Geo: Clarify Geo HA documentation
Summary
The Geo HA documentation could use some clarification. The required database settings are unclear.
We had a customer who was unsure of the correct settings for using postgresql['sql_user_password']
instead of postgresql['trust_auth_cidr_addresses']
.
My thoughts on the correct settings:
- All rails/application nodes need to have
gitlab_rails['db_password']
set. This should be plain text ofpostgresql['sql_user_password']
. - The primary PostgreSQL nodes should have
postgresql['sql_user_password']
set as the hash. They should also havepostgresql['md5_auth_cidr_addresses']
set containing the CIDRs for all primary rails/application nodes as well as all secondary PostgreSQL nodes. - The secondary Postgresql nodes should have
postgresql['sql_user_password']
set as the hash. They should also havepostgresql['md5_auth_cidr_addresses']
set containing the CIDRs for all secondary rails/application nodes. -
postgresql['trust_auth_cidr_addresses']
should be removed from all PostgreSQL nodes.
Edited by Andreas Kämmerle