之前在macos系统测试安装psql和kong,但是实际环境中,大部分是部署在linux服务器上。下面记录了在centos7上部署postgresql和kong的总结以及遇到的一些问题的解决。

查看centos版本:

$ cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

部署版本:

kong: v0.13.1

postgresql: v10.4 (注意:psql版本必须与kong版本对应)

安装依赖包

安装gcc编译环境

$ sudo yum install -y gcc gcc-c++

pcre安装

pcre(Perl Compatible Regular Expressions) 是一个 Perl 库,包括 perl 兼容的正则表达式,nginx 的 http 库使用 pcre 解析正则表达式。

$ sudo yum install -y pcre pcre-devel

zlib安装

zlib 库提供多种压缩和加压缩的方式。
$ sudo yum install -y zlib zlib-devel

openssl安装

openssl 是一个请打的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议

$ sudo yum install -y openssl openssl-devel

postgresql 部署

  PostgreSQL是完全由社区驱动的开源项目,由全世界超过1000名贡献者所维护。它提供了单个完整功能的版本。可靠性是PostgreSQL的最高优先级。Kong 默认使用 postgresql 作为数据库。
  这里安装kong的版本是0.13,对应的psql版本需要在v10+,否则启动kong会报下面的错:
$  /usr/local/bin/kong start

// :: [warn] postgres database 'kong' is missing migration: (response-transformer) ---160000_resp_trans_schema_changes

Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:: [postgres error] the current database schema does not match this version of Kong. Please run `kong migrations up` to update/initialize the database schema. Be aware that Kong migrations should only run from a single node, and that nodes running migrations concurrently will conflict with each other and might corrupt your database schema!

安装psql-10

$ sudo yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-latest-x86_64/pgdg-centos10-10-2.noarch.rpm
$ sudo  yum install -y postgresql10-server postgresql10-contrib

初始化数据库

$ sudo /usr/pgsql-/bin/postgresql--setup initdb

Initializing database ... OK

设置成centos7开机自启动

sudo systemctl enable postgresql-.service

启动postgresql服务

# 启动服务

$ sudo systemctl start postgresql-.service

# 查看psql运行状态

$ sudo systemctl status postgresql-.service

● postgresql-.service - PostgreSQL  database server

   Loaded: loaded (/usr/lib/systemd/system/postgresql-.service; disabled; vendor preset: disabled)

   Active: active (running) since Fri -- :: CST; 16s ago

     Docs: https://www.postgresql.org/docs/10/static/

  Process:  ExecStartPre=/usr/pgsql-/bin/postgresql--check-db-dir ${PGDATA} (code=exited, status=/SUCCESS)

 Main PID:  (postmaster)

   CGroup: /system.slice/postgresql-.service

           ├─ /usr/pgsql-/bin/postmaster -D /var/lib/pgsql//data/

           ├─ postgres: logger process

           ├─ postgres: checkpointer process

           ├─ postgres: writer process

           ├─ postgres: wal writer process

           ├─ postgres: autovacuum launcher process

           ├─ postgres: stats collector process

           └─ postgres: bgworker: logical replication launcher

Jun  :: --- systemd[]: Starting PostgreSQL  database server...

Jun  :: --- postmaster[]: -- ::17.798 CST [] LOG:  listeni...

Jun  :: --- postmaster[]: -- ::17.798 CST [] LOG:  could n...ess

Jun  :: --- postmaster[]: -- ::17.798 CST [] HINT:  Is ano...ry.

Jun  :: --- postmaster[]: -- ::17.801 CST [] LOG:  listeni..."

Jun  :: --- postmaster[]: -- ::17.808 CST [] LOG:  listeni..."

Jun  :: --- postmaster[]: -- ::17.825 CST [] LOG:  redirec...ess

Jun  :: --- postmaster[]: -- ::17.825 CST [] HINT:  Future...g".

Jun  :: --- systemd[]: Started PostgreSQL  database server.

Hint: Some lines were ellipsized, use -l to show in full.

Postgresql配置

执行完初始化任务之后,postgresql 会自动创建和生成两个用户和一个数据库:
  linux 系统用户 postgres:管理数据库的系统用户;
  postgresql 用户 postgres:数据库超级管理员;
  数据库 postgres:用户 postgres 的默认数据库;
  密码由于是默认生成的,需要在系统中修改一下。

修改初始密码

$ passwd postgres

Changing password for user postgres.

New password:

BAD PASSWORD: The password contains the user name in some form

Retype new password:

passwd: all authentication tokens updated successfully.

