omnibus and restoring in another installation type? (for whatever is common in both, like secrets)