[skip ci]

[skip ci]

# This is the 1st commit message:

Add `copy` backup strategy to combat file changed errors

The backup Rake task used to stream data directly from the live
data directory into the backup. Under many circumstances this worked
OK. However, really active instances would experience a 'file changed
as we read it' error - especially with data like the registry. This
now copies the data first, then compresses it. It will take a bit
more disk space while the backup is in progress, but it's a
necessary thing.

# The commit message #2 will be skipped:

#	Add env var

[ci skip]

Signed-off-by: Rémy Coutable <remy@rymai.me>

- Location in which to add `gitlab_rails` configurations
- Reminder to run `gitlab-ctl reconfigure` after changing gitlab_rails

The amount of gems required is quite high compared to the usefulness
of the features.

Related to !4928, !6713
Signed-off-by: Rémy Coutable <remy@rymai.me>

[ci skip]

.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.

If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.

If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.

Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.

Discussed in gitlab-org/omnibus-gitlab#1453

[ci skip]

This reverts merge request !3839

This caused me a lot of pain until I caught on.
I also enhanced the GitLab Omnibus application data backup restore procedure.  I verified the procedure by executing it with GitLab 8.6.4. 

And the rest of GitLab should remain running.
Also clarified the rest of the GitLab Omnibus restore procedure.

[ci skip]

- Offloads uploading to GitLab Workhorse
- Use /authorize request for fast uploading
- Added backup recipes for artifacts
- Support download acceleration using X-Sendfile

This adds support for AWS S3 SSE with S3 managed keys, this means the
data is encrypted at rest and the encryption is handled transparently to
the end user as well as in the AWS Console. This is optional and not
required to make S3 uploads work.