remove secrets file management

README.md

@@ -206,25 +206,10 @@ class { 'gitlab::omnibus_package_repository':
 ```
 ### Gitlab secrets
 
-To manage `/etc/gitlab/gitlab-secrets.json` the parameter `secrets` accepts a hash.
-Here is an example how to use it with Hiera:
+*Note:* `gitlab::secrets` parameter was removed in v3.0.0. See: [Issues#213 - Remove support for setting content of `gitlab-secrets.json`](https://github.com/voxpupuli/puppet-gitlab/issues/213)
 
-```yaml
-gitlab::secrets:
-  gitlab_shell:
-    secret_token: 'asecrettoken1234567890'
-  gitlab_rails:
-    secret_token: 'asecrettoken123456789010'
-  gitlab_ci:
-    secret_token: null
-    secret_key_base: 'asecrettoken123456789011'
-    db_key_base: 'asecrettoken123456789012'
-```
-
-*Hint 1*: This secret tokens can be generated f.e. using Ruby with `SecureRandom.hex(64)`, or
-taken out of an installation without having `secrets` used.
-*Hint 2*: When using the `gitlab_ci` parameter to specify the `gitlab_server`, then this parameters
-must be added also to the `secrets` hash (Omnibus overrides `gitlab-secrets.json`).
+When using HA role `application_role`, make sure to add the [appropriate shared secrets](https://docs.gitlab.com/ee/administration/high_availability/gitlab.html#extra-configuration-for-additional-gitlab-application-servers) to your `gitlab_rails` and `gitlab_shell` hashes to ensure front-end nodes
+are configured to access all backend data-sources and repositories. If you receive 500 errors on your HA setup, this is one of the primary causes.
 
 ### LDAP configuration example
 

manifests/host_config.pp

@@ -11,7 +11,6 @@
   $config_dir = '/etc/gitlab',
   $skip_auto_migrations = $gitlab::skip_auto_migrations,
   $skip_auto_reconfigure = $gitlab::skip_auto_reconfigure,
-  $secrets_file = $gitlab::secrets_file,
   $store_git_keys_in_db = $gitlab::store_git_keys_in_db,
 ) {
 

manifests/init.pp

@@ -245,15 +245,6 @@
 #   Array of roles when using a HA or Geo enabled GitLab configuration
 #   See: https://docs.gitlab.com/omnibus/roles/README.html for acceptable values
 #
-# [*secrets*]
-#   Default: undef
-#   Hash of values which will be placed into $secrets_file (by default /etc/gitlab/gitlab-secrets.json)
-#   If this parameter is undef, the file won't be managed.
-#
-# [*secrets_file*]
-#   Default: /etc/gitlab/gitlab-secrets.json
-#   Full path to secrets JSON file.
-#
 # [*sentinel*]
 #   Default: undef
 #   Hash of 'sentinel' config parameters.
@@ -386,8 +377,6 @@
   Optional[Hash]                 $registry_nginx                = undef,
   Boolean                        $registry_nginx_eq_nginx       = false,
   Optional[Array]                $roles                         = undef,
-  Optional[Hash]                 $secrets                       = undef,
-  Optional[Stdlib::Absolutepath] $secrets_file                  = '/etc/gitlab/gitlab-secrets.json',
   Optional[Hash]                 $sentinel                      = undef,
   Optional[Hash]                 $shell                         = undef,
   Optional[Hash]                 $sidekiq                       = undef,

manifests/omnibus_config.pp

@@ -52,8 +52,6 @@
   $registry_nginx = $gitlab::registry_nginx
   $registry_nginx_eq_nginx = $gitlab::registry_nginx_eq_nginx
   $registry_external_url = $gitlab::registry_external_url
-  $secrets = $gitlab::secrets
-  $secrets_file = $gitlab::secrets_file
   $sentinel = $gitlab::sentinel
   $service_group = $gitlab::service_group
   $service_user = $gitlab::service_user
@@ -110,11 +108,4 @@
       }
     }
   }
-
-  if ! empty($secrets) {
-    file { $secrets_file:
-      *       => $config_file_attributes,
-      content => inline_template('<%= require \'json\'; JSON.pretty_generate(@secrets) + "\n" %>'),
-    }
-  }
 }

spec/classes/init_spec.rb

@@ -97,28 +97,6 @@
             )
           }
         end
-        describe 'secrets' do
-          let(:params) do
-            { secrets: {
-              'gitlab_shell' => {
-                'secret_token' => 'mysupersecrettoken1'
-              },
-              'gitlab_rails' => {
-                'secret_token' => 'mysupersecrettoken2'
-              },
-              'gitlab_ci' => {
-                'secret_token' => 'null',
-                'secret_key_base' => 'mysupersecrettoken3',
-                'db_key_base' => 'mysupersecrettoken4'
-              }
-            } }
-          end
-
-          it {
-            is_expected.to contain_file('/etc/gitlab/gitlab-secrets.json'). \
-              with_content(%r{{\n  \"gitlab_shell\": {\n    \"secret_token\": \"mysupersecrettoken1\"\n  },\n  \"gitlab_rails\": {\n    \"secret_token\": \"mysupersecrettoken2\"\n  },\n  \"gitlab_ci\": {\n    \"secret_token\": \"null\",\n    \"secret_key_base\": \"mysupersecrettoken3\",\n    \"db_key_base\": \"mysupersecrettoken4\"\n  }\n}\n}m)
-          }
-        end
         describe 'gitlab_rails with hash value' do
           let(:params) do
             { gitlab_rails: {