Commit d9a03cf2 authored by Ben Bodenmiller's avatar Ben Bodenmiller

Gitaly cleanup

parent 93bdc328
......@@ -235,6 +235,7 @@ Method 2:
### Configure Gitaly servers
On the Gitaly servers, you must configure storage paths and enable the network listener.
The Gitaly server must be able to read, write, and set permissions on the configured path.
If you want to reduce the risk of downtime when you enable authentication, you can temporarily
disable enforcement. For more information, see the documentation on configuring
......@@ -250,8 +251,6 @@ disable enforcement. For more information, see the documentation on configuring
-->
```ruby
# /etc/gitlab/gitlab.rb
# Avoid running unnecessary services on the Gitaly server
postgresql['enable'] = false
redis['enable'] = false
......@@ -285,6 +284,10 @@ disable enforcement. For more information, see the documentation on configuring
# Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from Gitaly client to Gitaly server.
gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
# Authentication token to ensure only authorized servers can communicate with
# Gitaly server
gitaly['auth_token'] = 'AUTH_TOKEN'
# Make Gitaly accept connections on all network interfaces. You must use
# firewalls to restrict access to this address/port.
# Comment out following line if you only want to support TLS connections
......@@ -387,10 +390,10 @@ if previously enabled manually.
Gitaly makes the following assumptions:
- Your `gitaly1.internal` Gitaly server can be reached at `gitaly1.internal:8075` from your Gitaly
clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/default` and
`/mnt/gitlab/storage1`.
clients, and that Gitaly server can read, write, and set permissions on `/var/opt/gitlab/git-data` and
`/mnt/gitlab/git-data`.
- Your `gitaly2.internal` Gitaly server can be reached at `gitaly2.internal:8075` from your Gitaly
clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/storage2`.
clients, and that Gitaly server can read, write, and set permissions on `/srv/gitlab/git-data`.
- Your `gitaly1.internal` and `gitaly2.internal` Gitaly servers can reach each other.
You can't define Gitaly servers with some as a local Gitaly server
......@@ -595,7 +598,8 @@ To configure Gitaly with TLS:
```
1. Copy all Gitaly server certificates (or their certificate authority) to
`/etc/gitlab/trusted-certs` so that Gitaly servers trust the certificate when calling into themselves
`/etc/gitlab/trusted-certs` on all Gitaly servers and clients
so that Gitaly servers and clients trust the certificate when calling into themselves
or other Gitaly servers:
```shell
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment