These are chat archives for spring-cloud/spring-cloud

6th
Apr 2017
softmanu
@softmanu
Apr 06 2017 05:39

Hi,
how to know the service name or service id of the incoming request in zuul's pre filter. Although I can find the target/outgoing service id by using ctx.get("serviceId") but this is not the incoming request's service id..

for example:-

service-a makes a request to service-b via router(zuul)
then in route-filter , if i do ctx.get("serviceId") it gives me service-b. but I need service-a
do we have any api/method that will me the incoming request's service-id i.e. service-a ???
Spencer Gibb
@spencergibb
Apr 06 2017 05:40
only if service-a send a well known header
softmanu
@softmanu
Apr 06 2017 05:43
in service-a, i am making request using restTeamplate i.e.
this.restTemplate.getForObject("http://router/service-b", String.class);
how do i pass the headers in this case..?
softmanu
@softmanu
Apr 06 2017 06:03
I think I got it.. thanks for the response.. :smile: :+1:
Yang Lifan
@yanglifan
Apr 06 2017 11:13
anyone encounter this issue "EventSource's response has a MIME type ("text/html") that is not "text/event-stream". Aborting the connection." when use Hystrix dashboard
blob
Dave Syer
@dsyer
Apr 06 2017 11:15
Generally it means there was an error in the server
Maybe you reached your connection limit?
Might be a proxy.
Yang Lifan
@yanglifan
Apr 06 2017 11:16
no proxy, just a local app
Dave Syer
@dsyer
Apr 06 2017 11:16
If you look at the response as well as the header you can probably tell
Yang Lifan
@yanglifan
Apr 06 2017 11:16
just create a basic app with start.spring.io
involve Hystrix and Hystrix Dashboard
Dave Syer
@dsyer
Apr 06 2017 11:16
The response will be visible with developer plugin F12
Yang Lifan
@yanglifan
Apr 06 2017 11:17
invoke a Hystrix command when Spring context init
Dave Syer
@dsyer
Apr 06 2017 11:17
It's literally impossible to debug from chat messages
You'll have to try and find the error in the server.
Yang Lifan
@yanglifan
Apr 06 2017 11:18
blob
Dave Syer
@dsyer
Apr 06 2017 11:19
I believe you had an error
Yang Lifan
@yanglifan
Apr 06 2017 11:19
The code is very simple
Dave Syer
@dsyer
Apr 06 2017 11:19
You just haven't said why
Yang Lifan
@yanglifan
Apr 06 2017 11:19
blob
Dave Syer
@dsyer
Apr 06 2017 11:19
Can you curl the /hystrix.stream?
Yang Lifan
@yanglifan
Apr 06 2017 11:19
ok, i ll try
Dave Syer
@dsyer
Apr 06 2017 11:24
That's because it's the dashboard UI
The one that fails is http://localhost:8080/hystrix.stream
Yang Lifan
@yanglifan
Apr 06 2017 11:26
Dave Syer
@dsyer
Apr 06 2017 11:29
"curl -v" will give you the headers too
Yang Lifan
@yanglifan
Apr 06 2017 11:41
i works, i missed spring-boot-starter-actuator
thank u
it works
Stevo Slavić
@sslavic
Apr 06 2017 11:47
about my vault client question from yesterday, do answers depend on vault backend being used?
Dave Syer
@dsyer
Apr 06 2017 11:49
The only person who knows is probably @mp911de
and he's at an offsite
Stevo Slavić
@sslavic
Apr 06 2017 11:49
ah, clear, thanks
truth is in the source :)
Sushant Borse
@sushant91265_twitter
Apr 06 2017 12:17
hi all, can anybody help me with this Netflix/Hystrix#1526 ?
Stevo Slavić
@sslavic
Apr 06 2017 12:23
@sushant91265_twitter see discussion above with @yanglifan
Sushant Borse
@sushant91265_twitter
Apr 06 2017 12:27
@sslavic actually my app is behind nginx
so I'm able to get the stream data using curl but failing through dashboard
Mark Paluch
@mp911de
Apr 06 2017 14:16
@sslavic It basically depends on what you set up. With Spring Vault's @VaultPropertySource loading defaults to no-lease-renewal so properties are loaded eagerly, one-by-one at the time the propertysource is initialized
Stevo Slavić
@sslavic
Apr 06 2017 14:18
will it be single request to vault per property being referenced or single call to load them all for some vault path?
Mark Paluch
@mp911de
Apr 06 2017 14:18
Using Spring Cloud Vault/ @VaultPropertySource(… , renew = (RENEW|ROTATE) ) will use a different way. For the application properties are still loaded eagerly (because of synchronization) but inside they use SecretLeaseContainer with TaskScheduler. Concurrency depends on the number of threads but usually multiple requests go in parallel
Each VaultPropertySource fetches its own secrets and issues an own request
IIRC there is an ongoing effort for batch secret fetching in Vault but it didn't progress well
Stevo Slavić
@sslavic
Apr 06 2017 14:21
ok, request per secret is not a big problem for us at the moment
Mark Paluch
@mp911de
Apr 06 2017 14:22
Since secrets are JSON the whole structure is flattened ({foo: { bar:'value'}} to foo.bar=value)
Requests doesn't happen on property-level but on path level
