Spring Cloud - Config
用於分佈式系統中基礎設施和微服務應用提供集中化的外部配置支持,分爲 Config Server 與 Config Client
啓用
- config server
// import
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
// start
@SpringBootApplication
@EnableConfigServer
//@EnableEurekaClient
public class ConfigApplication {
public static void main(String[] args) {
SpringApplication.run(ConfigApplication.class);
}
}
// config
server:
port: 8711
spring:
application:
name: spcd-config
cloud:
config:
server:
git:
basedir: E:\log # 本地倉庫保存地址
uri: https://github.com/ZeWeStar/spring-cloud-config
search-paths: spcd-config # 目錄
username: xxxx
password: xxxx
# config server join Eureka
eureka:
client:
registry-fetch-interval-seconds: 30
service-url:
defaultZone: http://127.0.0.1:8761/eureka/
instance:
lease-renewal-interval-in-seconds: 30
lease-expiration-duration-in-seconds: 90
prefer-ip-address: true
instance-id: ${spring.cloud.client.ip-address}:${spring.application.name}:${server.port}
logging:
#level:
#xxxx: debug
path: E:\log\spcd
file: ${spring.application.name}
- config client
// import
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
// bootstrap.yml 必須配置在 bootstrap中 Config First Bootstrap
spring:
application:
name: user #對應配置文件 {application}
cloud:
config:
profile: dev #對應配置文件 {profile}
label: master #對應配置文件 {label}
uri: http://127.0.0.1:8711
fail-fast: true # can not connect server fail startup
注意
- git倉庫中文件命名 {application}-{profile}.yml ,如 user-dev.yml
- 訪問方式 label 爲git的分支(默認 master)
- /{application}/{profile}[/{label}]
- /{application}-{profile}.yml
- /{label}/{application}-{profile}.yml
基礎架構
遠程Git倉庫:用來存儲配置文件的地方 如:user-dev.yml
ConfigServer: 分佈式配置中心,連接Git倉庫
本地Git倉庫:client從server請求配置信息時,server從遠程Git倉庫獲取最新版本到本地git倉庫(server在臨時目錄維護),然後從本地倉庫讀取返回,當遠程無法訪問時,直接返回本地倉庫內容。
Service A & Service B :config client 使用 bootstrap.yml指定 config server 獲取配置信息。
Security
config server 配置security
// import
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
// set config server username & password
spring:
security:
user:
name: user
password: 123456789
config client 配置username & password
spring:
cloud:
config:
username: user
password: 123456789
注意:client 未配置正確username&password ,日誌出401錯誤
敏感信息加密解密
配置中心放入 github 中的敏感信息,進行加密處理,例如數據庫密碼等。
1、首先需要準備一個不限長度的JCE版本(Java Cryptography Extension (JCE) Unlimited Strength ),在ORACLE官網下載(注意jdk版本)
替換$JAVA_HOME/jre/lib/security (開發中一般使用的jdk中的jre)中的的上示2個jar包。再次啓動config server 顯示日誌
訪問 /encrypt/status
{"description":"No key was installed for encryption service","status":"NO_KEY"}
2、配置密鑰
2.1、對稱性密鑰 配置在 bootstrap.yml
encrypt:
key: key123456
2.2、非對稱密鑰
通過JDK keytool 工具生成密鑰對
$ keytool -genkeypair -alias mytestkey -keyalg RSA \
-dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" \
-keypass changeme -keystore server.jks -storepass letmein
配置在bootstrap.yml
encrypt:
keyStore:
location: classpath:/server.jks
password: letmein
alias: mytestkey
secret: changeme
訪問 /encrypt/status
{"status":"OK"}
3、配置文件中加密前綴 {cipher} 如數據庫密碼
spring:
datasource:
username: dbuser
password: '{cipher}f8845323019d118a2155cb86f96fb2fe6390c0e7f0811fd38686136895742c3c' #zewe123456
可通過 訪問接口測驗加密解密
高可用配置
config server 加入 eureka中,且config client 在boostrap.yml中配置
eureka:
client:
service-url:
defaultZone: http://127.0.0.1:8761/eureka/
spring:
application:
name: user
cloud:
config:
discovery:
enabled: true
service-id: spcd-config
profile: test
label: master
#uri: http://127.0.0.1:8711
username: user
password: 123456789