阅读全文

⭐⭐⭐ Spring Boot 项目实战	⭐⭐⭐ Spring Cloud 项目实战
《Dubbo 实现原理与源码解析 —— 精品合集》	《Netty 实现原理与源码解析 —— 精品合集》
《Spring 实现原理与源码解析 —— 精品合集》	《MyBatis 实现原理与源码解析 —— 精品合集》
《Spring MVC 实现原理与源码解析 —— 精品合集》	《数据库实体设计合集》
《Spring Boot 实现原理与源码解析 —— 精品合集》	《Java 面试题 + Java 学习指南》

摘要: 原创出处 cnblogs.com/zhoujie/p/kong5.html 「zhoujie」欢迎转载，保留摘要，谢谢！

• 安装依赖包
• postgresql 部署
  • Postgresql配置
• kong部署

---

🙂🙂🙂关注**微信公众号：【芋道源码】**有福利：

1. RocketMQ / MyCAT / Sharding-JDBC 所有源码分析文章列表
2. RocketMQ / MyCAT / Sharding-JDBC 中文注释源码 GitHub 地址
3. 您对于源码的疑问每条留言都将得到认真回复。甚至不知道如何读源码也可以请教噢。
4. 新的源码解析文章实时收到通知。每周更新一篇左右。
5. 认真的源码交流微信群。

---

之前在macos系统测试安装psql和kong，但是实际环境中，大部分是部署在linux服务器上。下面记录了在centos7上部署postgresql和kong的总结以及遇到的一些问题的解决。

查看centos版本：

$ cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

部署版本：

kong: v0.13.1

postgresql: v10.4 (注意：psql版本必须与kong版本对应)

安装依赖包

安装gcc编译环境

$ sudo yum install -y gcc gcc-c++

pcre安装

pcre(Perl Compatible Regular Expressions) 是一个 Perl 库，包括 perl 兼容的正则表达式，nginx 的 http 库使用 pcre 解析正则表达式。

$ sudo yum install -y pcre pcre-devel

zlib安装

zlib 库提供多种压缩和加压缩的方式。

$ sudo yum install -y zlib zlib-devel

openssl安装

openssl 是一个请打的安全套接字层密码库，囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议

$ sudo yum install -y openssl openssl-devel

postgresql 部署

PostgreSQL是完全由社区驱动的开源项目，由全世界超过1000名贡献者所维护。它提供了单个完整功能的版本。可靠性是PostgreSQL的最高优先级。Kong 默认使用 postgresql 作为数据库。

这里安装kong的版本是0.13，对应的psql版本需要在v10+，否则启动kong会报下面的错：

$  /usr/local/bin/kong start
2018/06/08 12:07:55 [warn] postgres database 'kong' is missing migration: (response-transformer) 2016-05-04-160000_resp_trans_schema_changes
Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:34: [postgres error] the current database schema does not match this version of Kong. Please run `kong migrations up` to update/initialize the database schema. Be aware that Kong migrations should only run from a single node, and that nodes running migrations concurrently will conflict with each other and might corrupt your database schema!

安装psql-10

$ sudo yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-latest-x86_64/pgdg-centos10-10-2.noarch.rpm
$ sudo  yum install -y postgresql10-server postgresql10-contrib

初始化数据库

$ sudo /usr/pgsql-10/bin/postgresql-10-setup initdb
Initializing database ... OK

设置成centos7开机自启动

sudo systemctl enable postgresql-10.service

启动postgresql服务

# 启动服务
$ sudo systemctl start postgresql-10.service
# 查看psql运行状态
$ sudo systemctl status postgresql-10.service
● postgresql-10.service - PostgreSQL 10 database server
   Loaded: loaded (/usr/lib/systemd/system/postgresql-10.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-06-08 12:22:17 CST; 16s ago
     Docs: https://www.postgresql.org/docs/10/static/
  Process: 12951 ExecStartPre=/usr/pgsql-10/bin/postgresql-10-check-db-dir ${PGDATA} (code=exited, status=0/SUCCESS)
 Main PID: 12957 (postmaster)
   CGroup: /system.slice/postgresql-10.service
           ├─12957 /usr/pgsql-10/bin/postmaster -D /var/lib/pgsql/10/data/
           ├─12959 postgres: logger process
           ├─12961 postgres: checkpointer process
           ├─12962 postgres: writer process
           ├─12963 postgres: wal writer process
           ├─12964 postgres: autovacuum launcher process
           ├─12965 postgres: stats collector process
           └─12966 postgres: bgworker: logical replication launcher

Jun 08 12:22:17 172-18-38-219 systemd[1]: Starting PostgreSQL 10 database server...
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] LOG:  listeni...432
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] LOG:  could n...ess
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.798 CST [12957] HINT:  Is ano...ry.
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.801 CST [12957] LOG:  listeni...32"
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.808 CST [12957] LOG:  listeni...32"
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.825 CST [12957] LOG:  redirec...ess
Jun 08 12:22:17 172-18-38-219 postmaster[12957]: 2018-06-08 12:22:17.825 CST [12957] HINT:  Future...g".
Jun 08 12:22:17 172-18-38-219 systemd[1]: Started PostgreSQL 10 database server.
Hint: Some lines were ellipsized, use -l to show in full.

Postgresql配置

执行完初始化任务之后，postgresql 会自动创建和生成两个用户和一个数据库：

linux 系统用户 postgres：管理数据库的系统用户；

postgresql 用户 postgres：数据库超级管理员；

数据库 postgres：用户 postgres 的默认数据库；

密码由于是默认生成的，需要在系统中修改一下。

修改初始密码

$ passwd postgres
Changing password for user postgres.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.

创建用户

为了安全以及满足 Kong 初始化的需求，需要在建立一个 postgre 用户 kong 和对应的 linux 用户 kong，并新建数据库 kong。

# 新建 linux kong 用户
$ sudo adduser kong

# 使用管理员账号登录 psql 创建用户和数据库
# 切换 postgres 用户
# 切换 postgres 用户后，提示符变成 `-bash-4.3$`
$ su postgres

# 进入psql控制台，此时会进入到控制台（系统提示符变为'postgres=#'）
bash-4.3$ psql
could not change directory to "/root": Permission denied
psql (10.4)
Type "help" for help.

#为管理员用户postgres修改密码，之前改过了这里就不用改了
postgres=# password postgres

#建立新的数据库用户（和之前建立的系统用户要一样）
postgres=# create user kong with password 'kong';
CREATE ROLE

#为新用户建立数据库
postgres=# create database kong owner kong;
CREATE DATABASE

#把新建的数据库权限赋予 kong
postgres=# grant all privileges on database kong to kong;
GRANT

#退出控制台
postgres=# \q
bash-4.3$

注意：在 psql 控制台下执行命令，一定记得在命令后添加分号。

而且postgresql的用户要和系统用户一样：

$ cat /etc/passwd
...
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
kong:x:1002:1002::/home/kong:/bin/bash

问题一：

用命令行登录，在root账户下登录postgresql 数据库会提示权限问题：

$ psql -U kong -d kong -h 127.0.0.1 -p 5432
psql: FATAL:  Ident authentication failed for user "kong"

原因是postgres没有配置对外访问策略。

认证权限配置文件为 /var/lib/pgsql/10/data/pg_hba.conf

常见的四种身份验证为：

trust：凡是连接到服务器的，都是可信任的。只需要提供psql用户名，可以没有对应的操作系统同名用户；

password 和 md5：对于外部访问，需要提供 psql 用户名和密码。对于本地连接，提供 psql 用户名密码之外，还需要有操作系统访问权。（用操作系统同名用户验证）password 和 md5 的区别就是外部访问时传输的密码是否用 md5 加密；

ident：对于外部访问，从 ident 服务器获得客户端操作系统用户名，然后把操作系统作为数据库用户名进行登录对于本地连接，实际上使用了peer；

peer：通过客户端操作系统内核来获取当前系统登录的用户名，并作为psql用户名进行登录。

psql 用户必须有同名的操作系统用户名。并且必须以与 psql 同名用户登录 linux 才可以登录 psql 。想用其他用户（例如 root ）登录 psql，修改本地认证方式为 trust 或者 password 即可。

$ vim /var/lib/pgsql/10/data/pg_hba.conf
# 增加如下两条配置

# IPv4 local connections:

host all all 127.0.0.1/32 trust

host all all 0.0.0.0/0 trust

问题二：

通过本地连接会提示拒绝连接，因为pgsql 默认只能通过本地访问，需要开启远程访问。

修改配置文件 var/lib/pgsql/10/data/postgresql.conf ，将 listen_address 设置为 '*'

$ vim var/lib/pgsql/10/data/postgresql.conf

# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = '*'             # what IP address(es) to listen on;

修改以上两个配置文件后，重启postgresql服务：

$ sudo systemctl restart postgresql-10.service

$ psql -U kong -d kong -h 127.0.0.1 -p 5432
psql (10.4)
Type "help" for help.

kong=> \l
                             List of databases
   Name    |  Owner   | Encoding  | Collate | Ctype |   Access privileges
-----------+----------+-----------+---------+-------+-----------------------
 kong      | kong     | SQL_ASCII | C       | C     | =Tc/kong             +
           |          |           |         |       | kong=CTc/kong
 postgres  | postgres | SQL_ASCII | C       | C     |
 template0 | postgres | SQL_ASCII | C       | C     | =c/postgres          +
           |          |           |         |       | postgres=CTc/postgres
 template1 | postgres | SQL_ASCII | C       | C     | =c/postgres          +
           |          |           |         |       | postgres=CTc/postgres
(4 rows)

kong=>

相关postgres命令参考：postgres常见命令

kong部署

kong这块按照官网的方法不成功，最终下载了rpm包安装成功的。

安装kong

$ sudo yum install kong-community-edition-0.13.1.el7.noarch.rpm
...
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : kong-community-edition-0.13.1-1.noarch                                               1/1
  Verifying  : kong-community-edition-0.13.1-1.noarch                                               1/1

Installed:
  kong-community-edition.noarch 0:0.13.1-1

Complete!

修改 kong 的配置文件

默认配置文件位于 /etc/kong/kong.conf.default

sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf

将之前安装配置好的 postgresql 信息填入 kong 配置文件中：

$ sudo vi /etc/kong/kong.conf
#------------------------------------------------------------------------------
# DATASTORE
#------------------------------------------------------------------------------

# Kong will store all of its data (such as APIs, consumers and plugins) in
# either Cassandra or PostgreSQL.
#
# All Kong nodes belonging to the same cluster must connect themselves to the
# same database.

database = postgres              # Determines which of PostgreSQL or Cassandra
                                 # this node will use as its datastore.
                                 # Accepted values are `postgres` and
                                 # `cassandra`.

pg_host = 127.0.0.1             # The PostgreSQL host to connect to.
pg_port = 5432                  # The port to connect to.
pg_user = kong                  # The username to authenticate if required.
pg_password = kong              # The password to authenticate if required.
pg_database = kong              # The database name to connect to.

ssl = off                       # 如果不希望开放 8443 的 ssl 访问可关闭

初始化数据库表

$ kong migrations up -c  /etc/kong/kong.conf
migrating core for database kong
core migrated up to: 2015-01-12-175310_skeleton
core migrated up to: 2015-01-12-175310_init_schema
core migrated up to: 2015-11-23-817313_nodes
core migrated up to: 2016-02-29-142793_ttls
core migrated up to: 2016-09-05-212515_retries
core migrated up to: 2016-09-16-141423_upstreams
core migrated up to: 2016-12-14-172100_move_ssl_certs_to_core
core migrated up to: 2016-11-11-151900_new_apis_router_1
core migrated up to: 2016-11-11-151900_new_apis_router_2
core migrated up to: 2016-11-11-151900_new_apis_router_3
core migrated up to: 2016-01-25-103600_unique_custom_id
core migrated up to: 2017-01-24-132600_upstream_timeouts
core migrated up to: 2017-01-24-132600_upstream_timeouts_2
core migrated up to: 2017-03-27-132300_anonymous
core migrated up to: 2017-04-18-153000_unique_plugins_id
core migrated up to: 2017-04-18-153000_unique_plugins_id_2
core migrated up to: 2017-05-19-180200_cluster_events
core migrated up to: 2017-05-19-173100_remove_nodes_table
core migrated up to: 2017-06-16-283123_ttl_indexes
core migrated up to: 2017-07-28-225000_balancer_orderlist_remove
core migrated up to: 2017-10-02-173400_apis_created_at_ms_precision
core migrated up to: 2017-11-07-192000_upstream_healthchecks
core migrated up to: 2017-10-27-134100_consistent_hashing_1
core migrated up to: 2017-11-07-192100_upstream_healthchecks_2
core migrated up to: 2017-10-27-134100_consistent_hashing_2
core migrated up to: 2017-09-14-121200_routes_and_services
core migrated up to: 2017-10-25-180700_plugins_routes_and_services
migrating response-transformer for database kong
response-transformer migrated up to: 2016-05-04-160000_resp_trans_schema_changes
migrating ip-restriction for database kong
ip-restriction migrated up to: 2016-05-24-remove-cache
migrating statsd for database kong
statsd migrated up to: 2017-06-09-160000_statsd_schema_changes
migrating jwt for database kong
jwt migrated up to: 2015-06-09-jwt-auth
jwt migrated up to: 2016-03-07-jwt-alg
jwt migrated up to: 2017-05-22-jwt_secret_not_unique
jwt migrated up to: 2017-07-31-120200_jwt-auth_preflight_default
jwt migrated up to: 2017-10-25-211200_jwt_cookie_names_default
migrating cors for database kong
cors migrated up to: 2017-03-14_multiple_orgins
migrating basic-auth for database kong
basic-auth migrated up to: 2015-08-03-132400_init_basicauth
basic-auth migrated up to: 2017-01-25-180400_unique_username
migrating key-auth for database kong
key-auth migrated up to: 2015-07-31-172400_init_keyauth
key-auth migrated up to: 2017-07-31-120200_key-auth_preflight_default
migrating ldap-auth for database kong
ldap-auth migrated up to: 2017-10-23-150900_header_type_default
migrating hmac-auth for database kong
hmac-auth migrated up to: 2015-09-16-132400_init_hmacauth
hmac-auth migrated up to: 2017-06-21-132400_init_hmacauth
migrating datadog for database kong
datadog migrated up to: 2017-06-09-160000_datadog_schema_changes
migrating tcp-log for database kong
tcp-log migrated up to: 2017-12-13-120000_tcp-log_tls
migrating acl for database kong
acl migrated up to: 2015-08-25-841841_init_acl
migrating response-ratelimiting for database kong
response-ratelimiting migrated up to: 2015-08-03-132400_init_response_ratelimiting
response-ratelimiting migrated up to: 2016-08-04-321512_response-rate-limiting_policies
response-ratelimiting migrated up to: 2017-12-19-120000_add_route_and_service_id_to_response_ratelimiting
migrating request-transformer for database kong
request-transformer migrated up to: 2016-05-04-160000_req_trans_schema_changes
migrating rate-limiting for database kong
rate-limiting migrated up to: 2015-08-03-132400_init_ratelimiting
rate-limiting migrated up to: 2016-07-25-471385_ratelimiting_policies
rate-limiting migrated up to: 2017-11-30-120000_add_route_and_service_id
migrating oauth2 for database kong
oauth2 migrated up to: 2015-08-03-132400_init_oauth2
oauth2 migrated up to: 2016-07-15-oauth2_code_credential_id
oauth2 migrated up to: 2016-12-22-283949_serialize_redirect_uri
oauth2 migrated up to: 2016-09-19-oauth2_api_id
oauth2 migrated up to: 2016-12-15-set_global_credentials
oauth2 migrated up to: 2017-04-24-oauth2_client_secret_not_unique
oauth2 migrated up to: 2017-10-19-set_auth_header_name_default
oauth2 migrated up to: 2017-10-11-oauth2_new_refresh_token_ttl_config_value
oauth2 migrated up to: 2018-01-09-oauth2_pg_add_service_id
62 migrations ran

启动kong服务

$ kong start
Kong started

服务已经正常启动

$ curl 127.0.0.1:8001
{"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":1
....