Skip to content

G
gitlab-ce
Commit e5c472c1 authored by Nick Thomas's avatar Nick Thomas
Browse files
Options

Clarify firewall test and fix postgresql test command

parent 867d4a27
Show whitespace changes
Inline Side-by-side
Showing with 19 additions and 15 deletions
doc/gitlab-geo/database.md
View file @ e5c472c1
...@@ -223,9 +223,6 @@ will not be able to perform all necessary configuration steps. Refer to ...@@ -223,9 +223,6 @@ will not be able to perform all necessary configuration steps. Refer to
match your database replication requirements. Consult the [PostgreSQL - Replication documentation](https://www.postgresql.org/docs/9.6/static/runtime-config-replication.html) match your database replication requirements. Consult the [PostgreSQL - Replication documentation](https://www.postgresql.org/docs/9.6/static/runtime-config-replication.html)
for more information. for more information.
1. Check to make sure your firewall rules are set so that the secondary nodes
can access port `5432` on the primary node.
1. Save the file and [reconfigure GitLab][] for the database listen changes to 1. Save the file and [reconfigure GitLab][] for the database listen changes to
take effect. take effect.
...@@ -319,18 +316,23 @@ primary before the database is replicated. ...@@ -319,18 +316,23 @@ primary before the database is replicated.
1. Test that the remote connection to the primary server works. 1. Test that the remote connection to the primary server works.
``` ```
# Certificate and key currently used by GitLab # Certificate and key currently used by GitLab, and connecting by FQDN
sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h primary.geo.example.com -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-ca" -W sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h primary.geo.example.com -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-full" -W
# Self-signed certificate and key # Self-signed certificate and key, or connecting by IP address
sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h 1.2.3.4 -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-full" -W sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h 1.2.3.4 -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-ca" -W
``` ```
When prompted enter the password you set in the first step for the When prompted enter the password you set in the first step for the
`gitlab_replicator` user. If all worked correctly, you should see the `gitlab_replicator` user. If all worked correctly, you should see the
database prompt. database prompt.
A failure to connect here indicates that the TLS or networking configuration
is incorrect. Ensure that you've used the correct certificates and IP
addresses / FQDNs throughout. If you have a firewall, ensure that the
secondary is permitted to access the primary on port 5432.
1. Exit the PostgreSQL console: 1. Exit the PostgreSQL console:
``` ```
...@@ -391,10 +393,10 @@ data before running `pg_basebackup`. ...@@ -391,10 +393,10 @@ data before running `pg_basebackup`.
1. Execute the command below to start a backup/restore and begin the replication: 1. Execute the command below to start a backup/restore and begin the replication:
``` ```
# Certificate and key currently used by GitLab # Certificate and key currently used by GitLab, and connecting by FQDN
gitlab-ctl replicate-geo-database --host=primary.geo.example.com --slot-name=secondary_example gitlab-ctl replicate-geo-database --host=primary.geo.example.com --slot-name=secondary_example
# Self-signed certificate and key # Self-signed certificate and key, or connecting by IP
gitlab-ctl replicate-geo-database --host=1.2.3.4 --slot-name=secondary_example --sslmode=verify-ca gitlab-ctl replicate-geo-database --host=1.2.3.4 --slot-name=secondary_example --sslmode=verify-ca
``` ```
......
doc/gitlab-geo/database_source.md
View file @ e5c472c1
...@@ -270,22 +270,24 @@ primary before the database is replicated. ...@@ -270,22 +270,24 @@ primary before the database is replicated.
1. Test that the remote connection to the primary server works: 1. Test that the remote connection to the primary server works:
If you're using a CA-issued certificate and connecting by FQDN:
``` ```
# Certificate and key currently used by GitLab, and connecting by FQDN
sudo -u postgres psql -h primary.geo.example.com -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-ca" -W sudo -u postgres psql -h primary.geo.example.com -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-ca" -W
```
If you're using a self-signed certificate or connecting by IP address:
``` # Self-signed certificate and key, or connecting by IP address
sudo -u postgres psql -h 1.2.3.4 -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-full" -W sudo -u postgres psql -h 1.2.3.4 -U gitlab_replicator -d "dbname=gitlabhq_production sslmode=verify-ca" -W
``` ```
When prompted enter the password you set in the first step for the When prompted enter the password you set in the first step for the
`gitlab_replicator` user. If all worked correctly, you should see the `gitlab_replicator` user. If all worked correctly, you should see the
database prompt. database prompt.
A failure to connect here indicates that the TLS or networking configuration
is incorrect. Ensure that you've used the correct certificates and IP
addresses / FQDNs throughout. If you have a firewall, ensure that the
secondary is permitted to access the primary on port 5432.
1. Exit the PostgreSQL console: 1. Exit the PostgreSQL console:
``` ```
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7