Merge branch 'eread/move-tls-and-praefect-information' into 'master'

Move reference to Praefect commands to page about Praefect See merge request gitlab-org/gitlab!79898

Merge branch 'eread/move-tls-and-praefect-information' into 'master'
Move reference to Praefect commands to page about Praefect See merge request gitlab-org/gitlab!79898
eb37dcb1 · Russell Dickenson · a1c59637 · b8114398 · eb37dcb1 · eb37dcb1
Commit eb37dcb1 authored Feb 04, 2022 by Russell Dickenson
Showing with 8 additions and 7 deletions

doc/administration/gitaly/configure_gitaly.md doc/administration/gitaly/configure_gitaly.md +0 -6

doc/administration/gitaly/praefect.md doc/administration/gitaly/praefect.md +8 -1

No files found.
--- a/doc/administration/gitaly/configure_gitaly.md
+++ b/doc/administration/gitaly/configure_gitaly.md
@@ -566,12 +566,6 @@ Note the following:
 - You can configure Gitaly servers with both an unencrypted listening address `listen_addr` and an
  encrypted listening address `tls_listen_addr` at the same time. This allows you to gradually
  transition from unencrypted to encrypted traffic if necessary.
- When running Praefect sub-commands such as `dial-nodes` and `list-untracked-repositories` from the command line with Gitaly TLS enabled, you must set
-  the `SSL_CERT_DIR` or `SSL_CERT_FILE` environment variable so that the Gitaly certificate is trusted. For example: 
-
-   ```shell
-   sudo SSL_CERT_DIR=/etc/gitlab/trusted_certs /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml dial-nodes
-   ```

 To configure Gitaly with TLS:


--- a/doc/administration/gitaly/praefect.md
+++ b/doc/administration/gitaly/praefect.md
@@ -570,7 +570,7 @@ On the **Praefect** node:
   edit `/etc/gitlab/gitlab.rb`, remember to run `sudo gitlab-ctl reconfigure`
   again before trying the `sql-ping` command.

-#### Enabling TLS support
+#### Enable TLS support

 > [Introduced](https://gitlab.com/gitlab-org/gitaly/-/issues/1698) in GitLab 13.2.

@@ -594,6 +594,13 @@ Note the following:
  - Hostname, you can either use the Common Name field for this, or add it as a Subject
    Alternative Name.
  - IP address, you must add it as a Subject Alternative Name to the certificate.
+- When running Praefect sub-commands such as `dial-nodes` and `list-untracked-repositories` from the command line with
+  [Gitaly TLS enabled](configure_gitaly.md#enable-tls-support), you must set the `SSL_CERT_DIR` or `SSL_CERT_FILE`
+  environment variable so that the Gitaly certificate is trusted. For example: 
+
+   ```shell
+   sudo SSL_CERT_DIR=/etc/gitlab/trusted_certs /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml dial-nodes
+   ```

 - You can configure Praefect servers with both an unencrypted listening address
  `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time.