Centralized Configuration

Transcript

1. CENTRALIZED CONFIGURATION EKO KURNIAWAN KHANNEDY USING CONSUL, VAULT AND SPRING

   CLOUD

2. CENTRALIZED CONFIGURATION AGENDA ▸ Consul ▸ Vault ▸ Spring Cloud

   ▸ Next Plan

3. CONSUL CENTRALIZED CONFIGURATION

4. None

5. CENTRALIZED CONFIGURATION WHAT IS CONSUL? ▸ Service Discovery (via DNS

   or HTTP) ▸ Failure Detection (health checking) ▸ Key-Value Storage (for dynamic configuration) ▸ Multi Datacenter

6. CENTRALIZED CONFIGURATION CONSUL CLUSTER ARCHITECTURE ▸ Datacenter ▸ Agent, a

   the long running daemon on every member of the Consul cluster ▸ Server, an agent with an expanded set of responsibilities ▸ Client, an agent that forwards all RPCs to a server

7. CENTRALIZED CONFIGURATION SETUP CONSUL CLUSTER IP Address Role 192.0.0.1 Bootstrap

   Consul Server 192.0.0.2 Consul Server 192.0.0.3 Consul Server

8. CENTRALIZED CONFIGURATION SETUP CONSUL SERVER 1 (BOOTSTRAP) {
 “bootstrap”: true,


   “server”: true,
 “datacenter”: “blibli",
 “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.0.1”,
 “client_addr” : “192.0.0.1”
 }

9. CENTRALIZED CONFIGURATION SETUP CONSUL SERVER 2 {
 “bootstrap”: false,
 “server”:

   true,
 “datacenter”: “blibli",
 “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.0.2”,
 “client_addr” : “192.0.0.2”,
 “start_join” : [ “192.0.0.1”, “192.0.0.3” ]
 }

10. CENTRALIZED CONFIGURATION SETUP CONSUL SERVER 3 {
 “bootstrap”: false,
 “server”:

    true,
 “datacenter”: “blibli",
 “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.0.3”,
 “client_addr” : “192.0.0.3”,
 “start_join” : [ “192.0.0.1”, “192.0.0.2” ]
 }

11. CENTRALIZED CONFIGURATION SETUP CONSUL CLIENT {
 “server”: false,
 “datacenter”: “blibli",


    “data_dir”: “/opt/var/consul”,
 “log_level”: “INFO”,
 “bind_addr” : “192.0.1.1”,
 “client_addr” : “192.0.1.1”,
 “start_join” : [ “192.0.0.1”, “192.0.0.2”, “192.0.0.3” ]
 }

12. CENTRALIZED CONFIGURATION START CONSUL AGENT consul agent -ui -config-dir /opt/consul/config

    ▸ All consul configuration saved as json file in a directory. ▸ Consul automatically read all json file in config directory.

13. CENTRALIZED CONFIGURATION

14. VAULT CENTRALIZED CONFIGURATION

15. None

16. CENTRALIZED CONFIGURATION WHAT IS VAULT? Vault secures, stores, and tightly

    controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.

17. CENTRALIZED CONFIGURATION VAULT ARCHITECTURE CLIENT BACKEND 
 STORAGE ▸ Consul

    ▸ Cassandra ▸ MongoDB ▸ PostgreSQL ▸ ……

18. CENTRALIZED CONFIGURATION CONFIGURED VAULT WITH CONSUL backend "consul" {
 address

    = "127.0.0.1:8500"
 path = "vault"
 } listener "tcp" {
 address = "127.0.0.1:8200"
 tls_disable = 1
 }

19. CENTRALIZED CONFIGURATION START VAULT vault server -config=config.hcl

20. CENTRALIZED CONFIGURATION INITIALIZED VAULT export VAULT_ADDR='http://127.0.0.1:8200' vault init
 
 Unseal

    Key 1: Xjgw4P1d9f0lJZRlSqqmVM+AlHijLECiFa9cG2WwuNt+
 Unseal Key 2: c9QjPxYlYT4JBEYGVFPRS7ieE3oRIe6bfd56lXYEFv6j
 Unseal Key 3: ho7eoaQTaBiiUC4PQBuJVvFABr4w0VAlGZKdSeBYuz3w
 Unseal Key 4: NMTsFqhUstk2cKxw/iCFE7pLVAFlWB+/gDxFd/sbLll5
 Unseal Key 5: EZuPVPnjKu0TfxeOIP+qS7p1wiBJnraiO3S8WINevT7J Initial Root Token: dda76855-067d-e2b0-ff9c-4b35b3ddb05c

21. CENTRALIZED CONFIGURATION UNSEAL VAULT vault unseal vault unseal vault unseal

22. CENTRALIZED CONFIGURATION WRITE VALUE TO VAULT vault auth vault write

    secret/pyeongyang-common key=value

23. CENTRALIZED CONFIGURATION READ VALUE FROM VAULT vault auth vault read

    secret/pyeongyang-common Key Value
 --- -----
 refresh_interval 768h0m0s
 key value

24. SPRING CLOUD CENTRALIZED CONFIGURATION

25. CENTRALIZED CONFIGURATION ADD CONSUL DEPENDENCY <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-consul-config</artifactId> </dependency>

26. CENTRALIZED CONFIGURATION ADD CONSUL CONFIGURATION (BOOTSTRAP.PROPERTIES) spring.application.name=blibli-demo spring.cloud.consul.config.fail-fast=true spring.cloud.consul.host=localhost spring.cloud.consul.port=8500

27. CENTRALIZED CONFIGURATION ADD VAULT DEPENDENCY <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-vault-config</artifactId> </dependency>

28. CENTRALIZED CONFIGURATION ADD VAULT CONFIGURATION (BOOTSTRAP.PROPERTIES) spring.cloud.vault.fail-fast=true spring.cloud.vault.scheme=${VAULT_SCHEME} spring.cloud.vault.host=${VAULT_HOST} spring.cloud.vault.port=${VAULT_PORT}

    spring.cloud.vault.token=${VAULT_TOKEN}

29. DEMO

30. NEXT PLAN CENTRALIZED CONFIGURATION

31. CENTRALIZED CONFIGURATION NEXT PLAN ▸ Pyeongyang Backend Common + Member

    will be the first project using Consul. (June Release Train) ▸ Configuration Management for all Spring Boot Projects should use Consul + Vault. (July - August Release Train) ▸ We will use Consul as Service Registry. ▸ We will use Client Side Load Balancing.

32. CENTRALIZED CONFIGURATION REFERENCES ▸ https://www.consul.io/ ▸ https://www.vaultproject.io/ ▸ https://cloud.spring.io/spring-cloud-config/ ▸

    https://cloud.spring.io/spring-cloud-consul/ ▸ http://cloud.spring.io/spring-cloud-vault/ ▸ https://spring.io/guides/gs/centralized-configuration/