Standalone PostgreSQL for Linux package installations
If you wish to have your database service hosted separately from your GitLab application servers, you can do this using the PostgreSQL binaries packaged together with the Linux package. This is recommended as part of our reference architecture for up to 2,000 users.
Setting it up
- SSH in to the PostgreSQL server.
- Download and install the Linux package you want using steps 1 and 2 from the GitLab downloads page. Do not complete any other steps on the download page.
-
Generate a password hash for PostgreSQL. This assumes you are using the default username of
gitlab
(recommended). The command requests a password and confirmation. Use the value that is output by this command in the next step as the value ofPOSTGRESQL_PASSWORD_HASH
.sudo gitlab-ctl pg-password-md5 gitlab
-
Edit
/etc/gitlab/gitlab.rb
and add the contents below, updating placeholder values appropriately.-
POSTGRESQL_PASSWORD_HASH
- The value output from the previous step -
APPLICATION_SERVER_IP_BLOCKS
- A space delimited list of IP subnets or IP addresses of the GitLab application servers that connect to the database. Example:%w(123.123.123.123/32 123.123.123.234/32)
# Disable all components except PostgreSQL roles(['postgres_role']) prometheus['enable'] = false alertmanager['enable'] = false pgbouncer_exporter['enable'] = false redis_exporter['enable'] = false gitlab_exporter['enable'] = false postgresql['listen_address'] = '0.0.0.0' postgresql['port'] = 5432 # Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value postgresql['sql_user_password'] = 'POSTGRESQL_PASSWORD_HASH' # Replace XXX.XXX.XXX.XXX/YY with Network Address # ???? postgresql['trust_auth_cidr_addresses'] = %w(APPLICATION_SERVER_IP_BLOCKS) # Disable automatic database migrations gitlab_rails['auto_migrate'] = false
-
- Reconfigure GitLab for the changes to take effect.
- Note the PostgreSQL node’s IP address or hostname, port, and plain text password. These are necessary when configuring the GitLab application servers later.
- Enable monitoring
Advanced configuration options are supported and can be added if needed.