创建用户

为了安全以及满足 Kong 初始化的需求,需要在建立一个 postgre 用户 kong 和对应的 linux 用户 kong,并新建数据库 kong。

# 新建 linux kong 用户

$ sudo adduser kong

# 使用管理员账号登录 psql 创建用户和数据库

# 切换 postgres 用户

# 切换 postgres 用户后,提示符变成 `-bash-4.3$`

$ su postgres

# 进入psql控制台,此时会进入到控制台(系统提示符变为'postgres=#')

bash-4.3$ psql

could not change directory to "/root": Permission denied

psql (10.4)

Type "help" for help.

#为管理员用户postgres修改密码,之前改过了这里就不用改了

postgres=# password postgres

#建立新的数据库用户(和之前建立的系统用户要一样)

postgres=# create user kong with password 'kong';

CREATE ROLE

#为新用户建立数据库

postgres=# create database kong owner kong;

CREATE DATABASE

#把新建的数据库权限赋予 kong

postgres=# grant all privileges on database kong to kong;

GRANT

#退出控制台

postgres=# \q

bash-4.3$

注意:在 psql 控制台下执行命令,一定记得在命令后添加分号。

而且postgresql的用户要和系统用户一样:

$ cat /etc/passwd

...

postgres:x:::PostgreSQL Server:/var/lib/pgsql:/bin/bash

kong:x::::/home/kong:/bin/bash

问题一:

用命令行登录,在root账户下登录postgresql 数据库会提示权限问题:

$ psql -U kong -d kong -h 127.0.0.1 -p

psql: FATAL:  Ident authentication failed for user "kong"

原因是postgres没有配置对外访问策略。

认证权限配置文件为 /var/lib/pgsql/10/data/pg_hba.conf
常见的四种身份验证为:
  trust:凡是连接到服务器的,都是可信任的。只需要提供psql用户名,可以没有对应的操作系统同名用户;
  password 和 md5:对于外部访问,需要提供 psql 用户名和密码。对于本地连接,提供 psql 用户名密码之外,还需要有操作系统访问权。(用操作系统同名用户验证)password 和 md5 的区别就是外部访问时传输的密码是否用 md5 加密;
  ident:对于外部访问,从 ident 服务器获得客户端操作系统用户名,然后把操作系统作为数据库用户名进行登录对于本地连接,实际上使用了peer;
  peer:通过客户端操作系统内核来获取当前系统登录的用户名,并作为psql用户名进行登录。
psql 用户必须有同名的操作系统用户名。并且必须以与 psql 同名用户登录 linux 才可以登录 psql 。想用其他用户(例如 root )登录 psql,修改本地认证方式为 trust 或者 password 即可。
$ vim /var/lib/pgsql//data/pg_hba.conf
# 增加如下两条配置
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 0.0.0.0/0 trust
问题二:
通过本地连接会提示拒绝连接,因为pgsql 默认只能通过本地访问,需要开启远程访问。
修改配置文件  var/lib/pgsql/10/data/postgresql.conf ,将 listen_address 设置为 '*'
$ vim var/lib/pgsql//data/postgresql.conf


# CONNECTIONS AND AUTHENTICATION

#------------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = '*'             # what IP address(es) to listen on;

修改以上两个配置文件后,重启postgresql服务:

$ sudo systemctl restart postgresql-10.service

$ psql -U kong -d kong -h 127.0.0.1 -p 5432

psql (10.4)

Type "help" for help.

kong=> \l

                             List of databases

   Name    |  Owner   | Encoding  | Collate | Ctype |   Access privileges

-----------+----------+-----------+---------+-------+-----------------------

 kong      | kong     | SQL_ASCII | C       | C     | =Tc/kong             +

           |          |           |         |       | kong=CTc/kong

 postgres  | postgres | SQL_ASCII | C       | C     |

 template0 | postgres | SQL_ASCII | C       | C     | =c/postgres          +

           |          |           |         |       | postgres=CTc/postgres

 template1 | postgres | SQL_ASCII | C       | C     | =c/postgres          +

           |          |           |         |       | postgres=CTc/postgres

(4 rows)

kong=>

相关postgres命令参考:postgres常见命令

kong部署

kong这块按照官网的方法不成功,最终下载了rpm包安装成功的。

安装kong

$ sudo yum install kong-community-edition-0.13..el7.noarch.rpm

...

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : kong-community-edition-0.13.-.noarch                                               /

  Verifying  : kong-community-edition-0.13.-.noarch                                               /

Installed:

  kong-community-edition.noarch :0.13.-

Complete!

