Skip to content

G
gitlab-ce
Commit 85e509c2 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis
Browse files
Options

Merge branch 'gy-fix-ra-migration-docs' into 'master' 

Update Migration and Secrets steps in Reference Architecture docs

See merge request gitlab-org/gitlab!63504
parents 22fedb37 af7c92e7
Hide whitespace changes
Inline Side-by-side
Showing with 669 additions and 542 deletions
doc/administration/reference_architectures/10k_users.md
View file @ 85e509c2
...@@ -411,11 +411,6 @@ The following IPs will be used as an example: ...@@ -411,11 +411,6 @@ The following IPs will be used as an example:
- `10.6.0.12`: Consul 2 - `10.6.0.12`: Consul 2
- `10.6.0.13`: Consul 3 - `10.6.0.13`: Consul 3
NOTE:
The configuration processes for the other servers in your reference architecture will
use the `/etc/gitlab/gitlab-secrets.json` file from your Consul server to connect
with the other servers.
To configure Consul: To configure Consul:
1. SSH in to the server that will host Consul. 1. SSH in to the server that will host Consul.
...@@ -446,7 +441,11 @@ To configure Consul: ...@@ -446,7 +441,11 @@ To configure Consul:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul nodes, and 1. Go through the steps again for all the other Consul nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -603,9 +602,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind` ...@@ -603,9 +602,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind`
Like most failover handling methods, this has a small chance of leading to data loss. Like most failover handling methods, this has a small chance of leading to data loss.
Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method). Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method).
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -705,9 +703,8 @@ The following IPs will be used as an example: ...@@ -705,9 +703,8 @@ The following IPs will be used as an example:
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -866,9 +863,8 @@ a node and change its status from primary to replica (and vice versa). ...@@ -866,9 +863,8 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -933,9 +929,8 @@ You can specify multiple roles, like sentinel and Redis, as: ...@@ -933,9 +929,8 @@ You can specify multiple roles, like sentinel and Redis, as:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
...@@ -1065,9 +1060,8 @@ To configure the Sentinel Cache server: ...@@ -1065,9 +1060,8 @@ To configure the Sentinel Cache server:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul/Sentinel nodes, and 1. Go through the steps again for all the other Consul/Sentinel nodes, and
...@@ -1131,9 +1125,8 @@ a node and change its status from primary to replica (and vice versa). ...@@ -1131,9 +1125,8 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -1192,9 +1185,8 @@ You can specify multiple roles, like sentinel and Redis, as: ...@@ -1192,9 +1185,8 @@ You can specify multiple roles, like sentinel and Redis, as:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
...@@ -1324,17 +1316,8 @@ To configure the Sentinel Queues server: ...@@ -1324,17 +1316,8 @@ To configure the Sentinel Queues server:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. To prevent database migrations from running on upgrade, run: 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only the primary GitLab application server should handle migrations.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Sentinel nodes, and 1. Go through the steps again for all the other Sentinel nodes, and
...@@ -1435,7 +1418,11 @@ in the second step, do not supply the `EXTERNAL_URL` value. ...@@ -1435,7 +1418,11 @@ in the second step, do not supply the `EXTERNAL_URL` value.
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Follow the [post configuration](#praefect-postgresql-post-configuration). 1. Follow the [post configuration](#praefect-postgresql-post-configuration).
<div align="right"> <div align="right">
...@@ -1533,18 +1520,18 @@ To configure the Praefect nodes, on each one: ...@@ -1533,18 +1520,18 @@ To configure the Praefect nodes, on each one:
1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect: 1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect:
```ruby ```ruby
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Praefect server
gitaly['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Praefect Configuration # Praefect Configuration
praefect['enable'] = true praefect['enable'] = true
...@@ -1612,11 +1599,25 @@ To configure the Praefect nodes, on each one: ...@@ -1612,11 +1599,25 @@ To configure the Praefect nodes, on each one:
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Praefect requires to run some database migrations, much like the main GitLab application. For this
you should select **one Praefect node only to run the migrations**, AKA the _Deploy Node_. This node
must be configured first before the others as follows:
1. In the `/etc/gitlab/gitlab.rb` file, change the `praefect['auto_migrate']` setting value from `false` to `true`
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect and
to run the Praefect database migrations.
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. On all other Praefect nodes, [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
### Configure Gitaly ### Configure Gitaly
...@@ -1660,20 +1661,17 @@ On each node: ...@@ -1660,20 +1661,17 @@ On each node:
storage paths, enable the network listener, and to configure the token: storage paths, enable the network listener, and to configure the token:
```ruby ```ruby
# /etc/gitlab/gitlab.rb
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Prevent database migrations from running on upgrade automatically # Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
...@@ -1681,9 +1679,11 @@ On each node: ...@@ -1681,9 +1679,11 @@ On each node:
# Configure the gitlab-shell API callback URL. Without this, `git push` will # Configure the gitlab-shell API callback URL. Without this, `git push` will
# fail. This can be your 'front door' GitLab URL or an internal load # fail. This can be your 'front door' GitLab URL or an internal load
# balancer. # balancer.
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from web server to Gitaly server.
gitlab_rails['internal_api_url'] = 'https://gitlab.example.com' gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
# Gitaly
gitaly['enable'] = true
# Make Gitaly accept connections on all network interfaces. You must use # Make Gitaly accept connections on all network interfaces. You must use
# firewalls to restrict access to this address/port. # firewalls to restrict access to this address/port.
# Comment out following line if you only want to support TLS connections # Comment out following line if you only want to support TLS connections
...@@ -1725,9 +1725,8 @@ On each node: ...@@ -1725,9 +1725,8 @@ On each node:
}) })
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
...@@ -1834,28 +1833,19 @@ To configure the Sidekiq nodes, on each one: ...@@ -1834,28 +1833,19 @@ To configure the Sidekiq nodes, on each one:
1. Open `/etc/gitlab/gitlab.rb` with your editor: 1. Open `/etc/gitlab/gitlab.rb` with your editor:
```ruby ```ruby
######################################## # Avoid running unnecessary services on the Sidekiq server
##### Services Disabled ###
########################################
nginx['enable'] = false
grafana['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = false
puma['enable'] = false
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false puma['enable'] = false
gitlab_workhorse['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
nginx['enable'] = false
######################################## # Redis
#### Redis ###
########################################
## Redis connection details ## Redis connection details
## First cluster that will host the cache ## First cluster that will host the cache
gitlab_rails['redis_cache_instance'] = 'redis://:<REDIS_PRIMARY_PASSWORD_OF_FIRST_CLUSTER>@gitlab-redis-cache' gitlab_rails['redis_cache_instance'] = 'redis://:<REDIS_PRIMARY_PASSWORD_OF_FIRST_CLUSTER>@gitlab-redis-cache'
...@@ -1887,13 +1877,10 @@ To configure the Sidekiq nodes, on each one: ...@@ -1887,13 +1877,10 @@ To configure the Sidekiq nodes, on each one:
{host: '10.6.0.83', port: 26379}, {host: '10.6.0.83', port: 26379},
] ]
####################################### # Gitaly Cluster
### Gitaly ### ## git_data_dirs get configured for the Praefect virtual storage
####################################### ## Address is Internal Load Balancer for Praefect
## Token is praefect_external_token
# git_data_dirs get configured for the Praefect virtual storage
# Address is Internal Load Balancer for Praefect
# Token is praefect_external_token
git_data_dirs({ git_data_dirs({
"default" => { "default" => {
"gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP "gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP
...@@ -1901,20 +1888,17 @@ To configure the Sidekiq nodes, on each one: ...@@ -1901,20 +1888,17 @@ To configure the Sidekiq nodes, on each one:
} }
}) })
####################################### # PostgreSQL
### Postgres ###
#######################################
gitlab_rails['db_host'] = '10.6.0.40' # internal load balancer IP gitlab_rails['db_host'] = '10.6.0.40' # internal load balancer IP
gitlab_rails['db_port'] = 6432 gitlab_rails['db_port'] = 6432
gitlab_rails['db_password'] = '<postgresql_user_password>' gitlab_rails['db_password'] = '<postgresql_user_password>'
gitlab_rails['db_adapter'] = 'postgresql' gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'unicode' gitlab_rails['db_encoding'] = 'unicode'
# Prevent database migrations from running on upgrade automatically ## Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
####################################### # Sidekiq
### Sidekiq configuration ### sidekiqp['enable'] = true
#######################################
sidekiq['listen_address'] = "0.0.0.0" sidekiq['listen_address'] = "0.0.0.0"
# Set number of Sidekiq queue processes to the same number as available CPUs # Set number of Sidekiq queue processes to the same number as available CPUs
...@@ -1923,9 +1907,7 @@ To configure the Sidekiq nodes, on each one: ...@@ -1923,9 +1907,7 @@ To configure the Sidekiq nodes, on each one:
# Set number of Sidekiq threads per queue process to the recommend number of 10 # Set number of Sidekiq threads per queue process to the recommend number of 10
sidekiq['max_concurrency'] = 10 sidekiq['max_concurrency'] = 10
####################################### # Monitoring
### Monitoring configuration ###
#######################################
consul['enable'] = true consul['enable'] = true
consul['monitoring_service_discovery'] = true consul['monitoring_service_discovery'] = true
...@@ -1933,18 +1915,15 @@ To configure the Sidekiq nodes, on each one: ...@@ -1933,18 +1915,15 @@ To configure the Sidekiq nodes, on each one:
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13) retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
} }
# Set the network addresses that the exporters will listen on ## Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
# Rails Status for prometheus ## Add the monitoring node's IP address to the monitoring whitelist
gitlab_rails['monitoring_whitelist'] = ['10.6.0.151/32', '127.0.0.0/8'] gitlab_rails['monitoring_whitelist'] = ['10.6.0.151/32', '127.0.0.0/8']
############################# # Object Storage
### Object storage ### ## This is an example for configuring Object Storage on GCP
############################# ## Replace this config with your chosen Object Storage provider as desired
# This is an example for configuring Object Storage on GCP
# Replace this config with your chosen Object Storage provider as desired
gitlab_rails['object_store']['connection'] = { gitlab_rails['object_store']['connection'] = {
'provider' => 'Google', 'provider' => 'Google',
'google_project' => '<gcp-project-name>', 'google_project' => '<gcp-project-name>',
...@@ -1957,11 +1936,26 @@ To configure the Sidekiq nodes, on each one: ...@@ -1957,11 +1936,26 @@ To configure the Sidekiq nodes, on each one:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -1992,9 +1986,6 @@ On each node perform the following: ...@@ -1992,9 +1986,6 @@ On each node perform the following:
1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab 1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab
package of your choice. Be sure to follow _only_ installation steps 1 and 2 package of your choice. Be sure to follow _only_ installation steps 1 and 2
on the page. on the page.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. Edit `/etc/gitlab/gitlab.rb` and use the following configuration. 1. Edit `/etc/gitlab/gitlab.rb` and use the following configuration.
To maintain uniformity of links across nodes, the `external_url` To maintain uniformity of links across nodes, the `external_url`
...@@ -2089,9 +2080,15 @@ On each node perform the following: ...@@ -2089,9 +2080,15 @@ On each node perform the following:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the 1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the
`git_data_dirs` entry is configured with `tls` instead of `tcp`: `git_data_dirs` entry is configured with `tls` instead of `tcp`:
...@@ -2110,6 +2107,20 @@ On each node perform the following: ...@@ -2110,6 +2107,20 @@ On each node perform the following:
sudo cp cert.pem /etc/gitlab/trusted-certs/ sudo cp cert.pem /etc/gitlab/trusted-certs/
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. If you're [using NFS](#configure-nfs-optional): 1. If you're [using NFS](#configure-nfs-optional):
1. If necessary, install the NFS client utility packages using the following 1. If necessary, install the NFS client utility packages using the following
commands: commands:
...@@ -2149,7 +2160,8 @@ On each node perform the following: ...@@ -2149,7 +2160,8 @@ On each node perform the following:
registry['gid'] = 9002 registry['gid'] = 9002
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Confirm the node can connect to Gitaly: 1. Confirm the node can connect to Gitaly:
```shell ```shell
...@@ -2213,28 +2225,20 @@ To configure the Monitoring node: ...@@ -2213,28 +2225,20 @@ To configure the Monitoring node:
1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab 1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab
package of your choice. Be sure to follow _only_ installation steps 1 and 2 package of your choice. Be sure to follow _only_ installation steps 1 and 2
on the page. on the page.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. Edit `/etc/gitlab/gitlab.rb` and add the contents: 1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby ```ruby
external_url 'http://gitlab.example.com' external_url 'http://gitlab.example.com'
# Disable all other services # Avoid running unnecessary services on the Prometheus server
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_exporter['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = true
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false
sidekiq['enable'] = false
puma['enable'] = false puma['enable'] = false
node_exporter['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false
alertmanager['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
# Enable Prometheus # Enable Prometheus
...@@ -2260,7 +2264,8 @@ To configure the Monitoring node: ...@@ -2260,7 +2264,8 @@ To configure the Monitoring node:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. In the GitLab UI, set `admin/application_settings/metrics_and_profiling` > Metrics - Grafana to `/-/grafana` to 1. In the GitLab UI, set `admin/application_settings/metrics_and_profiling` > Metrics - Grafana to `/-/grafana` to
`http[s]://<MONITOR NODE>/-/grafana` `http[s]://<MONITOR NODE>/-/grafana`
...@@ -2395,7 +2400,7 @@ future with further specific cloud provider details. ...@@ -2395,7 +2400,7 @@ future with further specific cloud provider details.
| Service | Nodes | Configuration | GCP | Allocatable CPUs and Memory | | Service | Nodes | Configuration | GCP | Allocatable CPUs and Memory |
|-------------------------------------------------------|-------|-------------------------|------------------|-----------------------------| |-------------------------------------------------------|-------|-------------------------|------------------|-----------------------------|
| Webservice | 4 | 32 vCPU, 28.8 GB memory | `n1-standard-32` | 127.5 vCPU, 118 GB memory | | Webservice | 4 | 32 vCPU, 28.8 GB memory | `n1-highcpu-32` | 127.5 vCPU, 118 GB memory |
| Sidekiq | 4 | 4 vCPU, 15 GB memory | `n1-standard-4` | 15.5 vCPU, 50 GB memory | | Sidekiq | 4 | 4 vCPU, 15 GB memory | `n1-standard-4` | 15.5 vCPU, 50 GB memory |
| Supporting services such as NGINX, Prometheus, etc... | 2 | 4 vCPU, 15 GB memory | `n1-standard-4` | 7.75 vCPU, 25 GB memory | | Supporting services such as NGINX, Prometheus, etc... | 2 | 4 vCPU, 15 GB memory | `n1-standard-4` | 7.75 vCPU, 25 GB memory |
......
doc/administration/reference_architectures/25k_users.md
View file @ 85e509c2
...@@ -413,11 +413,6 @@ The following IPs will be used as an example: ...@@ -413,11 +413,6 @@ The following IPs will be used as an example:
- `10.6.0.12`: Consul 2 - `10.6.0.12`: Consul 2
- `10.6.0.13`: Consul 3 - `10.6.0.13`: Consul 3
NOTE:
The configuration processes for the other servers in your reference architecture will
use the `/etc/gitlab/gitlab-secrets.json` file from your Consul server to connect
with the other servers.
To configure Consul: To configure Consul:
1. SSH in to the server that will host Consul. 1. SSH in to the server that will host Consul.
...@@ -448,7 +443,11 @@ To configure Consul: ...@@ -448,7 +443,11 @@ To configure Consul:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul nodes, and 1. Go through the steps again for all the other Consul nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -605,9 +604,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind` ...@@ -605,9 +604,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind`
Like most failover handling methods, this has a small chance of leading to data loss. Like most failover handling methods, this has a small chance of leading to data loss.
Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method). Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method).
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -707,9 +705,8 @@ The following IPs will be used as an example: ...@@ -707,9 +705,8 @@ The following IPs will be used as an example:
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -868,9 +865,8 @@ a node and change its status from primary to replica (and vice versa). ...@@ -868,9 +865,8 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -935,11 +931,11 @@ You can specify multiple roles, like sentinel and Redis, as: ...@@ -935,11 +931,11 @@ You can specify multiple roles, like sentinel and Redis, as:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
make sure to set up the IPs correctly. make sure to set up the IPs correctly.
...@@ -1067,11 +1063,11 @@ To configure the Sentinel Cache server: ...@@ -1067,11 +1063,11 @@ To configure the Sentinel Cache server:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul/Sentinel nodes, and 1. Go through the steps again for all the other Consul/Sentinel nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -1133,9 +1129,8 @@ a node and change its status from primary to replica (and vice versa). ...@@ -1133,9 +1129,8 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -1194,11 +1189,11 @@ You can specify multiple roles, like sentinel and Redis, as: ...@@ -1194,11 +1189,11 @@ You can specify multiple roles, like sentinel and Redis, as:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
make sure to set up the IPs correctly. make sure to set up the IPs correctly.
...@@ -1326,7 +1321,10 @@ To configure the Sentinel Queues server: ...@@ -1326,7 +1321,10 @@ To configure the Sentinel Queues server:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. To prevent database migrations from running on upgrade, run: 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell ```shell
sudo touch /etc/gitlab/skip-auto-reconfigure sudo touch /etc/gitlab/skip-auto-reconfigure
...@@ -1334,11 +1332,8 @@ To configure the Sentinel Queues server: ...@@ -1334,11 +1332,8 @@ To configure the Sentinel Queues server:
Only the primary GitLab application server should handle migrations. Only the primary GitLab application server should handle migrations.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Sentinel nodes, and 1. Go through the steps again for all the other Sentinel nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -1437,7 +1432,11 @@ in the second step, do not supply the `EXTERNAL_URL` value. ...@@ -1437,7 +1432,11 @@ in the second step, do not supply the `EXTERNAL_URL` value.
