summaryrefslogtreecommitdiff
path: root/doc/administration/high_availability/redis.md
blob: 1adc681e98bc12a2fa42846a3050d57f57d46d8c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# Configuring Redis for GitLab HA

You can choose to install and manage Redis yourself, or you can use GitLab
Omnibus packages to help.

## Experimental Redis Sentinel support

Since 8.10 release, you can configure a list of Redis Sentinel servers that 
will monitor a group of Redis servers to provide you with a standard failover
support.

There is currently one exception to the Sentinel support: **mail_room**, the
component that process incoming emails.

It doesn't support Sentinel yet, but we hope to integrate a future release 
that does support it.

To get a better understanding on how to correctly setup Sentinel, please read
[Redis Sentinel documentation](http://redis.io/topics/sentinel) first, as
faling to configure it correctly can lead to data-loss.

### Redis setup

You must have at least 2 Redis servers: 1 Master, 1 or more Slaves.
They should be configured the same way and with similar server specs, as
in a failover situation, any Slave can be elected as the new Master by
the Sentinels servers.

In a minimal setup, the only required change for the slaves in `redis.conf` 
is the addition of a `slaveof` line pointing to the initial master like this:

```conf
slaveof 192.168.1.1 6379
```

You can increase the security by defining a `requirepass` configuration in
the master:

```conf
requirepass "<password>
```

and adding this line to all the slave servers:

```conf
masterauth "<password>"
```

> **Note** This setup is not safe to be used by a machine accessible by the 
internet. Use it in combination with tight firewall rules.

### Sentinel setup

The support for Sentinel in ruby have some [caveats](https://github.com/redis/redis-rb/issues/531). 
While you can give any name for the `master-group-name` part of the 
configuration, as in this example: 

```conf
sentinel monitor <master-group-name> <ip> <port> <quorum>`
```

For it to work in ruby, you have to use the "hostname" of the master redis
server otherwhise you will get an error message like this one: 
`Redis::CannotConnectError: No sentinels available.`.


Here is an example configuration file (`sentinel.conf`) for a Sentinel node:
 
```conf
port 26379
sentinel monitor master-redis.example.com 10.10.10.10 6379 1
sentinel down-after-milliseconds master-redis.example.com 10000
sentinel config-epoch master-redis.example.com 0
sentinel leader-epoch locmaster-redis.example.comalhost 0
```

### GitLab setup

You can enable or disable sentinel support at any time in new or existing
installs. From the GitLab application perspective, all it requires is
the correct credentials for the Master redis and for a few Sentinels nodes.

It doesn't require a list of all sentinel nodes, as in case of a failure,
the application will need to query only one of them.

For a source based install, you must change `/home/git/gitlab/config/resque.yml`,
following the example in `/home/git/gitlab/config/resque.yml.example` and
uncommenting the sentinels line, changing to the correct server credentials,
and resstart GitLab. 

For a Omnibus install you have to add/change this lines from the 
`/etc/gitlab/gitlab.rb` configuration file:
 
```ruby
gitlab['gitlab-rails']['redis_host'] = "master-redis.example.com"
gitlab['gitlab-rails']['redis_port'] = 6379
gitlab['gitlab-rails']['redis_password'] = "redis-secure-password-here"
gitlab['gitlab-rails']['redis_socket'] = nil
gitlab['gitlab-rails']['redis_sentinels'] = [
  {'host' => '10.10.10.1', 'port' => 26379},
  {'host' => '10.10.10.2', 'port' => 26379},
  {'host' => '10.10.10.3', 'port' => 26379}
]
```

After the change run the reconfigure command:

```bash
sudo gitlab-ctl reconfigure

```

## Configure your own Redis server

If you're hosting GitLab on a cloud provider, you can optionally use a
managed service for Redis. For example, AWS offers a managed ElastiCache service
that runs Redis.

> **Note:** Redis does not require authentication by default. See
  [Redis Security](http://redis.io/topics/security) documentation for more
  information. We recommend using a combination of a Redis password and tight
  firewall rules to secure your Redis service.

## Configure using Omnibus

1. Download/install GitLab Omnibus using **steps 1 and 2** from
   [GitLab downloads](https://about.gitlab.com/downloads). Do not complete other
   steps on the download page.
1. Create/edit `/etc/gitlab/gitlab.rb` and use the following configuration.
   Be sure to change the `external_url` to match your eventual GitLab front-end
   URL.

    ```ruby
      external_url 'https://gitlab.example.com'

      # Disable all components except Redis
      redis['enable'] = true
      bootstrap['enable'] = false
      nginx['enable'] = false
      unicorn['enable'] = false
      sidekiq['enable'] = false
      postgresql['enable'] = false
      gitlab_workhorse['enable'] = false
      mailroom['enable'] = false

      # Redis configuration
      redis['port'] = 6379
      redis['bind'] = '0.0.0.0'

      # If you wish to use Redis authentication (recommended)
      redis['password'] = 'Redis Password'
    ```

1. Run `sudo gitlab-ctl reconfigure` to install and configure PostgreSQL.

    > **Note**: This `reconfigure` step will result in some errors.
      That's OK - don't be alarmed.
1. Run `touch /etc/gitlab/skip-auto-migrations` to prevent database migrations
   from running on upgrade. Only the primary GitLab application server should
   handle migrations.

---

Read more on high-availability configuration:

1. [Configure the database](database.md)
1. [Configure NFS](nfs.md)
1. [Configure the GitLab application servers](gitlab.md)
1. [Configure the load balancers](load_balancer.md)