Last active
September 16, 2021 16:02
-
-
Save manjeet-github/e223bab3510930f84cea18dd3fa3684a to your computer and use it in GitHub Desktop.
Steps to Setup Consul Cluster, Consul Clients, On-Board Services, Use Service Discovery, Use Service Mesh scenarios
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
create user=consul and group=consul ( follow - Setup Consul user) | |
install consul, jq, wget, unzip, bind-utils, ntp, ruby rubygems, git, ca-certificates binary | |
create folders (/opt/consul, /opt/consul/tls, /opt/consul/data, /etc/consul.d) | |
Generate certs from Consul-CA for the node & copy the certs and root-CA into /opt/consul/tls | |
chown -R consul:consul /opt/consul /etc/consul.d | |
configure /etc/consul.d/consul.hcl - check the consul.hcl section. Make sure "server=client" | |
configure /etc/profile.d/consul.sh for eenvironment variables (PATH, CONSUL_ADDR, CONSUL_TOKEN) | |
Setup Consul-Systemd service (follow - Setup-Consul-Systemd-Service) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "Setup Consul user" | |
export GROUP=consul | |
export USER=consul | |
export COMMENT=Consul | |
export HOME=/srv/consul | |
curl https://raw.githubusercontent.com/hashicorp/guides-configuration/master/shared/scripts/setup-user.sh | bash | |
#!/bin/bash | |
set -x | |
echo "Running" | |
GROUP="${GROUP:-}" | |
USER="${USER:-}" | |
COMMENT="${COMMENT:-}" | |
HOME="${HOME:-}" | |
# Detect package management system. | |
YUM=$(which yum 2>/dev/null) | |
APT_GET=$(which apt-get 2>/dev/null) | |
user_rhel() { | |
# RHEL user setup | |
sudo /usr/sbin/groupadd --force --system ${GROUP} | |
if ! getent passwd ${USER} >/dev/null ; then | |
sudo /usr/sbin/adduser \ | |
--system \ | |
--gid ${GROUP} \ | |
--home ${HOME} \ | |
--no-create-home \ | |
--comment "${COMMENT}" \ | |
--shell /bin/false \ | |
${USER} >/dev/null | |
fi | |
} | |
user_ubuntu() { | |
# UBUNTU user setup | |
if ! getent group ${GROUP} >/dev/null | |
then | |
sudo addgroup --system ${GROUP} >/dev/null | |
fi | |
if ! getent passwd ${USER} >/dev/null | |
then | |
sudo adduser \ | |
--system \ | |
--disabled-login \ | |
--ingroup ${GROUP} \ | |
--home ${HOME} \ | |
--no-create-home \ | |
--gecos "${COMMENT}" \ | |
--shell /bin/false \ | |
${USER} >/dev/null | |
fi | |
} | |
if [[ ! -z ${YUM} ]]; then | |
echo "Setting up user ${USER} for RHEL/CentOS" | |
user_rhel | |
elif [[ ! -z ${APT_GET} ]]; then | |
echo "Setting up user ${USER} for Debian/Ubuntu" | |
user_ubuntu | |
else | |
echo "${USER} user not created due to OS detection failure" | |
exit 1; | |
fi | |
# Create & set permissions on HOME directory | |
sudo mkdir -pm 0755 ${HOME} | |
sudo chown -R ${USER}:${GROUP} ${HOME} | |
sudo chmod -R 0755 ${HOME} | |
echo "Complete" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yum install -y zip curl jq tree unzip wget bind-utils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "Install Consul" | |
export VERSION=${consul_version} | |
export URL=${consul_url} | |
curl https://raw.githubusercontent.com/hashicorp/guides-configuration/master/consul/scripts/install-consul.sh | |
#!/bin/bash | |
set -x | |
echo "Running" | |
CONSUL_VERSION=${VERSION} | |
CONSUL_ZIP=consul_${CONSUL_VERSION}_linux_amd64.zip | |
CONSUL_URL=${URL:-https://releases.hashicorp.com/consul/${CONSUL_VERSION}/${CONSUL_ZIP}} | |
CONSUL_DIR=/usr/local/bin | |
CONSUL_PATH=${CONSUL_DIR}/consul | |
CONSUL_CONFIG_DIR=/etc/consul.d | |
CONSUL_DATA_DIR=/opt/consul/data | |
