Commit 68fbc9d0 authored by James Ramsay's avatar James Ramsay

Gitaly Cluster TLS doc fixes

parent a3083266
...@@ -498,6 +498,7 @@ To configure Praefect with TLS: ...@@ -498,6 +498,7 @@ To configure Praefect with TLS:
**For Omnibus GitLab** **For Omnibus GitLab**
1. Create certificates for Praefect servers. 1. Create certificates for Praefect servers.
1. On the Praefect servers, create the `/etc/gitlab/ssl` directory and copy your key 1. On the Praefect servers, create the `/etc/gitlab/ssl` directory and copy your key
and certificate there: and certificate there:
...@@ -516,7 +517,8 @@ To configure Praefect with TLS: ...@@ -516,7 +517,8 @@ To configure Praefect with TLS:
praefect['key_path'] = "/etc/gitlab/ssl/key.pem" praefect['key_path'] = "/etc/gitlab/ssl/key.pem"
``` ```
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. On the Praefect clients (including each Gitaly server), copy the certificates, 1. On the Praefect clients (including each Gitaly server), copy the certificates,
or their certificate authority, into `/etc/gitlab/trusted-certs`: or their certificate authority, into `/etc/gitlab/trusted-certs`:
...@@ -529,8 +531,10 @@ To configure Praefect with TLS: ...@@ -529,8 +531,10 @@ To configure Praefect with TLS:
```ruby ```ruby
git_data_dirs({ git_data_dirs({
'default' => { 'gitaly_address' => 'tls://praefect1.internal:3305' }, "default" => {
'storage1' => { 'gitaly_address' => 'tls://praefect2.internal:3305' }, "gitaly_address" => 'tls://LOAD_BALANCER_SERVER_ADDRESS:2305',
"gitaly_token" => 'PRAEFECT_EXTERNAL_TOKEN'
}
}) })
``` ```
...@@ -565,10 +569,7 @@ To configure Praefect with TLS: ...@@ -565,10 +569,7 @@ To configure Praefect with TLS:
repositories: repositories:
storages: storages:
default: default:
gitaly_address: tls://praefect1.internal:3305 gitaly_address: tls://LOAD_BALANCER_SERVER_ADDRESS:3305
path: /some/local/path
storage1:
gitaly_address: tls://praefect2.internal:3305
path: /some/local/path path: /some/local/path
``` ```
...@@ -834,6 +835,8 @@ Particular attention should be shown to: ...@@ -834,6 +835,8 @@ Particular attention should be shown to:
balancer. balancer.
- `PRAEFECT_EXTERNAL_TOKEN` with the real secret - `PRAEFECT_EXTERNAL_TOKEN` with the real secret
If you are using TLS, the `gitaly_address` should begin with `tls://`.
```ruby ```ruby
git_data_dirs({ git_data_dirs({
"default" => { "default" => {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment