documentation][pg-docs-runtime-conn] for more details.
for more details.
You may also want to edit the `wal_keep_segments` and `max_wal_senders` to
You may also want to edit the `wal_keep_segments` and `max_wal_senders` to
match your database replication requirements. Consult the [PostgreSQL - Replication documentation](https://www.postgresql.org/docs/9.6/static/runtime-config-replication.html)
match your database replication requirements. Consult the
for more information.
[PostgreSQL - Replication documentation][pg-docs-runtime-replication] for more information.
1. Set the access control on the primary to allow TCP connections using the
1. Set the access control on the primary to allow TCP connections using the
server's public IP and set the connection from the secondary to require a
server's public IP and set the connection from the secondary to require a
...
@@ -162,8 +164,7 @@ The following guide assumes that:
...
@@ -162,8 +164,7 @@ The following guide assumes that:
`/etc/postgresql/9.x/main/pg_hba.conf`):
`/etc/postgresql/9.x/main/pg_hba.conf`):
```bash
```bash
host all all 127.0.0.1/32 trust
host all all 1.2.3.4/32 md5
host all all 1.2.3.4/32 trust
host replication gitlab_replicator 5.6.7.8/32 md5
host replication gitlab_replicator 5.6.7.8/32 md5
```
```
...
@@ -173,8 +174,7 @@ The following guide assumes that:
...
@@ -173,8 +174,7 @@ The following guide assumes that:
The topology above assumes that the primary and secondary Geo clusters
The topology above assumes that the primary and secondary Geo clusters
are located in two separate locations, on their own virtual network
are located in two separate locations, on their own virtual network
...
@@ -21,7 +21,7 @@ The only external way to access the two Geo deployments is by HTTPS at
...
@@ -21,7 +21,7 @@ The only external way to access the two Geo deployments is by HTTPS at
`gitlab.us.example.com` and `gitlab.eu.example.com` in the example above.
`gitlab.us.example.com` and `gitlab.eu.example.com` in the example above.
> **Note:** The primary and secondary Geo deployments must be able to
> **Note:** The primary and secondary Geo deployments must be able to
> communicate to each other over HTTPS.
communicate to each other over HTTPS.
## Redis and PostgreSQL High Availability
## Redis and PostgreSQL High Availability
...
@@ -33,8 +33,7 @@ The two services will instead be configured such that
...
@@ -33,8 +33,7 @@ The two services will instead be configured such that
they will each run on a single machine.
they will each run on a single machine.
For more information about setting up a highly available PostgreSQL cluster and Redis cluster using the omnibus package see the high availability documentation for
For more information about setting up a highly available PostgreSQL cluster and Redis cluster using the omnibus package see the high availability documentation for
[PostgreSQL](../../high_availability/database.md) and
[PostgreSQL][postgresql-ha] and [Redis][redis-ha], respectively.
From these instructions you will need the following for the examples below:
From these instructions you will need the following for the examples below:
*`gitlab_rails['db_password']` for the PostgreSQL "DB password"
*`gitlab_rails['db_password']` for the PostgreSQL "DB password"
...
@@ -53,18 +52,18 @@ Make sure you have GitLab EE installed using the
...
@@ -53,18 +52,18 @@ Make sure you have GitLab EE installed using the
On the **primary** backend servers configure the following services:
On the **primary** backend servers configure the following services:
*[Redis](../../high_availability/redis.md) for high availability.
*[Redis][redis-ha] for high availability.
*[NFS Server](../../high_availability/nfs.md) for repository, LFS, and upload storage.
*[NFS Server][nfs-ha] for repository, LFS, and upload storage.
*[PostgreSQL](../../high_availability/database.md) for high availability.
*[PostgreSQL][postgresql-ha] for high availability.
On the **secondary** backend servers configure the following services:
On the **secondary** backend servers configure the following services:
*[Redis](../../high_availability/redis.md) for high availability.
*[Redis][redis-ha] for high availability.
*[NFS Server](../../high_availability/nfs.md) which will store data that is synchronized from the Geo primary.
*[NFS Server][nfs-ha] which will store data that is synchronized from the Geo primary.
### Step 2: Configure the Postgres services on the Geo Secondary
### Step 2: Configure the Postgres services on the Geo Secondary
1. Configure the [secondary Geo PostgreSQL database](database.md)
1. Configure the [secondary Geo PostgreSQL database][database]
as a read-only secondary of the primary Geo PostgreSQL database.
as a read-only secondary of the primary Geo PostgreSQL database.
1. Configure the Geo tracking database on the secondary server, to do this modify `/etc/gitlab/gitlab.rb`:
1. Configure the Geo tracking database on the secondary server, to do this modify `/etc/gitlab/gitlab.rb`:
...
@@ -82,7 +81,7 @@ On the **secondary** backend servers configure the following services:
...
@@ -82,7 +81,7 @@ On the **secondary** backend servers configure the following services:
NOTE: **Note:**
NOTE: **Note:**
Be sure that other non-postgresql services are disabled by setting `enable` to `false` in
Be sure that other non-postgresql services are disabled by setting `enable` to `false` in
the [gitlab.rb configuration](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template).
the [gitlab.rb configuration][gitlab-rb-template].
After making these changes be sure to run `sudo gitlab-ctl reconfigure` so that they take effect.
After making these changes be sure to run `sudo gitlab-ctl reconfigure` so that they take effect.
...
@@ -91,7 +90,7 @@ After making these changes be sure to run `sudo gitlab-ctl reconfigure` so that
...
@@ -91,7 +90,7 @@ After making these changes be sure to run `sudo gitlab-ctl reconfigure` so that
In this topology there will need to be a load balancers at each geographical location
In this topology there will need to be a load balancers at each geographical location
to route traffic to the application servers.
to route traffic to the application servers.
See the [Load Balancer for GitLab HA](../../high_availability/load_balancer.md)
See the [Load Balancer for GitLab HA][load-balancer-ha]
documentation for more information.
documentation for more information.
### Step 4: Configure the Geo Frontend Application Servers
### Step 4: Configure the Geo Frontend Application Servers
...
@@ -130,7 +129,8 @@ the addresses of the remote endpoints for PostgreSQL and Redis will need to be s
...
@@ -130,7 +129,8 @@ the addresses of the remote endpoints for PostgreSQL and Redis will need to be s
On the secondary the remote endpoint for the PostgreSQL Geo database will
On the secondary the remote endpoint for the PostgreSQL Geo database will
be specified.
be specified.
1. Edit `/etc/gitlab/gitlab.rb` and ensure the following to disable PostgreSQL and Redis from running locally. Configure the secondary to connect to the Geo tracking database.
1. Edit `/etc/gitlab/gitlab.rb` and ensure the following to disable PostgreSQL and
Redis from running locally. Configure the secondary to connect to the Geo tracking database.
```ruby
```ruby
...
@@ -164,7 +164,7 @@ be specified.
...
@@ -164,7 +164,7 @@ be specified.
```
```
After making these changes [Reconfigure GitLab][] so that they take effect.
After making these changes [Reconfigure GitLab][gitlab-reconfigure] so that they take effect.
On the primary the following GitLab frontend services will be enabled:
On the primary the following GitLab frontend services will be enabled:
...
@@ -192,5 +192,11 @@ On the secondary the following GitLab frontend services will be enabled:
...
@@ -192,5 +192,11 @@ On the secondary the following GitLab frontend services will be enabled:
Verify these services by running `sudo gitlab-ctl status` on the frontend
Verify these services by running `sudo gitlab-ctl status` on the frontend
@@ -143,18 +142,16 @@ If you installed GitLab using the Omnibus packages (highly recommended):
...
@@ -143,18 +142,16 @@ If you installed GitLab using the Omnibus packages (highly recommended):
1.[Install GitLab Enterprise Edition][install-ee] on the server that will serve
1.[Install GitLab Enterprise Edition][install-ee] on the server that will serve
as the **secondary** Geo node. Do not create an account or login to the new
as the **secondary** Geo node. Do not create an account or login to the new
secondary node.
secondary node.
1.[Upload the GitLab License](../../../user/admin_area/license.md) on the **primary**
1.[Upload the GitLab License][upload-license] on the **primary**
Geo node to unlock Geo.
Geo node to unlock Geo.
1.[Setup the database replication](database.md)(`primary(read-write)<->
1.[Setup the database replication][database] (`primary (read-write) <->
secondary (read-only)` topology).
secondary (read-only)` topology).
1. [Configure fast lookup of authorized SSH keys in the database](../../operations/fast_ssh_key_lookup.md),
1.[Configure fast lookup of authorized SSH keys in the database][fast-ssh-lookup],
this step is required and needs to be done on both the primary AND secondary nodes.
this step is required and needs to be done on both the primary AND secondary nodes.
1. [Configure GitLab](configuration.md) to set the primary and secondary nodes.
1.[Configure GitLab][configuration] to set the primary and secondary nodes.
1. Optional: [Configure a secondary LDAP server](../../auth/ldap.md)
1. Optional: [Configure a secondary LDAP server][config-ldap]
for the secondary. See [notes on LDAP](#ldap).
for the secondary. See [notes on LDAP](#ldap).
1. [Follow the "Using a Geo Server" guide](using_a_geo_server.md).
1.[Follow the "Using a Geo Server" guide][using-geo].
[install-ee]: https://about.gitlab.com/downloads-ee/ "GitLab Enterprise Edition Omnibus packages downloads page"
### Using GitLab installed from source
### Using GitLab installed from source
...
@@ -163,50 +160,60 @@ If you installed GitLab from source:
...
@@ -163,50 +160,60 @@ If you installed GitLab from source:
1.[Install GitLab Enterprise Edition][install-ee-source] on the server that
1.[Install GitLab Enterprise Edition][install-ee-source] on the server that
will serve as the **secondary** Geo node. Do not create an account or login
will serve as the **secondary** Geo node. Do not create an account or login
to the new secondary node.
to the new secondary node.
1. [Upload the GitLab License](../../../user/admin_area/license.md) on the **primary**
1.[Upload the GitLab License][upload-license] on the **primary**
Geo node to unlock Geo.
Geo node to unlock Geo.
1. [Setup the database replication](database_source.md) (`primary (read-write)
1.[Setup the database replication][database-source] (`primary (read-write)
<-> secondary (read-only)` topology).
<-> secondary (read-only)` topology).
1. [Configure fast lookup of authorized SSH keys in the database](../../operations/fast_ssh_key_lookup.md),
1.[Configure fast lookup of authorized SSH keys in the database][fast-ssh-lookup],
do this step for both primary AND secondary nodes.
do this step for both primary AND secondary nodes.
1. [Configure GitLab](configuration_source.md) to set the primary and secondary
1.[Configure GitLab][configuration-source] to set the primary and secondary
nodes.
nodes.
1. [Follow the "Using a Geo Server" guide](using_a_geo_server.md).
1.[Follow the "Using a Geo Server" guide][using-geo].
[install-ee-source]: https://docs.gitlab.com/ee/install/installation.html "GitLab Enterprise Edition installation from source"
## Configuring Geo
## Configuring Geo
Read through the [Geo configuration](configuration.md) documentation.
Read through the [Geo configuration][configuration] documentation.
## Updating the Geo nodes
## Updating the Geo nodes
Read how to [update your Geo nodes to the latest GitLab version](updating_the_geo_nodes.md).
Read how to [update your Geo nodes to the latest GitLab version][updating-geo].
## Configuring Geo HA
## Configuring Geo HA
Read through the [Geo High Availability documentation](high_availability.md).
Read through the [Geo High Availability documentation][ha].
## Configuring Geo with Object storage
## Configuring Geo with Object storage
When you have object storage enabled, please consult the
When you have object storage enabled, please consult the
[Geo with Object Storage](object_storage.md) documentation.
[Geo with Object Storage][object-storage] documentation.
## Replicating the Container Registry
## Disaster Recovery
Read how to [replicate the Container Registry](docker_registry.md).
Read through the [Disaster Recovery documentation][disaster-recovery] how to use Geo to mitigate data-loss and
restore services in a disaster scenario.
### Replicating the Container Registry
Read how to [replicate the Container Registry][docker-registry].
## Current limitations
## Current limitations
- You cannot push code to secondary nodes, see [3912](https://gitlab.com/gitlab-org/gitlab-ee/issues/3912) for details.
> **IMPORTANT**: This list of limitations tracks only the latest version. If you are in an older version,
extra limitations may be in place.
- You cannot push code to secondary nodes, see [gitlab-org/gitlab-ee#3912] for details.
- The primary node has to be online for OAuth login to happen (existing sessions and Git are not affected)
- The primary node has to be online for OAuth login to happen (existing sessions and Git are not affected)
- It works for repos, wikis, issues, and merge requests, but it does not work for job logs, artifacts, GitLab Pages, and Docker images of the Container
- It works for repos, wikis, issues, merge requests, file attachments, artifacts and job logs but it does not work for,
Registry (by default, but you can configure it separately, see [replicate the Container Registry](docker_registry.md) for details)
GitLab Pages, and Docker images of the Container Registry (by default, but you can configure it separately,
- The installation takes multiple manual steps that together can take about an hour depending on circumstances; we are working on improving this experience, see [#2978](https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2978) for details.
see [replicate the Container Registry][docker-registry] for details).
- The installation takes multiple manual steps that together can take about an hour depending on circumstances; we are
working on improving this experience, see [gitlab-org/omnibus-gitlab#2978] for details.
- Real-time updates of issues/merge requests (e.g. via long polling) doesn't work on the secondary
- Broadcast messages set on the primary won't be seen on the secondary without a cache flush (e.g. gitlab-rake cache:clear)
## Frequently Asked Questions
## Frequently Asked Questions
Read more in the [Geo FAQ](faq.md).
Read more in the [Geo FAQ][faq].
## Log files
## Log files
...
@@ -225,16 +232,39 @@ This message shows that Geo detected that a repository update was needed for pro
...
@@ -225,16 +232,39 @@ This message shows that Geo detected that a repository update was needed for pro
## Security of Geo
## Security of Geo
Read the [security review](security_review.md) page.
Read the [security review][security-review] page.
## Tuning Geo
## Tuning Geo
Read the [Geo tuning](tuning.md) documentation.
Read the [Geo tuning][tunning] documentation.
## Troubleshooting
## Troubleshooting
Read the [troubleshooting document](troubleshooting.md).
Read the [troubleshooting document][troubleshooting].
@@ -66,7 +66,7 @@ be set on the primary database. In GitLab 9.4, we have made this setting
...
@@ -66,7 +66,7 @@ be set on the primary database. In GitLab 9.4, we have made this setting
default to 1. You may need to increase this value if you have more Geo
default to 1. You may need to increase this value if you have more Geo
secondary nodes. Be sure to restart PostgreSQL for this to take
secondary nodes. Be sure to restart PostgreSQL for this to take
effect. See the [PostgreSQL replication
effect. See the [PostgreSQL replication
setup](database.md#postgresql-replication) guide for more details.
setup][database-pg-replication] guide for more details.
#### How do I fix the message, "FATAL: could not start WAL streaming: ERROR: replication slot "geo_secondary_my_domain_com" does not exist"?
#### How do I fix the message, "FATAL: could not start WAL streaming: ERROR: replication slot "geo_secondary_my_domain_com" does not exist"?
...
@@ -76,8 +76,8 @@ process](database.md) on the secondary.
...
@@ -76,8 +76,8 @@ process](database.md) on the secondary.
#### How do I fix the message, "Command exceeded allowed execution time" when setting up replication?
#### How do I fix the message, "Command exceeded allowed execution time" when setting up replication?
This may happen while [initiating the replication process](database.md#step-4-initiate-the-replication-process) on the Geo secondary, and indicates that your
This may happen while [initiating the replication process][database-start-replication] on the Geo secondary,
initial dataset is too large to be replicated in the default timeout (30 minutes).
and indicates that your initial dataset is too large to be replicated in the default timeout (30 minutes).
Re-run `gitlab-ctl replicate-geo-database`, but include a larger value for
Re-run `gitlab-ctl replicate-geo-database`, but include a larger value for
`--backup-timeout`:
`--backup-timeout`:
...
@@ -91,8 +91,8 @@ the default thirty minutes. Adjust as required for your installation.
...
@@ -91,8 +91,8 @@ the default thirty minutes. Adjust as required for your installation.
#### How do I fix the message, "PANIC: could not write to file 'pg_xlog/xlogtemp.123': No space left on device"
#### How do I fix the message, "PANIC: could not write to file 'pg_xlog/xlogtemp.123': No space left on device"
Determine if you have any unused replication slots in the primary database. This can cause large amounts of log data to build up in `pg_xlog`.
Determine if you have any unused replication slots in the primary database. This can cause large amounts of
Removing the unused slots can reduce the amount of space used in the `pg_xlog`.
log data to build up in `pg_xlog`. Removing the unused slots can reduce the amount of space used in the `pg_xlog`.
1. Start a PostgreSQL console session:
1. Start a PostgreSQL console session:
...
@@ -100,7 +100,8 @@ Removing the unused slots can reduce the amount of space used in the `pg_xlog`.
...
@@ -100,7 +100,8 @@ Removing the unused slots can reduce the amount of space used in the `pg_xlog`.
sudo gitlab-psql gitlabhq_production
sudo gitlab-psql gitlabhq_production
```
```
Note that using `gitlab-rails dbconsole` will not work, because managing replication slots requires superuser permissions.
> Note that using `gitlab-rails dbconsole` will not work, because managing replication slots requires
superuser permissions.
2. View your replication slots with
2. View your replication slots with
...
@@ -111,9 +112,10 @@ Removing the unused slots can reduce the amount of space used in the `pg_xlog`.
...
@@ -111,9 +112,10 @@ Removing the unused slots can reduce the amount of space used in the `pg_xlog`.
Slots where `active` is `f` are not active.
Slots where `active` is `f` are not active.
- When this slot should be active, because you have a secondary configured using that slot,
- When this slot should be active, because you have a secondary configured using that slot,
log in to that secondary and check the PostgreSQL logs why the replication is not running.
log in to that secondary and check the PostgreSQL logs why the replication is not running.
- If you are no longer using the slot (e.g. you no longer have Geo enabled), you can remove it with in the PostgreSQL console session:
- If you are no longer using the slot (e.g. you no longer have Geo enabled), you can remove it with in the