之前在macos系统测试安装psql和kong,但是实际环境中,大部分是部署在linux服务器上。下面记录了在centos7上部署postgresql和kong的总结以及遇到的一些问题的解决。

查看centos版本:

$ cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

部署版本:

kong: v0.13.1

postgresql: v10.4 (注意:psql版本必须与kong版本对应)

安装依赖包

安装gcc编译环境

$ sudo yum install -y gcc gcc-c++

pcre安装

pcre(Perl Compatible Regular Expressions) 是一个 Perl 库,包括 perl 兼容的正则表达式,nginx 的 http 库使用 pcre 解析正则表达式。

$ sudo yum install -y pcre pcre-devel

zlib安装

zlib 库提供多种压缩和加压缩的方式。
$ sudo yum install -y zlib zlib-devel

openssl安装

openssl 是一个请打的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议

$ sudo yum install -y openssl openssl-devel

postgresql 部署

  PostgreSQL是完全由社区驱动的开源项目,由全世界超过1000名贡献者所维护。它提供了单个完整功能的版本。可靠性是PostgreSQL的最高优先级。Kong 默认使用 postgresql 作为数据库。
  这里安装kong的版本是0.13,对应的psql版本需要在v10+,否则启动kong会报下面的错:
$  /usr/local/bin/kong start

// :: [warn] postgres database 'kong' is missing migration: (response-transformer) ---160000_resp_trans_schema_changes

Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:: [postgres error] the current database schema does not match this version of Kong. Please run `kong migrations up` to update/initialize the database schema. Be aware that Kong migrations should only run from a single node, and that nodes running migrations concurrently will conflict with each other and might corrupt your database schema!

安装psql-10

$ sudo yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-latest-x86_64/pgdg-centos10-10-2.noarch.rpm
$ sudo  yum install -y postgresql10-server postgresql10-contrib

初始化数据库

$ sudo /usr/pgsql-/bin/postgresql--setup initdb

Initializing database ... OK

设置成centos7开机自启动

sudo systemctl enable postgresql-.service

启动postgresql服务

# 启动服务

$ sudo systemctl start postgresql-.service

# 查看psql运行状态

$ sudo systemctl status postgresql-.service

● postgresql-.service - PostgreSQL  database server

   Loaded: loaded (/usr/lib/systemd/system/postgresql-.service; disabled; vendor preset: disabled)

   Active: active (running) since Fri -- :: CST; 16s ago

     Docs: https://www.postgresql.org/docs/10/static/

  Process:  ExecStartPre=/usr/pgsql-/bin/postgresql--check-db-dir ${PGDATA} (code=exited, status=/SUCCESS)

 Main PID:  (postmaster)

   CGroup: /system.slice/postgresql-.service

           ├─ /usr/pgsql-/bin/postmaster -D /var/lib/pgsql//data/

           ├─ postgres: logger process

           ├─ postgres: checkpointer process

           ├─ postgres: writer process

           ├─ postgres: wal writer process

           ├─ postgres: autovacuum launcher process

           ├─ postgres: stats collector process

           └─ postgres: bgworker: logical replication launcher

Jun  :: --- systemd[]: Starting PostgreSQL  database server...

Jun  :: --- postmaster[]: -- ::17.798 CST [] LOG:  listeni...

Jun  :: --- postmaster[]: -- ::17.798 CST [] LOG:  could n...ess

Jun  :: --- postmaster[]: -- ::17.798 CST [] HINT:  Is ano...ry.

Jun  :: --- postmaster[]: -- ::17.801 CST [] LOG:  listeni..."

Jun  :: --- postmaster[]: -- ::17.808 CST [] LOG:  listeni..."

Jun  :: --- postmaster[]: -- ::17.825 CST [] LOG:  redirec...ess

Jun  :: --- postmaster[]: -- ::17.825 CST [] HINT:  Future...g".

Jun  :: --- systemd[]: Started PostgreSQL  database server.

Hint: Some lines were ellipsized, use -l to show in full.

Postgresql配置

执行完初始化任务之后,postgresql 会自动创建和生成两个用户和一个数据库:
  linux 系统用户 postgres:管理数据库的系统用户;
  postgresql 用户 postgres:数据库超级管理员;
  数据库 postgres:用户 postgres 的默认数据库;
  密码由于是默认生成的,需要在系统中修改一下。

修改初始密码

$ passwd postgres

Changing password for user postgres.

New password:

BAD PASSWORD: The password contains the user name in some form

Retype new password:

passwd: all authentication tokens updated successfully.

