In my fresh Jhipster Registry 7.0.4 launch with jar application from github (with dev profile), I can see the logs menu (and all other).
I apply the default configuration files.
Application-dev.yml:
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
mail:
host: localhost
port: 25
username:
password:
security:
user:
name: admin
password: admin
role: USER,ADMIN
server:
port: 9762
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
eureka:
client:
service-url:
defaultZone: http://admin:admin#localhost:9762/eureka
logging:
file: logs/jhipster-registry.log
level:
ROOT: INFO
io.github.jhipster: INFO
io.github.jhipster.registry: INFO
jhipster:
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
security:
authentication:
jwt:
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
mail: # specific JHipster mail property, for standard properties see MailProperties
from: JHipsterRegistry#localhost
base-url: http://my-server-url-to-change # Modify according to your server's URL
logging:
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
cache:
hazelcast:
# application:
registry is OK I can use it but I can't see and configure log level of jhipster of any module registered. How can I see them ?
I am trying to connect GitLab to an external database an AWS RDS using a k8s secret to deploy on AWS EKS but I am not sure if it connects and how would I know that it does?
values.yaml code:
psql:
connectTimeout:
keepalives:
keepalivesIdle:
keepalivesInterval:
keepalivesCount:
tcpUserTimeout:
password:
useSecret: true
secret: gitlab-secret
key: key
host: <RDS endpoint>
port: <RDS port>
username: postgres
database: <main name of db>
# applicationName:
# preparedStatements: false
kubernetes secret:
kubectl create secret generic gitlab-secret --from-literal=key="<password>" -n devops-gitlab
The psql server details are already known
I am using spring config server with 2 backends : git and vault (for secrets), and i have a clients apps that connect to the config server to get distant configuration (git and vault).
I have this configuration:
config server
server:
port: 8888
spring:
profiles:
active: git, vault
cloud:
config:
server:
vault:
host: hostName
kvVersion: 1
order: 1
backend: secret/cad
scheme: https
port: 443
git:
order: 2
uri: git#gitlab.git_repo
ignoreLocalSshSettings: true
force-pull: true
deleteUntrackedBranches: true
privateKey: key
and client side
spring:
application:
name: my_app_name
cloud:
vault:
config:
uri: http://localhost:8888
token: s.token
fail-fast: true
With this way I have to change the token for every client every day (token expire 24h). Is there a way to renew the token with this configuration or there is another way to authenticate to the vault?
spring.cloud.vault:
config.lifecycle:
enabled: true
min-renewal: 10s
expiry-threshold: 1440m
lease-endpoints: Legacy
1440 minutes = 24h
Reference: https://cloud.spring.io/spring-cloud-vault/reference/html/#vault-lease-renewal
I'm trying to get a keystore working to back the encryption capability of Spring Cloud Configuration Server. STS gives an error and encrypt/status continues to complain. I get an error in my application.yml file
server:
port: 8888
spring:
cloud:
config:
server:
git:
uri: ${GIT_CONFIG_URI}
username: ${GIT_USERNAME}
password: ${GIT_PASSWORD}
encrypt:
keyStore:
location: ${ENCRYPT_KEY_STORE_URL}
password: ${ENCRYPT_KEY_STORE_PASSWORD}
alias: ${ENCRYPT_KEY_STORE_ALIAS}
secret: ${ENCRYPT_KEY_STORE_SECRET}
IN STS: Unknown property 'spring.cloud.config.server.encrypt.keyStore'
The verbatim example from the documentation http://cloud.spring.io/spring-cloud-static/spring-cloud-config/1.3.1.RELEASE/#_security
encrypt:
keyStore:
location: classpath:/server.jks
password: letmein
alias: mytestkey
secret: changeme
I am now trying to set up using spring config server / spring config client and eureka server to do service discovery together. when I was using local file system to save configuration, everything is fine, but as soon as I change to gitHub to save configuration, I can not start spring config client, and I got this error message:
com.netflix.discovery.DiscoveryClient : Can't get a response from http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/null
Can't contact any eureka nodes - possibly a security group issue?
java.lang.IllegalArgumentException: Illegal character in authority at index 7: http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/
at java.net.URI.create(URI.java:852)
This is what I have:
In cofig server application.yml:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
server:
port: 8888
in config client:
bootstrap.properties:
spring.application.name= foo
spring.profiles.active= development
spring.cloud.config.uri= http://localhost:8888
and application.yml
eureka:
instance:
hostname: ${host.instance.name:frank1}
nonSecurePort: ${host.instance.port:8080}
metadataMap:
instanceId: ${host.instance.instanceid:frank_123}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
server:
port: ${host.instance.port:8080}
Eureka Server:
application.yml
server:
port: 8761
eureka:
client:
registerWithEureka: false
fetchRegistry: false
server:
waitTimeInMsWhenSyncEmpty: 0
bootstrap.yml:
spring:
application:
name: eureka
cloud:
config:
uri: ${CONFIG_SERVER_URL:http://localhost:8888}
From the exception, it seemed it is because discoverClient is not working, anything special for the configuration?
But if I change from gitHub to local file storage for configuration, everything is fine.
Thanks for your suggestion in advance.
Based on the spring cloud document, I am doing like this:
In application.yml of config server:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
encrypt:
key: abc
server:
port: 8888
In application.yml of Eureka Server:
server:
port: 8761
eureka:
instance:
hostname: localhost
client:
registerWithEureka: false
fetchRegistry: false
serviceUrl:
defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/
server:
waitTimeInMsWhenSyncEmpty: 0
encrypt:
key: abc
And in application.yml of config client:
eureka:
instance:
hostname: ${host.instance.name:frank1}
nonSecurePort: ${host.instance.port:8080}
leaseRenewalIntervalInSeconds: 5 #default is 30, recommended to keep default
metadataMap:
#instanceId: ${host.instance.instanceid:frank_123}
instanceId: ${spring.application.name}:${spring.application.instance_id:${random.value}}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
server:
port: ${host.instance.port:8080}
encrypt:
key: abc
But, the problem is after I started Eureka an config server, it is fine, no exception, but after I started config client, I got this same exception:
Can't contact any eureka nodes - possibly a security group issue?
java.lang.IllegalArgumentException: Illegal character in authority at index 7: http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/
at java.net.URI.create(URI.java:852)
at com.sun.jersey.api.client.Client.resource(Client.java:433)
at com.netflix.discovery.DiscoveryClient.makeRemoteCall(DiscoveryClient.java:1091)
at com.netflix.discovery.DiscoveryClient.makeRemoteCall(DiscoveryClient.java:1060)
at com.netflix.discovery.DiscoveryClient.getAndStoreFullRegistry(DiscoveryClient.java:835)
Can anyone tell me where is my error? This only happened in using GIT as config server data source, but in local file data source, no error happened.
Thanks
These are my steps to try to resolve the key issues, but failed again:
download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" from Oracle, and follow instructions for installation (essentially replace the 2 policy files in the JRE lib/security directory with the ones that you downloaded).
Now if I run spring encrypt mysecret --key foo, it is successful, this means the JCE is installed correctly;
Creating a Key Store for Testing: using this:
https://github.com/spring-cloud/spring-cloud-config/blob/master/docs/src/main/asciidoc/spring-cloud-config.adoc#creating-a-key-store-for-testing
after updating the application.yml in my config server, the application.yml is this:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
encrypt:
keyStore:
location: classpath:/server.jks
password: letmein
alias: abc
secret: changeme
key: abc
server:
port: 8888
adding this to both eureka server and config client application.yml:
encrypt:
key: abc
Run everything:
Result is same nasty error
So what is wrong is my testing? Thanks for your help
It is my fault:
Changing application.yml to this:
spring:
application:
name: configserver
encrypt:
failOnError: false
keyStore:
#location: classpath:keystore.jks
#password: ${KEYSTORE_PASSWORD:foobar} # don't use a default in production
#alias: test
location: classpath:server.jks
password: letmein
alias: mytestkey
secret: changeme
And then using this command to generate the file resolving the issue completely:
keytool -genkeypair -alias mytestkey -keyalg RSA \
-dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" \
-keypass changeme -keystore server.jks -storepass letmein
Thanks