Merge branch '5530-upgrade-instructions-docs' into 'master'

Resolve "Geo: Document steps to enable FDW if running from before 10.4" Closes #5530 See merge request gitlab-org/gitlab-ee!5356

Merge branch '5530-upgrade-instructions-docs' into 'master'
Resolve "Geo: Document steps to enable FDW if running from before 10.4" Closes #5530 See merge request gitlab-org/gitlab-ee!5356
7732acd1 · Nick Thomas · 448dcf9d · d1840692 · 7732acd1
Commit 7732acd1 authored Apr 16, 2018 by Nick Thomas
Show whitespace changes
Inline Side-by-side

Showing with 70 additions and 0 deletions

doc/administration/geo/replication/updating_the_geo_nodes.md doc/administration/geo/replication/updating_the_geo_nodes.md +70 -0

No files found.
--- a/doc/administration/geo/replication/updating_the_geo_nodes.md
+++ b/doc/administration/geo/replication/updating_the_geo_nodes.md
@@ -14,6 +14,76 @@ all you need to do is update GitLab itself:
   the tracking database is enabled.
 1. [Test](#check-status-after-updating) primary and secondary nodes, and check version in each.

+## Upgrading to GitLab 10.6
+
+In 10.4 we started to recommend that you define a password for database user (`gitlab`).
+
+We now require this change as we use this password to enable the Foreign Data Wrapper, as a way to optimize
+the Geo Tracking Database. We are also improving security by disabling the use of **trust**
+authentication method.
+
+1. **[primary]** Login to your primary node and run:
+
+    ```bash
+    gitlab-ctl pg-password-md5 gitlab
+    # Enter password: mypassword
+    # Confirm password: mypassword
+    # fca0b89a972d69f00eb3ec98a5838484
+    ```
+    
+    Copy the generated hash and edit `/etc/gitlab/gitlab.rb`:
+    
+    ```ruby
+    # Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab`
+    postgresql['sql_user_password'] = 'fca0b89a972d69f00eb3ec98a5838484'
+    
+    # If you have HA setup, this must be present in all nodes as well
+    gitlab_rails['db_password'] = 'mypassword'
+    ```
+    
+    Still in the configuration file, locate and remove the `trust_auth_cidr_address`:
+    
+    ```ruby
+    postgresql['trust_auth_cidr_addresses'] = ['127.0.0.1/32','1.2.3.4/32'] # <- Remove this
+    ```
+
+1. **[primary]** Reconfigure and restart
+
+    ```bash
+    gitlab-ctl reconfigure
+    gitlab-ctl restart
+    ```
+
+1. **[secondary]** Login to all secondary nodes and edit `/etc/gitlab/gitlab.rb`:
+
+    ```ruby
+    # Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab`
+    postgresql['sql_user_password'] = 'fca0b89a972d69f00eb3ec98a5838484'
+    
+    # If you have HA setup, this must be present in all nodes as well
+    gitlab_rails['db_password'] = 'mypassword'
+
+    # Enable Foreign Data Wrapper
+    geo_secondary['db_fdw'] = true
+
+    # Secondary address
+    # - replace '5.6.7.8' with the secondary public or VPC address
+    postgresql['md5_auth_cidr_addresses'] = ['5.6.7.8/32']
+    ```
+    
+    Still in the configuration file, locate and remove the `trust_auth_cidr_address`:
+        
+    ```ruby
+    postgresql['trust_auth_cidr_addresses'] = ['127.0.0.1/32','5.6.7.8/32'] # <- Remove this
+    ```
+
+1. **[secondary]** Reconfigure and restart
+
+    ```bash
+    gitlab-ctl reconfigure
+    gitlab-ctl restart
+    ```
+
 ## Upgrading to GitLab 10.5

 For Geo Disaster Recovery to work with minimum downtime, your Geo secondary