Introduction
This guide walks through downloading, installing, and starting Kong Enterprise on CentOS
The configuration shown in this guide is intended as an example. Depending on your environment, you may need to make modifications and take measures to properly conclude the installation and configuration.
Kong supports both PostgreSQL 9.5+ and Cassandra 3.11.* as its datastore. This guide provides steps to configure PostgreSQL. For assistance in setting up Cassandra, please contact your Sales or Support representative.
Prerequisites
To complete this installation you will need:
- A valid Bintray account. You will need your username, account password and account API Key.
- Example:
- Bintray Access key:
john-company
- Bintray username:
john-company@kong
- Bintray password:
12345678
- Bintray API key:
12234e314356291a2b11058591bba195830
- Bintray Access key:
- The API Key can be obtained by visiting https://bintray.com/profile/edit and selecting API Key
- Example:
- A supported CentOS system with root equivalent access.
- A valid Kong Enterprise license JSON file, this can be found in your Bintray account. See Accessing Your License
Step 1. Prepare to Install Kong Enterprise and Download the License File
There are two options to install Kong Enterprise on CentOS. Both require a login to Bintray.
Log in to Bintray. Your Kong Sales or Support contact will assign credentials to you.
Option 1: Download RPM file
- Go to: https://bintray.com/kong/kong-enterprise-edition-rpm/centos.
- Select the latest Kong version from the list.
- From the Kong version detail page, select the Files tab.
- Select the CentOS version appropriate for your environment. e.g.
centos
->7
. - Save the RPM file available: e.g.
kong-enterprise-edition-1.3.0.1.el7.noarch.rpm
-
Copy the RPM file to your home directory on the CentOS system. You may use a command like:
$ scp kong-enterprise-edition-1.3.0.1.el7.noarch.rpm <centos user>@<server>:~
Optional: The following steps are for verifying the integrity of the package. They are not necessary to move on to installation.
-
Kong’s official Key ID is
2cac36c51d5f3726
. Verify it by querying the RPM package and comparing it to the Key ID:$ rpm -qpi kong-enterprise-edition-1.3.el7.noarch.rpm | grep Signature
-
Download Kong’s official public key to ensure the integrity of the RPM package:
$ curl -o kong.key https://bintray.com/user/downloadSubjectPublicKey?username=kong $ rpm --import kong.key $ rpm -K kong-enterprise-edition-1.3.el7.noarch.rpm
-
Verify you get an OK check. You should have an output similar to this:
kong-enterprise-edition-1.3.0.1.el7.noarch.rpm: rsa sha1 (md5) pgp md5 OK
Option 2: Download the Kong Repo File and Add to Yum Repo
- Click this URL to download the Kong Enterprise RPM repo file: https://bintray.com/kong/kong-enterprise-edition-rpm/rpm.
-
Edit the repo file using your preferred editor and alter the baseurl line as follows:
baseurl=https://USERNAME:API_KEY@kong.bintray.com/kong-enterprise-edition-rpm/centos/RELEASEVER
Replace
USERNAME
with your Bintray account user name. ReplaceAPI_KEY
with your Bintray API key. You can find your key on your Bintray profile page at https://bintray.com/profile/edit and selecting the API Key menu item. ReplaceRELEASEVER
with the major CentOS version number on your target system. For example, for version 7.7.1908, the appropriateRELEASEVER
replacement is 7.The result should look something like this:
baseurl=https://john-company:12234e314356291a2b11058591bba195830@kong.bintray.com/kong-enterprise-edition-rpm/centos/7
-
Securely copy the changed repo file to your home directory on the CentOS system:
$ scp bintray--kong-kong-enterprise-edition-rpm.repo <centos user>@<server>:~
Download your Kong Enterprise License
-
Download your license file from your account files in Bintray:
https://bintray.com/kong/<YOUR_REPO_NAME>/license#files
-
Securely copy the license file to your home directory on the CentOS system:
$ scp license.json <centos username>@<server>:~
Result
You should now have two files in your home directory on the target CentOS system:
- Either the Kong RPM or Kong Yum repo file.
- The license file
license.json
Step 2. Install Kong Enterprise
Option 1: If installing using a downloaded RPM package
-
Install EPEL (Extra Packages for Enterprise Linux), if not already installed:
$ sudo yum install epel-release
-
Execute a command similar to the following, using the appropriate RPM file name you downloaded.
$ sudo yum install kong-enterprise-edition-1.3.el7.noarch.rpm
Option 2: If installing using the Yum repository
-
Move the repo file in your home directory to the /etc/yum.repos.d/ directory.
$ sudo mv bintray--kong-kong-enterprise-edition-rpm.repo /etc/yum.repos.d/
-
Begin the installation using the Yum repository:
$ sudo yum update -y $ sudo yum install kong-enterprise-edition
Copy the License File
Copy the license file from your home directory to the /etc/kong
directory:
$ sudo cp license.json /etc/kong/license.json
Step 3. Setup PostgreSQL
-
Install PostgreSQL.
Follow the instructions avaialble at https://www.postgresql.org/download/linux/redhat/ to install a supported version of PostgreSQL. Kong supports version 9.5 and higher. As an example, you can run a command set similar to:
$ sudo yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm $ sudo yum install postgresql96 $ sudo yum install postgresql96-server
-
Initialize the PostgreSQL database and enable automatic start.
$ sudo /usr/pgsql-9.6/bin/postgresql96-setup initdb $ sudo systemctl enable postgresql-9.6 $ sudo systemctl start postgresql-9.6
-
Switch to PostgreSQL user and launch PostgreSQL.
$ sudo -i -u postgres $ psql
-
Create a Kong database with a username and password.
⚠️Note: Make sure the username and password for the Kong Database are kept safe. This example uses a simple username and password for illustration purposes only. Note the database name, username and password for later.
$ psql> CREATE USER kong; CREATE DATABASE kong OWNER kong; ALTER USER kong WITH password 'kong';
-
Exit from PostgreSQL and return to your terminal account.
$ psql> \q $ exit
-
Edit the the PostgreSQL configuration file
/var/lib/pgsql/9.6/data/pg_hba.conf
using your preferred editor.Under IPv4 local connections replace
ident
withmd5
:Protocol Type Database User Address Method IPv4 local host all all 127.0.0.1/32 md5 IPv6 local host all all 1/128 ident PostgreSQL uses
ident
authentication by default. To allow thekong
user to communicate with the database locally, change the authentication method tomd5
by modifying the PostgreSQL configuration file. -
Restart PostgreSQL.
$ sudo systemctl restart postgresql-9.6
Step 4. Modify Kong’s configuration file to work with PostgreSQL
-
Make a copy of Kong’s default configuration file.
$ sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf
-
Uncomment and update the PostgreSQL database properties in
/etc/kong/kong.conf
using your preferred text editor. Replace pg_user, pg_password and pg_database with the values:pg_user = kong pg_password = kong pg_database = kong
Step 5. Seed the Super Admin password and bootstrap Kong
Setting a password for the Super Admin before initial start-up is strongly recommended. This will permit the use of RBAC (Role Based Access Control) at a later time, if needed.
-
Create an environment variable with the desired Super Admin password and store the password in a safe place. Run migrations to prepare the Kong database:
$ sudo KONG_PASSWORD=<password-only-you-know> /usr/local/bin/kong migrations bootstrap -c /etc/kong/kong.conf
-
Start Kong Enterprise:
$ sudo /usr/local/bin/kong start -c /etc/kong/kong.conf
-
Verify Kong Enterprise is working:
$ curl -i -X GET --url http://localhost:8001/services
-
You should receive a
HTTP/1.1 200 OK
message.
Step 6. Finalize your Configuration and Verify Kong was Successfully installed:
Enable and Configure Kong Manager
-
To access Kong Enterprise’s Graphical User Interface, Kong Manager, update the
admin_gui_url
property in/etc/kong/kong.conf
file to the DNS, or IP address, of the CentOS system. For example:admin_gui_url = http://<DNSorIP>:8002
This setting needs to resolve to a network path that will reach the CentOS host.
-
It is necessary to update the administration API setting to listen on the needed network interfaces on the CentOS host. A setting of
0.0.0.0:8001
will listen on port8001
on all available network interfaces.admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl
-
You may also list network interfaces separately as in this example:
admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl, 127.0.0.1:8001, 127.0.0.1:8444 ssl
-
Restart Kong for the setting to take effect:
$ sudo /usr/local/bin/kong restart
-
You may now access Kong Manager on port
8002
.
Enable the Developer Portal
-
Kong Enterprise’s Developer Portal can be enabled by setting the
portal
property toon
and setting theportal_gui_host
property to the DNS, or IP address, of the CentOS system. For example:portal = on portal_gui_host = <DNSorIP>:8003
-
Restart Kong for the setting to take effect:
$ sudo /usr/local/bin/kong restart
-
The final step is to enable the Developer Portal. To do this, execute the following command, updating
DNSorIP
to reflect the IP or valid DNS for the CentOS system.$ curl -X PATCH http://<DNSorIP>:8001/workspaces/default --data "config.portal=true"
-
You can now access the Developer Portal on the default workspace with a URL like:
http://<DNSorIP>:8003/default
Troubleshooting
If you did not receive an HTTP/1.1 200 OK
message, or need assistance completing
your setup, reach out to your Kong Support contact or go to the
Support Portal.
Next Steps
Check out Kong Enterprise’s series of Getting Started guides to get the most out of Kong Enterprise.