Leave GitLab to write its own secrets.yml file

As things stand, we are missing two additional keys from the
file. GitLab automatically adds these each time it starts but they
then get splatted by Chef on the next run, only to be reinstated with
different values later.

On top of this, the production_db_key_base attribute was not
documented so I have ended up with a value of "production" in my live
environment. I suspect others have too. This value should have been
randomly generated. Fortunately we were not using any features that
depend on this key.

Although it would be nice to preserve these keys in Chef for
migrations and restorations, this should be done securely using
encrypted data bags or similar. Until that is done, I believe it is
safer to just let GitLab generate its own keys. Perhaps this wasn't an
option before. This also avoids the list of keys falling behind.

Author: chewi

attributes/default.rb

@@ -144,9 +144,6 @@
 default['gitlab']['ldap']['allow_username_or_email_login'] = true
 default['gitlab']['ldap']['user_filter'] = ''
 
-# Secrets
-default['gitlab']['secrets']['production_db_key_base'] = 'production' # UPDATE THIS, at least 30 chars. Used to encrypt Variables.
-
 # Mysql
 default['mysql']['server_root_password'] = 'Ch4ngm3'
 default['build-essential']['compile_time'] = true # needed for mysql chef_gem

recipes/default.rb

@@ -246,16 +246,6 @@ class file open;
   )
 end
 
-# Render gitlab secrets file
-template "#{node['gitlab']['app_home']}/config/secrets.yml" do
-  owner node['gitlab']['user']
-  group node['gitlab']['group']
-  mode '0600'
-  variables(
-    production_db_key_base: node['gitlab']['secrets']['production_db_key_base']
-  )
-end
-
 # Copy file rack_attack.rb
 cookbook_file "#{node['gitlab']['app_home']}/config/initializers/rack_attack.rb" do
   owner node['gitlab']['user']