Skip to content

G
gitlab-ce
Commit 2a0624b1 authored by Kati Paizee's avatar Kati Paizee
Browse files
Options

Merge branch '329533-update-patroni-reference-architecture-docs' into 'master' 

Patroni: Update reference architecture documentation for patroni

See merge request gitlab-org/gitlab!63580
parents 1aa63dbf 1a9d7fa3
Show whitespace changes
Inline Side-by-side
Showing with 267 additions and 313 deletions
doc/administration/geo/setup/database.md
View file @ 2a0624b1
......@@ -209,7 +209,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
## Geo Primary role
## - configure dependent flags automatically to enable Geo
##
roles ['geo_primary_role']
roles(['geo_primary_role'])
##
## Primary address
......@@ -382,7 +382,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
## Geo Secondary role
## - configure dependent flags automatically to enable Geo
##
roles ['geo_secondary_role']
roles(['geo_secondary_role'])
##
## Secondary address
......@@ -401,7 +401,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
```
For external PostgreSQL instances, see [additional instructions](external_database.md).
If you bring a former **primary** node back online to serve as a **secondary** node, then you also need to remove `roles ['geo_primary_role']` or `geo_primary_role['enable'] = true`.
If you bring a former **primary** node back online to serve as a **secondary** node, then you also need to remove `roles(['geo_primary_role'])` or `geo_primary_role['enable'] = true`.
1. Reconfigure GitLab for the changes to take effect:
......@@ -541,13 +541,13 @@ Leader instance**:
1. Edit `/etc/gitlab/gitlab.rb` and add the following:
```ruby
consul['enable'] = true
roles(['patroni_role'])
consul['services'] = %w(postgresql)
consul['configuration'] = {
retry_join: %w[CONSUL_PRIMARY1_IP CONSUL_PRIMARY2_IP CONSUL_PRIMARY3_IP]
}
roles ['patroni_role']
# You need one entry for each secondary, with a unique name following PostgreSQL slot_name constraints:
#
# Configuration syntax is: 'unique_slotname' => { 'type' => 'physical' },
......@@ -644,7 +644,7 @@ Follow the minimal configuration for the PgBouncer node:
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# PgBouncer configuration
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -703,7 +703,7 @@ For each Patroni instance on the secondary site:
1. Edit `/etc/gitlab/gitlab.rb` and add the following:
```ruby
roles ['consul_role', 'patroni_role']
roles(['consul_role', 'patroni_role'])
consul['enable'] = true
consul['configuration'] = {
......@@ -768,7 +768,7 @@ by following the same instructions above.
Secondary sites use a separate PostgreSQL installation as a tracking database to
keep track of replication status and automatically recover from potential replication issues.
Omnibus automatically configures a tracking database when `roles ['geo_secondary_role']` is set.
Omnibus automatically configures a tracking database when `roles(['geo_secondary_role'])` is set.
If you want to run this database in a highly available configuration, follow the instructions below.
A production-ready and secure setup requires at least three Consul nodes, three
......@@ -793,7 +793,7 @@ Follow the minimal configuration for the PgBouncer node for the tracking databas
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# PgBouncer configuration
pgbouncer['users'] = {
......@@ -855,7 +855,7 @@ For each Patroni instance on the secondary site for the tracking database:
```ruby
# Disable all components except PostgreSQL, Patroni, and Consul
roles ['patroni_role']
roles(['patroni_role'])
# Consul configuration
consul['services'] = %w(postgresql)
......
doc/administration/postgresql/replication_and_failover.md
View file @ 2a0624b1
......@@ -127,15 +127,18 @@ Few notes on the service itself:
#### PostgreSQL information
When configuring PostgreSQL, we will set `max_wal_senders` to one more than
the number of database nodes in the cluster.
This is used to prevent replication from using up all of the
available database connections.
When configuring PostgreSQL, we do the following:
- Set `max_replication_slots` to double the number of database nodes.
Patroni uses one extra slot per node when initiating the replication.
- Set `max_wal_senders` to one more than the allocated number of replication slots in the cluster.
This prevents replication from using up all of the available database connections.
In this document we are assuming 3 database nodes, which makes this configuration:
```ruby
patroni['postgresql']['max_wal_senders'] = 4
patroni['postgresql']['max_replication_slots'] = 6
patroni['postgresql']['max_wal_senders'] = 7
```
As previously mentioned, you'll have to prepare the network subnets that will
......@@ -211,11 +214,8 @@ repmgr-specific configuration as well. Especially, make sure that you remove `po
Here is an example:
```ruby
# Disable all components except PostgreSQL, Patroni, and Consul
roles['postgres_role']
# Enable Patroni
patroni['enable'] = true
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
......@@ -231,13 +231,20 @@ consul['services'] = %w(postgresql)
#
# Replace PGBOUNCER_PASSWORD_HASH with a generated md5 value
postgresql['pgbouncer_user_password'] = 'PGBOUNCER_PASSWORD_HASH'
# Replace POSTGRESQL_REPLICATION_PASSWORD_HASH with a generated md5 value
postgresql['sql_replication_password'] = 'POSTGRESQL_REPLICATION_PASSWORD_HASH'
# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
postgresql['sql_user_password'] = 'POSTGRESQL_PASSWORD_HASH'
# Replace X with value of number of db nodes + 1 (OPTIONAL the default value is 5)
patroni['postgresql']['max_wal_senders'] = X
# Sets `max_replication_slots` to double the number of database nodes.
# Patroni uses one extra slot per node when initiating the replication.
patroni['postgresql']['max_replication_slots'] = X
# Set `max_wal_senders` to one more than the number of replication slots in the cluster.
# This is used to prevent replication from using up all of the
# available database connections.
patroni['postgresql']['max_wal_senders'] = X+1
# Replace XXX.XXX.XXX.XXX/YY with Network Address
postgresql['trust_auth_cidr_addresses'] = %w(XXX.XXX.XXX.XXX/YY)
......@@ -289,7 +296,7 @@ If you enable Monitoring, it must be enabled on **all** database servers.
