Boundary
Introduction
The Get started tutorials gave you a tour of the Admin Console UI and examined different Boundary resources.
This sequence of tutorials demonstrates common Boundary resource management operations. Complete the tutorials in sequential order to create the complete set of resources shown in the diagram below.
Prerequisites
To complete this tutorial, you need:
A Boundary binary in your
PATH. This tutorial uses the 0.8.1 version of Boundary.Terraform 0.13.0 or greater provides an optional workflow for these tutorials. The binary must be available in your
PATH.
To perform the tasks described in this collection, you need to have a Boundary
environment. Refer to the Getting
Started tutorial to install and
start Boundary in dev mode.
Get setup
Start by running Boundary in dev mode:
$ boundary dev
==> Boundary server configuration:
[Controller] AEAD Key Bytes: cXte2+fkVq/mnQ/VKO3cOL0bYQZKqJsQhWgPLvX9VsY=
[Recovery] AEAD Key Bytes: XGcczs8FJ7lIwd8PQJaP34go/ILiPIeMs+7anHkK+vE=
[Worker-Auth] AEAD Key Bytes: Y9A1Gw4Ja+IJbFtuGTSXLIw3L+aEPcwEpN+/lRqvWIQ=
[Recovery] AEAD Type: aes-gcm
[Root] AEAD Type: aes-gcm
[Worker-Auth] AEAD Type: aes-gcm
Cgo: disabled
Controller Public Cluster Addr: 127.0.0.1:9201
Dev Database Container: bold_heisenberg
Dev Database Url: postgres://postgres:password@localhost:55001/boundary?sslmode=disable
Generated Admin Login Name: admin
Generated Admin Password: password
Generated Host Catalog Id: hcst_1234567890
Generated Host Id: hst_1234567890
Generated Host Set Id: hsst_1234567890
Generated Oidc Auth Method Id: amoidc_1234567890
Generated Org Scope Id: o_1234567890
Generated Password Auth Method Id: ampw_1234567890
Generated Project Scope Id: p_1234567890
Generated Target Id: ttcp_1234567890
Generated Unprivileged Login Name: user
Generated Unprivileged Password: password
Listener 1: tcp (addr: "127.0.0.1:9200", cors_allowed_headers: "[]", cors_allowed_origins: "[*]", cors_enabled: "true", max_request_duration: "1m30s", purpose: "api")
Listener 2: tcp (addr: "127.0.0.1:9201", max_request_duration: "1m30s", purpose: "cluster")
Listener 3: tcp (addr: "127.0.0.1:9203", max_request_duration: "1m30s", purpose: "ops")
Listener 4: tcp (addr: "127.0.0.1:9202", max_request_duration: "1m30s", purpose: "proxy")
Log Level: info
Mlock: supported: false, enabled: false
Version: Boundary v0.8.0
Version Sha: 9b48dbc2fd4f9a9f0bda4ca68488590f681dbd9e+CHANGES
Worker Public Proxy Addr: 127.0.0.1:9202
==> Boundary server started! Log data will stream in below:
{
"id": "QH3NNVS84T",
"source": "https://hashicorp.com/boundary/dev-controller/boundary-dev",
"specversion": "1.0",
"type": "system",
"data": {
"version": "v0.1",
"op": "github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent",
"data": {
"@original-log-level": "none",
"@original-log-name": "aws",
"msg": "configuring client automatic mTLS"
}
},
"datacontentype": "text/plain",
"time": "2022-04-19T13:38:37.377958-06:00"
}
...
... More output ...
...
Note
If you plan on using Terraform to configure Boundary, copy the
[Recovery] key generated by boundary dev. In the example above this key is
XGcczs8FJ7lIwd8PQJaP34go/ILiPIeMs+7anHkK+vE=.
Next, the Manage Scopes tutorial demonstrates basic resource management and permissions modeling.