summaryrefslogtreecommitdiff
path: root/doc/administration
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration')
-rw-r--r--doc/administration/high_availability/database.md11
-rw-r--r--doc/administration/high_availability/gitlab.md35
-rw-r--r--doc/administration/integration/terminal.md16
-rw-r--r--doc/administration/monitoring/prometheus/index.md13
4 files changed, 38 insertions, 37 deletions
diff --git a/doc/administration/high_availability/database.md b/doc/administration/high_availability/database.md
index ca6d8d2de67..b5124b1d540 100644
--- a/doc/administration/high_availability/database.md
+++ b/doc/administration/high_availability/database.md
@@ -33,16 +33,7 @@ If you use a cloud-managed service, or provide your own PostgreSQL:
external_url 'https://gitlab.example.com'
# Disable all components except PostgreSQL
- postgresql['enable'] = true
- bootstrap['enable'] = false
- nginx['enable'] = false
- unicorn['enable'] = false
- sidekiq['enable'] = false
- redis['enable'] = false
- prometheus['enable'] = false
- gitaly['enable'] = false
- gitlab_workhorse['enable'] = false
- mailroom['enable'] = false
+ roles ['postgres_role']
# PostgreSQL configuration
gitlab_rails['db_password'] = 'DB password'
diff --git a/doc/administration/high_availability/gitlab.md b/doc/administration/high_availability/gitlab.md
index e201848791c..0d9c10687f2 100644
--- a/doc/administration/high_availability/gitlab.md
+++ b/doc/administration/high_availability/gitlab.md
@@ -47,7 +47,8 @@ for each GitLab application server in your environment.
URL. Depending your the NFS configuration, you may need to change some GitLab
data locations. See [NFS documentation](nfs.md) for `/etc/gitlab/gitlab.rb`
configuration values for various scenarios. The example below assumes you've
- added NFS mounts in the default data locations.
+ added NFS mounts in the default data locations. Additionally the UID and GIDs
+ given are just examples and you should configure with your preferred values.
```ruby
external_url 'https://gitlab.example.com'
@@ -68,6 +69,14 @@ for each GitLab application server in your environment.
gitlab_rails['redis_port'] = '6379'
gitlab_rails['redis_host'] = '10.1.0.6' # IP/hostname of Redis server
gitlab_rails['redis_password'] = 'Redis Password'
+
+ # Ensure UIDs and GIDs match between servers for permissions via NFS
+ user['uid'] = 9000
+ user['gid'] = 9000
+ web_server['uid'] = 9001
+ web_server['gid'] = 9001
+ registry['uid'] = 9002
+ registry['gid'] = 9002
```
> **Note:** To maintain uniformity of links across HA clusters, the `external_url`
@@ -75,25 +84,24 @@ for each GitLab application server in your environment.
servers should point to the external url that users will use to access GitLab.
In a typical HA setup, this will be the url of the load balancer which will
route traffic to all GitLab application servers in the HA cluster.
-
-1. Run `sudo gitlab-ctl reconfigure` to compile the configuration.
+
+ > **Note:** When you specify `https` in the `external_url`, as in the example
+ above, GitLab assumes you have SSL certificates in `/etc/gitlab/ssl/`. If
+ certificates are not present, Nginx will fail to start. See
+ [Nginx documentation](http://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
+ for more information.
## First GitLab application server
-As a final step, run the setup rake task on the first GitLab application server.
-It is not necessary to run this on additional application servers.
+As a final step, run the setup rake task **only on** the first GitLab application server.
+Do not run this on additional application servers.
1. Initialize the database by running `sudo gitlab-rake gitlab:setup`.
+1. Run `sudo gitlab-ctl reconfigure` to compile the configuration.
> **WARNING:** Only run this setup task on **NEW** GitLab instances because it
will wipe any existing data.
-> **Note:** When you specify `https` in the `external_url`, as in the example
- above, GitLab assumes you have SSL certificates in `/etc/gitlab/ssl/`. If
- certificates are not present, Nginx will fail to start. See
- [Nginx documentation](http://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
- for more information.
-
## Extra configuration for additional GitLab application servers
Additional GitLab servers (servers configured **after** the first GitLab server)
@@ -101,8 +109,7 @@ need some extra configuration.
1. Configure shared secrets. These values can be obtained from the primary
GitLab server in `/etc/gitlab/gitlab-secrets.json`. Add these to
- `/etc/gitlab/gitlab.rb` **prior to** running the first `reconfigure` in
- the steps above.
+ `/etc/gitlab/gitlab.rb` **prior to** running the first `reconfigure`.
```ruby
gitlab_shell['secret_token'] = 'fbfb19c355066a9afb030992231c4a363357f77345edd0f2e772359e5be59b02538e1fa6cae8f93f7d23355341cea2b93600dab6d6c3edcdced558fc6d739860'
@@ -115,6 +122,8 @@ need some extra configuration.
from running on upgrade. Only the primary GitLab application server should
handle migrations.
+1. Run `sudo gitlab-ctl reconfigure` to compile the configuration.
+
## Troubleshooting
- `mount: wrong fs type, bad option, bad superblock on`
diff --git a/doc/administration/integration/terminal.md b/doc/administration/integration/terminal.md
index 91e844c7b42..32ad63c3706 100644
--- a/doc/administration/integration/terminal.md
+++ b/doc/administration/integration/terminal.md
@@ -1,12 +1,13 @@
# Web terminals
-> [Introduced][ce-7690] in GitLab 8.15. Only project masters and owners can
- access web terminals.
+>
+[Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7690)
+in GitLab 8.15. Only project masters and owners can access web terminals.
-With the introduction of the [Kubernetes project service][kubservice], GitLab
-gained the ability to store and use credentials for a Kubernetes cluster. One
-of the things it uses these credentials for is providing access to
-[web terminals](../../ci/environments.html#web-terminals) for environments.
+With the introduction of the [Kubernetes integration](../../user/project/clusters/index.md),
+GitLab gained the ability to store and use credentials for a Kubernetes cluster.
+One of the things it uses these credentials for is providing access to
+[web terminals](../../ci/environments.md#web-terminals) for environments.
## How it works
@@ -80,6 +81,3 @@ Terminal sessions use long-lived connections; by default, these may last
forever. You can configure a maximum session time in the Admin area of your
GitLab instance if you find this undesirable from a scalability or security
point of view.
-
-[ce-7690]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7690
-[kubservice]: ../../user/project/integrations/kubernetes.md
diff --git a/doc/administration/monitoring/prometheus/index.md b/doc/administration/monitoring/prometheus/index.md
index f47add48345..1c79e86dcb4 100644
--- a/doc/administration/monitoring/prometheus/index.md
+++ b/doc/administration/monitoring/prometheus/index.md
@@ -29,7 +29,8 @@ For installations from source you'll have to install and configure it yourself.
Prometheus and it's exporters are on by default, starting with GitLab 9.0.
Prometheus will run as the `gitlab-prometheus` user and listen on
-`http://localhost:9090`. Each exporter will be automatically be set up as a
+`http://localhost:9090`. By default Prometheus is only accessible from the GitLab server itself.
+Each exporter will be automatically set up as a
monitoring target for Prometheus, unless individually disabled.
To disable Prometheus and all of its exporters, as well as any added in the future:
@@ -44,14 +45,16 @@ To disable Prometheus and all of its exporters, as well as any added in the futu
1. Save the file and [reconfigure GitLab][reconfigure] for the changes to
take effect
-## Changing the port Prometheus listens on
+## Changing the port and address Prometheus listens on
>**Note:**
The following change was added in [GitLab Omnibus 8.17][1261]. Although possible,
-it's not recommended to change the default address and port Prometheus listens
+it's not recommended to change the port Prometheus listens
on as this might affect or conflict with other services running on the GitLab
server. Proceed at your own risk.
+In order to access Prometheus from outside the GitLab server you will need to
+set a FQDN or IP in `prometheus['listen_address']`.
To change the address/port that Prometheus listens on:
1. Edit `/etc/gitlab/gitlab.rb`
@@ -80,9 +83,9 @@ You can visit `http://localhost:9090` for the dashboard that Prometheus offers b
>**Note:**
If SSL has been enabled on your GitLab instance, you may not be able to access
-Prometheus on the same browser as GitLab due to [HSTS][hsts]. We plan to
+Prometheus on the same browser as GitLab if using the same FQDN due to [HSTS][hsts]. We plan to
[provide access via GitLab][multi-user-prometheus], but in the interim there are
-some workarounds: using a separate browser for Prometheus, resetting HSTS, or
+some workarounds: using a separate FQDN, using server IP, using a separate browser for Prometheus, resetting HSTS, or
having [Nginx proxy it][nginx-custom-config].
The performance data collected by Prometheus can be viewed directly in the
View Lorry Controller Status