I am running into an issue with Spring Cloud Config. I have a remote git repo with my config files, which is cloned down locally for local testing.
My project has 4 bootstrap.yml files as shown below
bootstrap.yml
spring:
application:
name: ConfigurationService
profiles:
active: dev, local
cloud:
config:
fail-fast: true
server:
git:
clone-on-start: true
search-paths: '{application}'
username: USERNAME
password: PASSWORD
bootstrap: true
enabled: true
bootstrap-dev.yml
spring:
application:
name: ConfigurationService
profiles:
active: dev, local
cloud:
config:
label: develop
server:
port: 0
bootstrap-local.yml
spring:
cloud:
config:
server:
git:
uri: file:///${user.home}/Projects/project
clone-on-start: false
bootstrap-remote.yml
spring:
cloud:
config:
server:
git:
uri: https://bitbucket.org/
clone-on-start: true
The remote repo has a master branch and a develop branch. When I checkout develop locally and start my config service it checks out the master branch.
Why is this happening and how do i stop it? I am starting the config service in the dev profile and the local profile which uses the 'develop' label as seen in bootstrap-dev.yml.
Related
I am using spring config server with 2 backends : git and vault (for secrets), and i have a clients apps that connect to the config server to get distant configuration (git and vault).
I have this configuration:
config server
server:
port: 8888
spring:
profiles:
active: git, vault
cloud:
config:
server:
vault:
host: hostName
kvVersion: 1
order: 1
backend: secret/cad
scheme: https
port: 443
git:
order: 2
uri: git#gitlab.git_repo
ignoreLocalSshSettings: true
force-pull: true
deleteUntrackedBranches: true
privateKey: key
and client side
spring:
application:
name: my_app_name
cloud:
vault:
config:
uri: http://localhost:8888
token: s.token
fail-fast: true
With this way I have to change the token for every client every day (token expire 24h). Is there a way to renew the token with this configuration or there is another way to authenticate to the vault?
spring.cloud.vault:
config.lifecycle:
enabled: true
min-renewal: 10s
expiry-threshold: 1440m
lease-endpoints: Legacy
1440 minutes = 24h
Reference: https://cloud.spring.io/spring-cloud-vault/reference/html/#vault-lease-renewal
I am moving configuration file to consul. Configuration files are held in yaml on consul. This is a part of configuration yaml file (As you can see there are 2 profiles DEV, DEV2):
---
spring
profiles: DEV2
environment:
current: DEV2
urls:
de: http://10.11.22.44
be: http://10.11.22.44
---
spring:
profiles: DEV
environment:
current: DEV
urls:
de: http://10.11.22.33
be: http://10.11.22.33
The problem is that when i am running application with profile DEV2. Always urls from profile DEV are taken(Because they are lower in yaml file). Is there a way to force consul to read data from DEV2 profile ? Here is my bootstrap yaml config:
spring:
cloud:
consul:
host: 10.11.22.33
port: 8500
config:
name: config
acl-token: sometoken
prefix: someprefix
format: yaml
In my github repo I have two branches: master and release. So currently having this .travis.yml configuration:
deploy:
provider: heroku
api_key:
secure: [MY-ENCRYPTED-KEY]
app: myapp
on:
repo: helloworld/myapp
branch: release
run:
- restart
skip_cleanup: true
makes it possible to deploy a heroku app named myapp from the release branch.
According to the documentation, I can specify a custom application name like so (dev and production keys):
deploy:
provider: heroku
api_key:
secure: [MY-ENCRYPTED-KEY]
app:
dev: myapp-dev
production: myapp
on:
repo: helloworld/myapp
branch: release
run:
- restart
skip_cleanup: true
Now the question is:
How can I specify the branch for each app? Like:
master branch -> myapp-dev (dev)
release branch -> myapp (production)
The documentation is not clear on this...
