Token support in spring cloud consul - spring

We are using spring-cloud to read the configuration for our application. We have the similar structure like below in application.yaml
spring:
cloud:
consul:
host: consul_host
port: 8500
We want to enable ACL for consul. So we need to pass consul token to read the configuration by spring.
How can I specify consul token in application.yaml

If you use at least Spring Cloud Brixton M2 (current version is RC1), there is the property spring.cloud.consul.config.acl-token where you can specify the token.

The proper answer is to have token placed in following way:
spring:
cloud:
consul:
host: consul_host
port: 8500
token: your_token
I'm using Spring Boot version: "2.0.4.RELEASE" + "spring-cloud-starter-consul-config"

Related

Spring cloud not able to resolve vault secret into .yml

I'm working with microservice architecture and have spring cloud config service and another microservice.
profiles:
active: vault
cloud:
# Configuration for a vault server running in dev mode
vault:
scheme: http
host: 127.0.0.1
port: 8200
connection-timeout: 5000
read-timeout: 15000
authentication: TOKEN
token: s.E4gdoIYAKxMvCE56MP5Etmvy
kv:
enabled: true
backend: secret
backend-version: 2
profile-separator: /
generic:
enabled: false
application-name: myapp
Config server dependency
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
<version>2.1.5.RELEASE</version>
</dependency>
this is into .yml into the config service. Then into the .yml for my microservice i have db.username property which I want to resolve from Vault but I can't. Do you have any ideas?
username: db.username
password: secret/apm-transaction-service/dev/db.user
#Value("${db.username}")
this value is resolved into the java code but not into the .yml
Now for each microservice which I have I want to resolve the secrets from the configuration service without making any changes into the microservices. Currently reading native .ymls from the config service and want to add one more source :)
ApplicationStartupRunner run method Started !!root
if you are using spring-boot, for the value in .yml file to be resolved it has to be a variable. you must use ${db.username} in the yaml file

Is there anyway to use configure-server with servlet context path when register on service discovery?

I have a service-discovery which register all the services. I have configure-server which maintain all the configuration. configure-server already register in service-discovery. I know by default configure-server will register with id: configserver. I know how to change the id. But when I tried to use servlet.context.path= /config all the configure-client can not pull from configure-sever through service-discovery look like can not use /config in configure-server.
configure-server:
server:
port: 0
servlet:
context-path: /config
spring:
application:
name: configserver
cloud:
config:
server:
git:
uri: https://github.com/PheaSoy/spring-completed-microservice
search-paths: config/{application}
discovery:
enabled: true
configure-client
spring:
application:
name: song-service
cloud:
config:
uri: http://configserver/config
discovery:
enabled: true
Even I added context path /path configure-client always fetched without context path.
ConfigServicePropertySourceLocator : Fetching config from server at : http://192.168.1.34:57945/
Is there any way to configure configure-client with available configure-server context path through service-discovery?
The discovery client implementations all support some kind of metadata map (for example, we have eureka.instance.metadataMap for Eureka). Some additional properties of the Config Server may need to be configured in its service registration metadata so that clients can connect correctly. If the Config Server is secured with HTTP Basic, you can configure the credentials as user and password. Also, if the Config Server has a context path, you can set configPath. For example, the following YAML file is for a Config Server that is a Eureka client:
bootstrap.yml.
eureka:
instance:
...
metadataMap:
configPath: /config
Reference:
Spring Cloud Config with Eureka - contextPath
Discovery with bootstrap
Yes, you can define your context path for your configuration server as you have done.
But doing so, you also need to take into account the alignments you need to do.
Eureka. By default will call your management API. For example, http://BASE_URI/actuator/health. But since you are adding a context path "config", it means it should be now: http://BASE_URI/config/actuator/health. You can correct following the suggestion above on eureka.instance...metadataMap.configPath: /config
Configuration Clients. In your application (client to the config server), you can add the context path in spring.cloud.config.uri. For example, if it was "http://BASE_URI", then it should be updated as "http://BASE_URI/config" now since you added a context path.
Please try and see if it helps.

