Skip to content
Snippets Groups Projects
Verified Commit a4fa027f authored by Adam Mulvany's avatar Adam Mulvany Committed by GitLab
Browse files

Apply 1 suggestion(s) to 1 file(s)

parent 952cb320
No related branches found
No related tags found
1 merge request!149195Highlight differences between geo db passwords
......@@ -148,8 +148,8 @@ You can run the Geo tracking database on a single node as follows:
```shell
gitlab-ctl pg-password-md5 gitlab_geo
# Enter password: <your_password_here>
# Confirm password: <your_password_here>
# Enter password: <your_tracking_db_password_here>
# Confirm password: <your_tracking_db_password_here>
# fca0b89a972d69f00eb3ec98a5838484
```
......
......@@ -103,8 +103,8 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
```shell
gitlab-ctl pg-password-md5 gitlab
# Enter password: <your_password_here>
# Confirm password: <your_password_here>
# Enter password: <your_db_password_here>
# Confirm password: <your_db_password_here>
# fca0b89a972d69f00eb3ec98a5838484
```
......@@ -112,12 +112,12 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
```ruby
# Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab`
postgresql['sql_user_password'] = '<md5_hash_of_your_password>'
postgresql['sql_user_password'] = '<md5_hash_of_your_db_password>'
# Every node that runs Puma or Sidekiq needs to have the database
# password specified as below. If you have a high-availability setup, this
# must be present in all application nodes.
gitlab_rails['db_password'] = '<your_password_here>'
gitlab_rails['db_password'] = '<your_db_password_here>'
```
1. Define a password for the database [replication user](https://wiki.postgresql.org/wiki/Streaming_Replication).
......@@ -130,8 +130,8 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
```shell
gitlab-ctl pg-password-md5 gitlab_replicator
# Enter password: <your_password_here>
# Confirm password: <your_password_here>
# Enter password: <your_replication_password_here>
# Confirm password: <your_replication_password_here>
# 950233c0dfc2f39c64cf30457c3b7f1e
```
......@@ -139,7 +139,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
```ruby
# Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab_replicator`
postgresql['sql_replication_password'] = '<md5_hash_of_your_password>'
postgresql['sql_replication_password'] = '<md5_hash_of_your_replication_password>'
```
If you are using an external database not managed by your Linux package installation, you need
......@@ -432,9 +432,9 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
## Database credentials password (defined previously in primary site)
## - replicate same values here as defined in primary site
##
postgresql['sql_replication_password'] = '<md5_hash_of_your_password>'
postgresql['sql_user_password'] = '<md5_hash_of_your_password>'
gitlab_rails['db_password'] = '<your_password_here>'
postgresql['sql_replication_password'] = '<md5_hash_of_your_replication_password>'
postgresql['sql_user_password'] = '<md5_hash_of_your_db_password>'
gitlab_rails['db_password'] = '<your_db_password_here>'
```
For external PostgreSQL instances, see [additional instructions](external_database.md).
......@@ -557,8 +557,8 @@ On the GitLab Geo **primary** site:
```shell
sudo gitlab-ctl pg-password-md5 gitlab_replicator
# Enter password: <your_password_here>
# Confirm password: <your_password_here>
# Enter password: <your_replication_password_here>
# Confirm password: <your_replication_password_here>
# 950233c0dfc2f39c64cf30457c3b7f1e
```
......@@ -566,7 +566,7 @@ On the GitLab Geo **primary** site:
```ruby
# Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab_replicator`
postgresql['sql_replication_password'] = '<md5_hash_of_your_password>'
postgresql['sql_replication_password'] = '<md5_hash_of_your_replication_password>'
```
1. Save the file and reconfigure GitLab to change the replication user's password in PostgreSQL:
......@@ -598,7 +598,7 @@ On all GitLab Geo **secondary** sites:
```ruby
# Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab_replicator` on the Geo primary
postgresql['sql_replication_password'] = '<md5_hash_of_your_password>'
postgresql['sql_replication_password'] = '<md5_hash_of_your_replication_password>'
```
1. During the initial replication setup, the `gitlab-ctl replicate-geo-database` command writes the plaintext
......
......@@ -180,7 +180,7 @@ To configure the connection to the external read-replica database and enable Log
# note this is shared between both databases,
# make sure you define the same password in both
gitlab_rails['db_password'] = '<your_password_here>'
gitlab_rails['db_password'] = '<your_primary_db_password_here>'
gitlab_rails['db_username'] = 'gitlab'
gitlab_rails['db_host'] = '<database_read_replica_host>'
......@@ -257,7 +257,7 @@ Configure GitLab to use this database. These steps are for Linux package and Doc
```ruby
geo_secondary['db_username'] = 'gitlab_geo'
geo_secondary['db_password'] = '<your_password_here>'
geo_secondary['db_password'] = '<your_tracking_db_password_here>'
geo_secondary['db_host'] = '<tracking_database_host>'
geo_secondary['db_port'] = <tracking_database_port> # change to the correct port
......
......@@ -112,7 +112,7 @@ To configure the connection to the external read-replica database:
# note this is shared between both databases,
# make sure you define the same password in both
gitlab_rails['db_password'] = '<your_password_here>'
gitlab_rails['db_password'] = '<your_db_password_here>'
gitlab_rails['db_username'] = 'gitlab'
gitlab_rails['db_host'] = '<database_read_replica_host>'
......@@ -459,7 +459,7 @@ Configure GitLab to use this database. These steps are for Linux package and Doc
```ruby
geo_secondary['db_username'] = 'gitlab_geo'
geo_secondary['db_password'] = '<your_password_here>'
geo_secondary['db_password'] = '<your_tracking_db_password_here>'
geo_secondary['db_host'] = '<tracking_database_host>'
geo_secondary['db_port'] = <tracking_database_port> # change to the correct port
......
......@@ -61,14 +61,19 @@ Prerequisites:
This command uses the `external_url` defined in `/etc/gitlab/gitlab.rb`.
1. Create a password for the `gitlab` database user.
1. Create a password for the `gitlab` database user and update Rail to use the new password.
NOTE:
The values configured for the `gitlab_rails['db_password']` and `postgresql['sql_user_password']` settings need to match.
However, only the `postgresql['sql_user_password']` value should be the MD5 encrypted password.
Changes to this are being discussed in [Rethink how we handle PostgreSQL passwords in cookbooks](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5713).
1. Generate a MD5 hash of the desired password:
```shell
gitlab-ctl pg-password-md5 gitlab
# Enter password: <your_password_here>
# Confirm password: <your_password_here>
# Enter password: <your_db_password_here>
# Confirm password: <your_db_password_here>
# fca0b89a972d69f00eb3ec98a5838484
```
......@@ -76,12 +81,12 @@ Prerequisites:
```ruby
# Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab`
postgresql['sql_user_password'] = '<md5_hash_of_your_password>'
postgresql['sql_user_password'] = '<md5_hash_of_your_db_password>'
# Every node that runs Puma or Sidekiq needs to have the database
# password specified as below. If you have a high-availability setup, this
# must be present in all application nodes.
gitlab_rails['db_password'] = '<your_password_here>'
gitlab_rails['db_password'] = '<your_db_password_here>'
```
1. Define a password for the database [replication user](https://wiki.postgresql.org/wiki/Streaming_Replication).
......@@ -93,8 +98,8 @@ Prerequisites:
```shell
gitlab-ctl pg-password-md5 gitlab_replicator
# Enter password: <your_password_here>
# Confirm password: <your_password_here>
# Enter password: <your_replication_password_here>
# Confirm password: <your_replication_password_here>
# 950233c0dfc2f39c64cf30457c3b7f1e
```
......@@ -102,7 +107,7 @@ Prerequisites:
```ruby
# Fill with the hash generated by `gitlab-ctl pg-password-md5 gitlab_replicator`
postgresql['sql_replication_password'] = '<md5_hash_of_your_password>'
postgresql['sql_replication_password'] = '<md5_hash_of_your_replication_password>'
```
1. Optional. If you use an external database not managed by the Linux package, you must
......@@ -320,9 +325,9 @@ Prerequisites:
## Database credentials password (defined previously in primary site)
## - replicate same values here as defined in primary site
##
postgresql['sql_replication_password'] = '<md5_hash_of_your_password>'
postgresql['sql_user_password'] = '<md5_hash_of_your_password>'
gitlab_rails['db_password'] = '<your_password_here>'
postgresql['sql_replication_password'] = '<md5_hash_of_your_replication_password>'
postgresql['sql_user_password'] = '<md5_hash_of_your_db_password>'
gitlab_rails['db_password'] = '<your_db_password_here>'
```
Be sure to replace the IP addresses with addresses appropriate to your network configuration.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment