My team and I updated a spring boot application in order to work with oauth2, but with the updated we jumped from Spring Boot 1.5.2 to Spring Boot 2.5.8. The oauth2 is now implemented although the new version of the app cannot found any client encryption keys from the config server. Checking the logs of the last version I have:
INFO Nov 17 16:30:51 [main] org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration: LOCAL_HOST:, APP_ID:, OPERATION_NAME:, TRANSACTION_ID:, CALL_PATH:, REMOTE_HOST:, USER: - Located property source: CompositePropertySource [name='configService', propertySources=[MapPropertySource [name='fulfillments-event-validation-job'], MapPropertySource [name='config-internal']]]
After this log there are several com.esrx.inf.config.client.CustomEnvironmentDecryptApplicationInitializer* logs where it loads the values of config server and decrypts them
But in the new version I have this logs:
INFO Nov 18 02:25:53 [main] org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration: LOCAL_HOST:, APP_ID:, OPERATION_NAME:, TRANSACTION_ID:, CALL_PATH:, REMOTE_HOST:, USER: - Located property source: [BootstrapPropertySource {name='bootstrapProperties-configClient'}, BootstrapPropertySource {name='bootstrapProperties-fulfillments-event-validation-job'}, BootstrapPropertySource {name='bootstrapProperties-config-internal'}]
After this log there are not even one log for com.esrx.inf.config.client.CustomEnvironmentDecryptApplicationInitializer*
The old app can load and decrypt the config server values, the new version doesn't even load the values of config server.
old version
new version
spring-boot-starter-test 1.5.2
2.5.8
it does not have this one
spring-cloud-starter-bootstrap 3.0.5
spring-cloud-starter-config 1.3.0
3.0.6
configService
bootstrapProperties-configClient
fulfillments-event-validation-job
bootstrapProperties-fulfillments-event-validation-job
config-internal
bootstrapProperties-config-internal
So I'm thinking the error is with the values of the new version, for some reason is prepending en every value the string "bootstrapProperties-". You know any related to this issue?
I changed the configuration of my pom and application.properties several times.
At the end I stayed with spring-cloud-starter-bootstrap in order for the app to run.
Related
For a Spring Cloud Config Server project, we recently migrated from Spring Boot 2.1.8.RELEASE to 2.6.6. However, the application seemed to be flooded with below logs that eventually leads to k8s pod crashing/restarting. And the INFO log is generated each time /actuator/health from kube-probe is called.
2022-08-30 19:20:19.182 INFO [config-server,5bd83ee81e7d3ccb,e17a13026d9c85ee] 1 --- [nio-8888-exec-5] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: Config resource 'file [{spring.cloud.config.server.git.basedir}/application.yml]' via location 'file:{spring.cloud.config.server.git.basedir}'
2022-08-30 19:20:19.543 INFO [config-server,7557d9d04d71f6c7,a3d5954fe6ebbab1] 1 --- [nio-8888-exec-8] o.s.c.c.s.e.NativeEnvironmentRepository : Adding property source: Config resource 'file [{spring.cloud.config.server.git.basedir}/application.yml]' via location 'file:{spring.cloud.config.server.git.basedir}'
...
Note that I have replaced the actual file path to config repo in the container with spring.cloud.config.server.git.basedir.
Is there something that we missed on how Spring Cloud Config Server behaves differently since the update? Or how to disable health check endpoint to add a property source? As EnvironmentController.java seems to be the culprit.
I have a custom processor for AWSCredentialsProviderControllerService controller service. this has been build on top of 1.8 version .
the structure for custom processor in flow.xml.gz file is:
<name>AWSCredentialsProviderControllerService100</name> <class>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService</class>
<bundle>
<group>com.xxx.xx1234</group>
<artifact>nifi-custom-ping-credentials-controller-service</artifact>
<version>1.0.0</version>
</bundle>
There are also default AWSCredentialsProviderControllerService controller service of 1.8version is present which is having below configuration in flow.xml
<name>AWSCredentialsProviderControllerService180</name> <class>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService</class>
<bundle>
<group>org.apache.nifi</group>
<artifact>nifi-aws-nar</artifact>
<version>1.8.0</version>
So I am upgrading nifi cluster , means putting this flow.xml.gz file from 1.8 cluster to 1.12 cluster .
After the cluster up I am seeing the default AWSCredentialsProviderControllerService(1.8 version) controller is not auto upgraded to 1.12 bundle and getting invalid with error:
Error:
missing controller service validated against "any property" is invalid because controler service of this type org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService, but this is not a valid reporting task type.
log I am seeing :
2020-10-14 17:14:56,042 ERROR [main] o.a.nifi.controller.ExtensionBuilder Could not create Controller Service of type org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService for ID 25defb18-0175-1000-5bb4-febb1b1a21db due to: Unable to find bundle for coordinate org.apache.nifi:nifi-aws-nar:1.8.0; creating "Ghost" implementation
2020-10-14 17:14:56,042 INFO [main] o.a.nifi.groups.StandardProcessGroup StandardControllerServiceNode[service=GhostControllerService[id=25defb18-0175-1000-5bb4-febb1b1a21db, type=org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService], versionedComponentId=null, processGroup=StandardProcessGroup[identifier=8cb90667-0174-1000-8741-3bfe7f19db7f], active=false] added to StandardProcessGroup[identifier=8cb90667-0174-1000-8741-3bfe7f19db7f]
The is no issue in the custom processor (nifi-custom-ping-credentials-controller-service 1.0.0) as 1.0.0 version nar file is present in the 1.12 cluster
Also no issue with other 1.8 version processor & controller service , all are auto upgraded to 1.12 version.
Could be please let me know what should be done avoid this type of issue in upgrade?
Configuration
My Spring Boot/Liquibase specifications & configuration is as per this question.
Issue
Everything goes well in my local environment with embedded Tomcat. When i migrate the war file to IBM WebSphere 8.5.5.15, i see this warning:
[7/29/20 11:04:17:302] 000002ff database I liquibase.database Could not set remarks reporting on OracleDatabase: com.zaxxer.hikari.pool.HikariProxyConnection.setRemarksReporting(boolean)
[7/29/20 11:04:18:066] 000002ff lockservice I liquibase.lockservice Successfully acquired change log lock
[7/29/20 11:04:18:090] 000002ff integration W liquibase.integration Cannot create filesystem for url file:/opt/IBM/WebSphere/AppServer/lib/jsf-nls.jar: /opt/IBM/WebSphere/AppServer/lib/jsf-nls.jar
java.nio.file.FileSystemNotFoundException: /opt/IBM/WebSphere/AppServer/lib/jsf-nls.jar
at com.sun.nio.zipfs.ZipFileSystem.<init>(ZipFileSystem.java:120)
at com.sun.nio.zipfs.ZipFileSystemProvider.newFileSystem(ZipFileSystemProvider.java:139)
at java.nio.file.FileSystems.newFileSystem(FileSystems.java:390)
at liquibase.resource.ClassLoaderResourceAccessor.loadRootPaths(ClassLoaderResourceAccessor.java:63)
:
I have checked and the jar file is not there at the location that it is looking for it.
Question
It's only a warning, everything else is working as expected, should i be concerned about this warning?
In my old setup for Quarkus 1.3.2.Final
I have this in my property file
quarkus.vault.url=${vault_path}
quarkus.vault.tls.use-kubernetes-ca-cert=true
quarkus.vault.authentication.kubernetes.role=${someVaultRole}
quarkus.vault.tls.ca-cert=${someTlsCertLocation}
quarkus.vault.kv-secret-engine-mount-path=${someSecretEngingPath}
when i tried to access the secrets using VaultKVSecretEngine.readSecret(path), it gives me the secrets for that path
But when I try to migrate to Quarkus 1.4.2.Final, I got this error
"io.quarkus.vault.runtime.client.VaultClientException code=403 body={\"errors\":[\"1 error occurred:\\n\\t* permission denied\\n\\n\"]}\
when i tried to call VaultKVSecretEngine.readSecret(path) with my old setup.
Question is, what are the configs in my application.properties that i missed for quarkus 1.4.2.final vault access?
since by default, quarkus 1.4.2.Final uses kv-secret-engine-version 2, it is needed to specify the kv-secret-engine-version to version 1 when migrating from quarkus 1.3.2.Final to 1.4.2.Final since 1.3.2.Final uses kv-secret-engine-version 1
I'm running Mac OS. I've set up the Payara server with NetBeans. And when I'll try to run the server it never shows the green 'dot' that indicates its online status, instead it shows the 'loading' dot forever.
However, I can access it on http://localhost:4848, but when I try to deploy an application to the server I get this error:
GlassFish Server is running.
Starting GlassFish Server
Initial deploying slit-ee to /Users/christian/slit/slit-ee/dist/gfdeploy/slit-ee
Completed initial distribution of slit-ee
GlassFish Server, deploy, null, false
/Users/christian/slit/slit-ee/nbproject/build-impl.xml:307: The module has not been deployed.
See the server log for details.
BUILD FAILED (total time: 22 seconds)
And the full server log
objc[1865]: Class JavaLaunchHelper is implemented in both /Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/bin/java (0x105e334c0) and /Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/libinstrument.dylib (0x105efb4e0). One of the two will be used. Which one is undefined.
Launching GlassFish on Felix platform
nov 28, 2016 2:14:21 AM com.sun.enterprise.glassfish.bootstrap.osgi.BundleProvisioner createBundleProvisioner
INFO: Create bundle provisioner class = class com.sun.enterprise.glassfish.bootstrap.osgi.BundleProvisioner.
Registered com.sun.enterprise.glassfish.bootstrap.osgi.EmbeddedOSGiGlassFishRuntime#18808234 in service registry.
#!## LogManagerService.postConstruct : rootFolder=/Users/christian/opt/payara41/glassfish
#!## LogManagerService.postConstruct : templateDir=/Users/christian/opt/payara41/glassfish/lib/templates
#!## LogManagerService.postConstruct : src=/Users/christian/opt/payara41/glassfish/lib/templates/logging.properties
#!## LogManagerService.postConstruct : dest=/Users/christian/opt/payara41/glassfish/domains/payaradomain/config/logging.properties
Info: Running Payara Version: Payara Server 4.1.1.164 #badassfish (build 28)
Info: Server log file is using Formatter class: com.sun.enterprise.server.logging.ODLLogFormatter
Info: Registered org.glassfish.ha.store.adapter.cache.ShoalBackingStoreProxy for persistence-type = replicated in BackingStoreFactoryRegistry
Info: Authorization Service has successfully initialized.
Info: Realm [admin-realm] of classtype [com.sun.enterprise.security.auth.realm.file.FileRealm] successfully created.
Info: Realm [file] of classtype [com.sun.enterprise.security.auth.realm.file.FileRealm] successfully created.
Info: Realm [certificate] of classtype [com.sun.enterprise.security.auth.realm.certificate.CertificateRealm] successfully created.
Info: Registered fish.payara.ha.hazelcast.store.HazelcastBackingStoreFactoryProxy for persistence-type = hazelcast in BackingStoreFactoryRegistry
Info: Registered Hazelcast BackingStoreFactory with persistence-type = hazelcast
Info: Grizzly Framework 2.3.28 started in: 47ms - bound to [/0.0.0.0:8080]
Info: Grizzly Framework 2.3.28 started in: 1ms - bound to [/0.0.0.0:8181]
Info: Grizzly Framework 2.3.28 started in: 2ms - bound to [/0.0.0.0:4848]
Info: Grizzly Framework 2.3.28 started in: 1ms - bound to [/0.0.0.0:3700]
Info: Payara Server 4.1.1.164 #badassfish (28) startup time : Felix (33 542ms), startup services(5 715ms), total(39 257ms)
Info: Payara Notification Service Started with configuration: NotificationExecutionOptions{enabled=true, notifierConfigurationExecutionOptionsList={LOG=NotifierConfigurationExecutionOptions{notifierType=LOG, enabled=true}}}
Info: Cleaning JarFileFactory Cache to prevent jar FD leaks
Info: HV000001: Hibernate Validator 5.1.2.Final
Info: Grizzly Framework 2.3.28 started in: 1ms - bound to [/0.0.0.0:7676]
Info: Registered com.sun.enterprise.glassfish.bootstrap.osgi.EmbeddedOSGiGlassFishImpl#7bca6fac as OSGi service registration: org.apache.felix.framework.ServiceRegistrationImpl#129fed45.
Info: /Users/christian/opt/payara41/glassfish/domains/payaradomain/autodeploy/bundles does not exist, please create it.
Info: JMXStartupService has started JMXConnector on JMXService URL service:jmx:rmi://192.168.0.183:8686/jndi/rmi://192.168.0.183:8686/jmxrmi
Is there any security mechanism that prevents this on Mac OS?
It seems that Netbeans cannot connect to the started Payara Server. Maybe your issue is similar to this one with Netbeans and Tomcat on a Mac after some system update: https://discussions.apple.com/thread/7680039?start=0&tstart=0
Here is a quote from that page:
Step 1: Go to system preference >Network>Select your wifi
connection>Advanced>select proxies tab.
There check 3 options 1) Auto proxy Discovery 2)Automatic Proxy
configuration 3) web proxy(http)
Step 2: Go to Netbeans>preferences>General> select use system proxy>
reload> test connection
I found an alternative solution for me:
Go to Netbeans-> Preference-> chose No Proxy.
Test the connection. should success, Press Ok. Then clean and run the application.
No need to change any network configuration on mac.