centos7部署posgresql和kong總結


  之前在macos系統測試安裝psql和kong,但是實際環境中,大部分是部署在linux服務器上。下面記錄了在centos7上部署postgresql和kong的總結以及遇到的一些問題的解決。

查看centos版本:

$ cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

部署版本:

kong: v0.13.1

postgresql: v10.4 (注意:psql版本必須與kong版本對應)

安裝依賴包

安裝gcc編譯環境

$ sudo yum install -y gcc gcc-c++

pcre安裝

pcre(Perl Compatible Regular Expressions) 是一個 Perl 庫,包括 perl 兼容的正則表達式,nginx 的 http 庫使用 pcre 解析正則表達式。

$ sudo yum install -y pcre pcre-devel

zlib安裝

zlib 庫提供多種壓縮和加壓縮的方式。
$ sudo yum install -y zlib zlib-devel

openssl安裝

openssl 是一個請打的安全套接字層密碼庫,囊括主要的密碼算法、常用的密鑰和證書封裝管理功能及 SSL 協議

$ sudo yum install -y openssl openssl-devel

postgresql 部署

  PostgreSQL是完全由社區驅動的開源項目,由全世界超過1000名貢獻者所維護。它提供了單個完整功能的版本。可靠性是PostgreSQL的最高優先級。Kong 默認使用 postgresql 作為數據庫。
  這里安裝kong的版本是0.13,對應的psql版本需要在v10+,否則啟動kong會報下面的錯:
$  /usr/local/bin/kong start
2018/06/08 12:07:55 [warn] postgres database 'kong' is missing migration: (response-transformer) 2016-05-04-160000_resp_trans_schema_changes
Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:34: [postgres error] the current database schema does not match this version of Kong. Please run `kong migrations up` to update/initialize the database schema. Be aware that Kong migrations should only run from a single node, and that nodes running migrations concurrently will conflict with each other and might corrupt your database schema!

安裝psql-10

$ sudo yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-latest-x86_64/pgdg-centos10-10-2.noarch.rpm
$ sudo  yum install -y postgresql10-server postgresql10-contrib

初始化數據庫

$ sudo /usr/pgsql-10/bin/postgresql-10-setup initdb
Initializing database ... OK

設置成centos7開機自啟動

sudo systemctl enable postgresql-10.service

啟動postgresql服務

# 啟動服務
$ sudo systemctl start postgresql-10.service
# 查看psql運行狀態
$ sudo systemctl status postgresql-10.service
● postgresql-10.service - PostgreSQL 10 database server
   Loaded: loaded (/usr/lib/systemd/system/postgresql-10.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-06-08 12:22:17 CST; 16s ago
     Docs: https://www.postgresql.org/docs/10/static/
  Process: 12951 ExecStartPre=/usr/pgsql-10/bin/postgresql-10-check-db-dir ${PGDATA} (code=exited, status=0/SUCCESS)
 Main PID: 12957 (postmaster)
   CGroup: /system.slice/postgresql-10.service
           ├─12957 /usr/pgsql-10/bin/postmaster -D /var/lib/pgsql/10/data/
           ├─12959 postgres: logger process
           ├─12961 postgres: checkpointer process
           ├─12962 postgres: writer process
           ├─12963 postgres: wal writer process
           ├─12964 postgres: autovacuum launcher process
           ├─12965 postgres: stats collector process
           └─12966 postgres: bgworker: logical replication launcher

Jun 08 12:22:17 172-18-38-219 systemd[1]: Starting PostgreSQL 10 database server...
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] LOG:  listeni...432
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] LOG:  could n...ess
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] HINT:  Is ano...ry.
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.801 CST [12957] LOG:  listeni...32"
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.808 CST [12957] LOG:  listeni...32"
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.825 CST [12957] LOG:  redirec...ess
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.825 CST [12957] HINT:  Future...g".
Jun 08 12:22:17 172-18-38-219 systemd[1]: Started PostgreSQL 10 database server.
Hint: Some lines were ellipsized, use -l to show in full.

