之前在macos系统测试安装psql和kong,但是实际环境中,大部分是部署在linux服务器上。下面记录了在centos7上部署postgresql和kong的总结以及遇到的一些问题的解决。

查看centos版本:

$ cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

部署版本:

kong: v0.13.1

postgresql: v10.4 (注意:psql版本必须与kong版本对应)

安装依赖包

安装gcc编译环境

$ sudo yum install -y gcc gcc-c++

pcre安装

pcre(Perl Compatible Regular Expressions) 是一个 Perl 库,包括 perl 兼容的正则表达式,nginx 的 http 库使用 pcre 解析正则表达式。

$ sudo yum install -y pcre pcre-devel

zlib安装

zlib 库提供多种压缩和加压缩的方式。
$ sudo yum install -y zlib zlib-devel

openssl安装

openssl 是一个请打的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议

$ sudo yum install -y openssl openssl-devel

postgresql 部署

  PostgreSQL是完全由社区驱动的开源项目,由全世界超过1000名贡献者所维护。它提供了单个完整功能的版本。可靠性是PostgreSQL的最高优先级。Kong 默认使用 postgresql 作为数据库。
  这里安装kong的版本是0.13,对应的psql版本需要在v10+,否则启动kong会报下面的错:
$  /usr/local/bin/kong start

// :: [warn] postgres database 'kong' is missing migration: (response-transformer) ---160000_resp_trans_schema_changes

Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:: [postgres error] the current database schema does not match this version of Kong. Please run `kong migrations up` to update/initialize the database schema. Be aware that Kong migrations should only run from a single node, and that nodes running migrations concurrently will conflict with each other and might corrupt your database schema!

安装psql-10

$ sudo yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-latest-x86_64/pgdg-centos10-10-2.noarch.rpm
$ sudo  yum install -y postgresql10-server postgresql10-contrib

初始化数据库

$ sudo /usr/pgsql-/bin/postgresql--setup initdb

Initializing database ... OK

设置成centos7开机自启动

sudo systemctl enable postgresql-.service

启动postgresql服务

# 启动服务

$ sudo systemctl start postgresql-.service

# 查看psql运行状态

$ sudo systemctl status postgresql-.service

● postgresql-.service - PostgreSQL  database server

   Loaded: loaded (/usr/lib/systemd/system/postgresql-.service; disabled; vendor preset: disabled)

   Active: active (running) since Fri -- :: CST; 16s ago

     Docs: https://www.postgresql.org/docs/10/static/

  Process:  ExecStartPre=/usr/pgsql-/bin/postgresql--check-db-dir ${PGDATA} (code=exited, status=/SUCCESS)

 Main PID:  (postmaster)

   CGroup: /system.slice/postgresql-.service

           ├─ /usr/pgsql-/bin/postmaster -D /var/lib/pgsql//data/

           ├─ postgres: logger process

           ├─ postgres: checkpointer process

           ├─ postgres: writer process

           ├─ postgres: wal writer process

           ├─ postgres: autovacuum launcher process

           ├─ postgres: stats collector process

           └─ postgres: bgworker: logical replication launcher

Jun  :: --- systemd[]: Starting PostgreSQL  database server...

Jun  :: --- postmaster[]: -- ::17.798 CST [] LOG:  listeni...

Jun  :: --- postmaster[]: -- ::17.798 CST [] LOG:  could n...ess

Jun  :: --- postmaster[]: -- ::17.798 CST [] HINT:  Is ano...ry.

Jun  :: --- postmaster[]: -- ::17.801 CST [] LOG:  listeni..."

Jun  :: --- postmaster[]: -- ::17.808 CST [] LOG:  listeni..."

Jun  :: --- postmaster[]: -- ::17.825 CST [] LOG:  redirec...ess

Jun  :: --- postmaster[]: -- ::17.825 CST [] HINT:  Future...g".

Jun  :: --- systemd[]: Started PostgreSQL  database server.

Hint: Some lines were ellipsized, use -l to show in full.

Postgresql配置

执行完初始化任务之后,postgresql 会自动创建和生成两个用户和一个数据库:
  linux 系统用户 postgres:管理数据库的系统用户;
  postgresql 用户 postgres:数据库超级管理员;
  数据库 postgres:用户 postgres 的默认数据库;
  密码由于是默认生成的,需要在系统中修改一下。

修改初始密码

$ passwd postgres

Changing password for user postgres.

New password:

BAD PASSWORD: The password contains the user name in some form

Retype new password:

passwd: all authentication tokens updated successfully.