创建用户

为了安全以及满足 Kong 初始化的需求,需要在建立一个 postgre 用户 kong 和对应的 linux 用户 kong,并新建数据库 kong。

# 新建 linux kong 用户

$ sudo adduser kong

# 使用管理员账号登录 psql 创建用户和数据库

# 切换 postgres 用户

# 切换 postgres 用户后,提示符变成 `-bash-4.3$`

$ su postgres

# 进入psql控制台,此时会进入到控制台(系统提示符变为'postgres=#')

bash-4.3$ psql

could not change directory to "/root": Permission denied

psql (10.4)

Type "help" for help.

#为管理员用户postgres修改密码,之前改过了这里就不用改了

postgres=# password postgres

#建立新的数据库用户(和之前建立的系统用户要一样)

postgres=# create user kong with password 'kong';

CREATE ROLE

#为新用户建立数据库

postgres=# create database kong owner kong;

CREATE DATABASE

#把新建的数据库权限赋予 kong

postgres=# grant all privileges on database kong to kong;

GRANT

#退出控制台

postgres=# \q

bash-4.3$

注意:在 psql 控制台下执行命令,一定记得在命令后添加分号。

而且postgresql的用户要和系统用户一样:

$ cat /etc/passwd

...

postgres:x:::PostgreSQL Server:/var/lib/pgsql:/bin/bash

kong:x::::/home/kong:/bin/bash

问题一:

用命令行登录,在root账户下登录postgresql 数据库会提示权限问题:

$ psql -U kong -d kong -h 127.0.0.1 -p

psql: FATAL:  Ident authentication failed for user "kong"

原因是postgres没有配置对外访问策略。

认证权限配置文件为 /var/lib/pgsql/10/data/pg_hba.conf
常见的四种身份验证为:
  trust:凡是连接到服务器的,都是可信任的。只需要提供psql用户名,可以没有对应的操作系统同名用户;
  password 和 md5:对于外部访问,需要提供 psql 用户名和密码。对于本地连接,提供 psql 用户名密码之外,还需要有操作系统访问权。(用操作系统同名用户验证)password 和 md5 的区别就是外部访问时传输的密码是否用 md5 加密;
  ident:对于外部访问,从 ident 服务器获得客户端操作系统用户名,然后把操作系统作为数据库用户名进行登录对于本地连接,实际上使用了peer;
  peer:通过客户端操作系统内核来获取当前系统登录的用户名,并作为psql用户名进行登录。
psql 用户必须有同名的操作系统用户名。并且必须以与 psql 同名用户登录 linux 才可以登录 psql 。想用其他用户(例如 root )登录 psql,修改本地认证方式为 trust 或者 password 即可。
$ vim /var/lib/pgsql//data/pg_hba.conf
# 增加如下两条配置
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 0.0.0.0/0 trust
问题二:
通过本地连接会提示拒绝连接,因为pgsql 默认只能通过本地访问,需要开启远程访问。
修改配置文件  var/lib/pgsql/10/data/postgresql.conf ,将 listen_address 设置为 '*'
$ vim var/lib/pgsql//data/postgresql.conf


# CONNECTIONS AND AUTHENTICATION

#------------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = '*'             # what IP address(es) to listen on;

修改以上两个配置文件后,重启postgresql服务:

$ sudo systemctl restart postgresql-10.service

$ psql -U kong -d kong -h 127.0.0.1 -p 5432

psql (10.4)

Type "help" for help.

kong=> \l

                             List of databases

   Name    |  Owner   | Encoding  | Collate | Ctype |   Access privileges

-----------+----------+-----------+---------+-------+-----------------------

 kong      | kong     | SQL_ASCII | C       | C     | =Tc/kong             +

           |          |           |         |       | kong=CTc/kong

 postgres  | postgres | SQL_ASCII | C       | C     |

 template0 | postgres | SQL_ASCII | C       | C     | =c/postgres          +

           |          |           |         |       | postgres=CTc/postgres

 template1 | postgres | SQL_ASCII | C       | C     | =c/postgres          +

           |          |           |         |       | postgres=CTc/postgres

(4 rows)

kong=>

相关postgres命令参考:postgres常见命令

kong部署

kong这块按照官网的方法不成功,最终下载了rpm包安装成功的。

安装kong

$ sudo yum install kong-community-edition-0.13..el7.noarch.rpm

...

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : kong-community-edition-0.13.-.noarch                                               /

  Verifying  : kong-community-edition-0.13.-.noarch                                               /

Installed:

  kong-community-edition.noarch :0.13.-

Complete!

