Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Centralized Configuration

Centralized Configuration

Centralized Configuration using Spring Cloud, Consul and Vault

Eko Kurniawan Khannedy

July 26, 2017
Tweet

More Decks by Eko Kurniawan Khannedy

Other Decks in Technology

Transcript

  1. CENTRALIZED CONFIGURATION WHAT IS CONSUL? ▸ Service Discovery (via DNS

    or HTTP) ▸ Failure Detection (health checking) ▸ Key-Value Storage (for dynamic configuration) ▸ Multi Datacenter
  2. CENTRALIZED CONFIGURATION CONSUL CLUSTER ARCHITECTURE ▸ Datacenter ▸ Agent, a

    the long running daemon on every member of the Consul cluster ▸ Server, an agent with an expanded set of responsibilities ▸ Client, an agent that forwards all RPCs to a server
  3. CENTRALIZED CONFIGURATION SETUP CONSUL CLUSTER IP Address Role 192.0.0.1 Bootstrap

    Consul Server 192.0.0.2 Consul Server 192.0.0.3 Consul Server
  4. CENTRALIZED CONFIGURATION SETUP CONSUL SERVER 1 (BOOTSTRAP) {
 “bootstrap”: true,


    “server”: true,
 “datacenter”: “blibli",
 “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.0.1”,
 “client_addr” : “192.0.0.1”
 }
  5. CENTRALIZED CONFIGURATION SETUP CONSUL SERVER 2 {
 “bootstrap”: false,
 “server”:

    true,
 “datacenter”: “blibli",
 “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.0.2”,
 “client_addr” : “192.0.0.2”,
 “start_join” : [ “192.0.0.1”, “192.0.0.3” ]
 }
  6. CENTRALIZED CONFIGURATION SETUP CONSUL SERVER 3 {
 “bootstrap”: false,
 “server”:

    true,
 “datacenter”: “blibli",
 “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.0.3”,
 “client_addr” : “192.0.0.3”,
 “start_join” : [ “192.0.0.1”, “192.0.0.2” ]
 }
  7. CENTRALIZED CONFIGURATION SETUP CONSUL CLIENT {
 “server”: false,
 “datacenter”: “blibli",


    “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.1.1”,
 “client_addr” : “192.0.1.1”,
 “start_join” : [ “192.0.0.1”, “192.0.0.2”, “192.0.0.3” ]
 }
  8. CENTRALIZED CONFIGURATION START CONSUL AGENT consul agent -ui -config-dir /opt/consul/config

    ▸ All consul configuration saved as json file in a directory. ▸ Consul automatically read all json file in config directory.
  9. CENTRALIZED CONFIGURATION WHAT IS VAULT? Vault secures, stores, and tightly

    controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.
  10. CENTRALIZED CONFIGURATION CONFIGURED VAULT WITH CONSUL backend "consul" {
 address

    = "127.0.0.1:8500"
 path = "vault"
 } listener "tcp" {
 address = "127.0.0.1:8200"
 tls_disable = 1
 }
  11. CENTRALIZED CONFIGURATION INITIALIZED VAULT export VAULT_ADDR='http://127.0.0.1:8200' vault init
 
 Unseal

    Key 1: Xjgw4P1d9f0lJZRlSqqmVM+AlHijLECiFa9cG2WwuNt+
 Unseal Key 2: c9QjPxYlYT4JBEYGVFPRS7ieE3oRIe6bfd56lXYEFv6j
 Unseal Key 3: ho7eoaQTaBiiUC4PQBuJVvFABr4w0VAlGZKdSeBYuz3w
 Unseal Key 4: NMTsFqhUstk2cKxw/iCFE7pLVAFlWB+/gDxFd/sbLll5
 Unseal Key 5: EZuPVPnjKu0TfxeOIP+qS7p1wiBJnraiO3S8WINevT7J Initial Root Token: dda76855-067d-e2b0-ff9c-4b35b3ddb05c
  12. CENTRALIZED CONFIGURATION READ VALUE FROM VAULT vault auth vault read

    secret/pyeongyang-common Key Value
 --- -----
 refresh_interval 768h0m0s
 key value
  13. CENTRALIZED CONFIGURATION NEXT PLAN ▸ Pyeongyang Backend Common + Member

    will be the first project using Consul. (June Release Train) ▸ Configuration Management for all Spring Boot Projects should use Consul + Vault. (July - August Release Train) ▸ We will use Consul as Service Registry. ▸ We will use Client Side Load Balancing.
  14. CENTRALIZED CONFIGURATION REFERENCES ▸ https://www.consul.io/ ▸ https://www.vaultproject.io/ ▸ https://cloud.spring.io/spring-cloud-config/ ▸

    https://cloud.spring.io/spring-cloud-consul/ ▸ http://cloud.spring.io/spring-cloud-vault/ ▸ https://spring.io/guides/gs/centralized-configuration/