```ruby
# Disable all components except PgBouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# Configure PgBouncer
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -486,7 +493,7 @@ On each server edit `/etc/gitlab/gitlab.rb`:
```ruby
# Disable all components except Consul
roles ['consul_role']
roles(['consul_role'])
consul['configuration'] = {
server: true,
......@@ -503,7 +510,7 @@ On each server edit `/etc/gitlab/gitlab.rb`:
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# Configure PgBouncer
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -518,7 +525,6 @@ pgbouncer['users'] = {
}
consul['watchers'] = %w(postgresql)
consul['enable'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
......@@ -536,29 +542,26 @@ An internal load balancer (TCP) is then required to be setup to serve each PgBou
On database nodes edit `/etc/gitlab/gitlab.rb`:
```ruby
# Disable all components except PostgreSQL, Patroni (or Repmgr), and Consul
roles ['postgres_role']
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
postgresql['hot_standby'] = 'on'
postgresql['wal_level'] = 'replica'
# Enable Patroni (which automatically disables Repmgr).
patroni['enable'] = true
# Disable automatic database migrations
gitlab_rails['auto_migrate'] = false
postgresql['pgbouncer_user_password'] = '771a8625958a529132abe6f1a4acb19c'
postgresql['sql_user_password'] = '450409b85a0223a214b5fb1484f34d0f'
patroni['postgresql']['max_wal_senders'] = 4
patroni['postgresql']['max_replication_slots'] = 6
patroni['postgresql']['max_wal_senders'] = 7
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/16)
# Configure the Consul agent
consul['services'] = %w(postgresql)
consul['enable'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
......@@ -577,19 +580,6 @@ After deploying the configuration follow these steps:
gitlab-ctl get-postgresql-primary
```
1. On the primary database node:
Enable the `pg_trgm` and `btree_gist` extensions:
```shell
gitlab-psql -d gitlabhq_production
```
```shell
CREATE EXTENSION pg_trgm;
CREATE EXTENSION btree_gist;
```
1. On `10.6.0.41`, our application server:
Set `gitlab-consul` user's PgBouncer password to `toomanysecrets`:
......@@ -631,17 +621,14 @@ Please note that after the initial configuration, if a failover occurs, the Post
On database nodes edit `/etc/gitlab/gitlab.rb`:
```ruby
# Disable all components except PostgreSQL, Repmgr, and Consul
roles ['postgres_role']
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
postgresql['hot_standby'] = 'on'
postgresql['wal_level'] = 'replica'
# Enable Patroni (which automatically disables Repmgr).
patroni['enable'] = true
# Disable automatic database migrations
gitlab_rails['auto_migrate'] = false
......@@ -650,7 +637,15 @@ consul['services'] = %w(postgresql)
postgresql['pgbouncer_user_password'] = '771a8625958a529132abe6f1a4acb19c'
postgresql['sql_user_password'] = '450409b85a0223a214b5fb1484f34d0f'
patroni['postgresql']['max_wal_senders'] = 4
# Sets `max_replication_slots` to double the number of database nodes.
# Patroni uses one extra slot per node when initiating the replication.
patroni['postgresql']['max_replication_slots'] = 6
# Set `max_wal_senders` to one more than the number of replication slots in the cluster.
# This is used to prevent replication from using up all of the
# available database connections.
patroni['postgresql']['max_wal_senders'] = 7
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/16)
......
doc/administration/postgresql/standalone.md
View file @ 2a0624b1
......@@ -36,9 +36,7 @@ together with Omnibus GitLab. This is recommended as part of our
```ruby
# Disable all components except PostgreSQL
roles ['postgres_role']
repmgr['enable'] = false
consul['enable'] = false
roles(['postgres_role'])
prometheus['enable'] = false
alertmanager['enable'] = false
pgbouncer_exporter['enable'] = false
......@@ -59,9 +57,6 @@ together with Omnibus GitLab. This is recommended as part of our
gitlab_rails['auto_migrate'] = false
```
NOTE:
The role `postgres_role` was introduced with GitLab 10.3
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
1. Note the PostgreSQL node's IP address or hostname, port, and
plain text password. These are necessary when configuring the GitLab
......
doc/administration/reference_architectures/10k_users.md
View file @ 2a0624b1
......@@ -426,10 +426,9 @@ To configure Consul:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['consul_role']
roles(['consul_role'])
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -542,6 +541,15 @@ in the second step, do not supply the `EXTERNAL_URL` value.
sudo gitlab-ctl pg-password-md5 pgbouncer
```
1. Generate a password hash for the PostgreSQL replication username/password pair. This assumes you will use the default
username of `gitlab_replicator` (recommended). The command will request a password
and a confirmation. Use the value that is output by this command in the next step
as the value of `<postgresql_replication_password_hash>`:
```shell
sudo gitlab-ctl pg-password-md5 gitlab_replicator
```
1. Generate a password hash for the Consul database username/password pair. This assumes you will use the default
username of `gitlab-consul` (recommended). The command will request a password
and confirmation. Use the value that is output by this command in the next
......@@ -554,19 +562,21 @@ in the second step, do not supply the `EXTERNAL_URL` value.
1. On every database node, edit `/etc/gitlab/gitlab.rb` replacing values noted in the `# START user configuration` section:
```ruby
# Disable all components except PostgreSQL, Patroni, and Consul
roles ['postgres_role']
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
# Enable Patroni
patroni['enable'] = true
# Set `max_wal_senders` to one more than the number of database nodes in the cluster.
# Sets `max_replication_slots` to double the number of database nodes.
# Patroni uses one extra slot per node when initiating the replication.
patroni['postgresql']['max_replication_slots'] = 8
# Set `max_wal_senders` to one more than the number of replication slots in the cluster.
# This is used to prevent replication from using up all of the
# available database connections.
patroni['postgresql']['max_wal_senders'] = 4
patroni['postgresql']['max_replication_slots'] = 4
patroni['postgresql']['max_wal_senders'] = 9
# Incoming recommended value for max connections is 500. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5691.
patroni['postgresql']['max_connections'] = 500
......@@ -574,7 +584,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
consul['services'] = %w(postgresql)
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -584,6 +593,8 @@ in the second step, do not supply the `EXTERNAL_URL` value.
#
# Replace PGBOUNCER_PASSWORD_HASH with a generated md5 value
postgresql['pgbouncer_user_password'] = '<pgbouncer_password_hash>'
# Replace POSTGRESQL_REPLICATION_PASSWORD_HASH with a generated md5 value
postgresql['sql_replication_password'] = '<postgresql_replication_password_hash>'
# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
postgresql['sql_user_password'] = '<postgresql_password_hash>'
......@@ -623,21 +634,7 @@ are supported and can be added if needed.
#### PostgreSQL post-configuration
SSH in to the **primary node**:
1. Open a database prompt:
```shell
gitlab-psql -d gitlabhq_production
```
1. Make sure the `pg_trgm` extension is enabled (it might already be):
```shell
CREATE EXTENSION pg_trgm;
```
1. Exit the database prompt by typing `\q` and Enter.
SSH in to any of the Patroni nodes on the **primary site**:
1. Check the status of the leader and cluster:
......@@ -679,7 +676,7 @@ The following IPs will be used as an example:
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# Configure PgBouncer
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -696,7 +693,6 @@ The following IPs will be used as an example:
# Configure Consul agent
consul['watchers'] = %w(postgresql)
consul['enable'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
......@@ -828,8 +824,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -851,7 +847,6 @@ a node and change its status from primary to replica (and vice versa).
redis['maxmemory_samples'] = 5
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -863,6 +858,10 @@ a node and change its status from primary to replica (and vice versa).
# Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100'
redis_exporter['listen_address'] = '0.0.0.0:9121'
redis_exporter['flags'] = {
'redis.addr' => 'redis://10.6.0.51:6379',
'redis.password' => 'redis-password-goes-here',
}
# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false
......@@ -874,7 +873,7 @@ a node and change its status from primary to replica (and vice versa).
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
#### Configure the replica Redis Cache nodes
......@@ -887,8 +886,8 @@ You can specify multiple roles, like sentinel and Redis, as:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -917,7 +916,6 @@ You can specify multiple roles, like sentinel and Redis, as:
redis['maxmemory_samples'] = 5
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -929,6 +927,10 @@ You can specify multiple roles, like sentinel and Redis, as:
# Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100'
redis_exporter['listen_address'] = '0.0.0.0:9121'
redis_exporter['flags'] = {
'redis.addr' => 'redis://10.6.0.52:6379',
'redis.password' => 'redis-password-goes-here',
}
# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false
......@@ -942,7 +944,7 @@ You can specify multiple roles, like sentinel and Redis, as:
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -984,7 +986,7 @@ To configure the Sentinel Cache server:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role']
roles(['redis_sentinel_role', 'consul_role'])
## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis-cache'
......@@ -1048,7 +1050,6 @@ To configure the Sentinel Cache server:
#sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1096,8 +1097,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -1113,7 +1114,6 @@ a node and change its status from primary to replica (and vice versa).
redis['password'] = 'REDIS_PRIMARY_PASSWORD_OF_SECOND_CLUSTER'
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1136,7 +1136,7 @@ a node and change its status from primary to replica (and vice versa).
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
#### Configure the replica Redis Queues nodes
......@@ -1149,8 +1149,8 @@ You can specify multiple roles, like sentinel and Redis, as:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -1173,7 +1173,6 @@ You can specify multiple roles, like sentinel and Redis, as:
#redis['master_port'] = 6379
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1198,7 +1197,7 @@ You can specify multiple roles, like sentinel and Redis, as:
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -1240,7 +1239,7 @@ To configure the Sentinel Queues server:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role']
roles(['redis_sentinel_role', 'consul_role'])
## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis-persistent'
......@@ -1304,7 +1303,6 @@ To configure the Sentinel Queues server:
#sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1385,9 +1383,7 @@ in the second step, do not supply the `EXTERNAL_URL` value.
```ruby
# Disable all components except PostgreSQL and Consul
roles ['postgres_role']
repmgr['enable'] = false
patroni['enable'] = false
roles(['postgres_role', 'consul_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
......@@ -1397,7 +1393,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -2012,7 +2007,7 @@ On each node perform the following:
})
## Disable components that will not be on the GitLab application server
roles ['application_role']
roles(['application_role'])
gitaly['enable'] = false
nginx['enable'] = true
sidekiq['enable'] = false
......@@ -2234,7 +2229,7 @@ To configure the Monitoring node:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['monitoring_role']
roles(['monitoring_role', 'consul_role'])
external_url 'http://gitlab.example.com'
......@@ -2247,7 +2242,6 @@ To configure the Monitoring node:
grafana['disable_login_form'] = false
# Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
......
doc/administration/reference_architectures/25k_users.md
View file @ 2a0624b1
......@@ -428,10 +428,9 @@ To configure Consul:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['consul_role']
roles(['consul_role'])
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -544,6 +543,15 @@ in the second step, do not supply the `EXTERNAL_URL` value.
sudo gitlab-ctl pg-password-md5 pgbouncer
```
1. Generate a password hash for the PostgreSQL replication username/password pair. This assumes you will use the default
username of `gitlab_replicator` (recommended). The command will request a password
and a confirmation. Use the value that is output by this command in the next step
as the value of `<postgresql_replication_password_hash>`:
```shell
sudo gitlab-ctl pg-password-md5 gitlab_replicator
```
1. Generate a password hash for the Consul database username/password pair. This assumes you will use the default
username of `gitlab-consul` (recommended). The command will request a password
and confirmation. Use the value that is output by this command in the next
......@@ -556,19 +564,21 @@ in the second step, do not supply the `EXTERNAL_URL` value.
1. On every database node, edit `/etc/gitlab/gitlab.rb` replacing values noted in the `# START user configuration` section:
```ruby
# Disable all components except PostgreSQL, Patroni, and Consul
roles ['postgres_role']
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
# Enable Patroni
patroni['enable'] = true
# Set `max_wal_senders` to one more than the number of database nodes in the cluster.
# Sets `max_replication_slots` to double the number of database nodes.
# Patroni uses one extra slot per node when initiating the replication.
patroni['postgresql']['max_replication_slots'] = 8
# Set `max_wal_senders` to one more than the number of replication slots in the cluster.
# This is used to prevent replication from using up all of the
# available database connections.
patroni['postgresql']['max_wal_senders'] = 4
patroni['postgresql']['max_replication_slots'] = 4
patroni['postgresql']['max_wal_senders'] = 9
# Incoming recommended value for max connections is 500. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5691.
patroni['postgresql']['max_connections'] = 500
......@@ -576,7 +586,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
consul['services'] = %w(postgresql)
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -586,6 +595,8 @@ in the second step, do not supply the `EXTERNAL_URL` value.
#
# Replace PGBOUNCER_PASSWORD_HASH with a generated md5 value
postgresql['pgbouncer_user_password'] = '<pgbouncer_password_hash>'
# Replace POSTGRESQL_REPLICATION_PASSWORD_HASH with a generated md5 value
postgresql['sql_replication_password'] = '<postgresql_replication_password_hash>'
# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
postgresql['sql_user_password'] = '<postgresql_password_hash>'
......@@ -625,21 +636,7 @@ are supported and can be added if needed.
#### PostgreSQL post-configuration
SSH in to the **primary node**:
1. Open a database prompt:
```shell
gitlab-psql -d gitlabhq_production
```
1. Make sure the `pg_trgm` extension is enabled (it might already be):
```shell
CREATE EXTENSION pg_trgm;
```
1. Exit the database prompt by typing `\q` and Enter.
SSH in to any of the Patroni nodes on the **primary site**:
1. Check the status of the leader and cluster:
......@@ -681,7 +678,7 @@ The following IPs will be used as an example:
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# Configure PgBouncer
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -698,7 +695,6 @@ The following IPs will be used as an example:
# Configure Consul agent
consul['watchers'] = %w(postgresql)
consul['enable'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
......@@ -830,8 +826,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role']
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -853,7 +849,6 @@ a node and change its status from primary to replica (and vice versa).
redis['maxmemory_samples'] = 5
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -865,6 +860,10 @@ a node and change its status from primary to replica (and vice versa).
# Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100'
redis_exporter['listen_address'] = '0.0.0.0:9121'
redis_exporter['flags'] = {
'redis.addr' => 'redis://10.6.0.51:6379',
'redis.password' => 'redis-password-goes-here',
}
# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false
......@@ -876,7 +875,7 @@ a node and change its status from primary to replica (and vice versa).
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
#### Configure the replica Redis Cache nodes
......@@ -889,8 +888,8 @@ You can specify multiple roles, like sentinel and Redis, as:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role']
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -919,7 +918,6 @@ You can specify multiple roles, like sentinel and Redis, as:
redis['maxmemory_samples'] = 5
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -931,6 +929,10 @@ You can specify multiple roles, like sentinel and Redis, as:
# Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100'
redis_exporter['listen_address'] = '0.0.0.0:9121'
redis_exporter['flags'] = {
'redis.addr' => 'redis://10.6.0.52:6379',
'redis.password' => 'redis-password-goes-here',
}
# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false
......@@ -945,7 +947,7 @@ You can specify multiple roles, like sentinel and Redis, as:
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -987,7 +989,7 @@ To configure the Sentinel Cache server:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role']
roles(['redis_sentinel_role', 'consul_role'])
## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis-cache'
......@@ -1051,7 +1053,6 @@ To configure the Sentinel Cache server:
#sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1100,8 +1101,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -1117,7 +1118,6 @@ a node and change its status from primary to replica (and vice versa).
redis['password'] = 'REDIS_PRIMARY_PASSWORD_OF_SECOND_CLUSTER'
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1140,7 +1140,7 @@ a node and change its status from primary to replica (and vice versa).
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
#### Configure the replica Redis Queues nodes
......@@ -1153,8 +1153,8 @@ You can specify multiple roles, like sentinel and Redis, as:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -1177,7 +1177,6 @@ You can specify multiple roles, like sentinel and Redis, as:
#redis['master_port'] = 6379
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1189,6 +1188,10 @@ You can specify multiple roles, like sentinel and Redis, as:
# Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100'
redis_exporter['listen_address'] = '0.0.0.0:9121'
redis_exporter['flags'] = {
'redis.addr' => 'redis://10.6.0.62:6379',
'redis.password' => 'redis-password-goes-here',
}
# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false
......@@ -1203,7 +1206,7 @@ You can specify multiple roles, like sentinel and Redis, as:
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -1245,7 +1248,7 @@ To configure the Sentinel Queues server:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role']
roles(['redis_sentinel_role', 'consul_role'])
## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis-persistent'
......@@ -1309,7 +1312,6 @@ To configure the Sentinel Queues server:
#sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1399,9 +1401,7 @@ in the second step, do not supply the `EXTERNAL_URL` value.
```ruby
# Disable all components except PostgreSQL and Consul
roles ['postgres_role']
repmgr['enable'] = false
patroni['enable'] = false
roles(['postgres_role', 'consul_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
......@@ -1411,7 +1411,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -2028,7 +2027,7 @@ On each node perform the following:
})
## Disable components that will not be on the GitLab application server
roles ['application_role']
roles(['application_role'])
gitaly['enable'] = false
nginx['enable'] = true
sidekiq['enable'] = false
......@@ -2249,7 +2248,7 @@ To configure the Monitoring node:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['monitoring_role']
roles(['monitoring_role', 'consul_role'])
external_url 'http://gitlab.example.com'
......@@ -2262,7 +2261,6 @@ To configure the Monitoring node:
grafana['disable_login_form'] = false
# Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
......
doc/administration/reference_architectures/2k_users.md
View file @ 2a0624b1
......@@ -269,10 +269,8 @@ further configuration steps.
database. Example: `%w(123.123.123.123/32 123.123.123.234/32)`
```ruby
# Disable all components except PostgreSQL
roles ['postgres_role']
patroni['enable'] = false
consul['enable'] = false
# Disable all components except PostgreSQL related ones
roles(['postgres_role'])
prometheus['enable'] = false
alertmanager['enable'] = false
pgbouncer_exporter['enable'] = false
......@@ -642,7 +640,7 @@ On each node perform the following:
})
## Disable components that will not be on the GitLab application server
roles ['application_role']
roles(['application_role'])
gitaly['enable'] = false
nginx['enable'] = true
......@@ -790,7 +788,7 @@ running [Prometheus](../monitoring/prometheus/index.md) and
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['monitoring_role']
roles(['monitoring_role'])
external_url 'http://gitlab.example.com'
......
doc/administration/reference_architectures/3k_users.md
View file @ 2a0624b1
......@@ -475,8 +475,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -492,7 +492,6 @@ a node and change its status from primary to replica (and vice versa).
redis['password'] = 'redis-password-goes-here'
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -554,8 +553,8 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -578,7 +577,6 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
#redis['master_port'] = 6379
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -607,7 +605,7 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -649,7 +647,7 @@ To configure the Sentinel:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role', 'consul_role']
roles(['redis_sentinel_role', 'consul_role'])
# Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis'
......@@ -713,7 +711,6 @@ To configure the Sentinel:
# sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -828,6 +825,15 @@ in the second step, do not supply the `EXTERNAL_URL` value.
sudo gitlab-ctl pg-password-md5 pgbouncer
```
1. Generate a password hash for the PostgreSQL replication username/password pair. This assumes you will use the default
username of `gitlab_replicator` (recommended). The command will request a password
and a confirmation. Use the value that is output by this command in the next step
as the value of `<postgresql_replication_password_hash>`:
```shell
sudo gitlab-ctl pg-password-md5 gitlab_replicator
```
1. Generate a password hash for the Consul database username/password pair. This assumes you will use the default
username of `gitlab-consul` (recommended). The command will request a password
and confirmation. Use the value that is output by this command in the next
......@@ -840,19 +846,21 @@ in the second step, do not supply the `EXTERNAL_URL` value.
1. On every database node, edit `/etc/gitlab/gitlab.rb` replacing values noted in the `# START user configuration` section:
```ruby
# Disable all components except PostgreSQL, Patroni, and Consul
roles ['postgres_role']
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
# Enable Patroni
patroni['enable'] = true
# Set `max_wal_senders` to one more than the number of database nodes in the cluster.
# Sets `max_replication_slots` to double the number of database nodes.
# Patroni uses one extra slot per node when initiating the replication.
patroni['postgresql']['max_replication_slots'] = 6
# Set `max_wal_senders` to one more than the number of replication slots in the cluster.
# This is used to prevent replication from using up all of the
# available database connections.
patroni['postgresql']['max_wal_senders'] = 4
patroni['postgresql']['max_replication_slots'] = 4
patroni['postgresql']['max_wal_senders'] = 7
# Incoming recommended value for max connections is 500. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5691.
patroni['postgresql']['max_connections'] = 500
......@@ -860,7 +868,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
consul['services'] = %w(postgresql)
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -870,6 +877,8 @@ in the second step, do not supply the `EXTERNAL_URL` value.
#
# Replace PGBOUNCER_PASSWORD_HASH with a generated md5 value
postgresql['pgbouncer_user_password'] = '<pgbouncer_password_hash>'
# Replace POSTGRESQL_REPLICATION_PASSWORD_HASH with a generated md5 value
postgresql['sql_replication_password'] = '<postgresql_replication_password_hash>'
# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
postgresql['sql_user_password'] = '<postgresql_password_hash>'
......@@ -909,22 +918,7 @@ are supported and can be added if needed.
#### PostgreSQL post-configuration
SSH in to the **primary node**:
1. Open a database prompt:
```shell
gitlab-psql -d gitlabhq_production
```
1. Enable the `pg_trgm` and `btree_gist` extensions:
```shell
CREATE EXTENSION pg_trgm;
CREATE EXTENSION btree_gist;
```
1. Exit the database prompt by typing `\q` and Enter.
SSH in to any of the Patroni nodes on the **primary site**:
1. Check the status of the leader and cluster:
......@@ -966,7 +960,7 @@ The following IPs will be used as an example:
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# Configure PgBouncer
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -983,7 +977,6 @@ The following IPs will be used as an example:
# Configure Consul agent
consul['watchers'] = %w(postgresql)
consul['enable'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
......@@ -1114,9 +1107,7 @@ in the second step, do not supply the `EXTERNAL_URL` value.
```ruby
# Disable all components except PostgreSQL and Consul
roles ['postgres_role']
repmgr['enable'] = false
patroni['enable'] = false
roles(['postgres_role', 'consul_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
......@@ -1126,7 +1117,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -1757,7 +1747,7 @@ On each node perform the following:
})
## Disable components that will not be on the GitLab application server
roles ['application_role']
roles(['application_role'])
gitaly['enable'] = false
nginx['enable'] = true
sidekiq['enable'] = false
......@@ -1943,7 +1933,7 @@ running [Prometheus](../monitoring/prometheus/index.md) and
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['monitoring_role']
roles(['monitoring_role', 'consul_role'])
external_url 'http://gitlab.example.com'
......@@ -1956,7 +1946,6 @@ running [Prometheus](../monitoring/prometheus/index.md) and
grafana['disable_login_form'] = false
# Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
......
doc/administration/reference_architectures/50k_users.md
View file @ 2a0624b1
......@@ -435,10 +435,9 @@ To configure Consul:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['consul_role']
roles(['consul_role'])
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -551,6 +550,15 @@ in the second step, do not supply the `EXTERNAL_URL` value.
sudo gitlab-ctl pg-password-md5 pgbouncer
```
1. Generate a password hash for the PostgreSQL replication username/password pair. This assumes you will use the default
username of `gitlab_replicator` (recommended). The command will request a password
and a confirmation. Use the value that is output by this command in the next step
as the value of `<postgresql_replication_password_hash>`:
```shell
sudo gitlab-ctl pg-password-md5 gitlab_replicator
```
1. Generate a password hash for the Consul database username/password pair. This assumes you will use the default
username of `gitlab-consul` (recommended). The command will request a password
and confirmation. Use the value that is output by this command in the next
......@@ -563,19 +571,21 @@ in the second step, do not supply the `EXTERNAL_URL` value.
1. On every database node, edit `/etc/gitlab/gitlab.rb` replacing values noted in the `# START user configuration` section:
```ruby
# Disable all components except PostgreSQL, Patroni, and Consul
roles ['postgres_role']
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
# Enable Patroni
patroni['enable'] = true
# Set `max_wal_senders` to one more than the number of database nodes in the cluster.
# Sets `max_replication_slots` to double the number of database nodes.
# Patroni uses one extra slot per node when initiating the replication.
patroni['postgresql']['max_replication_slots'] = 8
# Set `max_wal_senders` to one more than the number of replication slots in the cluster.
# This is used to prevent replication from using up all of the
# available database connections.
patroni['postgresql']['max_wal_senders'] = 4
patroni['postgresql']['max_replication_slots'] = 4
patroni['postgresql']['max_wal_senders'] = 9
# Incoming recommended value for max connections is 500. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5691.
patroni['postgresql']['max_connections'] = 500
......@@ -593,6 +603,8 @@ in the second step, do not supply the `EXTERNAL_URL` value.
#
# Replace PGBOUNCER_PASSWORD_HASH with a generated md5 value
postgresql['pgbouncer_user_password'] = '<pgbouncer_password_hash>'
# Replace POSTGRESQL_REPLICATION_PASSWORD_HASH with a generated md5 value
postgresql['sql_replication_password'] = '<postgresql_replication_password_hash>'
# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
postgresql['sql_user_password'] = '<postgresql_password_hash>'
......@@ -632,21 +644,7 @@ are supported and can be added if needed.
