Standalone PostgreSQL using Omnibus GitLab

If you wish to have your database service hosted separately from your GitLab application servers, you can do this using the PostgreSQL binaries packaged together with Omnibus GitLab. This is recommended as part of our reference architecture for up to 2,000 users.

Setting it up

  1. SSH in to the PostgreSQL server.
  2. Download and install the Omnibus GitLab package you want using steps 1 and 2 from the GitLab downloads page.
    • Do not complete any other steps on the download page.
  3. Generate a password hash for PostgreSQL. This assumes you are using the default username of gitlab (recommended). The command requests a password and confirmation. Use the value that is output by this command in the next step as the value of POSTGRESQL_PASSWORD_HASH.

    sudo gitlab-ctl pg-password-md5 gitlab
  4. Edit /etc/gitlab/gitlab.rb and add the contents below, updating placeholder values appropriately.

    • POSTGRESQL_PASSWORD_HASH - The value output from the previous step
    • APPLICATION_SERVER_IP_BLOCKS - A space delimited list of IP subnets or IP addresses of the GitLab application servers that connect to the database. Example: %w(
    # Disable all components except PostgreSQL
    prometheus['enable'] = false
    alertmanager['enable'] = false
    pgbouncer_exporter['enable'] = false
    redis_exporter['enable'] = false
    gitlab_exporter['enable'] = false
    postgresql['listen_address'] = ''
    postgresql['port'] = 5432
    # Replace POSTGRESQL_PASSWORD_HASH with a generated md5 value
    postgresql['sql_user_password'] = 'POSTGRESQL_PASSWORD_HASH'
    # Replace XXX.XXX.XXX.XXX/YY with Network Address
    # ????
    postgresql['trust_auth_cidr_addresses'] = %w(APPLICATION_SERVER_IP_BLOCKS)
    # Disable automatic database migrations
    gitlab_rails['auto_migrate'] = false
  5. Reconfigure GitLab for the changes to take effect.
  6. Note the PostgreSQL node’s IP address or hostname, port, and plain text password. These are necessary when configuring the GitLab application servers later.
  7. Enable monitoring

Advanced configuration options are supported and can be added if needed.