@@ -228,7 +236,7 @@ will not be able to perform all necessary configuration steps. Refer to
...
@@ -228,7 +236,7 @@ will not be able to perform all necessary configuration steps. Refer to
for more information.
for more information.
1. Check to make sure your firewall rules are set so that the secondary nodes
1. Check to make sure your firewall rules are set so that the secondary nodes
can access port 5432 on the primary node.
can access port `5432` on the primary node.
1. Save the file and [reconfigure GitLab][] for the DB listen changes to take effect.
1. Save the file and [reconfigure GitLab][] for the DB listen changes to take effect.
This will fail and is expected.
This will fail and is expected.
1. You will need to manually restart postgres `gitlab-ctl restart postgresql` until [Omnibus#2797](https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2797) gets fixed.
1. You will need to manually restart postgres `gitlab-ctl restart postgresql` until [Omnibus#2797](https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2797) gets fixed.
...
@@ -236,8 +244,8 @@ will not be able to perform all necessary configuration steps. Refer to
...
@@ -236,8 +244,8 @@ will not be able to perform all necessary configuration steps. Refer to
1. New for 9.4: Restart your primary PostgreSQL server to ensure the replication slot changes
1. New for 9.4: Restart your primary PostgreSQL server to ensure the replication slot changes
take effect (`sudo gitlab-ctl restart postgresql` for Omnibus-provided PostgreSQL).
take effect (`sudo gitlab-ctl restart postgresql` for Omnibus-provided PostgreSQL).
1. Now that the PostgreSQL server is set up to accept remote connections, run
1. Now that the PostgreSQL server is set up to accept remote connections, run
`netstat -plnt` to make sure that PostgreSQL is listening to the server's
`netstat -plnt` to make sure that PostgreSQL is listening on port `5432` to
public IP.
the server's public IP.
### Step 2. Add the secondary GitLab node
### Step 2. Add the secondary GitLab node
...
@@ -263,24 +271,26 @@ primary before the database is replicated.
...
@@ -263,24 +271,26 @@ primary before the database is replicated.
```
```
1. Set up PostgreSQL TLS verification on the secondary
1. Set up PostgreSQL TLS verification on the secondary
If you configured PostgreSQL to accept TLS connections in
If you configured PostgreSQL to accept TLS connections in
[Step 1](#step-1-configure-the-primary-server), then you need to provide a
[Step 1](#step-1-configure-the-primary-server), then you need to provide a
list of "known-good" certificates to the secondary. It uses this list to
list of "known-good" certificates to the secondary. It uses this list to
keep the connection secure against an active "man-in-the-middle" attack.
keep the connection secure against an active "man-in-the-middle" attack.
If you reused your existing certificates on the primary, you can use the
If you reused your existing certificates on the primary, you can use the
list of valid root certificates provided with omnibus:
list of valid root certificates provided with omnibus.
Or, if you generated a self-signed certificate, copy the generated
`server.crt` file onto the secondary server from the primary, then install