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Follow the [post configuration](#praefect-postgresql-post-configuration). 1. Follow the [post configuration](#praefect-postgresql-post-configuration).
<div align="right"> <div align="right">
...@@ -1535,18 +1534,18 @@ To configure the Praefect nodes, on each one: ...@@ -1535,18 +1534,18 @@ To configure the Praefect nodes, on each one:
1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect: 1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect:
```ruby ```ruby
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Praefect server
gitaly['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Praefect Configuration # Praefect Configuration
praefect['enable'] = true praefect['enable'] = true
...@@ -1614,11 +1613,25 @@ To configure the Praefect nodes, on each one: ...@@ -1614,11 +1613,25 @@ To configure the Praefect nodes, on each one:
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Praefect requires to run some database migrations, much like the main GitLab application. For this
you should select **one Praefect node only to run the migrations**, AKA the _Deploy Node_. This node
must be configured first before the others as follows:
1. In the `/etc/gitlab/gitlab.rb` file, change the `praefect['auto_migrate']` setting value from `false` to `true`
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect and
to run the Praefect database migrations.
1. On all other Praefect nodes, [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
### Configure Gitaly ### Configure Gitaly
...@@ -1662,20 +1675,17 @@ On each node: ...@@ -1662,20 +1675,17 @@ On each node:
storage paths, enable the network listener, and to configure the token: storage paths, enable the network listener, and to configure the token:
```ruby ```ruby
# /etc/gitlab/gitlab.rb
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Prevent database migrations from running on upgrade automatically # Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
...@@ -1683,9 +1693,11 @@ On each node: ...@@ -1683,9 +1693,11 @@ On each node:
# Configure the gitlab-shell API callback URL. Without this, `git push` will # Configure the gitlab-shell API callback URL. Without this, `git push` will
# fail. This can be your 'front door' GitLab URL or an internal load # fail. This can be your 'front door' GitLab URL or an internal load
# balancer. # balancer.
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from web server to Gitaly server.
gitlab_rails['internal_api_url'] = 'https://gitlab.example.com' gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
# Gitaly
gitaly['enable'] = true
# Make Gitaly accept connections on all network interfaces. You must use # Make Gitaly accept connections on all network interfaces. You must use
# firewalls to restrict access to this address/port. # firewalls to restrict access to this address/port.
# Comment out following line if you only want to support TLS connections # Comment out following line if you only want to support TLS connections
...@@ -1727,9 +1739,8 @@ On each node: ...@@ -1727,9 +1739,8 @@ On each node:
}) })
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
...@@ -1836,28 +1847,19 @@ To configure the Sidekiq nodes, on each one: ...@@ -1836,28 +1847,19 @@ To configure the Sidekiq nodes, on each one:
1. Open `/etc/gitlab/gitlab.rb` with your editor: 1. Open `/etc/gitlab/gitlab.rb` with your editor:
```ruby ```ruby
######################################## # Avoid running unnecessary services on the Sidekiq server
##### Services Disabled ###
########################################
nginx['enable'] = false
grafana['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = false
puma['enable'] = false
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false puma['enable'] = false
gitlab_workhorse['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
nginx['enable'] = false
######################################## # Redis
#### Redis ###
########################################
## Redis connection details ## Redis connection details
## First cluster that will host the cache ## First cluster that will host the cache
gitlab_rails['redis_cache_instance'] = 'redis://:<REDIS_PRIMARY_PASSWORD_OF_FIRST_CLUSTER>@gitlab-redis-cache' gitlab_rails['redis_cache_instance'] = 'redis://:<REDIS_PRIMARY_PASSWORD_OF_FIRST_CLUSTER>@gitlab-redis-cache'
...@@ -1889,13 +1891,10 @@ To configure the Sidekiq nodes, on each one: ...@@ -1889,13 +1891,10 @@ To configure the Sidekiq nodes, on each one:
{host: '10.6.0.83', port: 26379}, {host: '10.6.0.83', port: 26379},
] ]
####################################### # Gitaly Cluster
### Gitaly ### ## git_data_dirs get configured for the Praefect virtual storage
####################################### ## Address is Internal Load Balancer for Praefect
## Token is praefect_external_token
# git_data_dirs get configured for the Praefect virtual storage
# Address is Internal Load Balancer for Praefect
# Token is praefect_external_token
git_data_dirs({ git_data_dirs({
"default" => { "default" => {
"gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP "gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP
...@@ -1903,20 +1902,17 @@ To configure the Sidekiq nodes, on each one: ...@@ -1903,20 +1902,17 @@ To configure the Sidekiq nodes, on each one:
} }
}) })
####################################### # PostgreSQL
### Postgres ###
#######################################
gitlab_rails['db_host'] = '10.6.0.20' # internal load balancer IP gitlab_rails['db_host'] = '10.6.0.20' # internal load balancer IP
gitlab_rails['db_port'] = 6432 gitlab_rails['db_port'] = 6432
gitlab_rails['db_password'] = '<postgresql_user_password>' gitlab_rails['db_password'] = '<postgresql_user_password>'
gitlab_rails['db_adapter'] = 'postgresql' gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'unicode' gitlab_rails['db_encoding'] = 'unicode'
# Prevent database migrations from running on upgrade automatically ## Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
####################################### # Sidekiq
### Sidekiq configuration ### sidekiq['enable'] = true
#######################################
sidekiq['listen_address'] = "0.0.0.0" sidekiq['listen_address'] = "0.0.0.0"
# Set number of Sidekiq queue processes to the same number as available CPUs # Set number of Sidekiq queue processes to the same number as available CPUs
...@@ -1925,9 +1921,7 @@ To configure the Sidekiq nodes, on each one: ...@@ -1925,9 +1921,7 @@ To configure the Sidekiq nodes, on each one:
# Set number of Sidekiq threads per queue process to the recommend number of 10 # Set number of Sidekiq threads per queue process to the recommend number of 10
sidekiq['max_concurrency'] = 10 sidekiq['max_concurrency'] = 10
####################################### # Monitoring
### Monitoring configuration ###
#######################################
consul['enable'] = true consul['enable'] = true
consul['monitoring_service_discovery'] = true consul['monitoring_service_discovery'] = true
...@@ -1935,16 +1929,13 @@ To configure the Sidekiq nodes, on each one: ...@@ -1935,16 +1929,13 @@ To configure the Sidekiq nodes, on each one:
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13) retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
} }
# Set the network addresses that the exporters will listen on ## Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
# Rails Status for prometheus ## Add the monitoring node's IP address to the monitoring whitelist
gitlab_rails['monitoring_whitelist'] = ['10.6.0.151/32', '127.0.0.0/8'] gitlab_rails['monitoring_whitelist'] = ['10.6.0.151/32', '127.0.0.0/8']
############################# # Object Storage
### Object storage ###
#############################
# This is an example for configuring Object Storage on GCP # This is an example for configuring Object Storage on GCP
# Replace this config with your chosen Object Storage provider as desired # Replace this config with your chosen Object Storage provider as desired
gitlab_rails['object_store']['connection'] = { gitlab_rails['object_store']['connection'] = {
...@@ -1959,11 +1950,26 @@ To configure the Sidekiq nodes, on each one: ...@@ -1959,11 +1950,26 @@ To configure the Sidekiq nodes, on each one:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace Only a single designated node should handle migrations as detailed in the
the file of the same name on this server. If that file is not on this server, [GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
add the file from your Consul server to this server.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -1996,9 +2002,6 @@ On each node perform the following: ...@@ -1996,9 +2002,6 @@ On each node perform the following:
1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab 1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab
package of your choice. Be sure to follow _only_ installation steps 1 and 2 package of your choice. Be sure to follow _only_ installation steps 1 and 2
on the page. on the page.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. Edit `/etc/gitlab/gitlab.rb` and use the following configuration. 1. Edit `/etc/gitlab/gitlab.rb` and use the following configuration.