CONSUL_TLS_DIR=/opt/consul/tls | |
CONSUL_ENV_VARS=${CONSUL_CONFIG_DIR}/consul.conf | |
CONSUL_PROFILE_SCRIPT=/etc/profile.d/consul.sh | |
echo "Downloading Consul ${CONSUL_VERSION}" | |
[ 200 -ne $(curl --write-out %{http_code} --silent --output /tmp/${CONSUL_ZIP} ${CONSUL_URL}) ] && exit 1 | |
echo "Installing Consul" | |
sudo unzip -o /tmp/${CONSUL_ZIP} -d ${CONSUL_DIR} | |
sudo chmod 0755 ${CONSUL_PATH} | |
sudo chown ${USER}:${GROUP} ${CONSUL_PATH} | |
echo "$(${CONSUL_PATH} --version)" | |
echo "Configuring Consul ${CONSUL_VERSION}" | |
sudo mkdir -pm 0755 ${CONSUL_CONFIG_DIR} ${CONSUL_DATA_DIR} ${CONSUL_TLS_DIR} | |
echo "Start Consul in -dev mode" | |
sudo tee ${CONSUL_ENV_VARS} > /dev/null <<ENVVARS | |
FLAGS=-dev -ui -client 0.0.0.0 | |
CONSUL_HTTP_ADDR=http://127.0.0.1:8500 | |
ENVVARS | |
echo "Update directory permissions" | |
sudo chown -R ${USER}:${GROUP} ${CONSUL_CONFIG_DIR} ${CONSUL_DATA_DIR} ${CONSUL_TLS_DIR} | |
sudo chmod -R 0644 ${CONSUL_CONFIG_DIR}/* | |
echo "Set Consul profile script" | |
sudo tee ${CONSUL_PROFILE_SCRIPT} > /dev/null <<PROFILE | |
export CONSUL_HTTP_ADDR=http://127.0.0.1:8500 | |
PROFILE | |
echo "Give consul user shell access for remote exec" | |
sudo /usr/sbin/usermod --shell /bin/bash ${USER} >/dev/null | |
echo "Allow consul sudo access for echo, tee, cat, sed, and systemctl" | |
sudo tee /etc/sudoers.d/consul > /dev/null <<SUDOERS | |
consul ALL=(ALL) NOPASSWD: /usr/bin/echo, /usr/bin/tee, /usr/bin/cat, /usr/bin/sed, /usr/bin/systemctl | |
SUDOERS | |
echo "Detect package management system." | |
YUM=$(which yum 2>/dev/null) | |
APT_GET=$(which apt-get 2>/dev/null) | |
if [[ ! -z ${YUM} ]]; then | |
echo "Installing dnsmasq via yum" | |
sudo yum install -q -y dnsmasq | |
elif [[ ! -z ${APT_GET} ]]; then | |
echo "Installing dnsmasq via apt-get" | |
sudo apt-get -qq -y update | |
sudo apt-get install -qq -y dnsmasq-base dnsmasq | |
else | |
echo "Dnsmasq not installed due to OS detection failure" | |
exit 1; | |
fi | |
echo "Update resolv.conf" | |
sudo sed -i '1i nameserver 127.0.0.1\n' /etc/resolv.conf | |
echo "Configuring dnsmasq to forward .consul requests to consul port 8600" | |
sudo tee /etc/dnsmasq.d/consul > /dev/null <<DNSMASQ | |
server=/consul/127.0.0.1#8600 | |
DNSMASQ | |
echo "Enable and restart dnsmasq" | |
sudo systemctl enable dnsmasq | |
sudo systemctl restart dnsmasq | |
echo "Complete" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -o errexit | |
VERSION="2.26.0" | |
DOWNLOAD=https://github.com/prometheus/prometheus/releases/download/v${VERSION}/prometheus-${VERSION}.linux-amd64.tar.gz | |
function install_prometheus() { | |
if [[ -e /usr/bin/prometheus ]] ; then | |
return | |
fi | |
cd /tmp | |
curl -sSL --fail -o prometheus-${VERSION}.linux-amd64.tar.gz ${DOWNLOAD} | |
tar xvf prometheus-${VERSION}.linux-amd64.tar.gz | |
mv prometheus-${VERSION}.linux-amd64/prometheus /usr/bin/prometheus | |
chmod +x /usr/bin/prometheus | |
} | |
install_prometheus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pre-Req | |
- Install gcc (yum -y install gcc; gcc --version) | |
- Install GLIBC >v2.18 for envoy ( https://developpaper.com/question/dolphindb-lib64-libc-so-6-version-glibc_2-18-not-found/ ) | |
--- | |
wget http://ftp.gnu.org/gnu/glibc/glibc-2.18.tar.gz | |
tar zxvf glibc-2.18.tar.gz | |
cd glibc-2.18 | |
mkdir build | |
cd build | |
../configure --prefix=/usr | |
make -j4 | |
make install | |
--- | |
- Run the below script in a .sh file to install envoy. /usr/bin/envoy --version | |
--- | |
#!/usr/bin/env bash | |
set -o errexit | |
VERSION="1.19.1" | |
DOWNLOAD=https://func-e.io/install.sh | |
function install_envoy() { | |
if [[ -e /usr/bin/envoy ]] ; then | |
if [ "${VERSION}" == "$(envoy --version | awk '{print $3}' | cut -d/ -f2)" ] ; then | |
return | |
fi | |
fi | |
curl -sSL --fail ${DOWNLOAD} | sudo bash -s -- -b /usr/local/bin | |
/usr/local/bin/func-e use ${VERSION} | |
/usr/local/bin/func-e run --version | |
cp ~/.func-e/versions/${VERSION}/bin/envoy /usr/bin/ | |
} | |
install_envoy | |
--- | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "Install Consul Systemd" | |
curl https://raw.githubusercontent.com/hashicorp/guides-configuration/master/consul/scripts/install-consul-systemd.sh | bash | |
#!/bin/bash | |
set -x | |
echo "Running" | |
# Detect package management system. | |
YUM=$(which yum 2>/dev/null) | |
APT_GET=$(which apt-get 2>/dev/null) | |
if [[ ! -z ${YUM} ]]; then | |
SYSTEMD_DIR="/etc/systemd/system" | |
echo "Installing consul systemd service for RHEL/CentOS" | |
elif [[ ! -z ${APT_GET} ]]; then | |
SYSTEMD_DIR="/lib/systemd/system" | |
echo "Installing consul systemd service for Debian/Ubuntu" | |
else | |
echo "Service not installed due to OS detection failure" | |
exit 1; | |
fi | |
sudo curl --silent -Lo ${SYSTEMD_DIR}/consul.service https://raw.githubusercontent.com/hashicorp/guides-configuration/master/consul/init/systemd/consul.service | |
sudo chmod 0664 ${SYSTEMD_DIR}/consul.service | |
sudo systemctl enable consul | |
sudo systemctl start consul | |
echo "Complete" | |
touch /etc/consul.d/consul.env | |
# cat /etc/systemd/system/consul.service | |
[Unit] | |
Description="HashiCorp Consul - A service mesh solution" | |
Documentation=https://www.consul.io/ | |
Requires=network-online.target | |
After=network-online.target | |
ConditionFileNotEmpty=/etc/consul.d/consul.hcl | |
[Service] | |
Environment=/etc/consul.d/consul.env | |
Type=notify | |
User=consul | |
Group=consul | |
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/ | |
ExecReload=/bin/kill --signal HUP $MAINPID | |
KillMode=process | |
KillSignal=SIGTERM | |
Restart=on-failure | |
LimitNOFILE=65536 | |
[Install] | |
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Consul Envoy | |
After=syslog.target network.target | |
[Service] | |
ExecStart=/usr/bin/consul connect envoy -sidecar-for ${APP_NAME} | |
ExecStop=/bin/sleep 5 | |
Restart=always | |
[Install] | |
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description="HashiCorp Consul - A service mesh solution" | |
Documentation=https://www.consul.io/ | |
Requires=network-online.target | |
After=network-online.target | |
ConditionFileNotEmpty=/etc/consul.d/consul.hcl | |
[Service] | |
Type=simple | |
ExecStart=/usr/bin/consul agent -config-dir=/etc/consul.d/ | |
ExecReload=/usr/bin/consul reload | |
KillMode=process | |
Restart=on-failure | |
LimitNOFILE=65536 | |
[Install] | |
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
systemctl daemon-reload | |
# Enable and start the daemons | |
systemctl enable consul | |
systemctl enable consul-envoy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "Cleanup install files" | |
curl https://raw.githubusercontent.com/hashicorp/guides-configuration/master/shared/scripts/cleanup.sh | bash | |
#!/bin/bash | |
set -x | |
echo "Running" | |
echo "Cleanup install artifacts" | |
sudo rm -rf /tmp/* | |
