Standalone PostgreSQL using Omnibus GitLab

If you wish to have your database service hosted separately from your GitLab application servers, you can do this using the PostgreSQL binaries packaged together with Omnibus GitLab. This is recommended as part of our reference architecture for up to 2,000 users.

Setting it up

  1. SSH in to the PostgreSQL server.
  2. Download and install the Omnibus GitLab package you want using steps 1 and 2 from the GitLab downloads page.
    • Do not complete any other steps on the download page.

  3. Generate a password hash for PostgreSQL. This assumes you are using the default username of gitlab (recommended). The command requests a password and confirmation. Use the value that is output by this command in the next step as the value of POSTGRESQL_PASSWORD_HASH. 

    sudo gitlab-ctl pg-password-md5 gitlab

  4. Edit /etc/gitlab/gitlab.rb and add the contents below, updating placeholder values appropriately.

    • POSTGRESQL_PASSWORD_HASH - The value output from the previous step
    • APPLICATION_SERVER_IP_BLOCKS - A space delimited list of IP subnets or IP addresses of the GitLab application servers that connect to the database. Example: %w(123.123.123.123/32 123.123.123.234/32) 
    # Disable all components except PostgreSQL
roles(['postgres_role'])
prometheus['enable'] = false
alertmanager['enable'] = false
pgbouncer_exporter['enable'] = false
redis_exporter['enable'] = false
gitlab_exporter['enable'] = false

postgresql['listen_address'] = '0.0.0.0'
postgresql['port'] = 5432

# Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
postgresql['sql_user_password'] = 'POSTGRESQL_PASSWORD_HASH'

# Replace XXX.XXX.XXX.XXX/YY with Network Address
# ????
postgresql['trust_auth_cidr_addresses'] = %w(APPLICATION_SERVER_IP_BLOCKS)

# Disable automatic database migrations
gitlab_rails['auto_migrate'] = false
  5. Reconfigure GitLab for the changes to take effect.
  6. Note the PostgreSQL node’s IP address or hostname, port, and plain text password. These are necessary when configuring the GitLab application servers later.
  7. Enable monitoring

Advanced configuration options are supported and can be added if needed.