Merge branch 'bbodenmiller-master-patch-95043' into 'master'

Gitaly docs cleanup See merge request gitlab-org/gitlab!55297

Merge branch 'bbodenmiller-master-patch-95043' into 'master'
Gitaly docs cleanup See merge request gitlab-org/gitlab!55297
f920e2a2 · Evan Read · c485d2a0 · d9a03cf2 · f920e2a2
Commit f920e2a2 authored Mar 09, 2021 by Evan Read
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 6 deletions

doc/administration/gitaly/index.md doc/administration/gitaly/index.md +10 -6

No files found.
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -240,6 +240,7 @@ Method 2:
 ### Configure Gitaly servers

 On the Gitaly servers, you must configure storage paths and enable the network listener.
+The Gitaly server must be able to read, write, and set permissions on the configured path.

 If you want to reduce the risk of downtime when you enable authentication, you can temporarily
 disable enforcement. For more information, see the documentation on configuring
@@ -255,8 +256,6 @@ disable enforcement. For more information, see the documentation on configuring
   -->

   ```ruby
-   # /etc/gitlab/gitlab.rb
-
   # Avoid running unnecessary services on the Gitaly server
   postgresql['enable'] = false
   redis['enable'] = false
@@ -290,6 +289,10 @@ disable enforcement. For more information, see the documentation on configuring
   # Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from Gitaly client to Gitaly server.
   gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'

+   # Authentication token to ensure only authorized servers can communicate with
+   # Gitaly server
+   gitaly['auth_token'] = 'AUTH_TOKEN'
+
   # Make Gitaly accept connections on all network interfaces. You must use
   # firewalls to restrict access to this address/port.
   # Comment out following line if you only want to support TLS connections
@@ -392,10 +395,10 @@ if previously enabled manually.
 Gitaly makes the following assumptions:

 - Your `gitaly1.internal` Gitaly server can be reached at `gitaly1.internal:8075` from your Gitaly
-  clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/default` and
-  `/mnt/gitlab/storage1`.
+  clients, and that Gitaly server can read, write, and set permissions on `/var/opt/gitlab/git-data` and
+  `/mnt/gitlab/git-data`.
 - Your `gitaly2.internal` Gitaly server can be reached at `gitaly2.internal:8075` from your Gitaly
-  clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/storage2`.
+  clients, and that Gitaly server can read, write, and set permissions on `/srv/gitlab/git-data`.
 - Your `gitaly1.internal` and `gitaly2.internal` Gitaly servers can reach each other.

 You can't define Gitaly servers with some as a local Gitaly server
@@ -600,7 +603,8 @@ To configure Gitaly with TLS:
   ```

 1. Copy all Gitaly server certificates (or their certificate authority) to
-   `/etc/gitlab/trusted-certs` so that Gitaly servers trust the certificate when calling into themselves
+   `/etc/gitlab/trusted-certs` on all Gitaly servers and clients
+   so that Gitaly servers and clients trust the certificate when calling into themselves
   or other Gitaly servers:

   ```shell