Commit 917438cc authored by Stan Hu's avatar Stan Hu

Merge branch 'mk-warn-rebuild-auth-keys-disabled' into 'master'

Ensure rebuild authorized_keys works

Closes #2883

See merge request !2508
parents 37572858 7bdb2d1c
...@@ -102,9 +102,11 @@ namespace :gitlab do ...@@ -102,9 +102,11 @@ namespace :gitlab do
def setup def setup
warn_user_is_not_gitlab warn_user_is_not_gitlab
ensure_write_to_authorized_keys_is_enabled
unless ENV['force'] == 'yes' unless ENV['force'] == 'yes'
puts "This will rebuild an authorized_keys file." puts "This task will now rebuild the authorized_keys file."
puts "You will lose any data stored in authorized_keys file." puts "You will lose any data stored in the authorized_keys file."
ask_to_continue ask_to_continue
puts "" puts ""
end end
...@@ -128,4 +130,47 @@ namespace :gitlab do ...@@ -128,4 +130,47 @@ namespace :gitlab do
puts "Quitting...".color(:red) puts "Quitting...".color(:red)
exit 1 exit 1
end end
def ensure_write_to_authorized_keys_is_enabled
return if current_application_settings.authorized_keys_enabled
puts authorized_keys_is_disabled_warning
answer = prompt('Do you want to permanently enable the "Write to authorized_keys file" setting now (yes/no)? '.color(:blue), %w{yes no})
if answer == 'yes'
puts 'Enabling the "Write to authorized_keys file" setting...'
uncached_settings = ApplicationSetting.last
uncached_settings.authorized_keys_enabled = true
uncached_settings.save!
puts 'Successfully enabled "Write to authorized_keys file"!'
puts ''
else
puts 'Leaving the "Write to authorized_keys file" setting disabled.'
puts 'Failed to rebuild authorized_keys file...'.color(:red)
exit 1
end
end
def authorized_keys_is_disabled_warning
<<-MSG.strip_heredoc
WARNING
The "Write to authorized_keys file" setting is disabled, which prevents
the file from being rebuilt!
It should be enabled for most GitLab installations. Large installations
may wish to disable it as part of speeding up SSH operations.
See https://docs.gitlab.com/ee/administration/operations/speed_up_ssh.html
If you did not intentionally disable this option in Admin Area > Settings,
then you may have been affected by the 9.3.0 bug in which the new setting
was disabled by default.
https://gitlab.com/gitlab-org/gitlab-ee/issues/2738
It was reverted in 9.3.1 and fixed in 9.3.3, however, if Settings were
saved while the setting was unchecked, then it is still disabled.
MSG
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment