67 lines
2.6 KiB
Markdown
67 lines
2.6 KiB
Markdown
# Standalone PostgreSQL using Omnibus GitLab **(CORE ONLY)**
|
|
|
|
If you wish to have your database service hosted separately from your GitLab
|
|
application server(s), you can do this using the PostgreSQL binaries packaged
|
|
together with Omnibus GitLab. This is recommended as part of our
|
|
[reference architecture for up to 2,000 users](../reference_architectures/2k_users.md).
|
|
|
|
## Setting it up
|
|
|
|
1. SSH into the PostgreSQL server.
|
|
1. [Download/install](https://about.gitlab.com/install/) the Omnibus GitLab
|
|
package you want using **steps 1 and 2** from the GitLab downloads page.
|
|
- Do not complete any other steps on the download page.
|
|
1. Generate a password hash for PostgreSQL. This assumes you will use the default
|
|
username of `gitlab` (recommended). The command will request a password
|
|
and confirmation. Use the value that is output by this command in the next
|
|
step as the value of `POSTGRESQL_PASSWORD_HASH`.
|
|
|
|
```shell
|
|
sudo gitlab-ctl pg-password-md5 gitlab
|
|
```
|
|
|
|
1. Edit `/etc/gitlab/gitlab.rb` and add the contents below, updating placeholder
|
|
values appropriately.
|
|
|
|
- `POSTGRESQL_PASSWORD_HASH` - The value output from the previous step
|
|
- `APPLICATION_SERVER_IP_BLOCKS` - A space delimited list of IP subnets or IP
|
|
addresses of the GitLab application servers that will connect to the
|
|
database. Example: `%w(123.123.123.123/32 123.123.123.234/32)`
|
|
|
|
```ruby
|
|
# Disable all components except PostgreSQL
|
|
roles ['postgres_role']
|
|
repmgr['enable'] = false
|
|
consul['enable'] = false
|
|
prometheus['enable'] = false
|
|
alertmanager['enable'] = false
|
|
pgbouncer_exporter['enable'] = false
|
|
redis_exporter['enable'] = false
|
|
gitlab_exporter['enable'] = false
|
|
|
|
postgresql['listen_address'] = '0.0.0.0'
|
|
postgresql['port'] = 5432
|
|
|
|
# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
|
|
postgresql['sql_user_password'] = 'POSTGRESQL_PASSWORD_HASH'
|
|
|
|
# Replace XXX.XXX.XXX.XXX/YY with Network Address
|
|
# ????
|
|
postgresql['trust_auth_cidr_addresses'] = %w(APPLICATION_SERVER_IP_BLOCKS)
|
|
|
|
# Disable automatic database migrations
|
|
gitlab_rails['auto_migrate'] = false
|
|
```
|
|
|
|
NOTE: **Note:**
|
|
The role `postgres_role` was introduced with GitLab 10.3
|
|
|
|
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
|
|
1. Note the PostgreSQL node's IP address or hostname, port, and
|
|
plain text password. These will be necessary when configuring the GitLab
|
|
application servers later.
|
|
1. [Enable monitoring](replication_and_failover.md#enable-monitoring)
|
|
|
|
Advanced configuration options are supported and can be added if
|
|
needed.
|