Standalone PostgreSQL using Omnibus GitLab (CORE ONLY)
If you wish to have your database service hosted separately from your GitLab application servers, you can do this using the PostgreSQL binaries packaged together with Omnibus GitLab. This is recommended as part of our reference architecture for up to 2,000 users.
Setting it up
-
SSH in to the PostgreSQL server.
-
Download and install the Omnibus GitLab package you want using steps 1 and 2 from the GitLab downloads page.
- Do not complete any other steps on the download page.
-
Generate a password hash for PostgreSQL. This assumes you will use the default username of
gitlab
(recommended). The command will request a password and confirmation. Use the value that is output by this command in the next step as the value ofPOSTGRESQL_PASSWORD_HASH
.sudo gitlab-ctl pg-password-md5 gitlab
-
Edit
/etc/gitlab/gitlab.rb
and add the contents below, updating placeholder values appropriately.-
POSTGRESQL_PASSWORD_HASH
- The value output from the previous step -
APPLICATION_SERVER_IP_BLOCKS
- A space delimited list of IP subnets or IP addresses of the GitLab application servers that will connect to the database. Example:%w(123.123.123.123/32 123.123.123.234/32)
# Disable all components except PostgreSQL roles ['postgres_role'] repmgr['enable'] = false consul['enable'] = false prometheus['enable'] = false alertmanager['enable'] = false pgbouncer_exporter['enable'] = false redis_exporter['enable'] = false gitlab_exporter['enable'] = false postgresql['listen_address'] = '0.0.0.0' postgresql['port'] = 5432 # Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value postgresql['sql_user_password'] = 'POSTGRESQL_PASSWORD_HASH' # Replace XXX.XXX.XXX.XXX/YY with Network Address # ???? postgresql['trust_auth_cidr_addresses'] = %w(APPLICATION_SERVER_IP_BLOCKS) # Disable automatic database migrations gitlab_rails['auto_migrate'] = false
NOTE: The role
postgres_role
was introduced with GitLab 10.3 -
-
Reconfigure GitLab for the changes to take effect.
-
Note the PostgreSQL node's IP address or hostname, port, and plain text password. These will be necessary when configuring the GitLab application servers later.
Advanced configuration options are supported and can be added if needed.