Stevo Slavić
@sslavic
Apr 06 2017 14:23
ah, great
so we could put all secrets app needs in single json on node/path in Vault, and it would be loaded once per instance startup
unless we explicitly use renew feature, no more request would be made to Vault
until next restart/deployment
Mark Paluch
@mp911de
Apr 06 2017 14:26
well, yes, it depends a bit on whether you want to segregate secrets based on services (v1/secret/app/database, v1/secret/app/http-api-keys, …)
many things play into that decision but you're basically free to use it the way you like
There's a ticket for Spring Vault to consider lease_duration for generic secrets so the app comes back to the path after time expired to reload data (in a Cache TTL sense)
However, that's something you configure per VaultPropertySource. You can mix'n'match and have many of these
Stevo Slavić
@sslavic
Apr 06 2017 14:29
clear
thinking about secrets rotation
I guess it depends on authentication mechanism, e.g. different workflow if keys are used, tokens, or username/pass
Mark Paluch
@mp911de
Apr 06 2017 14:33
Not sure I follow...usually, you should obtain a permanent token (longer-lived token) while you app is running so you can issue subsequent calls to Vault, not only an single initial call
Tokens (login state) is managed through LifecycleAwareSessionManager
Stevo Slavić
@sslavic
Apr 06 2017 14:33
yes, that's for Vault client
Mark Paluch
@mp911de
Apr 06 2017 14:33
it looks on the token TTL, keeps it alive and re-logins when the token expires
That's a pre-requisite for rotation
Stevo Slavić
@sslavic
Apr 06 2017 14:34
I'm talking now about apps/services talking with each other using secrets obtained from Vault
Mark Paluch
@mp911de
Apr 06 2017 14:34
If you go for rotation, you're basically required to implement the "what happens on rotation" part yourself
Exposing rotated secrets through Environment already happens but you need to take into account the components that are configured with these values
Setting a new username/password on a DataSource pool isn't the thing you're primarily willing to do
but rather exposing a DataSource that routes to the DataSource with the most recent config
Similar things for HTTP client authentication
Stevo Slavić
@sslavic
Apr 06 2017 14:36
would be nice to have these typical cases supported out-of-the-box - yes, spoiled Spring users :)
Mark Paluch
@mp911de
Apr 06 2017 14:37
I think we'll get there eventually
Right now we're about to publish the first GA release
Stevo Slavić
@sslavic
Apr 06 2017 14:38
not sure where would that fit, vault-config-client "just" does one thing and does it well, this seems like higher level
Mark Paluch
@mp911de
Apr 06 2017 14:38
My view on these integrations is rather limited right now because I didn't look too deep into the possible integrations
Maybe a spring-vault-support module would be a fit or we could think what to do with Boot. With Spring Cloud we have at least @RefreshScope
Stevo Slavić
@sslavic
Apr 06 2017 14:39
clear, thank you very much
Mark Paluch
@mp911de
Apr 06 2017 14:39
Gotta run right now. Feel free to file tickets so we can continue discussion in a Github issue
Lukáš Vasek
@bilak
Apr 06 2017 15:08
@spencergibb please is problem of this issue being implemented in current Dalston train? I just want to somehow get all available services from discovery immediately after application startup.
Dave Syer
@dsyer
Apr 06 2017 15:19
@bilak Spencer is on PTO today.
Did you try a snapshot?
Dalston is ready for release.
Ryan Baxter
@ryanjbaxter
Apr 06 2017 15:19
i dont recall any changes in this area either
so likely the funcationality is the same in Dalston
Ryan Baxter
@ryanjbaxter
Apr 06 2017 15:45
This might be due to the functionality of the Netflix DiscoveryClient
it doesnt seem to notify listeners of status changes when the client is shutdown
so if you restart the client i dont think it sees it as a status change from the Eureka point of view
at the least that is what i can gather from reading the code quickly
Lukáš Vasek
@bilak
Apr 06 2017 16:25
@dsyer no I didn't I just looked into closed issues and didn't found any relevant content
@ryanjbaxter did you commented to my issue or is that commend for someone else?
Ryan Baxter
@ryanjbaxter
Apr 06 2017 17:14
@bilak that was to u
Lukáš Vasek
@bilak
Apr 06 2017 18:45
@ryanjbaxter ok thanks, and is something like that on backlog? Currently when you want to communicate with other services you must wait for first heartbeat from eureka. So wait 30 seconds. In some cases it's too much.
Dave Syer
@dsyer
Apr 06 2017 19:20
It's what it is. That's how eureka works.
You can configure a few things for dev time to make it quicker
(See the user guide)