我正在尝试使用远程postgresql数据库设置gitlab omnibus。 gitlab和postgres之间的连接应加密,但我的配置有问题。
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "utf8"
gitlab_rails['db_collation'] = nil
gitlab_rails['db_database'] = "gitlabhq_production"
gitlab_rails['db_pool'] = 10
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "MYPASSWORD"
gitlab_rails['db_host'] = "db.example.com"
gitlab_rails['db_port'] = 5432
# gitlab_rails['db_socket'] = nil
# gitlab_rails['db_sslmode'] = nil
gitlab_rails['db_sslrootcert'] = "/usr/local/share/ca-certificates/cacert-class3.crt"
gitlab_rails['db_prepared_statements'] = true
gitlab_rails['db_statements_limit'] = 1000
使用此配置gilab-ctl reconfigure失败并显示:
PG::ConnectionBad: SSL error: certificate verify failed
FATAL: no pg_hba.conf entry for host "MY_IP", user "gitlab", database "gitlabhq_production", SSL off
我在这里有点迷失,找不到任何有关db_sslmode可用选项的文档,我怀疑这些选项配置错误。我只找到了verify-full,但是不想在两个地方拥有证书,只要签名就足够了。
我可以在手动运行psql时连接到数据库。
还有其他选项要设置吗?
答案 0 :(得分:0)
好的,通过搜索rake问题,我发现丢失的关键字为require。
除此之外,将sslrootcert指向/etc/ssl/certs/ca-certificates.crt