Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

docs: md5_auth_cidr_addresses should be used for host-to-host access

Review changes
Download
Patches
Plain diff

Ben Prescott_ requested to merge bprescott/docs/20210716-trust_md5_patroni into master Jul 16, 2021

Overview 22
Commits 1
Pipelines 4
Changes 9

What does this MR do?

While reviewing work we'd done with a customer on setting up Patroni, it was identified the majority of our docs recommend setting up scaled out GitLab with PostgreSQL access permitted using trust_auth_cidr_addresses rather than md5_auth_cidr_addresses which requires passwords. (internal ticket refs: 1, 2)

From https://docs.gitlab.com/omnibus/settings/database.html#configure-postgresql-block

md5_auth_cidr_addresses: A list of CIDR address blocks which are allowed to connect to the server, after authentication with a password. trust_auth_cidr_addresses: A list of CIDR address blocks which are allowed to connect to the server, without authentication of any kind. Be very careful with this setting. It’s suggested that this be limited to the loopback address of 127.0.0.1/24 or even 127.0.0.1/32.

Related issues

Author's checklist

Follow the Documentation Guidelines and Style Guide.
Ensure that the product tier badge is added to doc's h1.
Request a review based on the documentation page's metadata and associated Technical Writer.

To avoid having this MR be added to code verification QA issues, don't add these labels: feature, frontend, backend, ~"bug", or database

Review checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If the content requires it, ensure the information is reviewed by a subject matter expert.
Technical writer review items:
- Ensure docs metadata is present and up-to-date.
- Ensure the appropriate labels are added to this MR.
- If relevant to this MR, ensure content topic type principles are in use, including:
  - The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
  - The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
  - Any task steps should be written as a numbered list.
  - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
Ensure a release milestone is set.

Edited Jul 16, 2021 by Ben Prescott_

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking