devbox
从前慢现在也慢
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

centos7部署posgresql和kong总结_execstartpre=/usr/pgsql-10/bin/postgresql-10-check

作者:从前慢现在也慢 | 2024-03-17 13:59:19

execstartpre=/usr/pgsql-10/bin/postgresql-10-check-db-dir ${pgdata} (code=ex

之前在macos系统测试安装psql和kong,但是实际环境中,大部分是部署在linux服务器上。下面记录了在centos7上部署postgresql和kong的总结以及遇到的一些问题的解决。

查看centos版本:

  1. $ cat /etc/redhat-release
  2. CentOS Linux release 7.2.1511 (Core)

部署版本:

kong: v0.13.1

postgresql: v10.4 (注意:psql版本必须与kong版本对应)

安装依赖包

安装gcc编译环境

$ sudo yum install -y gcc gcc-c++

pcre安装

pcre(Perl Compatible Regular Expressions) 是一个 Perl 库,包括 perl 兼容的正则表达式,nginx 的 http 库使用 pcre 解析正则表达式。

$ sudo yum install -y pcre pcre-devel

zlib安装

zlib 库提供多种压缩和加压缩的方式。

$ sudo yum install -y zlib zlib-devel

openssl安装

openssl 是一个请打的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议

$ sudo yum install -y openssl openssl-devel

postgresql 部署

 

  PostgreSQL是完全由社区驱动的开源项目,由全世界超过1000名贡献者所维护。它提供了单个完整功能的版本。可靠性是PostgreSQL的最高优先级。Kong 默认使用 postgresql 作为数据库。

  这里安装kong的版本是0.13,对应的psql版本需要在v10+,否则启动kong会报下面的错:

  1. $  /usr/local/bin/kong start
  2. 2018/06/08 12:07:55 [warn] postgres database 'kong' is missing migration: (response-transformer) 2016-05-04-160000_resp_trans_schema_changes
  3. Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:34: [postgres error] the current database schema does not match this version of Kong. Please run `kong migrations up` to update/initialize the database schema. Be aware that Kong migrations should only run from a single node, and that nodes running migrations concurrently will conflict with each other and might corrupt your database schema!

安装psql-10

$ sudo yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-latest-x86_64/pgdg-centos10-10-2.noarch.rpm
$ sudo  yum install -y postgresql10-server postgresql10-contrib

初始化数据库

  1. $ sudo /usr/pgsql-10/bin/postgresql-10-setup initdb
  2. Initializing database ... OK

设置成centos7开机自启动

sudo systemctl enable postgresql-10.service

启动postgresql服务

  1. # 启动服务
  2. $ sudo systemctl start postgresql-10.service
  3. # 查看psql运行状态
  4. $ sudo systemctl status postgresql-10.service
  5. ● postgresql-10.service - PostgreSQL 10 database server
  6.    Loaded: loaded (/usr/lib/systemd/system/postgresql-10.service; disabled; vendor preset: disabled)
  7.    Active: active (running) since Fri 2018-06-08 12:22:17 CST; 16s ago
  8.      Docs: https://www.postgresql.org/docs/10/static/
  9.   Process: 12951 ExecStartPre=/usr/pgsql-10/bin/postgresql-10-check-db-dir ${PGDATA} (code=exited, status=0/SUCCESS)
  10.  Main PID: 12957 (postmaster)
  11.    CGroup: /system.slice/postgresql-10.service
  12.            ├─12957 /usr/pgsql-10/bin/postmaster -D /var/lib/pgsql/10/data/
  13.            ├─12959 postgres: logger process
  14.            ├─12961 postgres: checkpointer process
  15.            ├─12962 postgres: writer process
  16.            ├─12963 postgres: wal writer process
  17.            ├─12964 postgres: autovacuum launcher process
  18.            ├─12965 postgres: stats collector process
  19.            └─12966 postgres: bgworker: logical replication launcher
  20.  
  21. Jun 08 12:22:17 172-18-38-219 systemd[1]: Starting PostgreSQL 10 database server...
  22. Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] LOG:  listeni...432
  23. Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] LOG:  could n...ess
  24. Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] HINT:  Is ano...ry.
  25. Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.801 CST [12957] LOG:  listeni...32"
  26. Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.808 CST [12957] LOG:  listeni...32"
  27. Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.825 CST [12957] LOG:  redirec...ess
  28. Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.825 CST [12957] HINT:  Future...g".
  29. Jun 08 12:22:17 172-18-38-219 systemd[1]: Started PostgreSQL 10 database server.
  30. Hint: Some lines were ellipsized, use -l to show in full.

Postgresql配置

执行完初始化任务之后,postgresql 会自动创建和生成两个用户和一个数据库:

  linux 系统用户 postgres:管理数据库的系统用户;

  postgresql 用户 postgres:数据库超级管理员;

  数据库 postgres:用户 postgres 的默认数据库;

  密码由于是默认生成的,需要在系统中修改一下。

修改初始密码

  1. $ passwd postgres
  2. Changing password for user postgres.
  3. New password:
  4. BAD PASSWORD: The password contains the user name in some form
  5. Retype new password:
  6. passwd: all authentication tokens updated successfully.

创建用户

为了安全以及满足 Kong 初始化的需求,需要在建立一个 postgre 用户 kong 和对应的 linux 用户 kong,并新建数据库 kong。

  1. # 新建 linux kong 用户
  2. $ sudo adduser kong
  3.  
  4. # 使用管理员账号登录 psql 创建用户和数据库
  5. # 切换 postgres 用户
  6. # 切换 postgres 用户后,提示符变成 `-bash-4.3$` 
  7. $ su postgres
  8.  
  9. # 进入psql控制台,此时会进入到控制台(系统提示符变为'postgres=#')
  10. bash-4.3$ psql
  11. could not change directory to "/root": Permission denied
  12. psql (10.4)
  13. Type "help" for help.
  14.  
  15. #为管理员用户postgres修改密码,之前改过了这里就不用改了
  16. postgres=# password postgres
  17.  
  18. #建立新的数据库用户(和之前建立的系统用户要一样)
  19. postgres=# create user kong with password 'kong';
  20. CREATE ROLE
  21.  
  22. #为新用户建立数据库
  23. postgres=# create database kong owner kong;
  24. CREATE DATABASE
  25.  
  26. #把新建的数据库权限赋予 kong
  27. postgres=# grant all privileges on database kong to kong;
  28. GRANT
  29.  
  30. #退出控制台
  31. postgres=# \q
  32. bash-4.3$

注意:在 psql 控制台下执行命令,一定记得在命令后添加分号。

而且postgresql的用户要和系统用户一样:

  1. $ cat /etc/passwd
  2. ...
  3. postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
  4. kong:x:1002:1002::/home/kong:/bin/bash

问题一:

用命令行登录,在root账户下登录postgresql 数据库会提示权限问题:

  1. $ psql -U kong -d kong -h 127.0.0.1 -p 5432
  2. psql: FATAL:  Ident authentication failed for user "kong"

原因是postgres没有配置对外访问策略。

认证权限配置文件为 /var/lib/pgsql/10/data/pg_hba.conf

常见的四种身份验证为:

  trust:凡是连接到服务器的,都是可信任的。只需要提供psql用户名,可以没有对应的操作系统同名用户;

  password 和 md5:对于外部访问,需要提供 psql 用户名和密码。对于本地连接,提供 psql 用户名密码之外,还需要有操作系统访问权。(用操作系统同名用户验证)password 和 md5 的区别就是外部访问时传输的密码是否用 md5 加密;

  ident:对于外部访问,从 ident 服务器获得客户端操作系统用户名,然后把操作系统作为数据库用户名进行登录对于本地连接,实际上使用了peer;

  peer:通过客户端操作系统内核来获取当前系统登录的用户名,并作为psql用户名进行登录。

psql 用户必须有同名的操作系统用户名。并且必须以与 psql 同名用户登录 linux 才可以登录 psql 。想用其他用户(例如 root )登录 psql,修改本地认证方式为 trust 或者 password 即可。

  1. $ vim /var/lib/pgsql/10/data/pg_hba.conf
  2. # 增加如下两条配置
  3. # IPv4 local connections:
  4. host all all 127.0.0.1/32 trust
  5. host all all 0.0.0.0/0 trust

问题二:

通过本地连接会提示拒绝连接,因为pgsql 默认只能通过本地访问,需要开启远程访问。

修改配置文件  var/lib/pgsql/10/data/postgresql.conf ,将 listen_address 设置为 '*'

  1. $ vim var/lib/pgsql/10/data/postgresql.conf
  2.  
  3. # CONNECTIONS AND AUTHENTICATION
  4. #------------------------------------------------------------------------------
  5.  
  6. # - Connection Settings -
  7.  
  8. listen_addresses = '*'             # what IP address(es) to listen on;