It's not stated anywhere in the documentation, but it turned out the key names in the app section actually correspond to branch names:
deploy:
provider: heroku
api_key:
secure: [MY-ENCRYPTED-KEY]
app:
master: myapp-dev
release: myapp
on:
repo: helloworld/myapp
run:
- restart
skip_cleanup: true
When i launch my server with prod profile, I can connect with admin admin in my JHipster application, but I can't save any data when I want to create a new object (I have an InternalServerError). However in dev profile with the same database (PostgreSQL) it's working well.
Moreover I don't know how to get logs when using prod profile to understand the problem.
I can add the configuration file for the prod profile
# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
# ===================================================================
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
datasource:
url: jdbc:postgresql://localhost:5432/vraiJhipster
name:
username: vraiJhipster
password:
jpa:
database-platform: com.mycompany.myapp.domain.util.FixedPostgreSQL82Dialect
database: POSTGRESQL
show_sql: false
properties:
hibernate.cache.use_second_level_cache: true
hibernate.cache.use_query_cache: false
hibernate.generate_statistics: false
hibernate.cache.region.factory_class: org.hibernate.cache.ehcache.SingletonEhCacheRegionFactory
data:
elasticsearch:
cluster-name:
cluster-nodes: localhost:9300
mail:
host: localhost
port: 25
username:
password:
thymeleaf:
cache: true
liquibase:
contexts: prod
server:
port: 8080
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
# ===================================================================
# JHipster specific properties
# ===================================================================
jhipster:
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
cache: # Hibernate 2nd level cache, used by CacheConfiguration
timeToLiveSeconds: 3600
ehcache:
maxBytesLocalHeap: 256M
security:
rememberMe:
# security key (this key should be unique for your application, and kept secret)
key: *****************************************
mail: # specific JHipster mail property, for standard properties see MailProperties
from: vraiJhipster#localhost
metrics: # DropWizard Metrics configuration, used by MetricsConfiguration
jmx.enabled: true
spark:
enabled: false
host: localhost
port: 9999
graphite:
enabled: false
host: localhost
port: 2003
prefix: vraiJhipster
logs: # Reports Dropwizard metrics in the logs
enabled: false
reportFrequency: 60 # in seconds
logging:
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queueSize: 512
swagger: # swagger is disabled. It can be disabled by pasing 'no-swagger' profile at run time as well
enabled: false
Thank you.
If you need something about my configuration you can ask it.
I found the problem it was actually elasticSearch. When I use JHipster in production mode, the default configuration use elasticSearch on port 9300. But I hadn't any elasticSearch running on my computer. So I copy pasted the elasticSearch configuration from dev profile to prod profile.
data:
elasticsearch:
cluster-name:
cluster-nodes:
properties:
path:
logs: target/elasticsearch/log
data: target/elasticsearch/data
I am now trying to set up using spring config server / spring config client and eureka server to do service discovery together. when I was using local file system to save configuration, everything is fine, but as soon as I change to gitHub to save configuration, I can not start spring config client, and I got this error message:
com.netflix.discovery.DiscoveryClient : Can't get a response from http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/null
Can't contact any eureka nodes - possibly a security group issue?
java.lang.IllegalArgumentException: Illegal character in authority at index 7: http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/
at java.net.URI.create(URI.java:852)
This is what I have:
In cofig server application.yml:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
server:
port: 8888
in config client:
bootstrap.properties:
spring.application.name= foo
spring.profiles.active= development
spring.cloud.config.uri= http://localhost:8888
and application.yml
eureka:
instance:
hostname: ${host.instance.name:frank1}
nonSecurePort: ${host.instance.port:8080}
metadataMap:
instanceId: ${host.instance.instanceid:frank_123}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
server:
port: ${host.instance.port:8080}
Eureka Server:
application.yml
server:
port: 8761
eureka:
client:
registerWithEureka: false
fetchRegistry: false
server:
waitTimeInMsWhenSyncEmpty: 0
bootstrap.yml:
spring:
application:
name: eureka
cloud:
config:
uri: ${CONFIG_SERVER_URL:http://localhost:8888}
From the exception, it seemed it is because discoverClient is not working, anything special for the configuration?
But if I change from gitHub to local file storage for configuration, everything is fine.
Thanks for your suggestion in advance.
Based on the spring cloud document, I am doing like this:
In application.yml of config server:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
encrypt:
key: abc
server:
port: 8888
In application.yml of Eureka Server:
server:
port: 8761
eureka:
instance:
hostname: localhost
client:
registerWithEureka: false
fetchRegistry: false
serviceUrl:
defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/
server:
waitTimeInMsWhenSyncEmpty: 0
encrypt:
key: abc
And in application.yml of config client:
eureka:
instance:
hostname: ${host.instance.name:frank1}
nonSecurePort: ${host.instance.port:8080}
leaseRenewalIntervalInSeconds: 5 #default is 30, recommended to keep default
metadataMap:
#instanceId: ${host.instance.instanceid:frank_123}
instanceId: ${spring.application.name}:${spring.application.instance_id:${random.value}}
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
server:
port: ${host.instance.port:8080}
encrypt:
key: abc
But, the problem is after I started Eureka an config server, it is fine, no exception, but after I started config client, I got this same exception:
Can't contact any eureka nodes - possibly a security group issue?
java.lang.IllegalArgumentException: Illegal character in authority at index 7: http://user:{cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsGJ+8FOqLgdMdFInJkVRzy9XngylNp9KlX2lwPI13jT7ceDjBs9w4B6A15akQTHHP1q9rWwMcLtVCCKGFgvXSgQF+WWIItxBmIDGG4bSgDYZ6XQWl66T84PxjTBygErpmAjn+X2BWdtWtVmjXzpMQMaHGpiyLPoGIQYF4j9ZGpl16Jx79+j6et6LStksrT3WxQuanhZwIkqZ827+2mlUB3kd5ocW7R0vC3JMGVZlGNfqYQwJIhSJ19lrq4gxm/zbGroYonW3QSHTiRlhlvOdovEua/0dCl6+s0iEHYZCBllr7jikEWmS5Px7U2TG8/eQkjR8pUbSN6OE+OI2ZZUCNOT+mi75ZeeN1OtdQ=#localhost:8761/eureka/
at java.net.URI.create(URI.java:852)
at com.sun.jersey.api.client.Client.resource(Client.java:433)
at com.netflix.discovery.DiscoveryClient.makeRemoteCall(DiscoveryClient.java:1091)
at com.netflix.discovery.DiscoveryClient.makeRemoteCall(DiscoveryClient.java:1060)
at com.netflix.discovery.DiscoveryClient.getAndStoreFullRegistry(DiscoveryClient.java:835)
Can anyone tell me where is my error? This only happened in using GIT as config server data source, but in local file data source, no error happened.
Thanks
These are my steps to try to resolve the key issues, but failed again:
download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" from Oracle, and follow instructions for installation (essentially replace the 2 policy files in the JRE lib/security directory with the ones that you downloaded).
Now if I run spring encrypt mysecret --key foo, it is successful, this means the JCE is installed correctly;
Creating a Key Store for Testing: using this:
https://github.com/spring-cloud/spring-cloud-config/blob/master/docs/src/main/asciidoc/spring-cloud-config.adoc#creating-a-key-store-for-testing
after updating the application.yml in my config server, the application.yml is this:
spring:
application:
name: spirent-config-server
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
#searchPaths: foo,bar*
encrypt:
keyStore:
location: classpath:/server.jks
password: letmein
alias: abc
secret: changeme
key: abc
server:
port: 8888
adding this to both eureka server and config client application.yml:
encrypt:
key: abc
Run everything:
Result is same nasty error
So what is wrong is my testing? Thanks for your help
It is my fault:
Changing application.yml to this:
spring:
application:
name: configserver
encrypt:
failOnError: false
keyStore:
#location: classpath:keystore.jks
#password: ${KEYSTORE_PASSWORD:foobar} # don't use a default in production
#alias: test
location: classpath:server.jks
password: letmein
alias: mytestkey
secret: changeme
And then using this command to generate the file resolving the issue completely:
keytool -genkeypair -alias mytestkey -keyalg RSA \
-dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" \
-keypass changeme -keystore server.jks -storepass letmein
Thanks