I am trying to set up a micronaut project with multiple consumers each with different bootstrap server and ssl certs. I am not setting global bootstrap server and certs. This does not work. Any suggestion is appreciated.
One another option is to combine the certs into one jks file and set global bootstrap and ssl configuration.
kafka:
consumers:
group1:
bootstrap:
servers: $someserver1
ssl:
keystore:
location: /keystore.jks
password: password
truststore:
location: /truststore.jks
password: password
type: PKCS12
security:
protocol: ssl
group2:
bootstrap:
servers: $someserver2
ssl:
keystore:
location: /keystore-1.jks
password: password
truststore:
location: /truststore-1.jks
password: password
type: PKCS12
security:
protocol: ssl
The above config does work fine but u need to disable the kafka health check or provide a combined ssl certs otherwise micronaut kafka health check fails. This is true with 1.2.7 version of micronaut.
kafka:
health.enabled: false
consumers:
group1:
bootstrap:
servers: $someserver1
ssl:
keystore:
location: /keystore.jks
password: password
truststore:
location: /truststore.jks
password: password
type: PKCS12
security:
protocol: ssl
group2:
bootstrap:
servers: $someserver2
ssl:
keystore:
location: /keystore-1.jks
password: password
truststore:
location: /truststore-1.jks
password: password
type: PKCS12
security:
protocol: ssl
The issue is that consumer classes are not annotated quite correctly. Here is what worked for me:
In application.yml (note that both servers use the same SSL certs):
kafka:
consumers:
group1:
topic: some-topic-1
bootstrap:
servers: server-1:9092
group2:
topic: some-topic-2
bootstrap:
servers: server-2:9092
ssl:
keystore:
location: /keystore.jks
password: "password1"
truststore:
location: /truststore.jks
password: "password2"
security:
protocol: ssl
Then, annotate your classes to set consumer specific properties. Example in Kotlin:
#KafkaListener(
properties = [Property(name = ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, value = "\${kafka.consumers.group1.bootstrap.servers}")],
)
class TestConsumer1() {
#Topic("\${kafka.consumers.group1.topic}")
fun receiveMessage(record: ConsumerRecord<String, String>, acknowledgement: Acknowledgement) {
TODO("Handle events from server-1:9092 and some-topic-1 :)")
}
}
More information on the #KafkaListener and properties can be found here: https://micronaut-projects.github.io/micronaut-kafka/latest/guide/#kafkaListenerConfiguration
Related
In my fresh Jhipster Registry 7.0.4 launch with jar application from github (with dev profile), I can see the logs menu (and all other).
I apply the default configuration files.
Application-dev.yml:
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
mail:
host: localhost
port: 25
username:
password:
security:
user:
name: admin
password: admin
role: USER,ADMIN
server:
port: 9762
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
eureka:
client:
service-url:
defaultZone: http://admin:admin#localhost:9762/eureka
logging:
file: logs/jhipster-registry.log
level:
ROOT: INFO
io.github.jhipster: INFO
io.github.jhipster.registry: INFO
jhipster:
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
security:
authentication:
jwt:
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
mail: # specific JHipster mail property, for standard properties see MailProperties
from: JHipsterRegistry#localhost
base-url: http://my-server-url-to-change # Modify according to your server's URL
logging:
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
cache:
hazelcast:
# application:
registry is OK I can use it but I can't see and configure log level of jhipster of any module registered. How can I see them ?
I am using spring config server with 2 backends : git and vault (for secrets), and i have a clients apps that connect to the config server to get distant configuration (git and vault).
I have this configuration:
config server
server:
port: 8888
spring:
profiles:
active: git, vault
cloud:
config:
server:
vault:
host: hostName
kvVersion: 1
order: 1
backend: secret/cad
scheme: https
port: 443
git:
order: 2
uri: git#gitlab.git_repo
ignoreLocalSshSettings: true
force-pull: true
deleteUntrackedBranches: true
privateKey: key
and client side
spring:
application:
name: my_app_name
cloud:
vault:
config:
uri: http://localhost:8888
token: s.token
fail-fast: true
With this way I have to change the token for every client every day (token expire 24h). Is there a way to renew the token with this configuration or there is another way to authenticate to the vault?
spring.cloud.vault:
config.lifecycle:
enabled: true
min-renewal: 10s
expiry-threshold: 1440m
lease-endpoints: Legacy
1440 minutes = 24h
Reference: https://cloud.spring.io/spring-cloud-vault/reference/html/#vault-lease-renewal
I user SBA as discovery client (spring-boot-admin.version 2.1.5) to Eureka server. I see a registered application UP in Eureka server, but the same is DOWN on SBA.SBA app
These is my application.yml
spring:
application:
name: spring-boot-admin-sample-eureka
profiles:
active:
- secure
server:
port : 8091
tag::configuration-eureka[]
eureka: #<1>
instance:
leaseRenewalIntervalInSeconds: 10
statusPageUrlPath: /actuator/info
health-check-url-path: /actuator/health
metadata-map:
startup: ${random.int} #needed to trigger info and endpoint update after restart
management.context-path: /monitor-client/actuator
client:
registryFetchIntervalSeconds: 5
registerWithEureka: false
serviceUrl:
defaultZone: http://localhost:8761/ServicesRepository/eureka
management:
endpoints:
web:
exposure:
include: "*" #<2>
endpoint:
health:
show-details: ALWAYS
security:
enabled: false
end::configuration-eureka[]
spring:
profiles: insecure
spring:
profiles: secure
security:
user:
name: "user"
password: "password"
eureka:
instance:
metadata-map:
user.name: "user" #These two are needed so that the server
user.password: "password" #can access the protected client endpoints
spring:
boot:
admin:
client:
username: user
password: password
instance:
metadata:
user.name: user
user.password: password
Always show details in Health check section
management:
endpoint:
health:
show-details: "ALWAYS"
endpoints:
web:
exposure:
include: "*"
I'm trying to get a keystore working to back the encryption capability of Spring Cloud Configuration Server. STS gives an error and encrypt/status continues to complain. I get an error in my application.yml file
server:
port: 8888
spring:
cloud:
config:
server:
git:
uri: ${GIT_CONFIG_URI}
username: ${GIT_USERNAME}
password: ${GIT_PASSWORD}
encrypt:
keyStore:
location: ${ENCRYPT_KEY_STORE_URL}
password: ${ENCRYPT_KEY_STORE_PASSWORD}
alias: ${ENCRYPT_KEY_STORE_ALIAS}
secret: ${ENCRYPT_KEY_STORE_SECRET}
IN STS: Unknown property 'spring.cloud.config.server.encrypt.keyStore'
The verbatim example from the documentation http://cloud.spring.io/spring-cloud-static/spring-cloud-config/1.3.1.RELEASE/#_security
encrypt:
keyStore:
location: classpath:/server.jks
password: letmein
alias: mytestkey
secret: changeme
I am now trying to set up using spring config server / spring config client and eureka server to do service discovery together. when I was using local file system to save configuration, everything is fine, but as soon as I change to gitHub to save configuration, I can not start spring config client, and I got this error message:
com.netflix.discovery.DiscoveryClient : Can't get a response from http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/null
Can't contact any eureka nodes - possibly a security group issue?
java.lang.IllegalArgumentException: Illegal character in authority at index 7: http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/
at java.net.URI.create(URI.java:852)
This is what I have:
In cofig server application.yml:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
server:
port: 8888
in config client:
bootstrap.properties:
spring.application.name= foo
spring.profiles.active= development
spring.cloud.config.uri= http://localhost:8888
and application.yml
eureka:
instance:
hostname: ${host.instance.name:frank1}
nonSecurePort: ${host.instance.port:8080}
metadataMap:
instanceId: ${host.instance.instanceid:frank_123}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
server:
port: ${host.instance.port:8080}
Eureka Server:
application.yml
server:
port: 8761
eureka:
client:
registerWithEureka: false
fetchRegistry: false
server:
waitTimeInMsWhenSyncEmpty: 0
bootstrap.yml:
spring:
application:
name: eureka
cloud:
config:
uri: ${CONFIG_SERVER_URL:http://localhost:8888}
From the exception, it seemed it is because discoverClient is not working, anything special for the configuration?
But if I change from gitHub to local file storage for configuration, everything is fine.
Thanks for your suggestion in advance.
Based on the spring cloud document, I am doing like this:
In application.yml of config server:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
encrypt:
key: abc
server:
port: 8888
In application.yml of Eureka Server:
server:
port: 8761
eureka:
instance:
hostname: localhost
client:
registerWithEureka: false
fetchRegistry: false
serviceUrl:
defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/
server:
waitTimeInMsWhenSyncEmpty: 0
encrypt:
key: abc
And in application.yml of config client:
eureka:
instance:
hostname: ${host.instance.name:frank1}
nonSecurePort: ${host.instance.port:8080}
leaseRenewalIntervalInSeconds: 5 #default is 30, recommended to keep default
metadataMap:
#instanceId: ${host.instance.instanceid:frank_123}
instanceId: ${spring.application.name}:${spring.application.instance_id:${random.value}}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
server:
port: ${host.instance.port:8080}
encrypt:
key: abc
But, the problem is after I started Eureka an config server, it is fine, no exception, but after I started config client, I got this same exception:
Can't contact any eureka nodes - possibly a security group issue?
java.lang.IllegalArgumentException: Illegal character in authority at index 7: http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/
at java.net.URI.create(URI.java:852)
at com.sun.jersey.api.client.Client.resource(Client.java:433)
at com.netflix.discovery.DiscoveryClient.makeRemoteCall(DiscoveryClient.java:1091)
at com.netflix.discovery.DiscoveryClient.makeRemoteCall(DiscoveryClient.java:1060)
at com.netflix.discovery.DiscoveryClient.getAndStoreFullRegistry(DiscoveryClient.java:835)
Can anyone tell me where is my error? This only happened in using GIT as config server data source, but in local file data source, no error happened.
Thanks
These are my steps to try to resolve the key issues, but failed again:
download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" from Oracle, and follow instructions for installation (essentially replace the 2 policy files in the JRE lib/security directory with the ones that you downloaded).
Now if I run spring encrypt mysecret --key foo, it is successful, this means the JCE is installed correctly;
Creating a Key Store for Testing: using this:
https://github.com/spring-cloud/spring-cloud-config/blob/master/docs/src/main/asciidoc/spring-cloud-config.adoc#creating-a-key-store-for-testing
after updating the application.yml in my config server, the application.yml is this:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
encrypt:
keyStore:
location: classpath:/server.jks
password: letmein
alias: abc
secret: changeme
key: abc
server:
port: 8888
adding this to both eureka server and config client application.yml:
encrypt:
key: abc
Run everything:
Result is same nasty error
So what is wrong is my testing? Thanks for your help
It is my fault:
Changing application.yml to this:
spring:
application:
name: configserver
encrypt:
failOnError: false
keyStore:
#location: classpath:keystore.jks
#password: ${KEYSTORE_PASSWORD:foobar} # don't use a default in production
#alias: test
location: classpath:server.jks
password: letmein
alias: mytestkey
secret: changeme
And then using this command to generate the file resolving the issue completely:
keytool -genkeypair -alias mytestkey -keyalg RSA \
-dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" \
-keypass changeme -keystore server.jks -storepass letmein
Thanks