修改 kong 的配置文件

默认配置文件位于 /etc/kong/kong.conf.default
sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf
将之前安装配置好的 postgresql 信息填入 kong 配置文件中:
$ sudo vi /etc/kong/kong.conf

#------------------------------------------------------------------------------

# DATASTORE

#------------------------------------------------------------------------------

# Kong will store all of its data (such as APIs, consumers and plugins) in

# either Cassandra or PostgreSQL.

#

# All Kong nodes belonging to the same cluster must connect themselves to the

# same database.

database = postgres              # Determines which of PostgreSQL or Cassandra

                                 # this node will use as its datastore.

                                 # Accepted values are `postgres` and

                                 # `cassandra`.

pg_host = 127.0.0.1             # The PostgreSQL host to connect to.

pg_port =                   # The port to connect to.

pg_user = kong                  # The username to authenticate if required.

pg_password = kong              # The password to authenticate if required.

pg_database = kong              # The database name to connect to.

ssl = off                       # 如果不希望开放  的 ssl 访问可关闭

初始化数据库表

$ kong migrations up -c  /etc/kong/kong.conf

migrating core for database kong

core migrated up to: ---175310_skeleton

core migrated up to: ---175310_init_schema

core migrated up to: ---817313_nodes

core migrated up to: ---142793_ttls

core migrated up to: ---212515_retries

core migrated up to: ---141423_upstreams

core migrated up to: ---172100_move_ssl_certs_to_core

core migrated up to: ---151900_new_apis_router_1

core migrated up to: ---151900_new_apis_router_2

core migrated up to: ---151900_new_apis_router_3

core migrated up to: ---103600_unique_custom_id

core migrated up to: ---132600_upstream_timeouts

core migrated up to: ---132600_upstream_timeouts_2

core migrated up to: ---132300_anonymous

core migrated up to: ---153000_unique_plugins_id

core migrated up to: ---153000_unique_plugins_id_2

core migrated up to: ---180200_cluster_events

core migrated up to: ---173100_remove_nodes_table

core migrated up to: ---283123_ttl_indexes

core migrated up to: ---225000_balancer_orderlist_remove

core migrated up to: ---173400_apis_created_at_ms_precision

core migrated up to: ---192000_upstream_healthchecks

core migrated up to: ---134100_consistent_hashing_1

core migrated up to: ---192100_upstream_healthchecks_2

core migrated up to: ---134100_consistent_hashing_2

core migrated up to: ---121200_routes_and_services

core migrated up to: ---180700_plugins_routes_and_services

migrating response-transformer for database kong

response-transformer migrated up to: ---160000_resp_trans_schema_changes

migrating ip-restriction for database kong

ip-restriction migrated up to: ---remove-cache

migrating statsd for database kong

statsd migrated up to: ---160000_statsd_schema_changes

migrating jwt for database kong

jwt migrated up to: ---jwt-auth

jwt migrated up to: ---jwt-alg

jwt migrated up to: ---jwt_secret_not_unique

jwt migrated up to: ---120200_jwt-auth_preflight_default

jwt migrated up to: ---211200_jwt_cookie_names_default

migrating cors for database kong

cors migrated up to: --14_multiple_orgins

migrating basic-auth for database kong

basic-auth migrated up to: ---132400_init_basicauth

basic-auth migrated up to: ---180400_unique_username

migrating key-auth for database kong

key-auth migrated up to: ---172400_init_keyauth

key-auth migrated up to: ---120200_key-auth_preflight_default

migrating ldap-auth for database kong

ldap-auth migrated up to: ---150900_header_type_default

migrating hmac-auth for database kong

hmac-auth migrated up to: ---132400_init_hmacauth

hmac-auth migrated up to: ---132400_init_hmacauth

migrating datadog for database kong

datadog migrated up to: ---160000_datadog_schema_changes

migrating tcp-log for database kong

tcp-log migrated up to: ---120000_tcp-log_tls

migrating acl for database kong

acl migrated up to: ---841841_init_acl

migrating response-ratelimiting for database kong

response-ratelimiting migrated up to: ---132400_init_response_ratelimiting

response-ratelimiting migrated up to: ---321512_response-rate-limiting_policies

response-ratelimiting migrated up to: ---120000_add_route_and_service_id_to_response_ratelimiting

migrating request-transformer for database kong

request-transformer migrated up to: ---160000_req_trans_schema_changes

migrating rate-limiting for database kong

rate-limiting migrated up to: ---132400_init_ratelimiting

rate-limiting migrated up to: ---471385_ratelimiting_policies

rate-limiting migrated up to: ---120000_add_route_and_service_id

migrating oauth2 for database kong

oauth2 migrated up to: ---132400_init_oauth2

oauth2 migrated up to: ---oauth2_code_credential_id

oauth2 migrated up to: ---283949_serialize_redirect_uri

oauth2 migrated up to: ---oauth2_api_id

oauth2 migrated up to: ---set_global_credentials

oauth2 migrated up to: ---oauth2_client_secret_not_unique

oauth2 migrated up to: ---set_auth_header_name_default

oauth2 migrated up to: ---oauth2_new_refresh_token_ttl_config_value

oauth2 migrated up to: ---oauth2_pg_add_service_id

 migrations ran

启动kong服务

$ kong start

Kong started

服务已经正常启动

$ curl 127.0.0.1:

{"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":

....

centos7部署posgresql和kong总结的更多相关文章

  1. [原]CentOS7部署osm2pgsql

    转载请注明原作者(think8848)和出处(http://think8848.cnblogs.com) 部署Postgresql和部署PostGis请参考前两篇文章 本文主要参考GitHub上osm ...

  2. centos7 部署ssserver

    centos7 部署shadowsocks服务端 为什么要选centos7? 以后centos7 肯定是主流,在不重要的环境还是尽量使用新系统吧 centos7 的坑 默认可能会有firewall 或 ...

  3. centos7 部署 docker compose

    =============================================== 2019/4/10_第1次修改                       ccb_warlock == ...

  4. centos7 部署 docker ce

    =============================================== 2019/4/9_第1次修改                       ccb_warlock === ...

  5. centos7 部署 open-falcon 0.2.0

    =============================================== 2019/4/29_第3次修改                       ccb_warlock 更新 ...

  6. centos7 部署 docker、shipyard

    =============================================== 2019/4/9_第3次修改                       ccb_warlock 更新说 ...

  7. centos7 部署 docker swarm

    =============================================== 2019/4/9_第3次修改                       ccb_warlock 更新说 ...

  8. CentOS7部署Nginx

    CentOS7部署Nginx 1.准备工作 Nginx的安装依赖于以下三个包,意思就是在安装Nginx之前首先必须安装一下的三个包,注意安装顺序如下: 1 SSL功能需要openssl库,直接通过yu ...

  9. centos7部署JavaWeb项目

    centos7部署JavaWeb项目共有三步 1.配置java环境 2.配置tomcat环境. 3.部署JavaWeb项目 一.配置java环境 1.1安装java 参考我的另一篇博文:https:/ ...

随机推荐

  1. Oracle数据库冷备份与热备份操作梳理

    Oracle数据库的备份方式有冷备份和热备份两种,针对这两种备份的实施过程记录如下: 一.Oracle冷备份 概念数据库在关闭状态下完成所有物理系统文件拷贝的过程,也称脱机备份.适合于非归档模式(即n ...

  2. PAT甲题题解-1130. Infix Expression (25)-中序遍历

    博主欢迎转载,但请给出本文链接,我尊重你,你尊重我,谢谢~http://www.cnblogs.com/chenxiwenruo/p/6789828.html特别不喜欢那些随便转载别人的原创文章又不给 ...

  3. 作业20171102 alpha-review 成绩

    申诉 对成绩有疑问或不同意见的同学,请在群里[@杨贵福]. 申诉时间截止2017年12月12日 17:00. 成绩 review NABCD-评论 SPEC-评论 例行报告 附加分数 合计 本周归一化 ...

  4. SCRUM 12.21

    从爬虫遇到的问题中我们学会了: 1.有的网站是有反爬虫机制的,外卖网站(我们猜测基本所有盈利性质的网站可能都是)全部都有. 2.我们对于反爬虫机制有了一定的了解.   本次爬虫测试中,我们最后连美团网 ...

  5. week3-构造一个简单的linux系统

    潘恒  原创作品转载请注明出处  <Linux内核分析>MOOC课程http://mooc.study.163.com/course/USTC-1000029000 一.gdb跟踪调试内核 ...

  6. Linux 第八周实验 进程的切换和系统的一般执行过程

    姬梦馨 原创作品 <Linux内核分析>MOOC课程:http://mooc.study.163.com/course/USTC-1000029000 第八讲 进程的切换和系统的一般执行过 ...

  7. eclipse中git的author和commiter的修改

    项目目录,隐藏的文件.git的文件夹,config文件 eclipse-->右击项目--showin--system explorer.git 打开config文件加上 [user] name ...

  8. github个人心得和链接

    github使用心得: 在本次github使用过程中,我总结了git常用命令,都有哪些功能? git常用命令: git config :配置git git add:更新working director ...

  9. TCP系列11—重传—1、TCP重传概述

    在最开始介绍TCP的时候,我们就介绍了TCP的三个特点,分别是面向连接.可靠.字节流式.前面内容我们已经介绍过了TCP的连接管理,接下来的这部分内容将会介绍与TCP可靠性强关联的TCP重传. 很多网络 ...

  10. 链表数据结构(C/C++语言实现)

    注意:没有使用malloc和free:加了一个头文件,用于清屏和暂停:还有就是一个错误特别容易被忽略,那就是主函数中声明了LinkList p,然后就直接创建链表,忘了给p分配空间.一定要先初始化链表 ...