Backup GitLab Omnibus postgresql server with Barman

I’m looking for advices regarding what I’ve done to backup the GitLab Omnibus DB.

We use barman to backup all our postgresql servers. That’s why I managed to add the GitLab Omnibus pg server to the list of servers monitored by barman.

GitLab has been installed on Debian 9 server.

To make it short, I need to do the following:

  • add a superuser
  • add a streaming user
  • modify pg_hba.conf to allow the connection of such users from my backup server
  • modify ‘listen addresses’, ‘wal_level’, ‘max_wal_senders’, ‘max_replication_slots’, in postgresql.conf

The gitlab.rb config file is quite well done to achieve all these goals and here you have what I’ve configured:

postgresql['sql_replication_user'] = "{{ BARMAN_STREAM_USER }}"
postgresql['sql_replication_password'] = "{{ BARMAN_STREAM_PWD }}"
postgresql['wal_level'] = "replica"
postgresql['max_wal_senders'] = 5
postgresql['max_replication_slots'] = 2

postgresql['custom_pg_hba_entries'] = {
  'BARMAN': [
    {
      type: 'host',
      database: 'all',
      user: '{{ BARMAN_SUPERUSER }}',
      cidr: '{{ BARMAN_SERVER_IP }}/32',
      method: 'md5'
    },
    {
      type: 'host',
      database: 'replication',
      user: '{{ BARMAN_STREAM_USER }}',
      cidr: '{{ BARMAN_SERVER_IP }}/32',
      method: 'md5'
    }
  ]
}

The only things that has been complicated to do was adding BARMAN_SUPERUSER as superuser of the pgserver. To achieve this I’ve done the following:

su gitlab-psql
/opt/gitlab/embedded/bin/psql -h /var/opt/gitlab/postgresql -d gitlabhq_production
CREATE ROLE barman LOGIN PASSWORD 'my_secret_password' SUPERUSER VALID UNTIL 'infinity';
\q
exit

Et voilà, it’s working.
By the way, would it be possible to add the opportunity to add a superuser via the gitlab.rb config file using a mechanism similar to the one done by postgresql[‘custom_pg_hba_entries’]?

Other solution would be to use gitlab-psql user in Barman server, but I need to know it’s credentials to make the connection and I did not find how to redefine them.

Any suggestion?