修改 kong 的配置文件

默认配置文件位于 /etc/kong/kong.conf.default
sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf
将之前安装配置好的 postgresql 信息填入 kong 配置文件中:
$ sudo vi /etc/kong/kong.conf

#------------------------------------------------------------------------------

# DATASTORE

#------------------------------------------------------------------------------

# Kong will store all of its data (such as APIs, consumers and plugins) in

# either Cassandra or PostgreSQL.

#

# All Kong nodes belonging to the same cluster must connect themselves to the

# same database.

database = postgres              # Determines which of PostgreSQL or Cassandra

                                 # this node will use as its datastore.

                                 # Accepted values are `postgres` and

                                 # `cassandra`.

pg_host = 127.0.0.1             # The PostgreSQL host to connect to.

pg_port =                   # The port to connect to.

pg_user = kong                  # The username to authenticate if required.

pg_password = kong              # The password to authenticate if required.

pg_database = kong              # The database name to connect to.

ssl = off                       # 如果不希望开放  的 ssl 访问可关闭

初始化数据库表

$ kong migrations up -c  /etc/kong/kong.conf

migrating core for database kong

core migrated up to: ---175310_skeleton

core migrated up to: ---175310_init_schema

core migrated up to: ---817313_nodes

core migrated up to: ---142793_ttls

core migrated up to: ---212515_retries

core migrated up to: ---141423_upstreams

core migrated up to: ---172100_move_ssl_certs_to_core

core migrated up to: ---151900_new_apis_router_1

core migrated up to: ---151900_new_apis_router_2

core migrated up to: ---151900_new_apis_router_3

core migrated up to: ---103600_unique_custom_id

core migrated up to: ---132600_upstream_timeouts

core migrated up to: ---132600_upstream_timeouts_2

core migrated up to: ---132300_anonymous

core migrated up to: ---153000_unique_plugins_id

core migrated up to: ---153000_unique_plugins_id_2

core migrated up to: ---180200_cluster_events

core migrated up to: ---173100_remove_nodes_table

core migrated up to: ---283123_ttl_indexes

core migrated up to: ---225000_balancer_orderlist_remove

core migrated up to: ---173400_apis_created_at_ms_precision

core migrated up to: ---192000_upstream_healthchecks

core migrated up to: ---134100_consistent_hashing_1

core migrated up to: ---192100_upstream_healthchecks_2

core migrated up to: ---134100_consistent_hashing_2

core migrated up to: ---121200_routes_and_services

core migrated up to: ---180700_plugins_routes_and_services

migrating response-transformer for database kong

response-transformer migrated up to: ---160000_resp_trans_schema_changes

migrating ip-restriction for database kong

ip-restriction migrated up to: ---remove-cache

migrating statsd for database kong

statsd migrated up to: ---160000_statsd_schema_changes

migrating jwt for database kong

jwt migrated up to: ---jwt-auth

jwt migrated up to: ---jwt-alg

jwt migrated up to: ---jwt_secret_not_unique

jwt migrated up to: ---120200_jwt-auth_preflight_default

jwt migrated up to: ---211200_jwt_cookie_names_default

migrating cors for database kong

cors migrated up to: --14_multiple_orgins

migrating basic-auth for database kong

basic-auth migrated up to: ---132400_init_basicauth

basic-auth migrated up to: ---180400_unique_username

migrating key-auth for database kong

key-auth migrated up to: ---172400_init_keyauth

key-auth migrated up to: ---120200_key-auth_preflight_default

migrating ldap-auth for database kong

ldap-auth migrated up to: ---150900_header_type_default

migrating hmac-auth for database kong

hmac-auth migrated up to: ---132400_init_hmacauth

hmac-auth migrated up to: ---132400_init_hmacauth

migrating datadog for database kong

datadog migrated up to: ---160000_datadog_schema_changes

migrating tcp-log for database kong

tcp-log migrated up to: ---120000_tcp-log_tls

migrating acl for database kong

acl migrated up to: ---841841_init_acl

migrating response-ratelimiting for database kong

response-ratelimiting migrated up to: ---132400_init_response_ratelimiting

response-ratelimiting migrated up to: ---321512_response-rate-limiting_policies

response-ratelimiting migrated up to: ---120000_add_route_and_service_id_to_response_ratelimiting

migrating request-transformer for database kong

request-transformer migrated up to: ---160000_req_trans_schema_changes

migrating rate-limiting for database kong

rate-limiting migrated up to: ---132400_init_ratelimiting

rate-limiting migrated up to: ---471385_ratelimiting_policies

rate-limiting migrated up to: ---120000_add_route_and_service_id

migrating oauth2 for database kong

oauth2 migrated up to: ---132400_init_oauth2

oauth2 migrated up to: ---oauth2_code_credential_id

oauth2 migrated up to: ---283949_serialize_redirect_uri

oauth2 migrated up to: ---oauth2_api_id

oauth2 migrated up to: ---set_global_credentials

oauth2 migrated up to: ---oauth2_client_secret_not_unique

oauth2 migrated up to: ---set_auth_header_name_default

oauth2 migrated up to: ---oauth2_new_refresh_token_ttl_config_value

oauth2 migrated up to: ---oauth2_pg_add_service_id

 migrations ran

启动kong服务

$ kong start

Kong started

服务已经正常启动

$ curl 127.0.0.1:

{"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":

....

centos7部署posgresql和kong总结的更多相关文章

  1. [原]CentOS7部署osm2pgsql

    转载请注明原作者(think8848)和出处(http://think8848.cnblogs.com) 部署Postgresql和部署PostGis请参考前两篇文章 本文主要参考GitHub上osm ...

  2. centos7 部署ssserver

    centos7 部署shadowsocks服务端 为什么要选centos7? 以后centos7 肯定是主流,在不重要的环境还是尽量使用新系统吧 centos7 的坑 默认可能会有firewall 或 ...

  3. centos7 部署 docker compose

    =============================================== 2019/4/10_第1次修改                       ccb_warlock == ...

  4. centos7 部署 docker ce

    =============================================== 2019/4/9_第1次修改                       ccb_warlock === ...

  5. centos7 部署 open-falcon 0.2.0

    =============================================== 2019/4/29_第3次修改                       ccb_warlock 更新 ...

  6. centos7 部署 docker、shipyard

    =============================================== 2019/4/9_第3次修改                       ccb_warlock 更新说 ...

  7. centos7 部署 docker swarm

    =============================================== 2019/4/9_第3次修改                       ccb_warlock 更新说 ...

  8. CentOS7部署Nginx

    CentOS7部署Nginx 1.准备工作 Nginx的安装依赖于以下三个包,意思就是在安装Nginx之前首先必须安装一下的三个包,注意安装顺序如下: 1 SSL功能需要openssl库,直接通过yu ...

  9. centos7部署JavaWeb项目

    centos7部署JavaWeb项目共有三步 1.配置java环境 2.配置tomcat环境. 3.部署JavaWeb项目 一.配置java环境 1.1安装java 参考我的另一篇博文:https:/ ...

随机推荐

  1. Hexo+Github搭建博客问题

    搭建过程如下:   http://www.cnblogs.com/fengxiongZz/p/7707568.html   问题:第6步,发布上传代码一直不成功(没异常,也没成功).   解决:修改_ ...

  2. 第二个spring冲刺第10天(及第二阶段总结)

    第二阶段算是结束了,第二阶段,我们实现了基本的功能,这是软件的开始页面,点击便会进入学习画面,目前学习画面还有待改善   燃尽图3 眨眼就完结了第二阶段的冲刺了,大致整体结构已经完成. 第二阶段总体是 ...

  3. Linux入门笔记

    1.Linux常用快捷键 按键 作用 Ctrl+d 键盘输入结束或退出终端 Ctrl+s  暂停当前程序,暂停后按下任意键恢复运行 Ctrl+z 将当前程序放到后台运行,恢复到前台为命令fg Ctrl ...

  4. Caffe2的安装

    源码下载 首先下载caffe2的源码:https://github.com/caffe2/caffe2 网上都建议使用git命令下载,因为caffe2依赖了很多第三方模块,git会根据依赖自动下载第三 ...

  5. iOS中单例创建时不严格造成的问题和解决方法

    这次项目中遇到了一个单例创建不严格造成了的问题.简单说来就是在有的地方使用了alloc创建了多个实例,当然如果严格按照接口的方法调用是不会有问题的,但是如果项目碰到有不太熟悉的人使用时在处理时就会出现 ...

  6. 软件工程(GZSD2015)学生博客列表

    2015年贵州师范大学软件工程课程学生博客列表 陈小丽 郑倩 唐洁 周娟 李利思 肖俊 罗文豪 周静 徐明艳 毛涛 邓洪虹 岳庆 李盼 安坤 何亚 涂江凤 张义平 杨明颢 杨家堂 胡贵玲 寿克霞 吴明 ...

  7. 【Alpha阶段】测试报告

    buglist:链接 1.测试找出的BUG 从上线之前黑盒测试结果bug清单: 录入报告的按钮变灰 浏览器浏览时网站崩溃 实验报告显示不出 收藏夹在点击多次后变为 1071生成报告数据不对 个人收藏点 ...

  8. node的读写流

    let http = require('http'); http.createServer((req,res)=>{ res.end(); }).listen(,()=>{ console ...

  9. [书摘]Windows内存管理术语

    1. Virtual Address space 虚拟地址空间 一个应用程序能够访问的最大的内存地址空间, 32位的机器上面最大的就是4GB 但是 并不是所有的内存都放到主存里面, 可能放到pagef ...

  10. CMake--Set用法

    CMake中的set用于给一般变量,缓存变量,环境变量赋值. cmake官方文档set set(<variable> <value> [[CACHE <type> ...