创建用户

为了安全以及满足 Kong 初始化的需求,需要在建立一个 postgre 用户 kong 和对应的 linux 用户 kong,并新建数据库 kong。

# 新建 linux kong 用户

$ sudo adduser kong

# 使用管理员账号登录 psql 创建用户和数据库

# 切换 postgres 用户

# 切换 postgres 用户后,提示符变成 `-bash-4.3$`

$ su postgres

# 进入psql控制台,此时会进入到控制台(系统提示符变为'postgres=#')

bash-4.3$ psql

could not change directory to "/root": Permission denied

psql (10.4)

Type "help" for help.

#为管理员用户postgres修改密码,之前改过了这里就不用改了

postgres=# password postgres

#建立新的数据库用户(和之前建立的系统用户要一样)

postgres=# create user kong with password 'kong';

CREATE ROLE

#为新用户建立数据库

postgres=# create database kong owner kong;

CREATE DATABASE

#把新建的数据库权限赋予 kong

postgres=# grant all privileges on database kong to kong;

GRANT

#退出控制台

postgres=# \q

bash-4.3$

注意:在 psql 控制台下执行命令,一定记得在命令后添加分号。

而且postgresql的用户要和系统用户一样:

$ cat /etc/passwd

...

postgres:x:::PostgreSQL Server:/var/lib/pgsql:/bin/bash

kong:x::::/home/kong:/bin/bash

问题一:

用命令行登录,在root账户下登录postgresql 数据库会提示权限问题:

$ psql -U kong -d kong -h 127.0.0.1 -p

psql: FATAL:  Ident authentication failed for user "kong"

原因是postgres没有配置对外访问策略。

认证权限配置文件为 /var/lib/pgsql/10/data/pg_hba.conf
常见的四种身份验证为:
  trust:凡是连接到服务器的,都是可信任的。只需要提供psql用户名,可以没有对应的操作系统同名用户;
  password 和 md5:对于外部访问,需要提供 psql 用户名和密码。对于本地连接,提供 psql 用户名密码之外,还需要有操作系统访问权。(用操作系统同名用户验证)password 和 md5 的区别就是外部访问时传输的密码是否用 md5 加密;
  ident:对于外部访问,从 ident 服务器获得客户端操作系统用户名,然后把操作系统作为数据库用户名进行登录对于本地连接,实际上使用了peer;
  peer:通过客户端操作系统内核来获取当前系统登录的用户名,并作为psql用户名进行登录。
psql 用户必须有同名的操作系统用户名。并且必须以与 psql 同名用户登录 linux 才可以登录 psql 。想用其他用户(例如 root )登录 psql,修改本地认证方式为 trust 或者 password 即可。
$ vim /var/lib/pgsql//data/pg_hba.conf
# 增加如下两条配置
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 0.0.0.0/0 trust
问题二:
通过本地连接会提示拒绝连接,因为pgsql 默认只能通过本地访问,需要开启远程访问。
修改配置文件  var/lib/pgsql/10/data/postgresql.conf ,将 listen_address 设置为 '*'
$ vim var/lib/pgsql//data/postgresql.conf


# CONNECTIONS AND AUTHENTICATION

#------------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = '*'             # what IP address(es) to listen on;

修改以上两个配置文件后,重启postgresql服务:

$ sudo systemctl restart postgresql-10.service

$ psql -U kong -d kong -h 127.0.0.1 -p 5432

psql (10.4)

Type "help" for help.

kong=> \l

                             List of databases

   Name    |  Owner   | Encoding  | Collate | Ctype |   Access privileges

-----------+----------+-----------+---------+-------+-----------------------

 kong      | kong     | SQL_ASCII | C       | C     | =Tc/kong             +

           |          |           |         |       | kong=CTc/kong

 postgres  | postgres | SQL_ASCII | C       | C     |

 template0 | postgres | SQL_ASCII | C       | C     | =c/postgres          +

           |          |           |         |       | postgres=CTc/postgres

 template1 | postgres | SQL_ASCII | C       | C     | =c/postgres          +

           |          |           |         |       | postgres=CTc/postgres

(4 rows)

kong=>

相关postgres命令参考:postgres常见命令

kong部署

kong这块按照官网的方法不成功,最终下载了rpm包安装成功的。

安装kong

$ sudo yum install kong-community-edition-0.13..el7.noarch.rpm

...

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : kong-community-edition-0.13.-.noarch                                               /

  Verifying  : kong-community-edition-0.13.-.noarch                                               /

Installed:

  kong-community-edition.noarch :0.13.-

Complete!

修改 kong 的配置文件

默认配置文件位于 /etc/kong/kong.conf.default
sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf
将之前安装配置好的 postgresql 信息填入 kong 配置文件中:
$ sudo vi /etc/kong/kong.conf

#------------------------------------------------------------------------------

# DATASTORE

#------------------------------------------------------------------------------

# Kong will store all of its data (such as APIs, consumers and plugins) in

# either Cassandra or PostgreSQL.

#

# All Kong nodes belonging to the same cluster must connect themselves to the

# same database.

database = postgres              # Determines which of PostgreSQL or Cassandra

                                 # this node will use as its datastore.

                                 # Accepted values are `postgres` and

                                 # `cassandra`.

pg_host = 127.0.0.1             # The PostgreSQL host to connect to.

pg_port =                   # The port to connect to.

pg_user = kong                  # The username to authenticate if required.

pg_password = kong              # The password to authenticate if required.

pg_database = kong              # The database name to connect to.

ssl = off                       # 如果不希望开放  的 ssl 访问可关闭

初始化数据库表

$ kong migrations up -c  /etc/kong/kong.conf

migrating core for database kong

core migrated up to: ---175310_skeleton

core migrated up to: ---175310_init_schema

core migrated up to: ---817313_nodes

core migrated up to: ---142793_ttls

core migrated up to: ---212515_retries

core migrated up to: ---141423_upstreams

core migrated up to: ---172100_move_ssl_certs_to_core

core migrated up to: ---151900_new_apis_router_1

core migrated up to: ---151900_new_apis_router_2

core migrated up to: ---151900_new_apis_router_3

core migrated up to: ---103600_unique_custom_id

core migrated up to: ---132600_upstream_timeouts

core migrated up to: ---132600_upstream_timeouts_2

core migrated up to: ---132300_anonymous

core migrated up to: ---153000_unique_plugins_id

core migrated up to: ---153000_unique_plugins_id_2

core migrated up to: ---180200_cluster_events

core migrated up to: ---173100_remove_nodes_table

core migrated up to: ---283123_ttl_indexes

core migrated up to: ---225000_balancer_orderlist_remove

core migrated up to: ---173400_apis_created_at_ms_precision

core migrated up to: ---192000_upstream_healthchecks

core migrated up to: ---134100_consistent_hashing_1

core migrated up to: ---192100_upstream_healthchecks_2

core migrated up to: ---134100_consistent_hashing_2

core migrated up to: ---121200_routes_and_services

core migrated up to: ---180700_plugins_routes_and_services

migrating response-transformer for database kong

response-transformer migrated up to: ---160000_resp_trans_schema_changes

migrating ip-restriction for database kong

ip-restriction migrated up to: ---remove-cache

migrating statsd for database kong

statsd migrated up to: ---160000_statsd_schema_changes

migrating jwt for database kong

jwt migrated up to: ---jwt-auth

jwt migrated up to: ---jwt-alg

jwt migrated up to: ---jwt_secret_not_unique

jwt migrated up to: ---120200_jwt-auth_preflight_default

jwt migrated up to: ---211200_jwt_cookie_names_default

migrating cors for database kong

cors migrated up to: --14_multiple_orgins

migrating basic-auth for database kong

basic-auth migrated up to: ---132400_init_basicauth

basic-auth migrated up to: ---180400_unique_username

migrating key-auth for database kong

key-auth migrated up to: ---172400_init_keyauth

key-auth migrated up to: ---120200_key-auth_preflight_default

migrating ldap-auth for database kong

ldap-auth migrated up to: ---150900_header_type_default

migrating hmac-auth for database kong

hmac-auth migrated up to: ---132400_init_hmacauth

hmac-auth migrated up to: ---132400_init_hmacauth

migrating datadog for database kong

datadog migrated up to: ---160000_datadog_schema_changes

migrating tcp-log for database kong

tcp-log migrated up to: ---120000_tcp-log_tls

migrating acl for database kong

acl migrated up to: ---841841_init_acl

migrating response-ratelimiting for database kong

response-ratelimiting migrated up to: ---132400_init_response_ratelimiting

response-ratelimiting migrated up to: ---321512_response-rate-limiting_policies

response-ratelimiting migrated up to: ---120000_add_route_and_service_id_to_response_ratelimiting

migrating request-transformer for database kong

request-transformer migrated up to: ---160000_req_trans_schema_changes

migrating rate-limiting for database kong

rate-limiting migrated up to: ---132400_init_ratelimiting

rate-limiting migrated up to: ---471385_ratelimiting_policies

rate-limiting migrated up to: ---120000_add_route_and_service_id

migrating oauth2 for database kong

oauth2 migrated up to: ---132400_init_oauth2

oauth2 migrated up to: ---oauth2_code_credential_id

oauth2 migrated up to: ---283949_serialize_redirect_uri

oauth2 migrated up to: ---oauth2_api_id

oauth2 migrated up to: ---set_global_credentials

oauth2 migrated up to: ---oauth2_client_secret_not_unique

oauth2 migrated up to: ---set_auth_header_name_default

oauth2 migrated up to: ---oauth2_new_refresh_token_ttl_config_value

oauth2 migrated up to: ---oauth2_pg_add_service_id

 migrations ran

启动kong服务

$ kong start

Kong started

服务已经正常启动

$ curl 127.0.0.1:

