These are chat archives for spring-cloud/spring-cloud

13th
Jul 2016
ccit-spence
@ccit-spence
Jul 13 2016 09:10
Is it possible to run ProcessBuilder using Spring Cloud Task?
Dave Syer
@dsyer
Jul 13 2016 09:20
Everything's possible
If you are forming a process you lose some control I guess. But as long as you wait for it to finish it should satisfy the contract.
I think people are already doing this with Python and ML applications
ccit-spence
@ccit-spence
Jul 13 2016 09:22
that is a really neat project
It feels like AWS Lambda
yet, better
Dave Syer
@dsyer
Jul 13 2016 09:24
Yes. Watch this space
ccit-spence
@ccit-spence
Jul 13 2016 09:24
When it comes to ProcessBuilder I assume it would need a valid exit code. getting hung up would cause a crash of some sort?
Will a task timeout if PB freezes?
I will play around with it and see, I have a set of services that would be perfect for short run task.
bitsofinfo
@bitsofinfo
Jul 13 2016 13:02

running the hystrix dashboard in my app, when I get redirected to
https://localhost:8081/hystrix/monitor?stream=https%3A%2F%2Flocalhost%3A8081%2Fhystrix.stream&title=t1

I see Unable to connect to Command Metric Stream. in red.

In the javascript console there are 2 failed GET's for https://localhost:8081/proxy.stream?origin=https%3A%2F%2Flocalhost%3A8081%2Fhystrix.stream

The status is just "cancelled". No errors server side in logs. Javascript console states EventSource's response has a MIME type ("text/html") that is not "text/event-stream". Aborting the connection.

Dave Syer
@dsyer
Jul 13 2016 13:23
Sounds like your hystrix.stream is broken
Or maybe your network?
Proxy?
bitsofinfo
@bitsofinfo
Jul 13 2016 13:23
no local proxies, this is all on my local box
looks like the js in the browser dashboard does not like that mime type
if I go direct to https://localhost:8081/proxy.stream?origin=https%3A%2F%2Flocalhost%3A8081%2Fhystrix.stream in the browser, it just gives me the main hystrix welcome dashboard (with the form fields)
Dave Syer
@dsyer
Jul 13 2016 13:26
text/html is the wrong mime type for a hystrix stream
So you are getting the wrong content there
I'm guessing that thing is not a valid stream
bitsofinfo
@bitsofinfo
Jul 13 2016 13:36
hitting https://localhost:8081/hystrix.stream in browser yields me that hystrix welcome page
Dave Syer
@dsyer
Jul 13 2016 13:37
It should be a SSE stream
bitsofinfo
@bitsofinfo
Jul 13 2016 13:37
yes what i would have expected too
Dave Syer
@dsyer
Jul 13 2016 13:37
Isn't 8081 the location of your dashboard?
It's not a hystrix app.
So it won't have the stream
bitsofinfo
@bitsofinfo
Jul 13 2016 13:37
class is annotated @EnableHystrixDashboard
Dave Syer
@dsyer
Jul 13 2016 13:38
Yes, but that's the server side
the client is @EnableHystrix
There's not usually any point having that in the dashboard app (if it's a standalone).
bitsofinfo
@bitsofinfo
Jul 13 2016 13:44
k, have to try that then, I didn't see any reference to @EnableHystrix in the doc at http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html.
Dave Syer
@dsyer
Jul 13 2016 13:45
That's because the docs use @EnableCircuitBreaker
It's a synonym right now
Dave Syer
@dsyer
Jul 13 2016 13:47
Yeah, that's in the Consul section
No, it's not
Yes it is. I'm sorry.
Probably we should be consistent and make that @EnableCircuitBreaker
bitsofinfo
@bitsofinfo
Jul 13 2016 13:53

ok, so to get this to work I did 2 things.

  1. added @EnableHystrix in my main config class
  2. had to include compile 'org.springframework.cloud:spring-cloud-starter-hystrix'
  3. Then it works

  4. So a bit confused as to why prior to this addition of that dependency, my FeignClient with a fallback configured worked (it still does after too)... I thought that was already using Hystrix under the covers hence all the required libs were already in place. No?

