How to disable management endpoint probing with Spring Boot Admin? - spring-boot

We are running Spring Boot Admin in our k8s cluster. Applications with SBA client library are discovered during startup and SBA(server) is calling management endpoint during specified interval. We are actually interested to only probe i.e /health and /info endpoint without /actuator.
Currently SBA is calling also management endpoint /actuator.
How to configure it to run server without calling management endpoint?
We would like to disable management endpoint for security purpose.
SBA Admin & SB version 2.6.6
I tried tweaking the settings but none of them solved my issue.

/actuator is the "meta" endpoint providing information about the available actuator endpoints. But you cannot "manage" anything there. The docs call it the "discovery page".
If you activate health and info, then /actuator will tell that these are enabled and output should be something like
GET http://127.0.0.1:8100/actuator
{
"_links": {
"self": {
"href": "http://127.0.0.1:8100/actuator",
"templated": false
},
"health": {
"href": "http://127.0.0.1:8100/actuator/health",
"templated": false
},
"health-path": {
"href": "http://127.0.0.1:8100/actuator/health/{*path}",
"templated": true
},
"info": {
"href": "http://127.0.0.1:8100/actuator/info",
"templated": false
}
}
}
The SBA server uses this endpoint to know which actuators are available.
However, you can disable the endpoint in the monitored apps and everything should still work fine:
management.endpoints.web.discovery.enabled=false

Related

Spring Integration - Unable to see metrics for MessageHandler, MessageChannel and MessageSource

I have a prometheus metrics registry and captor beans registered as seen below:
"prometheusMeterRegistry": {
"aliases": [],
"scope": "singleton",
"type": "io.micrometer.prometheus.PrometheusMeterRegistry",
"resource": "class path resource [org/springframework/boot/actuate/autoconfigure/metrics/export/prometheus/PrometheusMetricsExportAutoConfiguration.class]",
"dependencies": [
"prometheusConfig",
"collectorRegistry",
"micrometerClock"
]
},
"integrationMicrometerMetricsCaptor": {
"aliases": [],
"scope": "singleton",
"type": "org.springframework.integration.support.management.micrometer.MicrometerMetricsCaptor",
"resource": null,
"dependencies": []
},
However, when I check the actuator/prometheus endpoint, I don't see any metrics for MessageHandler, MessageChannel and MessageSource which are mentioned here. The only spring-integeration metrics available are:
spring_integration_sources 1.0
spring_integration_handlers 17.0
spring_integration_channels 15.0
I also ran data through my flows, still can't see the metrics. What am I missing?
Thank you for such a great sample!
So, your problem is here:
<!-- Enable Spring Integration Metrics -->
<int:management/>
First of all you must not do this since Spring Boot auto-configures this for us. (We probably need to improve Spring Boot docs to mention that feature).
Secondly you still can do this but you need to use this option:
<xsd:attribute name="default-counts-enabled" use="optional">
<xsd:annotation>
<xsd:documentation>
The default value for components that don't match 'counts-enabled-patterns'.
Defaults to false, or true when an Integration MBean Exporter is provided.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
and set it to true.
In the current Spring Integration 5.4 version it is deprecated already. We definitely are going to remove it altogether in the next 6.0.

Forward hostname and path in proxy

I have an external service:
https://domainx.com/path/a/to/my/app
Via proxies and webservices it ends-up in my Spring (Data Rest) application on a tomcat server, exposed under:
http://mytomcatserver:8080/this/is/my/app
This app returns a HAL-JSON response with in it a _links section, pointing to itself and other resources. For example:
{
"id": "a_resource_001",
"_links": {
"self": {
"href": "http://mytomcatserver:8080/this/is/my/app/res/a_resource_001"
}
}
}
On the consuming side this link won't mean anything of course.
This was solved: on the consuming side, somewhere a header is added:
X-Forwarded-Host=domainx.com
Then the result became (automatically thanks to the framework):
{
"id": "a_resource_001",
"_links": {
"self": {
"href": "https://domainx.com/this/is/my/app/res/a_resource_001"
}
}
}
The link is improved, but still the path / context-root doesn't match:
/path/a/to/my/app != /this/is/my/app.
So, I thought, is there a X-Forwarded-Path or something like that. Some header that is picked up by my application framework (Tomcat, or Spring, or Spring Data Rest) and used to build the url in the JSON response.
But no, didn't find it.
Does somebody know how to solve such issues. It seems to me I'm not the first dealing with this stuff.
O yeah, using the same path is not an option in this case. (Of course, if I would expose my application's context-root as /path/to/my/app, it would work. not an option in this case)
I imagine there is a solution in Tomcat/Spring where some headers might influence the links.
But I also think that this can be solved in the web-server (apache) or proxy settings.
I had same issues with this.
While you're using a spring application, the easiest way is to set the context path the same to the proxy.
There is also the option to get the x-forwarded-for information. Those has to be sent from proxy.
On application side you can use (in this case application.properties)
server.use-forward-headers=true
server.servlet.context-path=/my/custom/context/path

How to set build path configuration in spring boot webapp

I am in new to spring boot. I have created a web app using spring boot. My application require some properties file to do the processing. In eclipse What I do i set the path on Run configuration like bellow.
Now When I run the application I gets the require file on path and run smoothly.
Now I want to deploy the war file on some server. How do i provide this path to my application.
Bellow is the project structure of my project. and files are here
highlighted
How do I set this file path using application.properties or any other way so that, I don't have to provide the path from run configuration, and the .war can be deploy on any server.
Update 1 : This what I tried.
Created a customStart.bat
content of the file is
set CATALINA_OPTS="-engine.home="/src/main/resources/" -Dlog4j.configuration=config/log4j.xml -Dlog4j.debug=true"
call startup.bat %CATALINA_OPTS%
But still that argument is not set. How do I do that?
As an option you can add your properties to %tomcat_home%\conf\catalina.properties
Just put them at the end of the file as follows:
log4j.configuration=config/log4j.xml
.....
From spring boot official documentation (This is a highlight of the concept of creating custom spring boot variable) bellow you'll find a link to a Q/A that describes the solution.
Spring Boot jars are shipped with meta-data files that provide details
of all supported configuration properties. The files are designed to
allow IDE developers to offer contextual help and “code completion” as
users are working with application.properties or application.yml
files.
The majority of the meta-data file is generated automatically at
compile time by processing all items annotated with
#ConfigurationProperties. However, it is possible to write part of the
meta-data manually for corner cases or more advanced use cases.
Configuration meta-data files are located inside jars under
META-INF/spring-configuration-metadata.json They use a simple JSON
format with items categorized under either “groups” or “properties”
and additional values hint categorized under "hints":
Here is an example of a meta data config file :
{"groups": [
{
"name": "server",
"type": "org.springframework.boot.autoconfigure.web.ServerProperties",
"sourceType": "org.springframework.boot.autoconfigure.web.ServerProperties"
},
{
"name": "spring.jpa.hibernate",
"type": "org.springframework.boot.autoconfigure.orm.jpa.JpaProperties$Hibernate",
"sourceType": "org.springframework.boot.autoconfigure.orm.jpa.JpaProperties",
"sourceMethod": "getHibernate()"
}
...
],"properties": [
{
"name": "server.port",
"type": "java.lang.Integer",
"sourceType": "org.springframework.boot.autoconfigure.web.ServerProperties"
},
{
"name": "spring.jpa.hibernate.ddl-auto",
"type": "java.lang.String",
"description": "DDL mode. This is actually a shortcut for the \"hibernate.hbm2ddl.auto\" property.",
"sourceType": "org.springframework.boot.autoconfigure.orm.jpa.JpaProperties$Hibernate"
}
...
],"hints": [
{
"name": "spring.jpa.hibernate.ddl-auto",
"values": [
{
"value": "none",
"description": "Disable DDL handling."
},
{
"value": "validate",
"description": "Validate the schema, make no changes to the database."
},
{
"value": "update",
"description": "Update the schema if necessary."
},
{
"value": "create",
"description": "Create the schema and destroy previous data."
},
{
"value": "create-drop",
"description": "Create and then destroy the schema at the end of the session."
}
]
}
]}
Each “property” is a configuration item that the user specifies with a
given value. For example server.port and server.servlet-path might be
specified in application.properties as follows:
server.port=9090 server.servlet-path=/home The “groups” are higher
level items that don’t themselves specify a value, but instead provide
a contextual grouping for properties. For example the server.port and
server.servlet-path properties are part of the server group.
Notes:
The groups section is note required
“hints” are additional information used to assist the user in configuring a given property. When configuring the spring.jpa.hibernate.ddl-auto property, a tool can use it to offer some auto-completion help for the none, validate, update, create and create-drop values.
You can easily generate your own configuration meta-data file from
items annotated with #ConfigurationProperties by using the
spring-boot-configuration-processor jar
You can check this Q/A
** for more details check the spring boot apendix section **

Spring Boot Actuator Cannot Show diskSpace Information

I have two Spring Boot application. I've added Spring Boot Actuator both of them. When I run one of them I can see diskSpace:
{
"status": "UP",
"diskSpace": {
"status": "UP",
"total": 399055067136,
"free": 346446485504,
"threshold": 10485760
}
}
However at other service I can only see:
{
"status": "UP"
}
Even I add that property to second service:
management:
health:
diskspace:
enabled: true
I still cannot see diskSpace information. When I debug the system I see that such properties are collected but not returned to UI. What can be the problem?
Because only ADMINs are authorized to see any more info than this
{
"status": "UP"
}
To see all the metrics, authenticate with any user who has a spring security role ADMIN.
Or
(less preferable option)
Disable security for actuator endpoint like this
in application properties yaml file
management:
security:
enabled: false
In case if you are using spring security which is by default ON for actuator endpoints, you can disable it in your yml file -
management:
security:
enabled: false
management.security.enabled is deprecated now.
You can get full health details by adding a line in application.properties:
management.endpoint.health.show-details=always
Just add a line in application.properties:
management.endpoint.health.show-details = always
this made health show details to all users other than authorized people.
Spring boot actuator's HealthIndicator checks available disk space and reports a status of Status#DOWN when it drops below a configurable threshold.
so in your case for the second application the free space available is more than the threshold hence hou don't see any thing being reported.
you probably can debug and see in your code the values free disk space and the threshold.
let me know if this make sense...

Consul not registering services when it comes up

In my configurations, service definitions are kept in /etc/consul.d/server.
Consul is started with following command:
consul agent -config-dir /etc/consul.d/server
When consul is started, none of the service is registered. However, same services can be registered using web API with same definition files.
What is the issue with multiple service definitions as they are not getting registered?
Do you have multiple files? If so -> make sure they all end in .json.
Also When loading configuration, Consul loads the configuration from files and directories in lexical order. For example, configuration file basic_config.json will be processed before extra_config.json. Configuration specified later will be merged into configuration specified earlier. In most cases, "merge" means that the later version will override the earlier. In some cases, such as event handlers, merging appends the handlers to the existing configuration. The exact merging behavior is specified for each option in the docs.
https://www.consul.io/docs/agent/options.html
Otherwise try to put all your service definitions into one json file.
using the services key in your configuration file. (not the plural S)
{
"services": [
{
"id": "red0",
"name": "redis",
"address": "127.0.0.1",
"port": 6000,
},
{
"id": "red1",
"name": "redis",
"address": "127.0.0.1",
"port": 7000,
},
]
}

Resources