Postgresql配置

執行完初始化任務之后,postgresql 會自動創建和生成兩個用戶和一個數據庫:
   linux 系統用戶 postgres:管理數據庫的系統用戶;
  postgresql 用戶 postgres:數據庫超級管理員;
  數據庫 postgres:用戶 postgres 的默認數據庫;
  密碼由於是默認生成的,需要在系統中修改一下。

修改初始密碼

$ passwd postgres Changing password for user postgres. New password: BAD PASSWORD: The password contains the user name in some form Retype new password: passwd: all authentication tokens updated successfully.

創建用戶

為了安全以及滿足 Kong 初始化的需求,需要在建立一個 postgre 用戶 kong 和對應的 linux 用戶 kong,並新建數據庫 kong。

# 新建 linux kong 用戶
$ sudo adduser kong

# 使用管理員賬號登錄 psql 創建用戶和數據庫
# 切換 postgres 用戶
# 切換 postgres 用戶后,提示符變成 `-bash-4.3$` 
$ su postgres

# 進入psql控制台,此時會進入到控制台(系統提示符變為'postgres=#')
bash-4.3$ psql
could not change directory to "/root": Permission denied
psql (10.4)
Type "help" for help.

#為管理員用戶postgres修改密碼,之前改過了這里就不用改了
postgres=# password postgres

#建立新的數據庫用戶(和之前建立的系統用戶要一樣)
postgres=# create user kong with password 'kong';
CREATE ROLE

#為新用戶建立數據庫
postgres=# create database kong owner kong;
CREATE DATABASE

#把新建的數據庫權限賦予 kong
postgres=# grant all privileges on database kong to kong;
GRANT

#退出控制台
postgres=# \q
bash-4.3$

注意:在 psql 控制台下執行命令,一定記得在命令后添加分號。

而且postgresql的用戶要和系統用戶一樣:

$ cat /etc/passwd
...
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
kong:x:1002:1002::/home/kong:/bin/bash

問題一:

用命令行登錄,在root賬戶下登錄postgresql 數據庫會提示權限問題:

$ psql -U kong -d kong -h 127.0.0.1 -p 5432
psql: FATAL:  Ident authentication failed for user "kong"

原因是postgres沒有配置對外訪問策略。

認證權限配置文件為  /var/lib/pgsql/10/data/pg_hba.conf
常見的四種身份驗證為:
   trust:凡是連接到服務器的,都是可信任的。只需要提供psql用戶名,可以沒有對應的操作系統同名用戶;
  password 和 md5:對於外部訪問,需要提供 psql 用戶名和密碼。對於本地連接,提供 psql 用戶名密碼之外,還需要有操作系統訪問權。(用操作系統同名用戶驗證)password 和 md5 的區別就是外部訪問時傳輸的密碼是否用 md5 加密;
  ident:對於外部訪問,從 ident 服務器獲得客戶端操作系統用戶名,然后把操作系統作為數據庫用戶名進行登錄對於本地連接,實際上使用了peer;
  peer:通過客戶端操作系統內核來獲取當前系統登錄的用戶名,並作為psql用戶名進行登錄。
psql 用戶必須有同名的操作系統用戶名。並且必須以與 psql 同名用戶登錄 linux 才可以登錄 psql 。想用其他用戶(例如 root )登錄 psql,修改本地認證方式為 trust 或者 password 即可。
$ vim /var/lib/pgsql/10/data/pg_hba.conf
# 增加如下兩條配置
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 0.0.0.0/0 trust
問題二:
通過本地連接會提示拒絕連接,因為pgsql 默認只能通過本地訪問,需要開啟遠程訪問。
修改配置文件  var/lib/pgsql/10/data/postgresql.conf ,將 listen_address 設置為 '*'
$ vim var/lib/pgsql/10/data/postgresql.conf

