smilelikeshit · December 26, 2023 14:47
diff --git a/install b/install

 // Add the HashiCorp GPG key.
 curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

 // Add the official HashiCorp Linux repository.
 sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

 // Update and install.
 sudo apt-get update && sudo apt-get install boundary

 // Check version
 boundary version

 // Output from check version
 Version information:
  Git Revision:        0ffa45c5c987b65d01f9f644790ecc761867c2b6
  Version Number:      0.7.6
  
 // install database using docker
 docker run --name some-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:13-alpine
 docker exec -it some-postgres sh
 psql -U postgres
 create database boundarydb


 // controller.hcl
 # Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html
 disable_mlock = true

 # Controller configuration block
 controller {
  # This name attr must be unique across all controller instances if running in HA mode
  name = "demo-controller-1"
  description = "A controller for a demo!"

  # After receiving a shutdown signal, Boundary will wait 10s before initiating the shutdown process.
  graceful_shutdown_wait_duration = "10s"

  # Database URL for postgres. This can be a direct "postgres://"
  # URL, or it can be "file://" to read the contents of a file to
  # supply the url, or "env://" to name an environment variable
  # that contains the URL.
  database {
      url = "postgresql://postgres:[email protected]:5432/boundarydb"
  }
 }

 # API listener configuration block
 listener "tcp" {
  # Should be the address of the NIC that the controller server will be reached on
  address = "0.0.0.0"
  # The purpose of this listener block
  purpose = "api"

  tls_disable = true

  # Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s)
  # to appropriate values.
  cors_enabled = false
  #cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"]
 }

 # Data-plane listener configuration block (used for worker coordination)
 listener "tcp" {
  # Should be the IP of the NIC that the worker will connect on
  address = "0.0.0.0"
  # The purpose of this listener
  purpose = "cluster"
  tls_disable = true
 }

 // change this if u needed
 kms "aead" {
    purpose   = "root"
    aead_type = "aes-gcm"
    key       = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
    key_id    = "global_root"
 }

 // change this if u needed
 kms "aead" {
    purpose   = "worker-auth"
    aead_type = "aes-gcm"
    key       = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id    = "global_worker-auth"
 }

 // change this if u needed
 kms "aead" {
    purpose   = "recovery"
    aead_type = "aes-gcm"
    key       = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=" 
    key_id    = "global_recovery"
 }


 // worker.hcl
 listener "tcp" {
    purpose = "proxy"
    tls_disable = true
    address = "0.0.0.0"
    
 }

 worker {
  name = "worker-01"
  controllers = [
    "127.0.0.1"
  ]
  
  // change this with your ip public instance
  public_addr = "13.229.x.x"
 }

 # must be same key as used on controller config
 kms "aead" {
    purpose   = "worker-auth"
    aead_type = "aes-gcm"
    key       = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id    = "global_worker-auth"
 }


 // start controller

 boundary database init -config controller.hcl # only first time run, migration database

 ##################################
 Initial login role information:
  Name:      Login and Default Grants
  Role ID:   r_RbKxxxxx

 Initial auth information:
  Auth Method ID:     ampw_tqxxxxx
  Auth Method Name:   Generated global scope initial password auth method
  Login Name:         admin
  Password:           uHSvHlKxxxxxxxxx <== your password admin ui
  Scope ID:           global
  User ID:            u_2qIExxxxx
  User Name:          admin
 #########################


 boundary server -config=controller.hcl

 // start worker

 boundary server -config=worker.hcl

 // access to ip_public:9200

	// Add the HashiCorp GPG key.
	curl -fsSL https://apt.releases.hashicorp.com/gpg \| sudo apt-key add -

	// Add the official HashiCorp Linux repository.
	sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

	// Update and install.
	sudo apt-get update && sudo apt-get install boundary

	// Check version
	boundary version

	// Output from check version
	Version information:
	Git Revision: 0ffa45c5c987b65d01f9f644790ecc761867c2b6
	Version Number: 0.7.6

	// install database using docker
	docker run --name some-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:13-alpine
	docker exec -it some-postgres sh
	psql -U postgres
	create database boundarydb


	// controller.hcl
	# Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html
	disable_mlock = true

	# Controller configuration block
	controller {
	# This name attr must be unique across all controller instances if running in HA mode
	name = "demo-controller-1"
	description = "A controller for a demo!"

	# After receiving a shutdown signal, Boundary will wait 10s before initiating the shutdown process.
	graceful_shutdown_wait_duration = "10s"

	# Database URL for postgres. This can be a direct "postgres://"
	# URL, or it can be "file://" to read the contents of a file to
	# supply the url, or "env://" to name an environment variable
	# that contains the URL.
	database {
	url = "postgresql://postgres:[email protected]:5432/boundarydb"
	}
	}

	# API listener configuration block
	listener "tcp" {
	# Should be the address of the NIC that the controller server will be reached on
	address = "0.0.0.0"
	# The purpose of this listener block
	purpose = "api"

	tls_disable = true

	# Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s)
	# to appropriate values.
	cors_enabled = false
	#cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"]
	}

	# Data-plane listener configuration block (used for worker coordination)
	listener "tcp" {
	# Should be the IP of the NIC that the worker will connect on
	address = "0.0.0.0"
	# The purpose of this listener
	purpose = "cluster"
	tls_disable = true
	}

	// change this if u needed
	kms "aead" {
	purpose = "root"
	aead_type = "aes-gcm"
	key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
	key_id = "global_root"
	}

	// change this if u needed
	kms "aead" {
	purpose = "worker-auth"
	aead_type = "aes-gcm"
	key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
	key_id = "global_worker-auth"
	}

	// change this if u needed
	kms "aead" {
	purpose = "recovery"
	aead_type = "aes-gcm"
	key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
	key_id = "global_recovery"
	}


	// worker.hcl
	listener "tcp" {
	purpose = "proxy"
	tls_disable = true
	address = "0.0.0.0"

	}

	worker {
	name = "worker-01"
	controllers = [
	"127.0.0.1"
	]

	// change this with your ip public instance
	public_addr = "13.229.x.x"
	}

	# must be same key as used on controller config
	kms "aead" {
	purpose = "worker-auth"
	aead_type = "aes-gcm"
	key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
	key_id = "global_worker-auth"
	}


	// start controller

	boundary database init -config controller.hcl # only first time run, migration database

	##################################
	Initial login role information:
	Name: Login and Default Grants
	Role ID: r_RbKxxxxx

	Initial auth information:
	Auth Method ID: ampw_tqxxxxx
	Auth Method Name: Generated global scope initial password auth method
	Login Name: admin
	Password: uHSvHlKxxxxxxxxx <== your password admin ui
	Scope ID: global
	User ID: u_2qIExxxxx
	User Name: admin
	#########################


	boundary server -config=controller.hcl

	// start worker

	boundary server -config=worker.hcl

	// access to ip_public:9200