Prior to adding that to my dependencies, I just had starter-eureka, starter-feign, and just the hystrix-dashboard dependencies declared.
bitsofinfo
@bitsofinfo
Jul 13 2016 14:31
Also, if you run the hystrix dashboard in docker, at least for me (my containers are in a named network) I have to alter the dashboard URI to look like this (note the port differences, as spring is listening on 8080 but the mapped w/ docker to 8084) https://localhost:8084/hystrix/monitor?stream=https%3A%2F%2Flocalhost%3A8080%2Fhystrix.stream&title=x
Without doing that, you end up w/ the same mime-type error but for a different reason on the server-side
Dave Syer
@dsyer
Jul 13 2016 15:15
I guess that's because there is no route from the container to "localhost:8084"
I'm not sure yet what this app is doing
You have a hystrix dashboard with some extra functionality
You don't want to run the dashboard as a standalone?
bitsofinfo
@bitsofinfo
Jul 13 2016 15:18
again i'm just testing, did not set it up as a separate app yet
re: the dependencies
not too worried about this docker thing, just wanted to note it
Dave Syer
@dsyer
Jul 13 2016 15:19
Feign can work without hystrix
I assume before you added it, you weren't actually getting any circuit breakers.
bitsofinfo
@bitsofinfo
Jul 13 2016 15:20
well, my fallbacks were getting invoked when the endpoint feign clients was talking to was down
Dave Syer
@dsyer
Jul 13 2016 15:29
It's probably something else in that starter then
You need the Spring Boot actuator to expose the /hystrix.stream
Maybe that was missing before?
bitsofinfo
@bitsofinfo
Jul 13 2016 15:30
Well without compile 'org.springframework.cloud:spring-cloud-starter-hystrix the app that had working feign clients with fallbacks being invoked, would not start when @EnableHystrix was introduced
turick
@turick
Jul 13 2016 16:41
hi all. i have a back-end service that requires basic authentication. i just set up a zuul service and it finds my back-end service and routes it correctly, and prompts me for my username and password, but it never actually lets me through... the username and password box just keep popping up. is there an easy way to enable forwarding my credentials to the service, or to statically send them for demo purposes?
or would this require spring session?
Dave Syer
@dsyer
Jul 13 2016 17:30
You need to whitelist the authorization header. Did you do that?
(See user guide section on sensitive headers)
turick
@turick
Jul 13 2016 17:34
no sir, i'll check it out. i just added a ZullFilter to inject the base64 encoded credentials
and one more quick question... i had this occasionally but it's starting to pop up every single time i check the /health endpoint of my service (or if consul does)
Cannot create JDBC driver of class 'org.h2.Driver' for connect URL 'jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE' java.sql.SQLException: No suitable driver at java.sql.DriverManager.getDriver(DriverManager.java:315) at org.apache.commons.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1437) at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1371) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:111) at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:77) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:338) at org.springframework.boot.actuate.health.DataSourceHealthIndicator.getProduct(DataSourceHealthIndicator.java:122)
i added management.health.db.enabled=true to my bootstrap properties, but it doesn't seem to help
Dave Syer
@dsyer
Jul 13 2016 17:50
Looks like you don't have h2 on the classpath
turick
@turick
Jul 13 2016 17:53
i added it just for fun (my app isn't actually using it). the /health endpoint is still reporting the db health, with the h2 db being "up". but after a few minutes it throws the same exception again.
and when i say for fun, i mean to see if it would fix the problem :)
turick
@turick
Jul 13 2016 18:28
well, i think i solved the h2 driver error... i had the management.health.db.enabled set to true instead of false. i haven't seen the problem again since i changed it to false, even though it's still a pretty weird error
however i'm having no luck with the authentication piece. my back-end service always sees the principal as anonymousUser
Dave Syer
@dsyer
Jul 13 2016 18:33
So you added sensitive headers to that route?
turick
@turick
Jul 13 2016 18:47
yes sir. i'm running some wireshark captures now
  routes:
    GeoServer:
        path: /geoserver/**
        stripPrefix: false
        sensitiveHeaders: Cookie,Set-Cookie,Authorization
Marcos Barbero
@marcosbarbero
Jul 13 2016 18:48
@turick remove Authorization from sensitiveHeaders