# CONNECTIONS AND AUTHENTICATION #
------------------------------------------------------------------------------ # - Connection Settings - listen_addresses = '*' # what IP address(es) to listen on;

修改以上兩個配置文件后,重啟postgresql服務:

$ sudo systemctl restart postgresql-10.service

$ psql -U kong -d kong -h 127.0.0.1 -p 5432
psql (10.4)
Type "help" for help.

kong=> \l
                             List of databases
   Name    |  Owner   | Encoding  | Collate | Ctype |   Access privileges
-----------+----------+-----------+---------+-------+-----------------------
 kong      | kong     | SQL_ASCII | C       | C     | =Tc/kong             +
           |          |           |         |       | kong=CTc/kong
 postgres  | postgres | SQL_ASCII | C       | C     |
 template0 | postgres | SQL_ASCII | C       | C     | =c/postgres          +
           |          |           |         |       | postgres=CTc/postgres
 template1 | postgres | SQL_ASCII | C       | C     | =c/postgres          +
           |          |           |         |       | postgres=CTc/postgres
(4 rows)

kong=>

相關postgres命令參考:postgres常見命令

kong部署

kong這塊按照官網的方法不成功,最終下載了rpm包安裝成功的。

安裝kong

$ sudo yum install kong-community-edition-0.13.1.el7.noarch.rpm
...
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : kong-community-edition-0.13.1-1.noarch                                               1/1
  Verifying  : kong-community-edition-0.13.1-1.noarch                                               1/1

Installed:
  kong-community-edition.noarch 0:0.13.1-1

Complete!

修改 kong 的配置文件

默認配置文件位於 /etc/kong/kong.conf.default
sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf
將之前安裝配置好的 postgresql 信息填入 kong 配置文件中:
$ sudo vi /etc/kong/kong.conf
#------------------------------------------------------------------------------
# DATASTORE
#------------------------------------------------------------------------------

# Kong will store all of its data (such as APIs, consumers and plugins) in
# either Cassandra or PostgreSQL.
#
# All Kong nodes belonging to the same cluster must connect themselves to the
# same database.

database = postgres              # Determines which of PostgreSQL or Cassandra
                                 # this node will use as its datastore.
                                 # Accepted values are `postgres` and
                                 # `cassandra`.

pg_host = 127.0.0.1             # The PostgreSQL host to connect to.
pg_port = 5432                  # The port to connect to.
pg_user = kong                  # The username to authenticate if required.
pg_password = kong              # The password to authenticate if required.
pg_database = kong              # The database name to connect to.

