Document that primary Geo nodes do not need SSH private keys

doc/gitlab-geo/configuration.md

@@ -62,15 +62,13 @@ logins opened on all nodes as we will be moving back and forth.
     sudo -i
     ```
 
-1. Added in GitLab 9.1: Execute the command below to define the node as primary Geo node:
+1. Execute the command below to define the node as primary Geo node:
 
     ```
     gitlab-ctl set-geo-primary-node
     ```
 
-    This command will use your defined `external_url` in `gitlab.rb` and pre-generated SSH key pairs.
-
-    Read more in [additional info for SSH key pairs](#additional-information-for-the-ssh-key-pairs).
+    This command will use your defined `external_url` in `gitlab.rb`
 
 ### Step 2. Updating the `known_hosts` file of the secondary nodes
 
@@ -282,29 +280,14 @@ Just omit the first step that sets up the primary node.
 
 ## Additional information for the SSH key pairs
 
-When adding a new Geo node, you must provide an SSH public key of the user that
-your GitLab instance runs on (unless changed, should be the user `git`). This
-user will act as a "normal user" who fetches from the primary Geo node.
-
-If for any reason you generate the key using a different name from the default
-`id_rsa`, or you want to generate an extra key only for the repository
-synchronization feature, you can do so, but you have to create/modify your
-`~/.ssh/config` (for the `git` user).
+When adding a new **secondary** Geo node, you must provide an SSH public key for
+the system user that your GitLab instance runs as (unless changed, should be the
+user `git`). This user will act as a "normal user" who fetches from the primary
+Geo node.
 
-This is an example on how to change the default key for all remote hosts:
-
-```bash
-Host *                              # Match all remote hosts
-  IdentityFile ~/.ssh/mycustom.key  # The location of your private key
-```
-
-This is how to change it for an specific host:
-
-```bash
-Host example.com                    # The FQDN of the primary Geo node
-  HostName example.com              # The FQDN of the primary Geo node
-  IdentityFile ~/.ssh/mycustom.key  # The location of your private key
-```
+Omnibus automatically generates `~git/.ssh/id_rsa` and `~git/.ssh/id_rsa.pub`
+files on secondary Geo nodes. Primaries do not need these files, and you should
+not create them manually.
 
 ### Upgrading Geo
 

doc/gitlab-geo/configuration_source.md

@@ -63,32 +63,12 @@ logins opened on all nodes as we will be moving back and forth.
     sudo -i
     ```
 
-1. (Source install only): Create a new SSH key pair for the primary node. Choose the default location
-   and leave the password blank by hitting 'Enter' three times:
+1. Add this node as the Geo primary by running:
 
     ```bash
-    sudo -u git -H ssh-keygen -b 4096 -C 'Primary GitLab Geo node'
+    bundle exec rake geo:set_primary_node
     ```
 
-    Read more in [additional info for SSH key pairs](#additional-information-for-the-ssh-key-pairs).
-
-1. Get the contents of `id_rsa.pub` for the git user:
-
-    ```
-    sudo -u git cat /home/git/.ssh/id_rsa.pub
-    ```
-
-1. Visit the primary node's **Admin Area ➔ Geo Nodes** (`/admin/geo_nodes`) in
-   your browser.
-
-1. Add the primary node by providing its full URL and the public SSH key
-   you created previously. Make sure to check the box 'This is a primary node'
-   when adding it.
-
-    ![Add new primary Geo node](img/geo_nodes_add_new.png)
-
-1. Click the **Add node** button.
-
 ### Step 2. Updating the `known_hosts` file of the secondary nodes
 
 1. SSH into the **secondary** node and login as root:
@@ -318,7 +298,7 @@ Point your users to the [after setup steps](after_setup.md).
 ## Adding another secondary Geo node
 
 To add another Geo node in an already Geo configured infrastructure, just follow
-[the steps starting form step 2](#step-2-updating-the-known_hosts-file-of-the-secondary-nodes).
+[the steps starting from step 2](#step-2-updating-the-known_hosts-file-of-the-secondary-nodes).
 Just omit the first step that sets up the primary node.
 
 ## Additional information for the SSH key pairs

doc/gitlab-geo/disaster-recovery.md

@@ -21,19 +21,25 @@ You must make the changes in the exact specific order:
 
 1. Take down your primary node (or make sure it will not go up during this
    process or you may lose data)
-2. Wait for any database replication to finish
-3. Promote the Postgres in your secondary node as primary
-4. Log-in to your secondary node with a user with `sudo` permission
-5. Open the interactive rails console: `sudo gitlab-rails console` and execute:
+1. Wait for any database replication to finish
+1. Promote the Postgres in your secondary node as primary
+1. Modify the `gitlab.rb` for both nodes to reflect their new statuses
+1. Log-in to your secondary node with a user with `sudo` permission
+1. **Remove** the Geo SSH client keys (this is very important!):
+
+    ```bash
+    sudo rm ~git/.ssh/id_rsa ~git/.ssh/id_rsa.pub
+    ```
+1. Open the interactive rails console: `sudo gitlab-rails console` and execute:
     * List your primary node and note down it's id:
 
         ```ruby
         Gitlab::Geo.primary_node
         ```
-    * Turn your primary into a secondary:
+    * Remove the old primary node:
 
         ```ruby
-        Gitlab::Geo.primary_node.update(primary: false)
+        Gitlab::Geo.primary_node.destroy
         ```
     * List your secondary nodes and note down the id of the one you want to promote:
 
@@ -51,12 +57,11 @@ You must make the changes in the exact specific order:
         Gitlab::Geo.primary_node.oauth_application.destroy!
         Gitlab::Geo.primary_node.system_hook.destroy!
         ```
-    * And refresh your old primary node to behave correctly as secondary (assuming id is `1`)
-
-        ```ruby
-        GeoNode.find(1).save!
-        ```
     * To exit the interactive console, type: `exit`
 
-6. Rsync everything in `/var/opt/gitlab/gitlab-rails/uploads` and
+1. Rsync everything in `/var/opt/gitlab/gitlab-rails/uploads` and
    `/var/opt/gitlab/gitlab-rails/shared` from your old node to the new one.
+
+To bring your old primary node back into use as a working secondary, you need to
+run `gitlab-ctl reconfigure` against the node and then follow the
+[setup instructions](README.md) again, as if for a secondary node, from step 3.