To maintain uniformity of links across nodes, the `external_url` To maintain uniformity of links across nodes, the `external_url`
...@@ -2093,9 +2096,15 @@ On each node perform the following: ...@@ -2093,9 +2096,15 @@ On each node perform the following:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the 1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the
`git_data_dirs` entry is configured with `tls` instead of `tcp`: `git_data_dirs` entry is configured with `tls` instead of `tcp`:
...@@ -2114,6 +2123,20 @@ On each node perform the following: ...@@ -2114,6 +2123,20 @@ On each node perform the following:
sudo cp cert.pem /etc/gitlab/trusted-certs/ sudo cp cert.pem /etc/gitlab/trusted-certs/
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. If you're [using NFS](#configure-nfs-optional): 1. If you're [using NFS](#configure-nfs-optional):
1. If necessary, install the NFS client utility packages using the following 1. If necessary, install the NFS client utility packages using the following
commands: commands:
...@@ -2153,7 +2176,7 @@ On each node perform the following: ...@@ -2153,7 +2176,7 @@ On each node perform the following:
registry['gid'] = 9002 registry['gid'] = 9002
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Confirm the node can connect to Gitaly: 1. Confirm the node can connect to Gitaly:
```shell ```shell
...@@ -2217,28 +2240,20 @@ To configure the Monitoring node: ...@@ -2217,28 +2240,20 @@ To configure the Monitoring node:
1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab 1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab
package of your choice. Be sure to follow _only_ installation steps 1 and 2 package of your choice. Be sure to follow _only_ installation steps 1 and 2
on the page. on the page.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. Edit `/etc/gitlab/gitlab.rb` and add the contents: 1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby ```ruby
external_url 'http://gitlab.example.com' external_url 'http://gitlab.example.com'
# Disable all other services # Avoid running unnecessary services on the Prometheus server
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_exporter['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = true
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false
sidekiq['enable'] = false
puma['enable'] = false puma['enable'] = false
node_exporter['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false
alertmanager['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
# Enable Prometheus # Enable Prometheus
......
doc/administration/reference_architectures/2k_users.md
View file @ 85e509c2
...@@ -295,6 +295,9 @@ further configuration steps. ...@@ -295,6 +295,9 @@ further configuration steps.
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Note the PostgreSQL node's IP address or hostname, port, and 1. Note the PostgreSQL node's IP address or hostname, port, and
plain text password. These will be necessary when configuring the [GitLab plain text password. These will be necessary when configuring the [GitLab
...@@ -347,18 +350,17 @@ Omnibus: ...@@ -347,18 +350,17 @@ Omnibus:
## Enable Redis ## Enable Redis
redis['enable'] = true redis['enable'] = true
## Disable all other services # Avoid running unnecessary services on the Redis server
gitaly['enable'] = false
postgresql['enable'] = false
puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
puma['enable'] = false
postgresql['enable'] = false
nginx['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false alertmanager['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false
gitaly['enable'] = false
grafana['enable'] = false grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
redis['bind'] = '0.0.0.0' redis['bind'] = '0.0.0.0'
redis['port'] = 6379 redis['port'] = 6379
...@@ -375,7 +377,11 @@ Omnibus: ...@@ -375,7 +377,11 @@ Omnibus:
} }
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Note the Redis node's IP address or hostname, port, and 1. Note the Redis node's IP address or hostname, port, and
Redis password. These will be necessary when [configuring the GitLab Redis password. These will be necessary when [configuring the GitLab
application servers](#configure-gitlab-rails) later. application servers](#configure-gitlab-rails) later.
...@@ -454,15 +460,14 @@ To configure the Gitaly server, on the server node you want to use for Gitaly: ...@@ -454,15 +460,14 @@ To configure the Gitaly server, on the server node you want to use for Gitaly:
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Prevent database migrations from running on upgrade automatically # Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
...@@ -470,9 +475,11 @@ To configure the Gitaly server, on the server node you want to use for Gitaly: ...@@ -470,9 +475,11 @@ To configure the Gitaly server, on the server node you want to use for Gitaly:
# Configure the gitlab-shell API callback URL. Without this, `git push` will # Configure the gitlab-shell API callback URL. Without this, `git push` will
# fail. This can be your 'front door' GitLab URL or an internal load # fail. This can be your 'front door' GitLab URL or an internal load
# balancer. # balancer.
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from web server to Gitaly server.
gitlab_rails['internal_api_url'] = 'https://gitlab.example.com' gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
# Gitaly
gitaly['enable'] = true
# Make Gitaly accept connections on all network interfaces. You must use # Make Gitaly accept connections on all network interfaces. You must use
# firewalls to restrict access to this address/port. # firewalls to restrict access to this address/port.
# Comment out following line if you only want to support TLS connections # Comment out following line if you only want to support TLS connections
...@@ -492,7 +499,11 @@ To configure the Gitaly server, on the server node you want to use for Gitaly: ...@@ -492,7 +499,11 @@ To configure the Gitaly server, on the server node you want to use for Gitaly:
}) })
``` ```
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Confirm that Gitaly can perform callbacks to the internal API: 1. Confirm that Gitaly can perform callbacks to the internal API:
```shell ```shell
...@@ -656,10 +667,7 @@ On each node perform the following: ...@@ -656,10 +667,7 @@ On each node perform the following:
gitlab_rails['monitoring_whitelist'] = ['<MONITOR NODE IP>/32', '127.0.0.0/8'] gitlab_rails['monitoring_whitelist'] = ['<MONITOR NODE IP>/32', '127.0.0.0/8']
nginx['status']['options']['allow'] = ['<MONITOR NODE IP>/32', '127.0.0.0/8'] nginx['status']['options']['allow'] = ['<MONITOR NODE IP>/32', '127.0.0.0/8']
############################# # Object Storage
### Object storage ###
#############################
# This is an example for configuring Object Storage on GCP # This is an example for configuring Object Storage on GCP
# Replace this config with your chosen Object Storage provider as desired # Replace this config with your chosen Object Storage provider as desired
gitlab_rails['object_store']['connection'] = { gitlab_rails['object_store']['connection'] = {
...@@ -675,6 +683,13 @@ On each node perform the following: ...@@ -675,6 +683,13 @@ On each node perform the following:
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
## Uncomment and edit the following options if you have set up NFS ## Uncomment and edit the following options if you have set up NFS
## ##
## Prevent GitLab from starting if NFS data mounts are not available ## Prevent GitLab from starting if NFS data mounts are not available
...@@ -708,7 +723,20 @@ On each node perform the following: ...@@ -708,7 +723,20 @@ On each node perform the following:
sudo cp cert.pem /etc/gitlab/trusted-certs/ sudo cp cert.pem /etc/gitlab/trusted-certs/
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Run `sudo gitlab-rake gitlab:gitaly:check` to confirm the node can connect to Gitaly. 1. Run `sudo gitlab-rake gitlab:gitaly:check` to confirm the node can connect to Gitaly.
1. Tail the logs to see the requests: 1. Tail the logs to see the requests:
...@@ -716,11 +744,6 @@ On each node perform the following: ...@@ -716,11 +744,6 @@ On each node perform the following:
sudo gitlab-ctl tail gitaly sudo gitlab-ctl tail gitaly
``` ```
1. Save the `/etc/gitlab/gitlab-secrets.json` file from one of the two
application nodes and install it on the other application node and the
[Gitaly node](#configure-gitaly) and
[reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
When you specify `https` in the `external_url`, as in the previous example, When you specify `https` in the `external_url`, as in the previous example,
GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the GitLab expects that the SSL certificates are in `/etc/gitlab/ssl/`. If the
certificates aren't present, NGINX will fail to start. For more information, see certificates aren't present, NGINX will fail to start. For more information, see
...@@ -777,19 +800,14 @@ running [Prometheus](../monitoring/prometheus/index.md) and ...@@ -777,19 +800,14 @@ running [Prometheus](../monitoring/prometheus/index.md) and
grafana['enable'] = true grafana['enable'] = true
grafana['admin_password'] = 'toomanysecrets' grafana['admin_password'] = 'toomanysecrets'
# Disable all other services # Avoid running unnecessary services on the Prometheus server
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_exporter['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = true
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false
sidekiq['enable'] = false
puma['enable'] = false puma['enable'] = false
node_exporter['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false
alertmanager['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
# Prevent database migrations from running on upgrade automatically # Prevent database migrations from running on upgrade automatically
......
doc/administration/reference_architectures/3k_users.md
View file @ 85e509c2
...@@ -508,6 +508,9 @@ a node and change its status from primary to replica (and vice versa). ...@@ -508,6 +508,9 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as: You can specify multiple roles, like sentinel and Redis, as:
...@@ -591,6 +594,9 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s ...@@ -591,6 +594,9 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
make sure to set up the IPs correctly. make sure to set up the IPs correctly.
...@@ -720,7 +726,11 @@ To configure the Sentinel: ...@@ -720,7 +726,11 @@ To configure the Sentinel:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul/Sentinel nodes, and 1. Go through the steps again for all the other Consul/Sentinel nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -878,9 +888,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind` ...@@ -878,9 +888,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind`
Like most failover handling methods, this has a small chance of leading to data loss. Like most failover handling methods, this has a small chance of leading to data loss.
Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method). Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method).
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -982,6 +991,9 @@ The following IPs will be used as an example: ...@@ -982,6 +991,9 @@ The following IPs will be used as an example:
pgbouncer_exporter['listen_address'] = '0.0.0.0:9188' pgbouncer_exporter['listen_address'] = '0.0.0.0:9188'
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Create a `.pgpass` file so Consul is able to 1. Create a `.pgpass` file so Consul is able to
...@@ -1135,6 +1147,9 @@ in the second step, do not supply the `EXTERNAL_URL` value. ...@@ -1135,6 +1147,9 @@ in the second step, do not supply the `EXTERNAL_URL` value.
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Follow the [post configuration](#praefect-postgresql-post-configuration). 1. Follow the [post configuration](#praefect-postgresql-post-configuration).
...@@ -1233,18 +1248,18 @@ To configure the Praefect nodes, on each one: ...@@ -1233,18 +1248,18 @@ To configure the Praefect nodes, on each one:
1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect: 1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect:
```ruby ```ruby
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Praefect server
gitaly['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Praefect Configuration # Praefect Configuration
praefect['enable'] = true praefect['enable'] = true
...@@ -1312,11 +1327,25 @@ To configure the Praefect nodes, on each one: ...@@ -1312,11 +1327,25 @@ To configure the Praefect nodes, on each one:
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Praefect requires to run some database migrations, much like the main GitLab application. For this
you should select **one Praefect node only to run the migrations**, AKA the _Deploy Node_. This node
must be configured first before the others as follows:
1. In the `/etc/gitlab/gitlab.rb` file, change the `praefect['auto_migrate']` setting value from `false` to `true`
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect and
to run the Praefect database migrations.
1. On all other Praefect nodes, [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
### Configure Gitaly ### Configure Gitaly
...@@ -1360,28 +1389,27 @@ On each node: ...@@ -1360,28 +1389,27 @@ On each node:
storage paths, enable the network listener, and to configure the token: storage paths, enable the network listener, and to configure the token:
```ruby ```ruby
# /etc/gitlab/gitlab.rb
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Prevent database migrations from running on upgrade automatically # Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
# Gitaly
gitaly['enable'] = true
# Configure the gitlab-shell API callback URL. Without this, `git push` will # Configure the gitlab-shell API callback URL. Without this, `git push` will
# fail. This can be your 'front door' GitLab URL or an internal load # fail. This can be your 'front door' GitLab URL or an internal load
# balancer. # balancer.
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from web server to Gitaly server.
gitlab_rails['internal_api_url'] = 'https://gitlab.example.com' gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
# Make Gitaly accept connections on all network interfaces. You must use # Make Gitaly accept connections on all network interfaces. You must use
...@@ -1425,9 +1453,8 @@ On each node: ...@@ -1425,9 +1453,8 @@ On each node:
}) })
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
...@@ -1536,29 +1563,19 @@ To configure the Sidekiq nodes, one each one: ...@@ -1536,29 +1563,19 @@ To configure the Sidekiq nodes, one each one:
1. Open `/etc/gitlab/gitlab.rb` with your editor: 1. Open `/etc/gitlab/gitlab.rb` with your editor:
```ruby ```ruby
######################################## # Avoid running unnecessary services on the Sidekiq server
##### Services Disabled ###
########################################
nginx['enable'] = false
grafana['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = false
puma['enable'] = false
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false puma['enable'] = false
gitlab_workhorse['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
nginx['enable'] = false
######################################## # Redis
#### Redis ###
########################################
## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis' redis['master_name'] = 'gitlab-redis'
## The same password for Redis authentication you set up for the master node. ## The same password for Redis authentication you set up for the master node.
...@@ -1571,13 +1588,10 @@ To configure the Sidekiq nodes, one each one: ...@@ -1571,13 +1588,10 @@ To configure the Sidekiq nodes, one each one:
{'host' => '10.6.0.13', 'port' => 26379}, {'host' => '10.6.0.13', 'port' => 26379},
] ]
####################################### # Gitaly Cluster
### Gitaly ### ## git_data_dirs get configured for the Praefect virtual storage
####################################### ## Address is Internal Load Balancer for Praefect
## Token is praefect_external_token
# git_data_dirs get configured for the Praefect virtual storage
# Address is Internal Load Balancer for Praefect
# Token is praefect_external_token
git_data_dirs({ git_data_dirs({
"default" => { "default" => {
"gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP "gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP
...@@ -1585,31 +1599,26 @@ To configure the Sidekiq nodes, one each one: ...@@ -1585,31 +1599,26 @@ To configure the Sidekiq nodes, one each one:
} }
}) })
####################################### # PostgreSQL
### Postgres ###
#######################################
gitlab_rails['db_host'] = '10.6.0.40' # internal load balancer IP gitlab_rails['db_host'] = '10.6.0.40' # internal load balancer IP
gitlab_rails['db_port'] = 6432 gitlab_rails['db_port'] = 6432
gitlab_rails['db_password'] = '<postgresql_user_password>' gitlab_rails['db_password'] = '<postgresql_user_password>'
gitlab_rails['db_adapter'] = 'postgresql' gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'unicode' gitlab_rails['db_encoding'] = 'unicode'
# Prevent database migrations from running on upgrade automatically ## Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
####################################### # Sidekiq
### Sidekiq configuration ### sidekiq['enable'] = true
#######################################
sidekiq['listen_address'] = "0.0.0.0" sidekiq['listen_address'] = "0.0.0.0"
# Set number of Sidekiq queue processes to the same number as available CPUs ## Set number of Sidekiq queue processes to the same number as available CPUs
sidekiq['queue_groups'] = ['*'] * 2 sidekiq['queue_groups'] = ['*'] * 2
# Set number of Sidekiq threads per queue process to the recommend number of 10 ## Set number of Sidekiq threads per queue process to the recommend number of 10
sidekiq['max_concurrency'] = 10 sidekiq['max_concurrency'] = 10
####################################### # Monitoring
### Monitoring configuration ###
#######################################
consul['enable'] = true consul['enable'] = true
consul['monitoring_service_discovery'] = true consul['monitoring_service_discovery'] = true
...@@ -1617,19 +1626,16 @@ To configure the Sidekiq nodes, one each one: ...@@ -1617,19 +1626,16 @@ To configure the Sidekiq nodes, one each one:
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13) retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
} }
# Set the network addresses that the exporters will listen on ## Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
# Rails Status for prometheus ## Add the monitoring node's IP address to the monitoring whitelist
gitlab_rails['monitoring_whitelist'] = ['10.6.0.81/32', '127.0.0.0/8'] gitlab_rails['monitoring_whitelist'] = ['10.6.0.81/32', '127.0.0.0/8']
gitlab_rails['prometheus_address'] = '10.6.0.81:9090' gitlab_rails['prometheus_address'] = '10.6.0.81:9090'
############################# # Object Storage
### Object storage ### ## This is an example for configuring Object Storage on GCP
############################# ## Replace this config with your chosen Object Storage provider as desired
# This is an example for configuring Object Storage on GCP
# Replace this config with your chosen Object Storage provider as desired
gitlab_rails['object_store']['connection'] = { gitlab_rails['object_store']['connection'] = {
'provider' => 'Google', 'provider' => 'Google',
'google_project' => '<gcp-project-name>', 'google_project' => '<gcp-project-name>',
...@@ -1643,9 +1649,28 @@ To configure the Sidekiq nodes, one each one: ...@@ -1643,9 +1649,28 @@ To configure the Sidekiq nodes, one each one:
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Verify the GitLab services are running: 1. Verify the GitLab services are running:
```shell ```shell
...@@ -1792,10 +1817,7 @@ On each node perform the following: ...@@ -1792,10 +1817,7 @@ On each node perform the following:
#registry['uid'] = 9002 #registry['uid'] = 9002
#registry['gid'] = 9002 #registry['gid'] = 9002
############################# # Object storage
### Object storage ###
#############################
# This is an example for configuring Object Storage on GCP # This is an example for configuring Object Storage on GCP
# Replace this config with your chosen Object Storage provider as desired # Replace this config with your chosen Object Storage provider as desired
gitlab_rails['object_store']['connection'] = { gitlab_rails['object_store']['connection'] = {
...@@ -1810,6 +1832,13 @@ On each node perform the following: ...@@ -1810,6 +1832,13 @@ On each node perform the following:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
``` ```
1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the 1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the
...@@ -1830,7 +1859,20 @@ On each node perform the following: ...@@ -1830,7 +1859,20 @@ On each node perform the following:
sudo cp cert.pem /etc/gitlab/trusted-certs/ sudo cp cert.pem /etc/gitlab/trusted-certs/
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Run `sudo gitlab-rake gitlab:gitaly:check` to confirm the node can connect to Gitaly. 1. Run `sudo gitlab-rake gitlab:gitaly:check` to confirm the node can connect to Gitaly.
1. Tail the logs to see the requests: 1. Tail the logs to see the requests:
...@@ -1838,11 +1880,6 @@ On each node perform the following: ...@@ -1838,11 +1880,6 @@ On each node perform the following:
sudo gitlab-ctl tail gitaly sudo gitlab-ctl tail gitaly
``` ```
1. Save the `/etc/gitlab/gitlab-secrets.json` file from one of the two
application nodes and install it on the other application node, the
[Gitaly node](#configure-gitaly) and the [Sidekiq node](#configure-sidekiq) and
[reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Verify the GitLab services are running: 1. Verify the GitLab services are running:
```shell ```shell
...@@ -1903,19 +1940,14 @@ running [Prometheus](../monitoring/prometheus/index.md) and ...@@ -1903,19 +1940,14 @@ running [Prometheus](../monitoring/prometheus/index.md) and
```ruby ```ruby
external_url 'http://gitlab.example.com' external_url 'http://gitlab.example.com'
# Disable all other services # Avoid running unnecessary services on the Prometheus server
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_exporter['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = true
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false
sidekiq['enable'] = false
puma['enable'] = false puma['enable'] = false
node_exporter['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false
alertmanager['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
# Enable Prometheus # Enable Prometheus
......
doc/administration/reference_architectures/50k_users.md
View file @ 85e509c2
...@@ -420,11 +420,6 @@ The following IPs will be used as an example: ...@@ -420,11 +420,6 @@ The following IPs will be used as an example:
- `10.6.0.12`: Consul 2 - `10.6.0.12`: Consul 2
- `10.6.0.13`: Consul 3 - `10.6.0.13`: Consul 3
NOTE:
The configuration processes for the other servers in your reference architecture will
use the `/etc/gitlab/gitlab-secrets.json` file from your Consul server to connect
with the other servers.
To configure Consul: To configure Consul:
1. SSH in to the server that will host Consul. 1. SSH in to the server that will host Consul.
...@@ -455,7 +450,11 @@ To configure Consul: ...@@ -455,7 +450,11 @@ To configure Consul:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul nodes, and 1. Go through the steps again for all the other Consul nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -612,9 +611,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind` ...@@ -612,9 +611,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind`
Like most failover handling methods, this has a small chance of leading to data loss. Like most failover handling methods, this has a small chance of leading to data loss.
Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method). Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method).
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -714,9 +712,8 @@ The following IPs will be used as an example: ...@@ -714,9 +712,8 @@ The following IPs will be used as an example:
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -875,9 +872,8 @@ a node and change its status from primary to replica (and vice versa). ...@@ -875,9 +872,8 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -942,11 +938,11 @@ You can specify multiple roles, like sentinel and Redis, as: ...@@ -942,11 +938,11 @@ You can specify multiple roles, like sentinel and Redis, as:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
make sure to set up the IPs correctly. make sure to set up the IPs correctly.
...@@ -1074,11 +1070,11 @@ To configure the Sentinel Cache server: ...@@ -1074,11 +1070,11 @@ To configure the Sentinel Cache server:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul/Sentinel nodes, and 1. Go through the steps again for all the other Consul/Sentinel nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -1140,9 +1136,8 @@ a node and change its status from primary to replica (and vice versa). ...@@ -1140,9 +1136,8 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -1201,11 +1196,11 @@ You can specify multiple roles, like sentinel and Redis, as: ...@@ -1201,11 +1196,11 @@ You can specify multiple roles, like sentinel and Redis, as:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
make sure to set up the IPs correctly. make sure to set up the IPs correctly.
...@@ -1333,7 +1328,7 @@ To configure the Sentinel Queues server: ...@@ -1333,7 +1328,7 @@ To configure the Sentinel Queues server:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. To prevent database migrations from running on upgrade, run: 1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell ```shell
sudo touch /etc/gitlab/skip-auto-reconfigure sudo touch /etc/gitlab/skip-auto-reconfigure
...@@ -1341,11 +1336,11 @@ To configure the Sentinel Queues server: ...@@ -1341,11 +1336,11 @@ To configure the Sentinel Queues server:
Only the primary GitLab application server should handle migrations. Only the primary GitLab application server should handle migrations.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Sentinel nodes, and 1. Go through the steps again for all the other Sentinel nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -1444,7 +1439,11 @@ in the second step, do not supply the `EXTERNAL_URL` value. ...@@ -1444,7 +1439,11 @@ in the second step, do not supply the `EXTERNAL_URL` value.
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Follow the [post configuration](#praefect-postgresql-post-configuration). 1. Follow the [post configuration](#praefect-postgresql-post-configuration).
<div align="right"> <div align="right">
...@@ -1542,18 +1541,18 @@ To configure the Praefect nodes, on each one: ...@@ -1542,18 +1541,18 @@ To configure the Praefect nodes, on each one:
1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect: 1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect:
```ruby ```ruby
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Praefect server
gitaly['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Praefect Configuration # Praefect Configuration
praefect['enable'] = true praefect['enable'] = true
...@@ -1621,11 +1620,25 @@ To configure the Praefect nodes, on each one: ...@@ -1621,11 +1620,25 @@ To configure the Praefect nodes, on each one:
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Praefect requires to run some database migrations, much like the main GitLab application. For this
you should select **one Praefect node only to run the migrations**, AKA the _Deploy Node_. This node
must be configured first before the others as follows:
1. In the `/etc/gitlab/gitlab.rb` file, change the `praefect['auto_migrate']` setting value from `false` to `true`
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect and
to run the Praefect database migrations.
1. On all other Praefect nodes, [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
### Configure Gitaly ### Configure Gitaly
...@@ -1669,20 +1682,17 @@ On each node: ...@@ -1669,20 +1682,17 @@ On each node:
storage paths, enable the network listener, and to configure the token: storage paths, enable the network listener, and to configure the token:
```ruby ```ruby
# /etc/gitlab/gitlab.rb
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Prevent database migrations from running on upgrade automatically # Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
...@@ -1690,9 +1700,11 @@ On each node: ...@@ -1690,9 +1700,11 @@ On each node:
# Configure the gitlab-shell API callback URL. Without this, `git push` will # Configure the gitlab-shell API callback URL. Without this, `git push` will
# fail. This can be your 'front door' GitLab URL or an internal load # fail. This can be your 'front door' GitLab URL or an internal load
# balancer. # balancer.
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from web server to Gitaly server.
gitlab_rails['internal_api_url'] = 'https://gitlab.example.com' gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
# Gitaly
gitaly['enable'] = true
# Make Gitaly accept connections on all network interfaces. You must use # Make Gitaly accept connections on all network interfaces. You must use
# firewalls to restrict access to this address/port. # firewalls to restrict access to this address/port.
# Comment out following line if you only want to support TLS connections # Comment out following line if you only want to support TLS connections
...@@ -1734,9 +1746,8 @@ On each node: ...@@ -1734,9 +1746,8 @@ On each node:
}) })
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
...@@ -1843,28 +1854,19 @@ To configure the Sidekiq nodes, on each one: ...@@ -1843,28 +1854,19 @@ To configure the Sidekiq nodes, on each one:
1. Open `/etc/gitlab/gitlab.rb` with your editor: 1. Open `/etc/gitlab/gitlab.rb` with your editor:
```ruby ```ruby
######################################## # Avoid running unnecessary services on the Sidekiq server
##### Services Disabled ###
########################################
nginx['enable'] = false
grafana['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = false
puma['enable'] = false
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false puma['enable'] = false
gitlab_workhorse['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
nginx['enable'] = false
######################################## # Redis
#### Redis ###
########################################
## Redis connection details ## Redis connection details
## First cluster that will host the cache ## First cluster that will host the cache
gitlab_rails['redis_cache_instance'] = 'redis://:<REDIS_PRIMARY_PASSWORD_OF_FIRST_CLUSTER>@gitlab-redis-cache' gitlab_rails['redis_cache_instance'] = 'redis://:<REDIS_PRIMARY_PASSWORD_OF_FIRST_CLUSTER>@gitlab-redis-cache'
...@@ -1896,10 +1898,7 @@ To configure the Sidekiq nodes, on each one: ...@@ -1896,10 +1898,7 @@ To configure the Sidekiq nodes, on each one:
{host: '10.6.0.83', port: 26379}, {host: '10.6.0.83', port: 26379},
] ]
####################################### # Gitaly
### Gitaly ###
#######################################
# git_data_dirs get configured for the Praefect virtual storage # git_data_dirs get configured for the Praefect virtual storage
# Address is Internal Load Balancer for Praefect # Address is Internal Load Balancer for Praefect
# Token is praefect_external_token # Token is praefect_external_token
...@@ -1910,31 +1909,26 @@ To configure the Sidekiq nodes, on each one: ...@@ -1910,31 +1909,26 @@ To configure the Sidekiq nodes, on each one:
} }
}) })
####################################### # PostgreSQL
### Postgres ###
#######################################
gitlab_rails['db_host'] = '10.6.0.20' # internal load balancer IP gitlab_rails['db_host'] = '10.6.0.20' # internal load balancer IP
gitlab_rails['db_port'] = 6432 gitlab_rails['db_port'] = 6432
gitlab_rails['db_password'] = '<postgresql_user_password>' gitlab_rails['db_password'] = '<postgresql_user_password>'
gitlab_rails['db_adapter'] = 'postgresql' gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'unicode' gitlab_rails['db_encoding'] = 'unicode'
# Prevent database migrations from running on upgrade automatically ## Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
####################################### # Sidekiq
### Sidekiq configuration ### sidekiq['enable'] = true
#######################################
sidekiq['listen_address'] = "0.0.0.0" sidekiq['listen_address'] = "0.0.0.0"
# Set number of Sidekiq queue processes to the same number as available CPUs ## Set number of Sidekiq queue processes to the same number as available CPUs
sidekiq['queue_groups'] = ['*'] * 4 sidekiq['queue_groups'] = ['*'] * 4
# Set number of Sidekiq threads per queue process to the recommend number of 10 ## Set number of Sidekiq threads per queue process to the recommend number of 10
sidekiq['max_concurrency'] = 10 sidekiq['max_concurrency'] = 10
####################################### # Monitoring
### Monitoring configuration ###
#######################################
consul['enable'] = true consul['enable'] = true
consul['monitoring_service_discovery'] = true consul['monitoring_service_discovery'] = true
...@@ -1945,15 +1939,12 @@ To configure the Sidekiq nodes, on each one: ...@@ -1945,15 +1939,12 @@ To configure the Sidekiq nodes, on each one:
# Set the network addresses that the exporters will listen on # Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
# Rails Status for prometheus ## Add the monitoring node's IP address to the monitoring whitelist
gitlab_rails['monitoring_whitelist'] = ['10.6.0.151/32', '127.0.0.0/8'] gitlab_rails['monitoring_whitelist'] = ['10.6.0.151/32', '127.0.0.0/8']
############################# # Object storage
### Object storage ### ## This is an example for configuring Object Storage on GCP
############################# ## Replace this config with your chosen Object Storage provider as desired
# This is an example for configuring Object Storage on GCP
# Replace this config with your chosen Object Storage provider as desired
gitlab_rails['object_store']['connection'] = { gitlab_rails['object_store']['connection'] = {
'provider' => 'Google', 'provider' => 'Google',
'google_project' => '<gcp-project-name>', 'google_project' => '<gcp-project-name>',
...@@ -1966,11 +1957,26 @@ To configure the Sidekiq nodes, on each one: ...@@ -1966,11 +1957,26 @@ To configure the Sidekiq nodes, on each one:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace Only a single designated node should handle migrations as detailed in the
the file of the same name on this server. If that file is not on this server, [GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
add the file from your Consul server to this server.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -2010,9 +2016,6 @@ On each node perform the following: ...@@ -2010,9 +2016,6 @@ On each node perform the following:
1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab 1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab
package of your choice. Be sure to follow _only_ installation steps 1 and 2 package of your choice. Be sure to follow _only_ installation steps 1 and 2
on the page. on the page.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. Edit `/etc/gitlab/gitlab.rb` and use the following configuration. 1. Edit `/etc/gitlab/gitlab.rb` and use the following configuration.
To maintain uniformity of links across nodes, the `external_url` To maintain uniformity of links across nodes, the `external_url`
...@@ -2107,9 +2110,15 @@ On each node perform the following: ...@@ -2107,9 +2110,15 @@ On each node perform the following:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the 1. If you're using [Gitaly with TLS support](#gitaly-cluster-tls-support), make sure the
`git_data_dirs` entry is configured with `tls` instead of `tcp`: `git_data_dirs` entry is configured with `tls` instead of `tcp`:
...@@ -2128,6 +2137,20 @@ On each node perform the following: ...@@ -2128,6 +2137,20 @@ On each node perform the following:
sudo cp cert.pem /etc/gitlab/trusted-certs/ sudo cp cert.pem /etc/gitlab/trusted-certs/
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. If you're [using NFS](#configure-nfs-optional): 1. If you're [using NFS](#configure-nfs-optional):
1. If necessary, install the NFS client utility packages using the following 1. If necessary, install the NFS client utility packages using the following
commands: commands:
...@@ -2167,7 +2190,7 @@ On each node perform the following: ...@@ -2167,7 +2190,7 @@ On each node perform the following:
registry['gid'] = 9002 registry['gid'] = 9002
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Confirm the node can connect to Gitaly: 1. Confirm the node can connect to Gitaly:
```shell ```shell
...@@ -2231,28 +2254,20 @@ To configure the Monitoring node: ...@@ -2231,28 +2254,20 @@ To configure the Monitoring node:
1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab 1. [Download and install](https://about.gitlab.com/install/) the Omnibus GitLab
package of your choice. Be sure to follow _only_ installation steps 1 and 2 package of your choice. Be sure to follow _only_ installation steps 1 and 2
on the page. on the page.
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace
the file of the same name on this server. If that file is not on this server,
add the file from your Consul server to this server.
1. Edit `/etc/gitlab/gitlab.rb` and add the contents: 1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby ```ruby
external_url 'http://gitlab.example.com' external_url 'http://gitlab.example.com'
# Disable all other services # Avoid running unnecessary services on the Prometheus server
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_exporter['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = true
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false
sidekiq['enable'] = false
puma['enable'] = false puma['enable'] = false
node_exporter['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false
alertmanager['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
# Enable Prometheus # Enable Prometheus
......
doc/administration/reference_architectures/5k_users.md
View file @ 85e509c2
...@@ -500,6 +500,9 @@ a node and change its status from primary to replica (and vice versa). ...@@ -500,6 +500,9 @@ a node and change its status from primary to replica (and vice versa).
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as: You can specify multiple roles, like sentinel and Redis, as:
...@@ -583,6 +586,9 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s ...@@ -583,6 +586,9 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other replica nodes, and 1. Go through the steps again for all the other replica nodes, and
make sure to set up the IPs correctly. make sure to set up the IPs correctly.
...@@ -712,6 +718,9 @@ To configure the Sentinel: ...@@ -712,6 +718,9 @@ To configure the Sentinel:
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Go through the steps again for all the other Consul/Sentinel nodes, and 1. Go through the steps again for all the other Consul/Sentinel nodes, and
make sure you set up the correct IPs. make sure you set up the correct IPs.
...@@ -870,9 +879,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind` ...@@ -870,9 +879,8 @@ PostgreSQL, with Patroni managing its failover, will default to use `pg_rewind`
Like most failover handling methods, this has a small chance of leading to data loss. Like most failover handling methods, this has a small chance of leading to data loss.
Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method). Learn more about the various [Patroni replication methods](../postgresql/replication_and_failover.md#selecting-the-appropriate-patroni-replication-method).
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and replace 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If that file is not on this server, the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
add the file from your Consul server to this server.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
...@@ -973,6 +981,9 @@ The following IPs will be used as an example: ...@@ -973,6 +981,9 @@ The following IPs will be used as an example:
pgbouncer_exporter['listen_address'] = '0.0.0.0:9188' pgbouncer_exporter['listen_address'] = '0.0.0.0:9188'
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Create a `.pgpass` file so Consul is able to 1. Create a `.pgpass` file so Consul is able to
...@@ -1126,7 +1137,11 @@ in the second step, do not supply the `EXTERNAL_URL` value. ...@@ -1126,7 +1137,11 @@ in the second step, do not supply the `EXTERNAL_URL` value.
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect. 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Follow the [post configuration](#praefect-postgresql-post-configuration). 1. Follow the [post configuration](#praefect-postgresql-post-configuration).
<div align="right"> <div align="right">
...@@ -1224,18 +1239,18 @@ To configure the Praefect nodes, on each one: ...@@ -1224,18 +1239,18 @@ To configure the Praefect nodes, on each one:
1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect: 1. Edit the `/etc/gitlab/gitlab.rb` file to configure Praefect:
```ruby ```ruby
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Praefect server
gitaly['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Praefect Configuration # Praefect Configuration
praefect['enable'] = true praefect['enable'] = true
...@@ -1303,11 +1318,25 @@ To configure the Praefect nodes, on each one: ...@@ -1303,11 +1318,25 @@ To configure the Praefect nodes, on each one:
# END user configuration # END user configuration
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Praefect requires to run some database migrations, much like the main GitLab application. For this
you should select **one Praefect node only to run the migrations**, AKA the _Deploy Node_. This node
must be configured first before the others as follows:
1. In the `/etc/gitlab/gitlab.rb` file, change the `praefect['auto_migrate']` setting value from `false` to `true`
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect and
to run the Praefect database migrations.
1. On all other Praefect nodes, [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
### Configure Gitaly ### Configure Gitaly
...@@ -1351,20 +1380,17 @@ On each node: ...@@ -1351,20 +1380,17 @@ On each node:
storage paths, enable the network listener, and to configure the token: storage paths, enable the network listener, and to configure the token:
```ruby ```ruby
# /etc/gitlab/gitlab.rb
# Avoid running unnecessary services on the Gitaly server # Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
nginx['enable'] = false
puma['enable'] = false puma['enable'] = false
sidekiq['enable'] = false sidekiq['enable'] = false
gitlab_workhorse['enable'] = false gitlab_workhorse['enable'] = false
grafana['enable'] = false
# If you run a separate monitoring node you can disable these services
alertmanager['enable'] = false
prometheus['enable'] = false prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false
nginx['enable'] = false
# Prevent database migrations from running on upgrade automatically # Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
...@@ -1372,9 +1398,11 @@ On each node: ...@@ -1372,9 +1398,11 @@ On each node:
# Configure the gitlab-shell API callback URL. Without this, `git push` will # Configure the gitlab-shell API callback URL. Without this, `git push` will
# fail. This can be your 'front door' GitLab URL or an internal load # fail. This can be your 'front door' GitLab URL or an internal load
# balancer. # balancer.
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from web server to Gitaly server.
gitlab_rails['internal_api_url'] = 'https://gitlab.example.com' gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
# Gitaly
gitaly['enable'] = true
# Make Gitaly accept connections on all network interfaces. You must use # Make Gitaly accept connections on all network interfaces. You must use
# firewalls to restrict access to this address/port. # firewalls to restrict access to this address/port.
# Comment out following line if you only want to support TLS connections # Comment out following line if you only want to support TLS connections
...@@ -1416,9 +1444,8 @@ On each node: ...@@ -1416,9 +1444,8 @@ On each node:
}) })
``` ```
1. Copy the `/etc/gitlab/gitlab-secrets.json` file from your Consul server, and 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
then replace the file of the same name on this server. If that file isn't on the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
this server, add the file from your Consul server to this server.