#### PostgreSQL post-configuration
SSH in to the **primary node**:
1. Open a database prompt:
```shell
gitlab-psql -d gitlabhq_production
```
1. Make sure the `pg_trgm` extension is enabled (it might already be):
```shell
CREATE EXTENSION pg_trgm;
```
1. Exit the database prompt by typing `\q` and Enter.
SSH in to any of the Patroni nodes on the **primary site**:
1. Check the status of the leader and cluster:
......@@ -688,7 +686,7 @@ The following IPs will be used as an example:
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# Configure PgBouncer
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -705,7 +703,6 @@ The following IPs will be used as an example:
# Configure Consul agent
consul['watchers'] = %w(postgresql)
consul['enable'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
......@@ -837,8 +834,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -860,7 +857,6 @@ a node and change its status from primary to replica (and vice versa).
redis['maxmemory_samples'] = 5
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -872,6 +868,10 @@ a node and change its status from primary to replica (and vice versa).
# Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100'
redis_exporter['listen_address'] = '0.0.0.0:9121'
redis_exporter['flags'] = {
'redis.addr' => 'redis://10.6.0.51:6379',
'redis.password' => 'redis-password-goes-here',
}
# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false
......@@ -883,7 +883,7 @@ a node and change its status from primary to replica (and vice versa).
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
#### Configure the replica Redis Cache nodes
......@@ -896,8 +896,8 @@ You can specify multiple roles, like sentinel and Redis, as:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -926,7 +926,6 @@ You can specify multiple roles, like sentinel and Redis, as:
redis['maxmemory_samples'] = 5
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -938,6 +937,10 @@ You can specify multiple roles, like sentinel and Redis, as:
# Set the network addresses that the exporters will listen on
node_exporter['listen_address'] = '0.0.0.0:9100'
redis_exporter['listen_address'] = '0.0.0.0:9121'
redis_exporter['flags'] = {
'redis.addr' => 'redis://10.6.0.52:6379',
'redis.password' => 'redis-password-goes-here',
}
# Prevent database migrations from running on upgrade automatically
gitlab_rails['auto_migrate'] = false
......@@ -952,7 +955,7 @@ You can specify multiple roles, like sentinel and Redis, as:
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -994,7 +997,7 @@ To configure the Sentinel Cache server:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role']
roles(['redis_sentinel_role', 'consul_role'])
## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis-cache'
......@@ -1058,7 +1061,6 @@ To configure the Sentinel Cache server:
#sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1107,8 +1109,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -1124,7 +1126,6 @@ a node and change its status from primary to replica (and vice versa).
redis['password'] = 'REDIS_PRIMARY_PASSWORD_OF_SECOND_CLUSTER'
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1160,8 +1161,8 @@ You can specify multiple roles, like sentinel and Redis, as:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -1184,7 +1185,6 @@ You can specify multiple roles, like sentinel and Redis, as:
#redis['master_port'] = 6379
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1210,7 +1210,7 @@ You can specify multiple roles, like sentinel and Redis, as:
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -1252,7 +1252,7 @@ To configure the Sentinel Queues server:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role']
roles(['redis_sentinel_role', 'consul_role'])
## Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis-persistent'
......@@ -1316,7 +1316,6 @@ To configure the Sentinel Queues server:
#sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -1406,9 +1405,7 @@ in the second step, do not supply the `EXTERNAL_URL` value.
```ruby
# Disable all components except PostgreSQL and Consul
roles ['postgres_role']
repmgr['enable'] = false
patroni['enable'] = false
roles(['postgres_role', 'consul_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
......@@ -1418,7 +1415,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -2042,7 +2038,7 @@ On each node perform the following:
})
## Disable components that will not be on the GitLab application server
roles ['application_role']
roles(['application_role'])
gitaly['enable'] = false
nginx['enable'] = true
sidekiq['enable'] = false
......@@ -2263,7 +2259,7 @@ To configure the Monitoring node:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['monitoring_role']
roles(['monitoring_role', 'consul_role'])
external_url 'http://gitlab.example.com'
......@@ -2276,7 +2272,6 @@ To configure the Monitoring node:
grafana['disable_login_form'] = false
# Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
......
doc/administration/reference_architectures/5k_users.md
View file @ 2a0624b1
......@@ -467,8 +467,8 @@ a node and change its status from primary to replica (and vice versa).
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_master_role'
roles ['redis_master_role']
# Specify server role as 'redis_master_role' and enable Consul agent
roles(['redis_master_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -484,7 +484,6 @@ a node and change its status from primary to replica (and vice versa).
redis['password'] = 'redis-password-goes-here'
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -511,7 +510,7 @@ a node and change its status from primary to replica (and vice versa).
1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
You can list the current Redis Primary, Replica status via:
......@@ -546,8 +545,8 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
# Specify server role as 'redis_replica_role'
roles ['redis_replica_role']
# Specify server role as 'redis_replica_role' and enable Consul agent
roles(['redis_replica_role', 'consul_role'])
# IP address pointing to a local IP that the other machines can reach to.
# You can also set bind to '0.0.0.0' which listen in all interfaces.
......@@ -570,7 +569,6 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
#redis['master_port'] = 6379
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -599,7 +597,7 @@ run: redis-exporter: (pid 30075) 76861s; run: log: (pid 29674) 76896s
make sure to set up the IPs correctly.
You can specify multiple roles, like sentinel and Redis, as:
`roles ['redis_sentinel_role', 'redis_master_role']`. Read more about
`roles(['redis_sentinel_role', 'redis_master_role'])`. Read more about
[roles](https://docs.gitlab.com/omnibus/roles/).