Read values from consul while bootstrap spring boot

I have question is there any way to retrieve certain values and inject them to bootstrap.yml while application is coming up.
I have configuration file like this:
spring:
application:
name: myApp
cloud:
consul:
enabled: true
host: localhost
port: 8500
config:
enabled: true
datasource:
url: jdbc:oracle:thin:#localhost:1111:XXXX
username: ${nameOfVariable1}
password: ${nameOfVariable1}
driver-class-name: oracle.jdbc.OracleDriver
For example, I need to configure embedded tomcat port, or DB credentials, I don't want to put it hardcoded in .yml properties file, instead I want to put some variable name in .yml so Spring will go and bring value from Consul. Is it possible?
You can use Spring Cloud Consul Config project that helps to load configuration into the Spring Environment during the special "bootstrap" phase.
3 steps:
add pom dependency: spring-cloud-starter-consul-config
enable consul config: spring.cloud.consul.config.enabled=true
add some config in consul kv in specific folder, such as key: config/testConsulApp/server.port, value:8081
and then start the sample web app, it will listen 8081.
more detail at spring cloud consul doc.
and demo code here

Spring Cloud Consul health check configuration

I'm running a Spring Boot application as a Docker container. This works fine so far, but it's giving me some head aches when trying to use Spring Cloud Consul as well. It reads the configuration from the Consul KVS just fine, but the health checks seem to be acting up.
The default health check uses the hostname of the docker container, for example http://users-microservice/health. Obviously this won't resolve when accessed from Consul.
No problem, the documentation mentions that you can use healthCheckPath in your bootstrap.yml file to configure it. This is what I have now:
spring:
application:
name: users-microservice
cloud:
consul:
host: myserver.com
port: 8500
config:
prefix: API-CONFIG
profileSeparator: '__'
discovery:
tags: users-microservice
healthCheckPath: http://myserver.com:${server.port}/status
healthCheckInterval: 30s
Unfortunately, this variable seems to be used in a very different manner from what I expected. This is what Consul is trying to reach:
Get http://users:18090http//myserver.com:18090/status: dial tcp: unknown port tcp/18090http
How can I fix this? Is there some undocumented configuration parameter that I should set?
Use spring.cloud.consul.discovery.healthCheckUrl=http://myserver.com:${server.port}/status
healthCheckPath only changes the path, not host and port.

Consul service discovery issue with spring boot applications

According to this blog https://spring.io/blog/2015/07/14/microservices-with-spring which is based on eureka service discovery and where the service discovery is working properly.
But when have switched to use Consul instead Eureka the service discovery is not working and getting this error:
java.lang.IllegalStateException: No instances available for ACCOUNTS-SERVICE
at org.springframework.cloud.netflix.ribbon.RibbonLoadBalancerClient.execute(RibbonLoadBalancerClient.java:79)
at org.springframework.cloud.client.loadbalancer.LoadBalancerInterceptor.intercept(LoadBalancerInterceptor.java:46) ...
UPDATED: After have fixed the previous error by providing the correct health-check endpoint (see the answer below), when deploying the services to Cloud Foundry with properly provided host and port of the Consul server in bootstrap.yml (Consul based PropertySource loaded during the 'bootstrap' phase):
---
spring:
profiles: cloud
cloud:
consul:
host: <consul host or ip>
port: 8500
Consul is registering the service, but with critical state (failing)!
Would appreciate any help or guidance.
Thanks
The issue was related to the Consul health check default path which is set to the /health endpoint.
Thus after have enabled the spring-actuator in all clients applications (web-server and micro-service) this issue was resolved.
Or you may change the default Consul health-check endpoint in the bootstrap.yml file:
cloud:
consul:
discovery:
healthCheckPath: /test
NB. To enable spring-actuator in maven the following dependency was added to the pom.xml file:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
For more information see: http://cloud.spring.io/spring-cloud-consul/spring-cloud-consul.html
When deploying (pushing) to CF (CloudFoundry) the URI of the deployed application should be provided to Consul for service discovery process (CF provides application's URIs in vcap.application.uris environment variable), thus the following configuration should be added to the bootsrap.yml file:
---
spring:
profiles: cloud
cloud:
consul:
host: <consul host or ip>
port: 8500
discovery:
instanceId: ${spring.application.name}:${vcap.application.application_name}:${vcap.application.instance_id}
hostname: ${vcap.application.uris[0]}
port: 80
NB. instanceId is used by Consul to register the application
(microservice) instance.

Resources