1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file, and then [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
...@@ -1525,28 +1552,19 @@ To configure the Sidekiq nodes, one each one: ...@@ -1525,28 +1552,19 @@ To configure the Sidekiq nodes, one each one:
1. Open `/etc/gitlab/gitlab.rb` with your editor: 1. Open `/etc/gitlab/gitlab.rb` with your editor:
```ruby ```ruby
######################################## # Avoid running unnecessary services on the Sidekiq server
##### Services Disabled ###
########################################
nginx['enable'] = false
grafana['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_workhorse['enable'] = false
nginx['enable'] = false
puma['enable'] = false
postgres_exporter['enable'] = false
postgresql['enable'] = false postgresql['enable'] = false
redis['enable'] = false redis['enable'] = false
redis_exporter['enable'] = false puma['enable'] = false
gitlab_workhorse['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
nginx['enable'] = false
######################################## # Redis
#### Redis ###
########################################
## Must be the same in every sentinel node ## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis' redis['master_name'] = 'gitlab-redis'
...@@ -1560,13 +1578,10 @@ To configure the Sidekiq nodes, one each one: ...@@ -1560,13 +1578,10 @@ To configure the Sidekiq nodes, one each one:
{'host' => '10.6.0.13', 'port' => 26379}, {'host' => '10.6.0.13', 'port' => 26379},
] ]
####################################### # Gitaly Cluster
### Gitaly ### ## git_data_dirs get configured for the Praefect virtual storage
####################################### ## Address is Internal Load Balancer for Praefect
## Token is praefect_external_token
# git_data_dirs get configured for the Praefect virtual storage
# Address is Internal Load Balancer for Praefect
# Token is praefect_external_token
git_data_dirs({ git_data_dirs({
"default" => { "default" => {
"gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP "gitaly_address" => "tcp://10.6.0.40:2305", # internal load balancer IP
...@@ -1574,31 +1589,26 @@ To configure the Sidekiq nodes, one each one: ...@@ -1574,31 +1589,26 @@ To configure the Sidekiq nodes, one each one:
} }
}) })
####################################### # PostgreSQL
### Postgres ###
#######################################
gitlab_rails['db_host'] = '10.6.0.40' # internal load balancer IP gitlab_rails['db_host'] = '10.6.0.40' # internal load balancer IP
gitlab_rails['db_port'] = 6432 gitlab_rails['db_port'] = 6432
gitlab_rails['db_password'] = '<postgresql_user_password>' gitlab_rails['db_password'] = '<postgresql_user_password>'
gitlab_rails['db_adapter'] = 'postgresql' gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'unicode' gitlab_rails['db_encoding'] = 'unicode'
# Prevent database migrations from running on upgrade automatically ## Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false gitlab_rails['auto_migrate'] = false
####################################### # Sidekiq
### Sidekiq configuration ### sidekiq['enable'] = true
#######################################
sidekiq['listen_address'] = "0.0.0.0" sidekiq['listen_address'] = "0.0.0.0"
# Set number of Sidekiq queue processes to the same number as available CPUs ## Set number of Sidekiq queue processes to the same number as available CPUs
sidekiq['queue_groups'] = ['*'] * 4 sidekiq['queue_groups'] = ['*'] * 4
# Set number of Sidekiq threads per queue process to the recommend number of 10 ## Set number of Sidekiq threads per queue process to the recommend number of 10
sidekiq['max_concurrency'] = 10 sidekiq['max_concurrency'] = 10
####################################### # Monitoring
### Monitoring configuration ###
#######################################
consul['enable'] = true consul['enable'] = true
consul['monitoring_service_discovery'] = true consul['monitoring_service_discovery'] = true
...@@ -1606,19 +1616,16 @@ To configure the Sidekiq nodes, one each one: ...@@ -1606,19 +1616,16 @@ To configure the Sidekiq nodes, one each one:
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13) retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
} }
# Set the network addresses that the exporters will listen on ## Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100' node_exporter['listen_address'] = '0.0.0.0:9100'
# Rails Status for prometheus ## Add the monitoring node's IP address to the monitoring whitelist
gitlab_rails['monitoring_whitelist'] = ['10.6.0.81/32', '127.0.0.0/8'] gitlab_rails['monitoring_whitelist'] = ['10.6.0.81/32', '127.0.0.0/8']
gitlab_rails['prometheus_address'] = '10.6.0.81:9090' gitlab_rails['prometheus_address'] = '10.6.0.81:9090'
############################# # Object Storage
### Object storage ### ## This is an example for configuring Object Storage on GCP
############################# ## Replace this config with your chosen Object Storage provider as desired
# This is an example for configuring Object Storage on GCP
# Replace this config with your chosen Object Storage provider as desired
gitlab_rails['object_store']['connection'] = { gitlab_rails['object_store']['connection'] = {
'provider' => 'Google', 'provider' => 'Google',
'google_project' => '<gcp-project-name>', 'google_project' => '<gcp-project-name>',
...@@ -1631,9 +1638,29 @@ To configure the Sidekiq nodes, one each one: ...@@ -1631,9 +1638,29 @@ To configure the Sidekiq nodes, one each one:
gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>" gitlab_rails['object_store']['objects']['packages']['bucket'] = "<gcp-packages-bucket-name>"
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Verify the GitLab services are running: 1. Verify the GitLab services are running:
```shell ```shell
...@@ -1784,6 +1811,13 @@ On each node perform the following: ...@@ -1784,6 +1811,13 @@ On each node perform the following:
gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>" gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = "<gcp-dependency-proxy-bucket-name>"
gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>" gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = "<gcp-terraform-state-bucket-name>"
gitlab_rails['backup_upload_connection'] = {
'provider' => 'Google',
'google_project' => '<gcp-project-name>',
'google_json_key_location' => '<path-to-gcp-service-account-key>'
}
gitlab_rails['backup_upload_remote_directory'] = "<gcp-backups-state-bucket-name>"
## Uncomment and edit the following options if you have set up NFS ## Uncomment and edit the following options if you have set up NFS
## ##
## Prevent GitLab from starting if NFS data mounts are not available ## Prevent GitLab from starting if NFS data mounts are not available
...@@ -1818,7 +1852,20 @@ On each node perform the following: ...@@ -1818,7 +1852,20 @@ On each node perform the following:
sudo cp cert.pem /etc/gitlab/trusted-certs/ sudo cp cert.pem /etc/gitlab/trusted-certs/
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Copy the `/etc/gitlab/gitlab-secrets.json` file from the first Omnibus node you configured and add or replace
the file of the same name on this server. If this is the first Omnibus node you are configuring then you can skip this step.
1. To ensure database migrations are only run during reconfigure and not automatically on upgrade, run:
```shell
sudo touch /etc/gitlab/skip-auto-reconfigure
```
Only a single designated node should handle migrations as detailed in the
[GitLab Rails post-configuration](#gitlab-rails-post-configuration) section.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Run `sudo gitlab-rake gitlab:gitaly:check` to confirm the node can connect to Gitaly. 1. Run `sudo gitlab-rake gitlab:gitaly:check` to confirm the node can connect to Gitaly.
1. Tail the logs to see the requests: 1. Tail the logs to see the requests:
...@@ -1826,11 +1873,6 @@ On each node perform the following: ...@@ -1826,11 +1873,6 @@ On each node perform the following:
sudo gitlab-ctl tail gitaly sudo gitlab-ctl tail gitaly
``` ```
1. Save the `/etc/gitlab/gitlab-secrets.json` file from one of the two
application nodes and install it on the other application node, the
[Gitaly node](#configure-gitaly) and the [Sidekiq node](#configure-sidekiq) and
[reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Verify the GitLab services are running: 1. Verify the GitLab services are running:
```shell ```shell
...@@ -1891,7 +1933,7 @@ running [Prometheus](../monitoring/prometheus/index.md) and ...@@ -1891,7 +1933,7 @@ running [Prometheus](../monitoring/prometheus/index.md) and
```ruby ```ruby
external_url 'http://gitlab.example.com' external_url 'http://gitlab.example.com'
# Disable all other services # Avoid running unnecessary services on the Prometheus server
alertmanager['enable'] = false alertmanager['enable'] = false
gitaly['enable'] = false gitaly['enable'] = false
gitlab_exporter['enable'] = false gitlab_exporter['enable'] = false
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7