These values don't have to be changed again in `/etc/gitlab/gitlab.rb` after
......@@ -641,7 +639,7 @@ To configure the Sentinel:
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['redis_sentinel_role', 'consul_role']
roles(['redis_sentinel_role', 'consul_role'])
# Must be the same in every sentinel node
redis['master_name'] = 'gitlab-redis'
......@@ -705,7 +703,6 @@ To configure the Sentinel:
# sentinel['failover_timeout'] = 60000
## Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
## The IPs of the Consul server nodes
......@@ -819,6 +816,15 @@ in the second step, do not supply the `EXTERNAL_URL` value.
sudo gitlab-ctl pg-password-md5 pgbouncer
```
1. Generate a password hash for the PostgreSQL replication username/password pair. This assumes you will use the default
username of `gitlab_replicator` (recommended). The command will request a password
and a confirmation. Use the value that is output by this command in the next step
as the value of `<postgresql_replication_password_hash>`:
```shell
sudo gitlab-ctl pg-password-md5 gitlab_replicator
```
1. Generate a password hash for the Consul database username/password pair. This assumes you will use the default
username of `gitlab-consul` (recommended). The command will request a password
and confirmation. Use the value that is output by this command in the next
......@@ -831,19 +837,21 @@ in the second step, do not supply the `EXTERNAL_URL` value.
1. On every database node, edit `/etc/gitlab/gitlab.rb` replacing values noted in the `# START user configuration` section:
```ruby
# Disable all components except PostgreSQL, Patroni, and Consul
roles ['postgres_role']
# Disable all components except Patroni and Consul
roles(['patroni_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
# Enable Patroni
patroni['enable'] = true
# Set `max_wal_senders` to one more than the number of database nodes in the cluster.
# Sets `max_replication_slots` to double the number of database nodes.
# Patroni uses one extra slot per node when initiating the replication.
patroni['postgresql']['max_replication_slots'] = 8
# Set `max_wal_senders` to one more than the number of replication slots in the cluster.
# This is used to prevent replication from using up all of the
# available database connections.
patroni['postgresql']['max_wal_senders'] = 4
patroni['postgresql']['max_replication_slots'] = 4
patroni['postgresql']['max_wal_senders'] = 9
# Incoming recommended value for max connections is 500. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5691.
patroni['postgresql']['max_connections'] = 500
......@@ -851,7 +859,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
consul['services'] = %w(postgresql)
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -861,6 +868,8 @@ in the second step, do not supply the `EXTERNAL_URL` value.
#
# Replace PGBOUNCER_PASSWORD_HASH with a generated md5 value
postgresql['pgbouncer_user_password'] = '<pgbouncer_password_hash>'
# Replace POSTGRESQL_REPLICATION_PASSWORD_HASH with a generated md5 value
postgresql['sql_replication_password'] = '<postgresql_replication_password_hash>'
# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
postgresql['sql_user_password'] = '<postgresql_password_hash>'
......@@ -900,21 +909,7 @@ are supported and can be added if needed.
#### PostgreSQL post-configuration
SSH in to the **primary node**:
1. Open a database prompt:
```shell
gitlab-psql -d gitlabhq_production
```
1. Enable the `pg_trgm` extension:
```shell
CREATE EXTENSION pg_trgm;
```
1. Exit the database prompt by typing `\q` and Enter.
SSH in to any of the Patroni nodes on the **primary site**:
1. Check the status of the leader and cluster:
......@@ -956,7 +951,7 @@ The following IPs will be used as an example:
```ruby
# Disable all components except Pgbouncer and Consul agent
roles ['pgbouncer_role']
roles(['pgbouncer_role'])
# Configure PgBouncer
pgbouncer['admin_users'] = %w(pgbouncer gitlab-consul)
......@@ -973,7 +968,6 @@ The following IPs will be used as an example:
# Configure Consul agent
consul['watchers'] = %w(postgresql)
consul['enable'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
......@@ -1104,9 +1098,7 @@ in the second step, do not supply the `EXTERNAL_URL` value.
```ruby
# Disable all components except PostgreSQL and Consul
roles ['postgres_role']
repmgr['enable'] = false
patroni['enable'] = false
roles(['postgres_role', 'consul_role'])
# PostgreSQL configuration
postgresql['listen_address'] = '0.0.0.0'
......@@ -1116,7 +1108,6 @@ in the second step, do not supply the `EXTERNAL_URL` value.
gitlab_rails['auto_migrate'] = false
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
......@@ -1747,7 +1738,7 @@ On each node perform the following:
})
## Disable components that will not be on the GitLab application server
roles ['application_role']
roles(['application_role'])
gitaly['enable'] = false
nginx['enable'] = true
sidekiq['enable'] = false
......@@ -1936,7 +1927,7 @@ running [Prometheus](../monitoring/prometheus/index.md) and
1. Edit `/etc/gitlab/gitlab.rb` and add the contents:
```ruby
roles ['monitoring_role']
roles(['monitoring_role', 'consul_role'])
external_url 'http://gitlab.example.com'
......@@ -1949,7 +1940,6 @@ running [Prometheus](../monitoring/prometheus/index.md) and
grafana['disable_login_form'] = false
# Enable service discovery for Prometheus
consul['enable'] = true
consul['monitoring_service_discovery'] = true
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7