Enabling the GitLab Container Registry Metadata Database

The official documentation for enabling the GitLab Container Registry Metadata Database is based on Linux package installations of GitLab. While largely similar, the instructions for a Docker installation require a few clarifications. This article provides those clarifications, but is not a step-by-step guide, so follow the official documentation for the most part.

TL;DR

• Create the database and user for the metadata database.
• Use /var/opt/gitlab/postgresql/ as the host.
• Add a postgresql['custom_pg_hba_entries'] entry to allow the new user to connect to the database.

Detailed Clarifications

Before running schema migrations, we need to create the database and user for the metadata database. This can be done by running the following commands:

gitlab-psql -c "CREATE USER registry WITH PASSWORD 'registrypassword'"
gitlab-psql -c "CREATE DATABASE registry_database WITH OWNER registry"

Now use the created user and database in /etc/gitlab/gitlab.rb: host is a path, since postgres runs in the same container and so the connection can use a unix socket.

registry['database'] = {
  'enabled' => false, # Must be false!
  'host' => '/var/opt/gitlab/postgresql/',
  'user' => 'registry',
  'password' => 'registrypassword',
  'dbname' => 'registry_database',
  'sslmode' => 'disable'
}

To allow the new user to connect to the database, we also need to add the following to /etc/gitlab/gitlab.rb:

postgresql['custom_pg_hba_entries'] = {
  registry_db: [
    {
      type: 'local',
      database: 'registry_database',
      user: 'registry',
      method: 'md5'
  }
  ]
}

After changing /etc/gitlab/gitlab.rb always run gitlab-ctl reconfigure to apply the changes.

We can now run the schema migrations, import the registry database and finally enable the metadata database.

Sources

• https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html
• https://gitlab.com/-/snippets/2572204#prepare-the-metadata-database-for-the-container-registry