{"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":

....

centos7部署posgresql和kong总结的更多相关文章

  1. [原]CentOS7部署osm2pgsql

    转载请注明原作者(think8848)和出处(http://think8848.cnblogs.com) 部署Postgresql和部署PostGis请参考前两篇文章 本文主要参考GitHub上osm ...

  2. centos7 部署ssserver

    centos7 部署shadowsocks服务端 为什么要选centos7? 以后centos7 肯定是主流,在不重要的环境还是尽量使用新系统吧 centos7 的坑 默认可能会有firewall 或 ...

  3. centos7 部署 docker compose

    =============================================== 2019/4/10_第1次修改                       ccb_warlock == ...

  4. centos7 部署 docker ce

    =============================================== 2019/4/9_第1次修改                       ccb_warlock === ...

  5. centos7 部署 open-falcon 0.2.0

    =============================================== 2019/4/29_第3次修改                       ccb_warlock 更新 ...

  6. centos7 部署 docker、shipyard

    =============================================== 2019/4/9_第3次修改                       ccb_warlock 更新说 ...

  7. centos7 部署 docker swarm

    =============================================== 2019/4/9_第3次修改                       ccb_warlock 更新说 ...

  8. CentOS7部署Nginx

    CentOS7部署Nginx 1.准备工作 Nginx的安装依赖于以下三个包,意思就是在安装Nginx之前首先必须安装一下的三个包,注意安装顺序如下: 1 SSL功能需要openssl库,直接通过yu ...

  9. centos7部署JavaWeb项目

    centos7部署JavaWeb项目共有三步 1.配置java环境 2.配置tomcat环境. 3.部署JavaWeb项目 一.配置java环境 1.1安装java 参考我的另一篇博文:https:/ ...

随机推荐

  1. 关于Win10下IE11只能以管理员身份运行的处理方式

    今天无意间发现IE无法启动,后来研究发现只有用管理员身份运行才能打开,初步分析应该是用户权限的问题,在网上百度了一番,找到了处理的方法,在此分享一下 1.win+R 调出“运行”命令,输入“reged ...

  2. fft的实现

    private static Complex[] FFT1(Complex[] f) { int N=f.length; int power= (int) (Math.log10(N)/Math.lo ...

  3. 个人博客week2

    1. 是否需要有代码规范 对于是否需要有代码规范,请考虑下列论点并反驳/支持: 这些规范都是官僚制度下产生的浪费大家的编程时间.影响人们开发效率, 浪费时间的东西. 我是个艺术家,手艺人,我有自己的规 ...

  4. JAVA程序设计 实验一报告

    北京电子科技学院(BESTI) 实     验    报     告 课程:Java程序设计 班级:1351  姓名:李畅宇  学号:20135129 成绩:             指导教师:娄嘉鹏 ...

  5. Hibernate_core_method

    /** * Created by Administrator on 2015/11/30. *HibernateUtil */public class HibernateUtil { private ...

  6. MyBatis是如何解决Sql注入的

    转:[转]mybatis如何防止sql注入 java中预处理PrepareStatement为什么能起到防止SQL注入的作用??!! 一.SQL注入 sql注入大家都不陌生,是一种常见的攻击方式,攻击 ...

  7. SpringBoot(十五)_springboot实现预览pdf

    最近,项目上要做个打印的东西,还要预览.我想就直接生成pdf预览,然后用户选择打印 于是,昨天找了找资料.一般用itext 进行转pdf.于是我就用springboot试了试,代码比较简单,现在只是简 ...

  8. Delphi2007精简版加载Borland.Studio.Together.dll错误解决办法

    安装Delphi2007精简版,启动提示Borland.Studio.Together.dll加载错误,错误信息如下: Failed to load IDE add in 'C:\Program Fi ...

  9. AXI4

    axis  AXI4-stream 去掉了地址项,允许无限制的数据突发传输规模: 摘自http://xilinx.eetrend.com/blog/11443

  10. day24 包

    # 把解决一类问题的模块会被放在一个文件夹里面,即包 # import os # os.makedirs('glance/api') # os.makedirs('glance/cmd') # os. ...