ssl = off                       # 如果不希望開放 8443 的 ssl 訪問可關閉

初始化數據庫表

$ kong migrations up -c  /etc/kong/kong.conf
migrating core for database kong
core migrated up to: 2015-01-12-175310_skeleton
core migrated up to: 2015-01-12-175310_init_schema
core migrated up to: 2015-11-23-817313_nodes
core migrated up to: 2016-02-29-142793_ttls
core migrated up to: 2016-09-05-212515_retries
core migrated up to: 2016-09-16-141423_upstreams
core migrated up to: 2016-12-14-172100_move_ssl_certs_to_core
core migrated up to: 2016-11-11-151900_new_apis_router_1
core migrated up to: 2016-11-11-151900_new_apis_router_2
core migrated up to: 2016-11-11-151900_new_apis_router_3
core migrated up to: 2016-01-25-103600_unique_custom_id
core migrated up to: 2017-01-24-132600_upstream_timeouts
core migrated up to: 2017-01-24-132600_upstream_timeouts_2
core migrated up to: 2017-03-27-132300_anonymous
core migrated up to: 2017-04-18-153000_unique_plugins_id
core migrated up to: 2017-04-18-153000_unique_plugins_id_2
core migrated up to: 2017-05-19-180200_cluster_events
core migrated up to: 2017-05-19-173100_remove_nodes_table
core migrated up to: 2017-06-16-283123_ttl_indexes
core migrated up to: 2017-07-28-225000_balancer_orderlist_remove
core migrated up to: 2017-10-02-173400_apis_created_at_ms_precision
core migrated up to: 2017-11-07-192000_upstream_healthchecks
core migrated up to: 2017-10-27-134100_consistent_hashing_1
core migrated up to: 2017-11-07-192100_upstream_healthchecks_2
core migrated up to: 2017-10-27-134100_consistent_hashing_2
core migrated up to: 2017-09-14-121200_routes_and_services
core migrated up to: 2017-10-25-180700_plugins_routes_and_services
migrating response-transformer for database kong
response-transformer migrated up to: 2016-05-04-160000_resp_trans_schema_changes
migrating ip-restriction for database kong
ip-restriction migrated up to: 2016-05-24-remove-cache
migrating statsd for database kong
statsd migrated up to: 2017-06-09-160000_statsd_schema_changes
migrating jwt for database kong
jwt migrated up to: 2015-06-09-jwt-auth
jwt migrated up to: 2016-03-07-jwt-alg
jwt migrated up to: 2017-05-22-jwt_secret_not_unique
jwt migrated up to: 2017-07-31-120200_jwt-auth_preflight_default
jwt migrated up to: 2017-10-25-211200_jwt_cookie_names_default
migrating cors for database kong
cors migrated up to: 2017-03-14_multiple_orgins
migrating basic-auth for database kong
basic-auth migrated up to: 2015-08-03-132400_init_basicauth
basic-auth migrated up to: 2017-01-25-180400_unique_username
migrating key-auth for database kong
key-auth migrated up to: 2015-07-31-172400_init_keyauth
key-auth migrated up to: 2017-07-31-120200_key-auth_preflight_default
migrating ldap-auth for database kong
ldap-auth migrated up to: 2017-10-23-150900_header_type_default
migrating hmac-auth for database kong
hmac-auth migrated up to: 2015-09-16-132400_init_hmacauth
hmac-auth migrated up to: 2017-06-21-132400_init_hmacauth
migrating datadog for database kong
datadog migrated up to: 2017-06-09-160000_datadog_schema_changes
migrating tcp-log for database kong
tcp-log migrated up to: 2017-12-13-120000_tcp-log_tls
migrating acl for database kong
acl migrated up to: 2015-08-25-841841_init_acl
migrating response-ratelimiting for database kong
response-ratelimiting migrated up to: 2015-08-03-132400_init_response_ratelimiting
response-ratelimiting migrated up to: 2016-08-04-321512_response-rate-limiting_policies
response-ratelimiting migrated up to: 2017-12-19-120000_add_route_and_service_id_to_response_ratelimiting
migrating request-transformer for database kong
request-transformer migrated up to: 2016-05-04-160000_req_trans_schema_changes
migrating rate-limiting for database kong
rate-limiting migrated up to: 2015-08-03-132400_init_ratelimiting
rate-limiting migrated up to: 2016-07-25-471385_ratelimiting_policies
rate-limiting migrated up to: 2017-11-30-120000_add_route_and_service_id
migrating oauth2 for database kong
oauth2 migrated up to: 2015-08-03-132400_init_oauth2
oauth2 migrated up to: 2016-07-15-oauth2_code_credential_id
oauth2 migrated up to: 2016-12-22-283949_serialize_redirect_uri
oauth2 migrated up to: 2016-09-19-oauth2_api_id
oauth2 migrated up to: 2016-12-15-set_global_credentials
oauth2 migrated up to: 2017-04-24-oauth2_client_secret_not_unique
oauth2 migrated up to: 2017-10-19-set_auth_header_name_default
oauth2 migrated up to: 2017-10-11-oauth2_new_refresh_token_ttl_config_value
oauth2 migrated up to: 2018-01-09-oauth2_pg_add_service_id
62 migrations ran

啟動kong服務

$ kong start
Kong started

服務已經正常啟動

$ curl 127.0.0.1:8001
{"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":1
....

 

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM