2020-09-23 14:10:15 -04:00
---
stage: Enablement
group: Distribution
2020-11-26 01:09:20 -05:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-09-23 14:10:15 -04:00
---
2021-01-28 01:08:59 -05:00
# Place GitLab into a read-only state **(FREE SELF)**
2020-09-23 14:10:15 -04:00
2021-03-12 07:09:33 -05:00
NOTE:
In GitLab 13.9 and later, the recommended method to
place GitLab in a read-only state is to enable
[maintenance mode ](../administration/maintenance_mode/index.md ).
2020-09-23 14:10:15 -04:00
In some cases, you might want to place GitLab under a read-only state.
The configuration for doing so depends on your desired outcome.
## Make the repositories read-only
2021-12-02 13:11:52 -05:00
The first thing you want to accomplish is to ensure that no changes can be
2020-09-23 14:10:15 -04:00
made to your repositories. There's two ways you can accomplish that:
2021-06-03 08:10:18 -04:00
- Either stop Puma to make the internal API unreachable:
2020-09-23 14:10:15 -04:00
```shell
2021-06-03 08:10:18 -04:00
sudo gitlab-ctl stop puma
2020-09-23 14:10:15 -04:00
```
- Or, open up a Rails console:
```shell
sudo gitlab-rails console
```
And set the repositories for all projects read-only:
```ruby
Project.all.find_each { |project| project.update!(repository_read_only: true) }
```
When you're ready to revert this, you can do so with the following command:
```ruby
Project.all.find_each { |project| project.update!(repository_read_only: false) }
```
## Shut down the GitLab UI
If you don't mind shutting down the GitLab UI, then the easiest approach is to
2021-12-02 13:11:52 -05:00
stop `sidekiq` and `puma` , and you effectively ensure that no
2020-09-23 14:10:15 -04:00
changes can be made to GitLab:
```shell
sudo gitlab-ctl stop sidekiq
2021-06-03 08:10:18 -04:00
sudo gitlab-ctl stop puma
2020-09-23 14:10:15 -04:00
```
When you're ready to revert this:
```shell
sudo gitlab-ctl start sidekiq
2021-06-03 08:10:18 -04:00
sudo gitlab-ctl start puma
2020-09-23 14:10:15 -04:00
```
## Make the database read-only
2021-12-02 13:11:52 -05:00
If you want to allow users to use the GitLab UI, then you need to ensure that
2020-09-23 14:10:15 -04:00
the database is read-only:
2021-09-28 14:11:27 -04:00
1. Take a [GitLab backup ](../raketasks/backup_restore.md )
2020-09-23 14:10:15 -04:00
in case things don't go as expected.
2021-02-15 19:09:01 -05:00
1. Enter PostgreSQL on the console as an administrator user:
2020-09-23 14:10:15 -04:00
```shell
sudo \
-u gitlab-psql /opt/gitlab/embedded/bin/psql \
-h /var/opt/gitlab/postgresql gitlabhq_production
```
2021-07-23 20:08:58 -04:00
1. Create the `gitlab_read_only` user. The password is set to `mypassword` ,
2020-09-23 14:10:15 -04:00
change that to your liking:
```sql
-- NOTE: Use the password defined earlier
CREATE USER gitlab_read_only WITH password 'mypassword';
GRANT CONNECT ON DATABASE gitlabhq_production to gitlab_read_only;
GRANT USAGE ON SCHEMA public TO gitlab_read_only;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO gitlab_read_only;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO gitlab_read_only;
-- Tables created by "gitlab" should be made read-only for "gitlab_read_only"
-- automatically.
ALTER DEFAULT PRIVILEGES FOR USER gitlab IN SCHEMA public GRANT SELECT ON TABLES TO gitlab_read_only;
ALTER DEFAULT PRIVILEGES FOR USER gitlab IN SCHEMA public GRANT SELECT ON SEQUENCES TO gitlab_read_only;
```
1. Get the hashed password of the `gitlab_read_only` user and copy the result:
```shell
sudo gitlab-ctl pg-password-md5 gitlab_read_only
```
1. Edit `/etc/gitlab/gitlab.rb` and add the password from the previous step:
```ruby
postgresql['sql_user_password'] = 'a2e20f823772650f039284619ab6f239'
postgresql['sql_user'] = "gitlab_read_only"
```
1. Reconfigure GitLab and restart PostgreSQL:
```shell
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart postgresql
```
2021-12-02 13:11:52 -05:00
When you're ready to revert the read-only state, you need to remove the added
2020-09-23 14:10:15 -04:00
lines in `/etc/gitlab/gitlab.rb` , and reconfigure GitLab and restart PostgreSQL:
```shell
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart postgresql
```
Once you verify all works as expected, you can remove the `gitlab_read_only`
user from the database.