Is there a complete install tutorial (non-dev, non HA)?

Boundary
1

Looking to do a POC on boundary, don’t need all the HA stuff, just a simple VM with everything on it. I’m not familiar with postgresql at all and it looks like a lot of the configuration examples are snippets. I realize some of it may be tbd

I am following this doc: Running Boundary in Non-Dev Environments | Boundary by HashiCorp

Thanks for any help

2

To start I’d probably spin up that VM, then run Boundary in dev mode (I know you said non-dev, but standing up a separate controller and worker on one VM is just going to take up extra resources for no real benefit for this case). That gets you the Postgres database automatically set up too if you want it. Besides that, run a single-node Vault so you can use it as a credential source. Then for an additional target, run a default NGINX Docker container.

Then you can set up several things:

  • SSH target to localhost is already set up in dev mode
  • HTTP targets to the Vault GUI and the NGINX container
  • Postgres target to the postgres container that’s run automatically
  • Dynamic credentials in Vault for the postgres container
  • A credential source in Boundary that retrieves those dynamic credentials

If you want to take that further and still have room to squeeze it into the VM, set up an OIDC auth provider (I like dex backed by OpenLDAP at the moment but you can use anything you want that provides OIDC) and set up a few OIDC auth methods and managed groups in Boundary.

We also have the reference architectures repository if you want some more involved, detailed deployment examples.

3

Thank you for that information. Is there a way to run boundary in dev mode in the background? I’ve tried with the standard & but it still ran in the foreground it seems. Maybe under systemd as a unit? Also is there a way to retain information. When I stop boundary in dev mode it wipes everything.

I do have a vault server setup already so I’m good to go there.

Again, thanks for any info.

4

Yes, systemd is a good option for running the background. If you take the unit file from here, then it should be easy to adapt.

You can see all flags for dev mode with boundary dev -h. The one that should help you keep resources between restarts is -disable-database-destruction.

5

Awesome, thank you very much

6

Although these aren’t end-to-end solutions for production environments, you can check out some of the Learn content for deployment examples.

Dev mode is covered pretty well by the Quick Start track:

And there’s a more complete example of a distributed environment for the controller, workers and targets in the Target-Aware Workers tutorial:

That tutorial uses docker and terraform, but the sample code is instructive for other deployment scenarios, like a VM