Zuul won’t downstream the header to the service if it’s on sensitiveHeaders
turick
@turick
Jul 13 2016 18:53
i just had my first success using the ZuulFilter... i had to add "Basic " in front of my base64 encoded credentials. i thought i needed Authorization in sensitive headers to be able to pass them down stream. i'll remove my zuul filter and the sensitive headers and try again, although that was my original configuration that didn't work
turick
@turick
Jul 13 2016 18:59
or am i confusing how to whitelist headers?
Spencer Gibb
@spencergibb
Jul 13 2016 19:06
sensitiveHeaders is a blacklist
turick
@turick
Jul 13 2016 19:08
ah, thank you. i'm still not having any luck. using wireshark to confirm that the authorization header isn't being passed (after i removed all sensitiveHeaders). only way it works is if i manually inject it with a ZuulFilter
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:09
how are you trying to reach the service? Have you a curl sample?
turick
@turick
Jul 13 2016 19:11
i'm using the chrome Advanced REST Client plugin. here are the raw headers being sent, and i can confirm them in wireshark from chrome -> zuul
GET /geoserver/ows?service=wfs&request=getcapabilities HTTP/1.1 HOST: localhost:8081 authorization: Basic YWRtaW46Z2Vvc2VydmVy
those are default credentials so it's ok i'm posting them :)
but the message that goes from zuul -> my service (geoserver) doesn't have authorization header
the only interesting thing i see is, in wireshark, the message from zuul -> geoserver seems to be split in 2
the first packet in my capture is number 15 and the next packet is 91 in sequence, however the unauthorized response comes back in sequence 25
seems odd to me
but in either packet 15 or 91, there is no auth header
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:14
your service is secured with Basic Authentication am I right? It’s using a remote auth server or the service is also handling the authentication?
turick
@turick
Jul 13 2016 19:14
the service is handling it's own auth
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:15
sure
turick
@turick
Jul 13 2016 19:15
and yes, it's basic auth
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:16
If you make a call directly to the service it’s working fine, right? Sorry for the baby questions hehehe it’s to discard any issue into the service
turick
@turick
Jul 13 2016 19:18
yes, it does work fine. no worries about the baby questions, i'm very glad for the help :) also, i can write a ZuulFilter that injects the auth header into every request and that works great. it's just that zuul isn't passing the auth header if it comes from the originating request
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:20
We’re missing something, I use the same approach here and it do works fine
Let’s try something different
instead of service specific sensitiveHeaders try to make it global adding:
zuul:
  sensitive-headers: Cookie,Set-Cookie
turick
@turick
Jul 13 2016 19:22
i totally removed sensitve headers... do i need Cookie and Set-Cookie? also, is it sensitive-headers or sensitiveHeaders?
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:23
any of them will work
have you set an empty value for sensitive-headers?
turick
@turick
Jul 13 2016 19:29
i just completely commented it out, so there is no sensitive-headers property in the config at all
  routes:
    GeoServer:
        path: /geoserver/**
        stripPrefix: false
       # sensitiveHeaders: Cookie,Set-Cookie,Authorization
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:52
that’s the wrong approach hehehe
If you comment it out it will have a default configuration
in the default configuration the Authorization header is black-listed and won’t downstream
Take a look on ZuulProperties class
turick
@turick
Jul 13 2016 19:54
ah! i just started playing and added in the headers with only cookie and set-cookie.... it's working!
thank you!
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:54
What a great news! :clap:
Spencer Gibb
@spencergibb
Jul 13 2016 19:55
thanks @marcosbarbero for being a great community member.
turick
@turick
Jul 13 2016 19:55
absolutely!
Spencer Gibb
@spencergibb
Jul 13 2016 19:56
I’m moving house shortly and my availability will be spotty until after spring one, so I really appreciate it.
Marcos Barbero
@marcosbarbero
Jul 13 2016 19:57
Thank you guys for bring out such amazing things. I’ll help as much as I can to keep it alive
Marcin Grzejszczak
@marcingrzejszczak
Jul 13 2016 20:45
:sparkles: for @marcosbarbero !
Marcos Barbero
@marcosbarbero
Jul 13 2016 21:12
Thanks @marcingrzejszczak 😁