Generate lets_encrypt_private_key on the fly

Remove migration generating lets encrypt key Don't generate private_key if database is readonly For reference: This reverts commit 988a7f70489b99383b95e9f271a2caf6bb5b3a44. This reverts commit 21acbe531592d55caf0e5b8716a3b551dafd6233.
author: Vladimir Shushlin <vshushlin@gitlab.com> 2019-05-31 08:22:55 +0300
committer: Stan Hu <stanhu@gmail.com> 2019-05-31 08:22:55 +0300
commit: 39e21fb2661693fed914012a39fb3a53b2b687c2 (patch)
tree: 70a5fdd93cea81aed9c1638bc32513a1fdf84bb7 /lib/gitlab/lets_encrypt
parent: c8c08d326942f30ad87d0702cc8b9c5896d296ad (diff)
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/gitlab/lets_encrypt/client.rb b/lib/gitlab/lets_encrypt/client.rb
index 5501f7981ec..66aea137012 100644
--- a/lib/gitlab/lets_encrypt/client.rb
+++ b/lib/gitlab/lets_encrypt/client.rb
@@ -3,6 +3,8 @@
 module Gitlab
   module LetsEncrypt
     class Client
+      include Gitlab::Utils::StrongMemoize
+
       PRODUCTION_DIRECTORY_URL = 'https://acme-v02.api.letsencrypt.org/directory'
       STAGING_DIRECTORY_URL = 'https://acme-staging-v02.api.letsencrypt.org/directory'
 
@@ -35,6 +37,8 @@ module Gitlab
       def enabled?
         return false unless Feature.enabled?(:pages_auto_ssl)
 
+        return false unless private_key
+
         Gitlab::CurrentSettings.lets_encrypt_terms_of_service_accepted
       end
 
@@ -45,7 +49,11 @@ module Gitlab
       end
 
       def private_key
-        @private_key ||= OpenSSL::PKey.read(Gitlab::CurrentSettings.lets_encrypt_private_key)
+        strong_memoize(:private_key) do
+          private_key_string = Gitlab::CurrentSettings.lets_encrypt_private_key
+          private_key_string ||= generate_private_key
+          OpenSSL::PKey.read(private_key_string) if private_key_string
+        end
       end
 
       def admin_email
@@ -69,6 +77,19 @@ module Gitlab
           STAGING_DIRECTORY_URL
         end
       end
+
+      def generate_private_key
+        return if Gitlab::Database.read_only?
+
+        application_settings = Gitlab::CurrentSettings.current_application_settings
+        application_settings.with_lock do
+          unless application_settings.lets_encrypt_private_key
+            application_settings.update(lets_encrypt_private_key: OpenSSL::PKey::RSA.new(4096).to_pem)
+          end
+
+          application_settings.lets_encrypt_private_key
+        end
+      end
     end
   end
 end
author	Vladimir Shushlin <vshushlin@gitlab.com>	2019-05-31 08:22:55 +0300
committer	Stan Hu <stanhu@gmail.com>	2019-05-31 08:22:55 +0300
commit	39e21fb2661693fed914012a39fb3a53b2b687c2 (patch)
tree	70a5fdd93cea81aed9c1638bc32513a1fdf84bb7 /lib/gitlab/lets_encrypt
parent	c8c08d326942f30ad87d0702cc8b9c5896d296ad (diff)