修改以上两个配置文件后,重启postgresql服务:

  1. $ sudo systemctl restart postgresql-10.service
  2.  
  3. $ psql -U kong -d kong -h 127.0.0.1 -p 5432
  4. psql (10.4)
  5. Type "help" for help.
  6.  
  7. kong=> \l
  8.                              List of databases
  9.    Name    |  Owner   | Encoding  | Collate | Ctype |   Access privileges
  10. -----------+----------+-----------+---------+-------+-----------------------
  11.  kong      | kong     | SQL_ASCII | C       | C     | =Tc/kong             +
  12.            |          |           |         |       | kong=CTc/kong
  13.  postgres  | postgres | SQL_ASCII | C       | C     |
  14.  template0 | postgres | SQL_ASCII | C       | C     | =c/postgres          +
  15.            |          |           |         |       | postgres=CTc/postgres
  16.  template1 | postgres | SQL_ASCII | C       | C     | =c/postgres          +
  17.            |          |           |         |       | postgres=CTc/postgres
  18. (4 rows)
  19.  
  20. kong=>

相关postgres命令参考:postgres常见命令

kong部署

kong这块按照官网的方法不成功,最终下载了rpm包安装成功的。

安装kong

  1. $ sudo yum install kong-community-edition-0.13.1.el7.noarch.rpm
  2. ...
  3. Downloading packages:
  4. Running transaction check
  5. Running transaction test
  6. Transaction test succeeded
  7. Running transaction
  8.   Installing : kong-community-edition-0.13.1-1.noarch                                               1/1
  9.   Verifying  : kong-community-edition-0.13.1-1.noarch                                               1/1
  10.  
  11. Installed:
  12.   kong-community-edition.noarch 0:0.13.1-1
  13.  
  14. Complete!

修改 kong 的配置文件

默认配置文件位于 /etc/kong/kong.conf.default

sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf

将之前安装配置好的 postgresql 信息填入 kong 配置文件中:

  1. $ sudo vi /etc/kong/kong.conf
  2. #------------------------------------------------------------------------------
  3. # DATASTORE
  4. #------------------------------------------------------------------------------
  5.  
  6. # Kong will store all of its data (such as APIs, consumers and plugins) in
  7. # either Cassandra or PostgreSQL.
  8. #
  9. # All Kong nodes belonging to the same cluster must connect themselves to the
  10. # same database.
  11.  
  12. database = postgres              # Determines which of PostgreSQL or Cassandra
  13.                                  # this node will use as its datastore.
  14.                                  # Accepted values are `postgres` and
  15.                                  # `cassandra`.
  16.  
  17. pg_host = 127.0.0.1             # The PostgreSQL host to connect to.
  18. pg_port = 5432                  # The port to connect to.
  19. pg_user = kong                  # The username to authenticate if required.
  20. pg_password = kong              # The password to authenticate if required.
  21. pg_database = kong              # The database name to connect to.
  22.  
  23. ssl = off                       # 如果不希望开放 8443 的 ssl 访问可关闭

初始化数据库表

  1. $ kong migrations up -c  /etc/kong/kong.conf
  2. migrating core for database kong
  3. core migrated up to: 2015-01-12-175310_skeleton
  4. core migrated up to: 2015-01-12-175310_init_schema
  5. core migrated up to: 2015-11-23-817313_nodes
  6. core migrated up to: 2016-02-29-142793_ttls
  7. core migrated up to: 2016-09-05-212515_retries
  8. core migrated up to: 2016-09-16-141423_upstreams
  9. core migrated up to: 2016-12-14-172100_move_ssl_certs_to_core
  10. core migrated up to: 2016-11-11-151900_new_apis_router_1
  11. core migrated up to: 2016-11-11-151900_new_apis_router_2
  12. core migrated up to: 2016-11-11-151900_new_apis_router_3
  13. core migrated up to: 2016-01-25-103600_unique_custom_id
  14. core migrated up to: 2017-01-24-132600_upstream_timeouts
  15. core migrated up to: 2017-01-24-132600_upstream_timeouts_2
  16. core migrated up to: 2017-03-27-132300_anonymous
  17. core migrated up to: 2017-04-18-153000_unique_plugins_id
  18. core migrated up to: 2017-04-18-153000_unique_plugins_id_2
  19. core migrated up to: 2017-05-19-180200_cluster_events
  20. core migrated up to: 2017-05-19-173100_remove_nodes_table
  21. core migrated up to: 2017-06-16-283123_ttl_indexes
  22. core migrated up to: 2017-07-28-225000_balancer_orderlist_remove
  23. core migrated up to: 2017-10-02-173400_apis_created_at_ms_precision
  24. core migrated up to: 2017-11-07-192000_upstream_healthchecks
  25. core migrated up to: 2017-10-27-134100_consistent_hashing_1
  26. core migrated up to: 2017-11-07-192100_upstream_healthchecks_2
  27. core migrated up to: 2017-10-27-134100_consistent_hashing_2
  28. core migrated up to: 2017-09-14-121200_routes_and_services
  29. core migrated up to: 2017-10-25-180700_plugins_routes_and_services
  30. migrating response-transformer for database kong
  31. response-transformer migrated up to: 2016-05-04-160000_resp_trans_schema_changes
  32. migrating ip-restriction for database kong
  33. ip-restriction migrated up to: 2016-05-24-remove-cache
  34. migrating statsd for database kong
  35. statsd migrated up to: 2017-06-09-160000_statsd_schema_changes
  36. migrating jwt for database kong
  37. jwt migrated up to: 2015-06-09-jwt-auth
  38. jwt migrated up to: 2016-03-07-jwt-alg
  39. jwt migrated up to: 2017-05-22-jwt_secret_not_unique
  40. jwt migrated up to: 2017-07-31-120200_jwt-auth_preflight_default
  41. jwt migrated up to: 2017-10-25-211200_jwt_cookie_names_default
  42. migrating cors for database kong
  43. cors migrated up to: 2017-03-14_multiple_orgins
  44. migrating basic-auth for database kong
  45. basic-auth migrated up to: 2015-08-03-132400_init_basicauth
  46. basic-auth migrated up to: 2017-01-25-180400_unique_username
  47. migrating key-auth for database kong
  48. key-auth migrated up to: 2015-07-31-172400_init_keyauth
  49. key-auth migrated up to: 2017-07-31-120200_key-auth_preflight_default
  50. migrating ldap-auth for database kong
  51. ldap-auth migrated up to: 2017-10-23-150900_header_type_default
  52. migrating hmac-auth for database kong
  53. hmac-auth migrated up to: 2015-09-16-132400_init_hmacauth
  54. hmac-auth migrated up to: 2017-06-21-132400_init_hmacauth
  55. migrating datadog for database kong
  56. datadog migrated up to: 2017-06-09-160000_datadog_schema_changes
  57. migrating tcp-log for database kong
  58. tcp-log migrated up to: 2017-12-13-120000_tcp-log_tls
  59. migrating acl for database kong
  60. acl migrated up to: 2015-08-25-841841_init_acl
  61. migrating response-ratelimiting for database kong
  62. response-ratelimiting migrated up to: 2015-08-03-132400_init_response_ratelimiting
  63. response-ratelimiting migrated up to: 2016-08-04-321512_response-rate-limiting_policies
  64. response-ratelimiting migrated up to: 2017-12-19-120000_add_route_and_service_id_to_response_ratelimiting
  65. migrating request-transformer for database kong
  66. request-transformer migrated up to: 2016-05-04-160000_req_trans_schema_changes
  67. migrating rate-limiting for database kong
  68. rate-limiting migrated up to: 2015-08-03-132400_init_ratelimiting
  69. rate-limiting migrated up to: 2016-07-25-471385_ratelimiting_policies
  70. rate-limiting migrated up to: 2017-11-30-120000_add_route_and_service_id
  71. migrating oauth2 for database kong
  72. oauth2 migrated up to: 2015-08-03-132400_init_oauth2
  73. oauth2 migrated up to: 2016-07-15-oauth2_code_credential_id
  74. oauth2 migrated up to: 2016-12-22-283949_serialize_redirect_uri
  75. oauth2 migrated up to: 2016-09-19-oauth2_api_id
  76. oauth2 migrated up to: 2016-12-15-set_global_credentials
  77. oauth2 migrated up to: 2017-04-24-oauth2_client_secret_not_unique
  78. oauth2 migrated up to: 2017-10-19-set_auth_header_name_default
  79. oauth2 migrated up to: 2017-10-11-oauth2_new_refresh_token_ttl_config_value
  80. oauth2 migrated up to: 2018-01-09-oauth2_pg_add_service_id
  81. 62 migrations ran

启动kong服务

  1. $ kong start
  2. Kong started

服务已经正常启动

  1. $ curl 127.0.0.1:8001
  2. {"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":1
  3. ....

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/256394
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号