Commit c7a39ffa authored by Grzegorz Bizon's avatar Grzegorz Bizon

Schedule background migration for encrypting runners tokens

parent 64c23778
# frozen_string_literal: true
class ScheduleRunnersTokenEncryption < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
BATCH_SIZE = 10000
RANGE_SIZE = 100
MIGRATION = 'EncryptRunnersTokens'
MODELS = [
::Gitlab::BackgroundMigration::Models::EncryptColumns::Settings,
::Gitlab::BackgroundMigration::Models::EncryptColumns::Namespace,
::Gitlab::BackgroundMigration::Models::EncryptColumns::Project,
::Gitlab::BackgroundMigration::Models::EncryptColumns::Runner
].freeze
disable_ddl_transaction!
def up
MODELS.each do |model|
model.each_batch(of: BATCH_SIZE) do |relation, index|
delay = index * 2.minutes
relation.each_batch(of: RANGE_SIZE) do |relation|
range = relation.pluck('MIN(id)', 'MAX(id)').first
args = [model, model.encrypted_attributes.keys, *range]
BackgroundMigrationWorker.perform_in(delay, MIGRATION, args)
end
end
end
end
def down
# no-op
end
end
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20181121101802) do ActiveRecord::Schema.define(version: 20181121111200) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
......
# frozen_string_literal: true
module Gitlab
module BackgroundMigration
# EncryptColumn migrates data from an unencrypted column - `foo`, say - to
# an encrypted column - `encrypted_foo`, say.
#
# We only create a subclass here because we want to isolate this migration
# (migrating unencrypted runner registration tokens to encrypted columns)
# from other `EncryptColumns` migration. This class name is going to be
# serialized and stored in Redis and later picked by Sidekiq, so we need to
# create a separate class name in order to isolate these migration tasks.
#
# We can solve this differently, see tech debt issue:
#
# https://gitlab.com/gitlab-org/gitlab-ce/issues/54328
#
class EncryptRunnersTokens < EncryptColumns; end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment