Spring Configuration Server: Fallback configuration in case repository is not available - spring

We use spring cloud configuration Server (SCCS) with a svn backend.
I currently investigate into fallback/emergency scenarios when the backend is (temporarly) not available.
In case of a svn backend SCCS is downloading the configuration files into a local directory.
Our idea is to configure SCCS it first looks for the svn backend, and when it is not available the copied files are taken for the source.
Does anybody know how configuration has to look like, or has a totally different idea how this scenario is to be faced?
Thank you in advance!

So basically you want the Cloud Config Server to have multiple repositories. You can do that with profiles, but the switch from one repository to another one won't be automatic (at least from the top of my head).
The Spring Cloud Config Server bootstrap.yml with two repositories:
spring:
profiles.active: remote-svn
application:
name: config-server
cloud:
config:
server:
svn:
uri: https://yourserver.com/config-repo
force-pull: true
//---
spring:
profiles: local-svn
application:
name: config-server
cloud:
config:
server:
svn:
uri: ${user.home}/config-repo
Generally you would start your server like:
mvn spring-boot:run
But if your remote svn server is down, you would kill the server and restart it like:
mvn spring-boot:run -Dspring.profiles.active=local-svn
The thing is that you must maintain both of these repositories synced. So when you push your configurations to the SVN repository, you need to have two remotes configured. One referencing your SVN server and the other referencing the Spring Cloud Config Server repository.
You can have a bash script with a logic that checks the health of your SVN server and when it finds out that the server is down it restart the Spring Cloud Config Server using the local-svn profile.

Related

Spring cloud config server share binary file

I am using spring configuration server.
While setting up Kafka, I came across the fact that I need to somehow specify binary certificates
spring:
kafka:
ssl:
truststore:
location: /filepath/trust_cert.jks
password: 1234
keystore:
location: /filepath/keystore_cert.jks
password: 1234
Can I somehow put them on the configuration server, and in this case, what should I write to the config, where the path to the file is expected?
I really don’t want to manually upload them to each server, I would like the configuration server to give them
Of course, these urls must be protected, just like configuration server urls

Spring cloud config using ssh instead of https

I am banging my head around why spring cloud config is using ssh even when i try to provide https uri in the application.yaml. Here's my quick config file:
spring:
cloud:
config:
server:
git:
uri: https://github.com/myOrg/myRepo
skipSslValidation: true
username: ${GITHUB_USERNAME}
password: ${GITHUB_PASSWORD}
server:
port: 8888
ssl:
enabled: false
I would assume spring cloud config to use https to do this connection and clone the repo. Can someone help me understand why still it uses ssh and fails on auth(which is obvious as I don't provide any private key):
org.springframework.cloud.config.server.environment.NoSuchRepositoryException: Cannot clone or checkout repository: https://github.com/myOrg/myRepo
at org.springframework.cloud.config.server.environment...
Caused by: org.eclipse.jgit.api.errors.TransportException: git#github.com:myOrg/myRepo: Auth fail
....
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519) ~[jsch-0.1.55.jar:na]
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:115) ~[org.eclipse.jgit.ssh.jsch-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
... 62 common frames omitted
My suspicion is that if https doesn't work, it tries via ssh. That's why it's using ssh. Has anyone faced issues like this?
Any help appreciated!
Answering my own question. Apparently, the fallback was due to the ~/.git folder in which ssh access was recommended. Deleting it solved the problem.

Spring Cloud config server security

I implemented Spring Cloud config server. How can I prevent the config server bootstrap.yml file from storing the GIT user name and password as clear text?
Vault: https://github.com/hashicorp/vault
Use Vault: https://cloud.spring.io/spring-cloud-config/reference/html/#_vault
Set up Spring Vault:
https://docs.spring.io/spring-vault/docs/2.2.2.RELEASE/reference/html/
https://spring.io/projects/spring-vault
In your Spring Cloud config server, file bootstrap.yml
spring:
cloud:
config:
token: YourVaultToken
ok So this is working fine for me, the issue was my config server's bootstrap.yml need to connect to GIT repository as backend and GIT repo is secured with username and password but I can not pass the username and password in bootstrap.yml file.
To solve this:
Pass the credential as environmental variable and store these environment variable in terraform or any other secure location.

How to run spring boot application multiple instance when get resource from config server?

I have Eureka server, Eureka zuul and config server.
So I write a simple microservice. Then, running on 8686 port.
So I want to run that microservice on another port.
I trying that command. But don't work.
java -Dserver.port=8687 -jar -Dlogging.file="bla.log" testMicro.jar --debug > "bla.log"&
I am confusing. Help me!
You have two ways to running your instances on different ports.
user assignment of random port from a specified range:
server:
port: ${random.int(8080,8090)}
Set in property file from config server for testMicro microservice the following configurations:
spring:
cloud:
config:
override-system-properties: false
allow-override: true
override-none: true
and then run again your jar with -Dserver.port=8687 property

Spring Cloud Config Server-GITLAB SSH Connection

After going the number of SO threads and blogs and Spring cloud config documentation still, I couldn't find on how I can connect to remote GITLAB repository as I'm getting below error while starting the spring-cloud-config server.
Caused by: com.jcraft.jsch.JSchException: Auth fail
spring:
cloud:
config:
server:
git:
uri: git#private_gitlab_repo:project
search-paths: '{application}'
skip-ssl-validation: true
strict-host-key-checking: false
known-hosts-file: C:\Users\myname\.ssh\known_hosts
spring-boot :2.1.2.RELEASE
spring-cloud.version: Greenwich.RELEASE
OS: Windows-7
With the command prompt, I could able to interact with the GITLAB repository. I do have the SSH key generated and added the public key in GITLAB settings. Also, I do not have the option to use username and password to connect to GITLAB.
Any pointers on where I'm missing the configuration or steps?
Found that this is my IntelliJ idea IDE issue and when I try running the same project in command prompt it worked without any issues.

Resources