# Detect package management system. | |
YUM=$(which yum 2>/dev/null) | |
APT_GET=$(which apt-get 2>/dev/null) | |
if [[ ! -z ${YUM} ]]; then | |
echo "RHEL/CentOS system detected" | |
echo "Performing cleanup" | |
history -cw | |
elif [[ ! -z ${APT_GET} ]]; then | |
echo "Debian/Ubuntu system detected" | |
echo "Performing cleanup" | |
history -c | |
else | |
echo "Cleanup aborted due to OS detection failure" | |
exit 1; | |
fi | |
echo "Complete" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "Set variables" | |
CONSUL_CONFIG_FILE=/etc/consul.d/default.json | |
CONSUL_CONFIG_OVERRIDE_FILE=/etc/consul.d/z-override.json | |
NODE_NAME=$(hostname) | |
# Sample consul.hcl below | |
datacenter = "manjeet-gcp-dc1" | |
node_name = "node1" | |
server = true | |
bootstrap_expect = 3 | |
client_addr = "0.0.0.0" | |
advertise_addr = "10.2.0.12" | |
log_level = "DEBUG" | |
data_dir = "/opt/consul/data" | |
encrypt = "UmZXZ2Ma8tmbAgAWE4hX6PJLfhhOSsjgxqF4esbwD5I=" | |
ca_file = "/etc/consul.d/tls/consul-agent-ca.pem" | |
cert_file = "/etc/consul.d/tls/manjeet-gcp-dc1-server-consul-0.pem" | |
key_file = "/etc/consul.d/tls/manjeet-gcp-dc1-server-consul-0-key.pem" | |
verify_incoming = true | |
verify_outgoing = true | |
verify_server_hostname = true | |
auto_encrypt = { | |
allow_tls = true | |
} | |
license_path = "/etc/consul.d/consul.hclic" | |
#ports - https://www.consul.io/docs/agent/options#ports | |
ports { | |
http = 8500 | |
https = 8501 | |
} | |
acl = { | |
enabled = true | |
default_policy = "deny" | |
enable_token_persistence = true | |
tokens { | |
agent = "868271d6-84f5-9380-ca4f-9d9406b57dae" | |
} | |
} | |
retry_join = ["10.2.0.12","10.2.0.13","10.2.0.14"] | |
#connect - https://www.consul.io/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways | |
connect = { | |
enabled = true | |
} | |
ui_config { | |
enabled = true | |
metrics_provider = "prometheus" | |
metrics_proxy { | |
base_url = "http://prometheus-server" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data_dir = "/tmp/consul/server" | |
server = true | |
bootstrap_expect = 1 | |
advertise_addr = "{{ GetInterfaceIP `eth1` }}" | |
client_addr = "0.0.0.0" | |
bind_addr = "0.0.0.0" | |
ports { | |
grpc = 8502 | |
} | |
enable_central_service_config = true | |
ui_config { | |
enabled = true | |
metrics_provider = "prometheus" | |
metrics_proxy { | |
base_url = "http://$PROMETHEUS_IP_ADDR:9090" | |
} | |
} | |
connect { | |
enabled = true | |
} | |
datacenter = "dc1" | |
telemetry { | |
prometheus_retention_time = "24h" | |
disable_hostname = true | |
} | |
config_entries { | |
bootstrap = [ | |
{ | |
kind = "proxy-defaults" | |
name = "global" | |
config { | |
protocol = "http" | |
envoy_prometheus_bind_addr = "0.0.0.0:9102" | |
} | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
datacenter = "manjeet-gcp-dc1" | |
data_dir = "/opt/consul/data" | |
server = false | |
client_addr = "0.0.0.0" | |
bind_addr = "0.0.0.0" | |
advertise_addr = "{{ GetInterfaceIP `eth0` }}" | |
log_level = "TRACE" | |
retry_join = ["10.2.0.12","10.2.0.13","10.2.0.14"] | |
encrypt = "UmZXZ2Ma8tmbAgAWE4hX6PJLfhhOSsjgxqF4esbwD5I=" | |
#ports - https://www.consul.io/docs/agent/options#ports | |
ports = { | |
grpc = 8502 | |
} | |
#tls - https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure#client-certificate-distribution | |
ca_file = "/opt/consul/tls/consul-agent-ca.pem" | |
verify_incoming = false | |
verify_outgoing = true | |
verify_server_hostname = true | |
auto_encrypt = { | |
tls = true | |
} | |
#acl - node policy - https://learn.hashicorp.com/tutorials/consul/access-control-setup-production | |
acl = { | |
enabled = true | |
default_policy = "deny" | |
enable_token_persistence = true | |
tokens { | |
agent = "868271d6-84f5-9380-ca4f-9d9406b57dae" | |
} | |
} | |
#connect | |
connect = { | |
enabled = true | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data_dir = "/tmp/consul/client" | |
server = false | |
advertise_addr = "{{ GetInterfaceIP `eth1` }}" | |
bind_addr = "0.0.0.0" | |
client_addr = "0.0.0.0" | |
retry_join = ["$CONSUL_HTTP_ADDR"] | |
datacenter = "dc1" | |
ports { | |
grpc = 8502 | |
} | |
telemetry { | |
prometheus_retention_time = "24h" | |
disable_hostname = true | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
datacenter = "manjeet-gcp-dc1" | |
data_dir = "/opt/consul/data" | |
server = false | |
client_addr = "0.0.0.0" | |
bind_addr = "0.0.0.0" | |
advertise_addr = "{{ GetInterfaceIP `eth0` }}" | |
log_level = "TRACE" | |
retry_join = ["10.2.0.12","10.2.0.13","10.2.0.14"] | |
encrypt = "UmZXZ2Ma8tmbAgAWE4hX6PJLfhhOSsjgxqF4esbwD5I=" | |
#ports - https://www.consul.io/docs/agent/options#ports | |
ports = { | |
grpc = 8502 | |
} | |
#tls - https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure#client-certificate-distribution | |
ca_file = "/opt/consul/tls/consul-agent-ca.pem" | |
verify_incoming = false | |
verify_outgoing = true | |
verify_server_hostname = true | |
auto_encrypt = { | |
tls = true | |
} | |
#acl - node policy - https://learn.hashicorp.com/tutorials/consul/access-control-setup-production | |
acl = { | |
enabled = true | |
default_policy = "deny" | |
enable_token_persistence = true | |
tokens { | |
agent = "868271d6-84f5-9380-ca4f-9d9406b57dae" | |
} | |
} | |
#connect | |
connect = { | |
enabled = true | |
} | |
telemetry { | |
prometheus_retention_time = "24h" | |
disable_hostname = true | |
} | |
enable_script_checks = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-centos-7 | |
#--- Install Postgres DB --- | |
sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm | |
sudo yum install -y postgresql13-server | |
sudo /usr/pgsql-13/bin/postgresql-13-setup initdb | |
sudo systemctl enable postgresql-13 | |
sudo systemctl start postgresql-13 | |
#--- Validate Postgres Install --- | |
sudo -u postgres psql | |
postgres=# \q to quit | |
postgres=# \l to list the databases | |
postgres=# \dt listing tables | |
exit | |
#--- Configure postgres for password, by default no password and these steps | |
#--- should be performed to setup database and tables in later stage | |
sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/" /var/lib/pgsql/13/data/postgresql.conf | |
echo "host all all all md5" >> /var/lib/pgsql/13/data/pg_hba.conf | |
echo "client_encoding = utf8" >> /var/lib/pgsql/13/data/postgresql.conf | |
systemctl restart postgresql-13 | |
#--- Create the db and tables required for demo | |
#--- db=products required for HashiCups Demo | |
#--- db=widget required for Spring-App to Postgres demo | |
sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'password'; | |
export PGPASSWORD=password | |
sudo -u postgres psql -c "CREATE DATABASE products owner postgres;" | |
sudo -u postgres psql -c "CREATE DATABASE widget owner postgres;" | |
#--- SQL file to create the tables for widget db (used by spring-app) | |
# cat /tmp/postgres-customer-db-setup.sql | |
CREATE TABLE customer ( | |
id BIGINT PRIMARY KEY NOT NULL, | |
first_name VARCHAR(255), | |
last_name VARCHAR(255) | |
); | |
CREATE SEQUENCE hibernate_sequence START 1 INCREMENT 1; | |
CREATE ROLE widget NOLOGIN INHERIT; | |
GRANT ALL privileges ON customer TO widget; | |
GRANT usage, SELECT ON SEQUENCE hibernate_sequence TO widget; | |
CREATE ROLE widget_blue LOGIN PASSWORD 'widget_blue_pass' IN ROLE widget; | |
INSERT INTO customer (id, first_name, last_name) VALUES (1,'manjeet', 'singh'); | |
#--- run these steps before running the below script. required for pgcypto extension | |
yum install postgresql13-contrib -y | |
#--- SQL file to create the tables for widget-db (used by spring-app) | |
# cat /tmp/postgres-products-db-setup.sql | |
set time zone 'UTC'; | |
create extension pgcrypto; | |
CREATE TABLE coffees ( | |
id serial PRIMARY KEY, | |
name VARCHAR (255) NOT NULL UNIQUE, | |
teaser VARCHAR(255) NULL, | |
description TEXT NULL, | |
price INT NOT NULL, | |
image TEXT, | |
created_at TIMESTAMP NOT NULL, | |
updated_at TIMESTAMP NOT NULL, | |
deleted_at TIMESTAMP | |
); | |
CREATE TABLE ingredients ( | |
id serial PRIMARY KEY, | |
name VARCHAR (255) NOT NULL, | |
created_at TIMESTAMP NOT NULL, | |
updated_at TIMESTAMP NOT NULL, | |
deleted_at TIMESTAMP | |
); | |
CREATE TABLE coffee_ingredients ( | |
id serial PRIMARY KEY, | |
coffee_id int references coffees(id), | |
ingredient_id int references ingredients(id), | |
quantity int NOT NULL, | |
unit VARCHAR (50) NOT NULL, | |
created_at TIMESTAMP NOT NULL, | |
updated_at TIMESTAMP NOT NULL, | |
deleted_at TIMESTAMP, | |
CONSTRAINT unique_coffee_ingredient UNIQUE (coffee_id,ingredient_id) | |
); | |
CREATE TABLE users ( | |
id serial PRIMARY KEY, | |
username VARCHAR (255) NOT NULL UNIQUE, | |
password TEXT NOT NULL, | |
created_at TIMESTAMP NOT NULL, | |
updated_at TIMESTAMP NOT NULL, | |
deleted_at TIMESTAMP | |
); | |
CREATE TABLE orders ( | |
id serial PRIMARY KEY, | |
user_id int references users(id), | |
created_at TIMESTAMP NOT NULL, | |
updated_at TIMESTAMP NOT NULL, | |
deleted_at TIMESTAMP | |
); | |
CREATE TABLE order_items ( | |
id serial PRIMARY KEY, | |
order_id int references orders(id), | |
coffee_id int references coffees(id), | |
quantity int NOT NULL, | |
created_at TIMESTAMP NOT NULL, | |
updated_at TIMESTAMP NOT NULL, | |
deleted_at TIMESTAMP | |
); | |
INSERT INTO ingredients (id, name, created_at, updated_at) VALUES (1, 'Espresso', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO ingredients (id, name, created_at, updated_at) VALUES (2, 'Semi Skimmed Milk', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO ingredients (id, name, created_at, updated_at) VALUES (3, 'Hot Water', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO ingredients (id, name, created_at, updated_at) VALUES (4, 'Pumpkin Spice', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO ingredients (id, name, created_at, updated_at) VALUES (5, 'Steamed Milk', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffees (name, teaser, description, price, image, created_at, updated_at) VALUES ('Packer Spiced Latte', 'Packed with goodness to spice up your images', '', 350, '/packer.png', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (1,1, 40, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (1,2, 300, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (1,4, 5, 'g', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffees (name, teaser, description, price, image, created_at, updated_at) VALUES ('Vaulatte', 'Nothing gives you a safe and secure feeling like a Vaulatte', '', 200, '/vault.png', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (2,1, 40, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (2,2, 300, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffees (name, teaser, description, price, image, created_at, updated_at) VALUES ('Nomadicano', 'Drink one today and you will want to schedule another', '', 150, '/nomad.png', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (3,1, 20, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (3,3, 100, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffees (name, teaser, description, price, image, created_at, updated_at) VALUES ('Terraspresso', 'Nothing kickstarts your day like a provision of Terraspresso', '', 150, '/terraform.png', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (4,1, 20, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffees (name, teaser, description, price, image, created_at, updated_at) VALUES ('Vagrante espresso', 'Stdin is not a tty', '', 200, '/vagrant.png', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (5,1, 40, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffees (name, teaser, description, price, image, created_at, updated_at) VALUES ('Connectaccino', 'Discover the wonders of our meshy service', '', 250, '/consul.png', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (6,1, 40, 'ml', CURRENT_DATE, CURRENT_DATE); | |
INSERT INTO coffee_ingredients (coffee_id, ingredient_id, quantity, unit, created_at, updated_at) VALUES (6,5, 300, 'ml', CURRENT_DATE, CURRENT_DATE); | |
#--- quick tests | |
psql -h postgres.c.manjeet-singh-gcp-demos.internal -d widget -U widget_blue | |
postgres=# \l | |
List of databases | |
Name | Owner | Encoding | Collate | Ctype | Access privileges | |
-----------+----------+----------+-------------+-------------+----------------------- | |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | |
products | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | |
| | | | | postgres=CTc/postgres | |
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | |
| | | | | postgres=CTc/postgres | |
widget | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | |
(5 rows) | |
https://zetcode.com/springboot/postgresql/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://zetcode.com/springboot/postgresql/ | |
https://spring.io/guides/gs/spring-boot/ | |
https://dzone.com/articles/bounty-spring-boot-and-postgresql-database | |
yum install -y maven | |
yum install -y git | |
git clone https://github.com/deweya/postgres-vault-example.git | |
cd postgres-vault-example/postgres-vault-example | |
Update the pom.xml as below: match to your java version | |
<properties> | |
<java.version>1.8</java.version> | |
</properties> | |
mvn package (-- this generates a target folder with jar file ) | |
cp target/*.jar /home/user-name/deployment/app.jar | |
mkdir /homr/user-name/deployment/config/application.properties | |
export SPRING_CONFIG_LOCATION=/home/<user-name>/deployments/config/application.properties | |
#--- cat /deployments/config/application.properties | |
#--- modify the properties as needed | |
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.PostgreSQLDialect | |
spring.jpa.hibernate.ddl-auto=none | |
spring.jpa.hibernate.show-sql=true | |
spring.datasource.url=jdbc:postgresql://postgres.c.manjeet-singh-gcp-demos.internal:5432/widget | |
spring.datasource.username=widget_blue | |
spring.datasource.password=widget_blue_pass | |
spring.datasource.initialization-mode=always | |
spring.datasource.initialize=true | |
#spring.datasource.schema=classpath:/schema.sql | |
spring.datasource.continue-on-error=true | |
#--- Run the app | |
cd into the deployment folder | |
java -jar app.jar | |
curl http://localhost:8080/findall |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# cat anonymous-dns-read.hcl | |
node_prefix "" { | |
policy = "read" | |
} | |
service_prefix "" { | |
policy = "read" | |
} | |
consul acl policy create -name anonymous-dns-read -rules @anonymous-dns-read.hcl | |
ID: d2c583bc-ca4d-04a9-eaa6-7ddc4baa1edc | |
Name: anonymous-dns-read | |
Namespace: default | |
Description: | |
Datacenters: | |
Rules: | |
node_prefix "" { | |
policy = "read" | |
} | |
service_prefix "" { | |
policy = "read" | |
} | |
consul acl token update -id anonymous -policy-name=anonymous-dns-read | |
AccessorID: 00000000-0000-0000-0000-000000000002 | |
SecretID: anonymous | |
Namespace: default | |
Description: Anonymous Token | |
Local: false | |
Create Time: 2021-09-03 15:20:21.289110776 +0000 UTC | |
Policies: | |
d2c583bc-ca4d-04a9-eaa6-7ddc4baa1edc - anonymous-dns-read | |
consul acl token update -id anonymous -policy-name=anonymous-dns-read | |
dig ANY consul.service.consul @127.0.0.1 -p 8600 +short | |
10.101.0.45 | |
10.101.0.60 | |
10.101.0.50 | |
some more config for the dns to work. make sure dnsmasq is installed | |
# cat /etc/dnsmasq.d/consul | |
server=/consul/127.0.0.1#8600 | |
# cat /etc/resolve.conf. (make sure the 127.0.0.1 is before any other entries | |
# Generated by NetworkManager | |
search c.manjeet-singh-gcp-demos.internal google.internal | |
nameserver 127.0.0.1 | |
nameserver 169.254.169.254 | |
service dnsmasq force-reload | |
# nslookup postgres.node.manjeet-gcp-dc1.consul | |
Server: 127.0.0.1 | |
Address: 127.0.0.1#53 | |
Name: postgres.node.manjeet-gcp-dc1.consul | |
Address: 10.2.0.16 | |
# dig postgres.node.manjeet-gcp-dc1.consul | |
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> postgres.node.manjeet-gcp-dc1.consul | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51009 | |
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags:; udp: 4096 | |
;; QUESTION SECTION: | |
;postgres.node.manjeet-gcp-dc1.consul. IN A | |
;; ANSWER SECTION: | |
postgres.node.manjeet-gcp-dc1.consul. 0 IN A 10.2.0.16 | |
;; ADDITIONAL SECTION: | |
postgres.node.manjeet-gcp-dc1.consul. 0 IN TXT "consul-network-segment=" | |
;; Query time: 1 msec | |
;; SERVER: 127.0.0.1#53(127.0.0.1) | |
;; WHEN: Wed Sep 15 19:41:12 UTC 2021 | |
;; MSG SIZE rcvd: 117 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# sh /tmp/install-envoy.sh | |
tetratelabs/func-e info checking GitHub for latest tag | |
tetratelabs/func-e info found version: 0.7.0 for v0.7.0/linux/amd64 | |
tetratelabs/func-e info installed /usr/local/bin/func-e | |
downloading https://archive.tetratelabs.io/envoy/download/v1.19.1/envoy-v1.19.1-linux-amd64.tar.xz | |
1.19.1 is already downloaded | |
starting: /root/.func-e/versions/1.19.1/bin/envoy --version --admin-address-path /root/.func-e/runs/1631242504140242780/admin-address.txt | |
/root/.func-e/versions/1.19.1/bin/envoy: /lib64/libc.so.6: version `GLIBC_2.18' not found (required by /root/.func-e/versions/1.19.1/bin/envoy) | |
error: envoy exited with status: 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment