Note: Currently new registrations are closed, if you want an account Contact us
Difference between revisions of "GitLab"
(→Setup: mention stretch-backports) |
|||
Line 8: | Line 8: | ||
Running on debian gnu/linux 9 stretch with postgresql 9.6. Using gitlab package from https://people.debian.org/~praveen/gitlab/ | Running on debian gnu/linux 9 stretch with postgresql 9.6. Using gitlab package from https://people.debian.org/~praveen/gitlab/ | ||
Note: We install gitlab dependencies from stretch-backports, so all apt commands should enable stretch-backports (''apt -t stretch-backports''). | |||
Letsencrypt domains: | Letsencrypt domains: |
Revision as of 12:48, 10 October 2018
Our public GitLab instance is https://git.fosscommunity.in
Hosting
Sponsored by GitLab Inc.Hosted at gandi.net in France.
Setup
Running on debian gnu/linux 9 stretch with postgresql 9.6. Using gitlab package from https://people.debian.org/~praveen/gitlab/
Note: We install gitlab dependencies from stretch-backports, so all apt commands should enable stretch-backports (apt -t stretch-backports).
Letsencrypt domains:
letsencrypt --expand --webroot --webroot-path /usr/share/gitlab/public -d git.fosscommunity.in -d gitlabce.tk -d gitlab.debian.net -d wiki.fsci.org.in -d git.fsci.org.in certonly
Mail Server Setup
- postfix is used
- SPF record is added (only a and aaaa allowed to send mails)
- Reverse DNS is updated in gandi.net server ip section
- Using letsencrypt certificates for tls in main.cf
- Using 'inet_interfaces = 127.0.0.1' in main.cf
- Configured DKIM following https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/
- DMARC is set to reject
Maintenance
Maintenance discussion at this loomio subgroup and this matrix chat room
- team repo with access details (private)
Backup
Backup server is provided by Manu. Running on debian gnu/linux 9 stretch.
Slave configuration: Step 1
Install postgresql and rsync
# apt-get install postgresql-contrib-9.6 rsync
Make sure en_US.UTF-8 locale is available
# dpkg-reconfigure locales
Create ssh key for postgres user
# su - postgres $ ssh-keygen
Now copy /var/lib/postgresql/.ssh/id_rsa.pub to master postgres users' /var/lib/postgresql/.ssh/authorized_keys
Stop postgresql before changing any configuration
$ pg_ctlcluster 9.6 main stop
cd /etc/postgresql/9.6/main
Open the postgres configuration file
nano postgresql.conf
Set the following configuration options in the postgresql.conf file
listen_addresses = 'localhost,192.168.0.115' port=5432 wal_level = 'hot_standby' archive_mode = on archive_command = 'cd .' max_wal_senders = 1 hot_standby = on
Master configuration
Create and copy ssh public key to slave like above.
# su - postgres $ ssh-keygen
Now copy /var/lib/postgresql/.ssh/id_rsa.pub to slave postgres users' /var/lib/postgresql/.ssh/authorized_keys
Create postgresql user for replication.
$ psql -c "CREATE USER rep REPLICATION LOGIN CONNECTION LIMIT 1 ENCRYPTED PASSWORD 'yourpassword';"
Allow slave to connect to master using the user just created.
$ cd /etc/postgresql/9.6/main
$ nano pg_hba.conf
Add below line to allow rep user to get access to the server
host replication rep 62.210.83.200/32 md5
Next , open the postgres configuration file
nano postgresql.conf
Set the following configuration options in the postgresql.conf file
listen_addresses = 'localhost,213.167.243.152' port=5432 wal_level = 'hot_standby' archive_mode = on archive_command = 'cd .' max_wal_senders = 1 hot_standby = on
Now, to activate your changes, reload the postgresql server
$ pg_ctlcluster 9.6 main reload
You may need to restart it via systemd,
# systemctl restart postgresql
Start the backup process,
psql -c "select pg_start_backup('initial_backup');" rsync -cva -e 'ssh -p 12022' --inplace --exclude=*pg_xlog* /var/lib/postgresql/9.6/main/ 62.210.83.200:/var/lib/postgresql/9.6/main/ psql -c "select pg_stop_backup();"
Slave Configuration: Step 2
Create a recovery file called recovery.conf and add following lines.
standby_mode = 'on' primary_conninfo = 'host=213.167.243.152 port=5432 user=rep password=yourpassword' trigger_file = '/tmp/postgresql.trigger.5432'
Start the slave server
$ pg_ctlcluster 9.6 main start
Replication Status
On master server ,
$ ps -ef | grep sender
On slave server,
$ ps -ef | grep receiver