![b](./images/Boundary.png)

# UCB-1 Setting up Boundary

## Business Value of Capability
 * Configure the instance of boundary with a simple postgres SQL backend. 

### Prerequisites
*  Postgres Container. A Boundary container, or start up you instance locally.

In [40]:
boundary -version

[0m
Version information:
  Git Revision:        eccd68d73c3edf14863ecfd31f9023063b809d5a
  Version Number:      0.1.1
[0m


In [241]:
cd ..


In [None]:
## get an image of Boundary and postgres
docker pull hashicorp/boundary
docker pull postgres

In [234]:
## ENV VARS for postres
export PG_USER=username
export PG_PWD=password
export PG_DB=boundarydb
export BOUNDARY_POSTGRES_URL="postgresql://${PG_USER}:$PG_PWD@pg:5432/$PG_DB?sslmode=disable"

In [235]:
env | grep BOUNDARY_POSTGRES_URL

BOUNDARY_POSTGRES_URL=postgresql://username:password@pg:5432/boundarydb?sslmode=disable


In [236]:
## we will set up a bridge network inside docker for them to talk. 
docker network create dmz --driver bridge

Error response from daemon: network with name dmz already exists


: 1

In [237]:
## use a simple postgres instance as a backend
## Setup docker container
docker create \
  --name PostgresDB \
  --network dmz \
  -h pg \
  -p 5432:5432 \
  -e POSTGRES_DB=$PG_DB \
  -e POSTGRES_USER=$PG_USER \
  -e POSTGRES_PASSWORD=$PG_PWD \
  postgres

30f1658cab818aba04550480e1c1449478fba2b225dfc955398857d0c8378212


In [238]:
# start up postgres - need it running for the initialization
docker start PostgresDB

PostgresDB


In [242]:
## to initialize tables for boundary
docker run \
  --name initializer \
  --network dmz \
  -e BOUNDARY_POSTGRES_URL=$BOUNDARY_POSTGRES_URL \
  hashicorp/boundary database init -config /boundary/config.hcl > ./log/init.log
  

In [243]:
## remove docker instance used to initialize postgres db 
docker rm initializer

initializer


In [244]:
## double check working directory to ensure it + config gives hcl file
ls $(pwd)/config

config.hcl


In [245]:
cat ./config/config.hcl

disable_mlock = true

controller {
  name = "demo-controller-1"
  description = "A controller for a demo!"

  database {
    url = "env://BOUNDARY_POSTGRES_URL"
    #url = "postgresql://postgres:postgres@0.0.0.0:5432/postgres?sslmode=disable"
  }
}

worker {
  name = "demo-worker-1"
  description = "A default worker created demonstration"
  controllers = [
    "0.0.0.0",
  ]
  address = "0.0.0.0"
}

listener "tcp" {
  address = "0.0.0.0"
  purpose = "api"
  tls_disable = true 
}

listener "tcp" {
  address = "0.0.0.0"
  purpose = "cluster"
  tls_disable   = true 
}

listener "tcp" {
  address       = "0.0.0.0"
  purpose       = "proxy"
  tls_disable   = true 
}

# Root KMS configuration block: this is the root key for Boundary
# Use a production KMS such as AWS KMS in production installs
kms "aead" {
  purpose = "root"
  aead_type = "aes-gcm"
  key = "uC8zAQ3sLJ9o0ZlH5lWIgxNZrNn0FiFqYj4802VKLKQ="
  key_id = "global_root"
}

# Worker authorization KMS
# Use a production KMS such as AWS 

In [246]:
## Create the boundary instance 
## IF YOU WANT TO START BOUNDARY WITH DEFAULT CONFIG IN THE CONTAINER THEN
## REMOVE the -v (volume) configuration . It will still work. 
docker create \
  --name BoundarySvr \
  --network dmz \
  -h boundary \
  -p 9200:9200 \
  -p 9201:9201 \
  -p 9202:9202 \
  -v "$(pwd)/config/":/boundary/ \
  -e BOUNDARY_POSTGRES_URL=$BOUNDARY_POSTGRES_URL \
  hashicorp/boundary

f9897b17ea830bb056c989a6b0e517d79d30e596a5f554e07e3035a90dff9328


In [247]:
## start the boundary servr
docker start BoundarySvr

BoundarySvr


In [248]:
## Grab password and auth method for authentication
AUTH_METHOD_ID=$(cat ./log/init.log | grep 'Auth Method ID' | tr -d [:space:] | sed 's/AuthMethodID://g')
AUTH_PWD=$(cat ./log/init.log | grep Password | tr -d [:space:]| sed 's/Password://g')
AUTH_LOGIN=$(cat ./log/init.log | grep 'Login Name' | tr -d [:space:]| sed 's/LoginName://g')
echo "----------------------------"
echo "Login Name = "$AUTH_LOGIN 
echo "Password = "$AUTH_PWD  
echo "Auth Method id = "$AUTH_METHOD_ID 
echo "----------------------------"

----------------------------
Login Name = admin
Password = z7nsYnh0xBixId5giN5Q
Auth Method id = ampw_6B0zFmpSHb
----------------------------


In [261]:
## you can now log into boundary : get this from db init information
boundary authenticate password -auth-method-id=$AUTH_METHOD_ID \
    -login-name=$AUTH_LOGIN -password=$AUTH_PWD

[0m
Authentication information:
  Account ID:      apw_VCqBIcLj4y
  Auth Method ID:  ampw_6B0zFmpSHb
  Expiration Time: Thu, 19 Nov 2020 15:24:32 EST
  Token:
  at_75NY80y1Ja_s15nuVgPxZrk2NGZCxHNRekmijY7dscYxJ3v7pHQN1ogPJxaae6q5AyyxTQgmUX8NZAgNSrA8JEfWcjJQvAYtXj9CZM9ugmcKJSSo43E8gwKGPt9bk4jkhg6Ti
  User ID:         u_s18HRjva6R[0m


### You should be able to access the admin console at : http://127.0.0.1:9200

---
### <span style="background-color: #001f3f; color: #80bfff; padding: 15px; border-radius: 2px">Stop Boundary</span>

In [205]:
# Stop all containers
docker stop BoundarySvr
docker stop PostgresDB

BoundarySvr
PostgresDB


In [206]:
## Cleanup the containers.
docker rm BoundarySvr
docker rm PostgresDB

BoundarySvr
PostgresDB
