Geo: refactor `gitlab-ctl replicate-geo-database` to store the password in configuration file
In #4186 (closed) we identified that gitlab-ctl replicate-geo-database
is being used in a way that conflicts with how we handle resources managed by chef. Because the command is creating a file in disk: .pgpass
storing the credentials used by the replication, we cannot simply overwrite that file.
When we build any resource managed by chef, it's imperative that we store all required metadata in the gitlab config file (or in a file we can read from it, like a .json file).
This is blocking #4186 (closed) as we can't have two different parts of the codebase writting to the same file, as one will overwrite the other.
This will also be needed to comply with a Vault based workflow, which we are also heading towards.
Initial proposal
We can either move the required configuration to the /etc/gitlab/gitlab.rb
file or store the credentials in a json file and create and extra step for the user to run reconfigure (and therefore use chef to create and manage the .pgpass
file. Both alternatives will allow us to inject multiple lines into the .pgpass file and maintain a single point of truth.
We will need to fix existing documentation and provide a migration path for existing users that already rely on the existing .pgpass
solution (we need to investigate if that file is still needed after the initial bootstrap or not... if it's only needed during bootstrap, this issue can be probably simplified a little bit, as we can ignore a migration path from here on).