Commit 8db0efc8 authored by Nick Thomas's avatar Nick Thomas

Document that primary Geo nodes do not need SSH private keys

parent fed8ebc8
......@@ -62,15 +62,13 @@ logins opened on all nodes as we will be moving back and forth.
sudo -i
```
1. Added in GitLab 9.1: Execute the command below to define the node as primary Geo node:
1. Execute the command below to define the node as primary Geo node:
```
gitlab-ctl set-geo-primary-node
```
This command will use your defined `external_url` in `gitlab.rb` and pre-generated SSH key pairs.
Read more in [additional info for SSH key pairs](#additional-information-for-the-ssh-key-pairs).
This command will use your defined `external_url` in `gitlab.rb`
### Step 2. Updating the `known_hosts` file of the secondary nodes
......@@ -282,29 +280,14 @@ Just omit the first step that sets up the primary node.
## Additional information for the SSH key pairs
When adding a new Geo node, you must provide an SSH public key of the user that
your GitLab instance runs on (unless changed, should be the user `git`). This
user will act as a "normal user" who fetches from the primary Geo node.
If for any reason you generate the key using a different name from the default
`id_rsa`, or you want to generate an extra key only for the repository
synchronization feature, you can do so, but you have to create/modify your
`~/.ssh/config` (for the `git` user).
When adding a new **secondary** Geo node, you must provide an SSH public key for
the system user that your GitLab instance runs as (unless changed, should be the
user `git`). This user will act as a "normal user" who fetches from the primary
Geo node.
This is an example on how to change the default key for all remote hosts:
```bash
Host * # Match all remote hosts
IdentityFile ~/.ssh/mycustom.key # The location of your private key
```
This is how to change it for an specific host:
```bash
Host example.com # The FQDN of the primary Geo node
HostName example.com # The FQDN of the primary Geo node
IdentityFile ~/.ssh/mycustom.key # The location of your private key
```
Omnibus automatically generates `~git/.ssh/id_rsa` and `~git/.ssh/id_rsa.pub`
files on secondary Geo nodes. Primaries do not need these files, and you should
not create them manually.
### Upgrading Geo
......
......@@ -63,32 +63,12 @@ logins opened on all nodes as we will be moving back and forth.
sudo -i
```
1. (Source install only): Create a new SSH key pair for the primary node. Choose the default location
and leave the password blank by hitting 'Enter' three times:
1. Add this node as the Geo primary by running:
```bash
sudo -u git -H ssh-keygen -b 4096 -C 'Primary GitLab Geo node'
bundle exec rake geo:set_primary_node
```
Read more in [additional info for SSH key pairs](#additional-information-for-the-ssh-key-pairs).
1. Get the contents of `id_rsa.pub` for the git user:
```
sudo -u git cat /home/git/.ssh/id_rsa.pub
```
1. Visit the primary node's **Admin Area ➔ Geo Nodes** (`/admin/geo_nodes`) in
your browser.
1. Add the primary node by providing its full URL and the public SSH key
you created previously. Make sure to check the box 'This is a primary node'
when adding it.
![Add new primary Geo node](img/geo_nodes_add_new.png)
1. Click the **Add node** button.
### Step 2. Updating the `known_hosts` file of the secondary nodes
1. SSH into the **secondary** node and login as root:
......@@ -318,7 +298,7 @@ Point your users to the [after setup steps](after_setup.md).
## Adding another secondary Geo node
To add another Geo node in an already Geo configured infrastructure, just follow
[the steps starting form step 2](#step-2-updating-the-known_hosts-file-of-the-secondary-nodes).
[the steps starting from step 2](#step-2-updating-the-known_hosts-file-of-the-secondary-nodes).
Just omit the first step that sets up the primary node.
## Additional information for the SSH key pairs
......
......@@ -21,19 +21,25 @@ You must make the changes in the exact specific order:
1. Take down your primary node (or make sure it will not go up during this
process or you may lose data)
2. Wait for any database replication to finish
3. Promote the Postgres in your secondary node as primary
4. Log-in to your secondary node with a user with `sudo` permission
5. Open the interactive rails console: `sudo gitlab-rails console` and execute:
1. Wait for any database replication to finish
1. Promote the Postgres in your secondary node as primary
1. Modify the `gitlab.rb` for both nodes to reflect their new statuses
1. Log-in to your secondary node with a user with `sudo` permission
1. **Remove** the Geo SSH client keys (this is very important!):
```bash
sudo rm ~git/.ssh/id_rsa ~git/.ssh/id_rsa.pub
```
1. Open the interactive rails console: `sudo gitlab-rails console` and execute:
* List your primary node and note down it's id:
```ruby
Gitlab::Geo.primary_node
```
* Turn your primary into a secondary:
* Remove the old primary node:
```ruby
Gitlab::Geo.primary_node.update(primary: false)
Gitlab::Geo.primary_node.destroy
```
* List your secondary nodes and note down the id of the one you want to promote:
......@@ -51,12 +57,11 @@ You must make the changes in the exact specific order:
Gitlab::Geo.primary_node.oauth_application.destroy!
Gitlab::Geo.primary_node.system_hook.destroy!
```
* And refresh your old primary node to behave correctly as secondary (assuming id is `1`)
```ruby
GeoNode.find(1).save!
```
* To exit the interactive console, type: `exit`
6. Rsync everything in `/var/opt/gitlab/gitlab-rails/uploads` and
1. Rsync everything in `/var/opt/gitlab/gitlab-rails/uploads` and
`/var/opt/gitlab/gitlab-rails/shared` from your old node to the new one.
To bring your old primary node back into use as a working secondary, you need to
run `gitlab-ctl reconfigure` against the node and then follow the
[setup instructions](README.md) again, as if for a secondary node, from step 3.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment