1. Replicate some required configurations between the primary and the secondaries
1. Replicate some required configurations between the primary and the secondaries
1. Start GitLab on the secondary node's machine
1. Start GitLab in the secondary node's machine
1. Configure every secondary node in the primary's Admin screen
1. Configure every secondary node in the primary's Admin screen
After GitLab's instance is online and defined in **Geo Nodes** admin screen,
After GitLab's instance is online and defined in **Geo Nodes** admin screen,
...
@@ -21,15 +20,12 @@ old data from the primary machine (more information below).
...
@@ -21,15 +20,12 @@ old data from the primary machine (more information below).
## Primary node GitLab setup
## Primary node GitLab setup
>**Notes:**
>**Notes:**
- You will need to setup your database into a **Primary <-> Secondary (read-only)**
- You will need to setup your database into a **Primary <-> Secondary (read-only)** replication
replication topology, and your Primary node should always point to a
topology, and your Primary node should always point to a database's Primary
database's Primary instance. If you haven't done that already, follow
instance. If you haven't done that already, read [database replication](./database.md).
[database replication](./database.md).
- Only in the Geo nodes admin area of the primary node, will you be adding all
- Only in the Geo nodes admin area of the primary node, will you be adding all
nodes' information (secondary and primary). Do not add anything in the Geo
nodes' information (secondary and primary). Do not add anything in the Geo
nodes admin area of the secondaries.
nodes admin area of the secondaries.
- Each node needs to have the `external_url` in their `gitlab.rb` file properly
set to the real URL or IP address where the other nodes can reach them.
To setup the primary node:
To setup the primary node:
...
@@ -52,26 +48,27 @@ In the following table you can see what all these settings mean:
...
@@ -52,26 +48,27 @@ In the following table you can see what all these settings mean:
| Setting | Description |
| Setting | Description |
| --------- | ----------- |
| --------- | ----------- |
| Primary | This marks a Geo Node as primary. There can be only one primary, make sure that you first add the primary node and then all the others. |
| Primary | This marks a Geo Node as primary. There can be only one primary, make sure that you first add the primary node and then all the others. |
| URL | Your instance's full URL, in the same way it is configured in `/etc/gitlab/gitlab.rb` |
| URL | Your instance's full URL, in the same way it is configured in `gitlab.yml` (source based installations) or `/etc/gitlab/gitlab.rb` (omnibus installations). |
|Public Key | The SSH public key of the user that your GitLab instance runs on (unless changed, should be the user `git`). That means that you have to go in each Geo Node separately and create an SSH key pair. See the [SSH key creation][ssh-pair] section. |
|Public Key | The SSH public key of the user that your GitLab instance runs on (unless changed, should be the user `git`). That means that you have to go in each Geo Node separately and create an SSH key pair. See the [SSH key creation][ssh-pair] section. |
## Secondary node GitLab setup
## Secondary node GitLab setup
>**Notes:**
>**Note:**
- The Geo nodes admin area (**Admin Area > Geo Nodes**) is not used when setting
The Geo nodes admin area (**Admin Area > Geo Nodes**) is not used when setting
up the secondary nodes. This is handled at the primary one.
up the secondary nodes. This is handled at the primary one.
- To install a secondary node, you must follow the normal GitLab Enterprise
Edition installation, with some extra requirements:
To install a secondary node, you must follow the normal GitLab Enterprise
1. Follow the [setup database replication](./database.md) instructions.
Edition installation, with some extra requirements:
1. Your secondary node should be allowed to [communicate via HTTP/HTTPS and
SSH with your primary node (make sure your firewall is not blocking that).
- You should point your database connection to a [replicated instance](./database.md).
1. Don't make any extra steps you would do for a normal new installation.
- Your secondary node should be allowed to [communicate via HTTP/HTTPS and
1. Run `sudo gitlab-ctl reconfigure` after installing
SSH with your primary node (make sure your firewall is not blocking that).
1. Don't setup any custom authentication or user accounts (this will be
- Don't make any extra steps you would do for a normal new installation
handled by the **primary** node)
- Don't setup any custom authentication (this will be handled by the `primary` node)
1. You need to make sure you restored the database backup (the script in the
database replication setup) and that the primary node PostgreSQL instance is
You need to make sure you restored the database backup (that is part of setting
ready to replicate data.
up replication) and that the primary node PostgreSQL instance is ready to
replicate data.
### Database Encryption Key
### Database Encryption Key
...
@@ -81,7 +78,8 @@ sensitive data in the database.
...
@@ -81,7 +78,8 @@ sensitive data in the database.
Any secondary node must have the **exact same value** for `db_key_base` as
Any secondary node must have the **exact same value** for `db_key_base` as
defined in the primary one.
defined in the primary one.
- It is stored at `/etc/gitlab/gitlab-secrets.json`.
- For Omnibus installations it is stored at `/etc/gitlab/gitlab-secrets.json`.
- For installations from source it is stored at `/home/git/gitlab/config/secrets.yml`.
Find that key in the primary node and copy paste its value in the secondaries.
Find that key in the primary node and copy paste its value in the secondaries.
...
@@ -114,13 +112,17 @@ The two most obvious issues that replication can have here are:
...
@@ -114,13 +112,17 @@ The two most obvious issues that replication can have here are:
Getting a new secondary Geo node up and running, will also require the
Getting a new secondary Geo node up and running, will also require the
repositories directory to be synced from the primary node. You can use `rsync`
repositories directory to be synced from the primary node. You can use `rsync`
for that. Assuming `1.2.3.4` is the IP of the primary node, and that you have
for that. Assuming `1.2.3.4` is the IP of the primary node, SSH into the
In the following table you can see what all these settings mean:
| Setting | Description |
| --------- | ----------- |
| Primary | This marks a Geo Node as primary. There can be only one primary, make sure that you first add the primary node and then all the others. |
| URL | Your instance's full URL, in the same way it is configured in `gitlab.yml` |
|Public Key | The SSH public key of the user that your GitLab instance runs on (unless changed, should be the user `git`). That means that you have to go in each Geo Node separately and create an SSH key pair. See the [SSH key creation][ssh-pair] section. |
## Secondary node GitLab setup
>**Note:**
The Geo nodes admin area (**Admin Area > Geo Nodes**) is not used when setting
up the secondary nodes. This is handled at the primary one.
To install a secondary node, you must follow the normal GitLab Enterprise
Edition installation, with some extra requirements:
- Follow the [source database replication](./source-database.md) instructions.
- Your secondary node should be allowed to [communicate via HTTP/HTTPS and
SSH with your primary node (make sure your firewall is not blocking that).
- Don't make any extra steps you would do for a normal new installation
- Don't setup any custom authentication (this will be handled by the `primary` node)
You need to make sure you restored the database backup (the script in the
database replication setup) and that the primary node PostgreSQL instance is
ready to replicate data.
### Database Encryption Key
GitLab stores a unique encryption key in disk that we use to safely store
sensitive data in the database.
Any secondary node must have the **exact same value** for `db_key_base` as
defined in the primary one.
- It is stored at `/home/git/gitlab/config/secrets.yml`.
Find that key in the primary node and copy paste its value in the secondaries.
### Enable the secondary GitLab instance
Your new GitLab secondary node can now be safely started.
1. [Create the SSH key pair][ssh-pair] for the secondary node.
1. Visit the primary node's **Admin Area > Geo Nodes** (`/admin/geo_nodes`).
1. Add your secondary node by providing its full URL and the public SSH key
you created previously.
1. Hit the **Add node** button.
---
After the **Add Node** button is pressed, the primary node will start to notify
changes to the secondary. Make sure the secondary instance is running and
accessible.
The two most obvious issues that replication can have here are:
- Database replication not working well
- Instance to instance notification not working. In that case, it can be
something of the following:
- You are using a custom certificate or custom CA (see the
[Troubleshooting](#troubleshooting) section)
- Instance is firewalled (check your firewall rules)
### Repositories data replication
Getting a new secondary Geo node up and running, will also require the
repositories directory to be synced from the primary node. You can use `rsync`
for that. Assuming `1.2.3.4` is the IP of the primary node, and that you have
- By running the command above, `primary` should be `true` when executed in
the primary node, and `false` on any secondary
- Did I define the correct SSH Key for the node?
- You must create an SSH Key for `git` user
- This key is the one you have to inform at `Admin > Geo`
- Can I SSH from secondary to primary node using `git` user account?
- This is the most obvious cause of problems with repository replication issues.
If you haven't added the primary node's key to `known_hosts`, you will end up with
a lot of failed sidekiq jobs with an error similar to:
```
Gitlab::Shell::Error: Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
```
An easy way to fix is by logging in as the `git` user in the secondary node and run:
```
# remove old entries to your primary gitlab in known_hosts