Skip to content

Commit

Permalink
simplify config server process (#153)
Browse files Browse the repository at this point in the history 
## Purpose
Simplify the config server steps
- use public repo for the config server
- some other refines

## Does this introduce a breaking change?
<!-- Mark one with an "x". -->
```
[ ] Yes
[x] No
```

## Pull Request Type
What kind of change does this Pull Request introduce?

<!-- Please check the one that applies to this PR using "x". -->
```
[ ] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[x] Documentation content changes
[ ] Other... Please describe:
```
  • Loading branch information
@sonwan2020
sonwan2020 authored Dec 16, 2024
1 parent 8d2bc15 commit e83202b
Show file tree
Hide file tree
Showing 11 changed files with 124 additions and 239 deletions.
8 changes: 6 additions & 2 deletions config/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,14 @@

# embedded database init, supports mysql too trough the 'mysql' spring profile
spring:
datasource:
url: jdbc:mysql://${SQL_SERVER}.mysql.database.azure.com:3306/petclinic?useSSL=true
username: ${SQL_USER}
password: ${SQL_PASSWORD}
sql:
init:
schema-locations: classpath*:db/hsqldb/schema.sql
data-locations: classpath*:db/hsqldb/data.sql
schema-locations: classpath*:db/mysql/schema.sql
data-locations: classpath*:db/mysql/data.sql
mode: ALWAYS
jms:
queue:
Expand Down
91 changes: 38 additions & 53 deletions docs/02_lab_launch/0203.md
View file
Original file line number Diff line number Diff line change
@@ -1,82 +1,67 @@
---
title: '3. Config repo'
title: '3. MySQL database'
layout: default
nav_order: 3
parent: 'Lab 2: Launch to Azure Container Apps'
---

# Set up a configuration repository
# Create an Azure MySQL Database service

The Spring Petclinic microservices provides a config server that your apps can use. You do need to however provide a git repository for this config server and link this git repo to the server. The current configuration used by the Spring microservices resides in the [config folder of the GitHub repo for this lab](https://github.com/Azure-Samples/java-microservices-aca-lab/tree/main/config). You will need to create your own private git repo in this exercise, since, in one of its steps, you will be changing some of the configuration settings.
You now have the compute service that will host your applications. Before you start deploying individual microservices as Azure Container Apps, you need to first create an Azure Database for MySQL Flexible Server-hosted database for them. To accomplish this, you can use the following guidance:

{: .note }
> We simplified some of the original config of the spring-petclinic-microservices application to make some of the lab steps easier to execute.
As part of the setup process, you need to create a Personal Access Token (PAT) in your GitHub repo and make it available to the config server. It is important that you make note of the PAT after it has been created.

- [Guidance for creating a PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
- [Quickstart: Create an Azure Database for MySQL Flexible Server using Azure CLI](https://learn.microsoft.com/azure/mysql/flexible-server/quickstart-create-server-cli).

Once you have your own config repository to work with, you will have to update the _spring-petclinic-config-server/src/main/resources/application.yml_ file of the _spring-petclinic-config-server_ application to make use of this new repo. At least, in case when you self host the config server.

In ACA, we can make use of the build-in configserver component, which you will use in one of the next modules.
Your MySQL database will also have a firewall enabled. This firewall will by default block all incoming calls. You will need to open this firewall in case you want to connect to it from your microservices running in the ACA environment.

## Step by step guidance

1. On your lab computer, in your web browser, navigate to your GitHub account, navigate to the **Repositories** page and create a new private repository named **spring-petclinic-microservices-config**.
1. Run the following commands to create an instance of MySQL Flexible server. Note that the name of the server must be globally unique, so adjust it accordingly in case the randomly generated name is already in use. Keep in mind that the name can contain only lowercase letters, numbers and hyphens. In addition, replace the `<sqladmin-password>` placeholder with a complex password and record its value.

{: .note }
> Make sure to configure the repository as private.
1. Once the repo gets created, copy the repo URL.

1. To create a PAT, in your browser, select the avatar icon in the upper right corner, and then select **Settings**.

1. At the bottom of the vertical navigation menu, select **Developer settings**, select **Personal access tokens**, and then select **Generate new token**.

1. On the **New personal access token** page, in the **Note** text box, enter a descriptive name, such as **spring-petclinic-config-server-token**.

{: .note }
> There is a new **Beta** experience available on GitHub for more fine-grained access tokens. This experience will create a token with a more limited scope than full repository scope (which basically gives access to all your repositories). The lab will work as well with a more fine-grained token, in that case, in the **Fine-grained tokens (Beta)** token creation page, choose for **Only select repositories** and select your config repository. For the **Repository permissions** select for the **Contents** the **Read-only** access level. You can use this fine-grained token when you configure your config-server on Azure Spring Apps. We recommend you create a second token in case you also need a personal access token for interacting with the repositories from the commandline prompt.
1. In the **Select scopes** section, select **repo** and then select **Generate token**.
> Here we use mysql admin password for apps to connect to sql server, this is not recommanded in production environment. Please refer to [Lab 04: Connect to Database securely using identity]({% link docs/04_lab_secrets/04_openlab_secrets_aca.md %}) for the secured managed identity solution.
1. Record the generated token. You will need it in this and subsequent labs.
Replace the `<sqladmin-password>` with your own password.

{: .note }
> You can check the validity of your token with the following statement: `curl -XGET -H 'authorization: token <token_value>' 'https://api.github.com/repos/<user_name>/spring-petclinic-microservices-config'`. This statement should succeed. If it does not, redo the above steps for generating the PAT token.
```bash
MYSQL_SERVER_NAME=mysql-$APPNAME-$UNIQUEID
MYSQL_ADMIN_USERNAME=sqladmin
MYSQL_ADMIN_PASSWORD="<sqladmin-password>"
DATABASE_NAME=petclinic

az mysql flexible-server create \
--admin-user "$MYSQL_ADMIN_USERNAME" \
--admin-password "$MYSQL_ADMIN_PASSWORD" \
--name "$MYSQL_SERVER_NAME" \
--resource-group "$RESOURCE_GROUP" \
--public-access none \
--yes
```

{: .note }
> In case you are running this lab in a GitHub codespace, you can use the same **Create a codespace** option as you did for the lab project for making edits in the config repo. In the config repository, go to **Code** and next **Codespaces**. Next select **Create a codespace**. Your codespace of the config repository will now get created in your browser window. You can do this instead of the below clone steps. You will need to execute the below `curl` steps in your codespace.
> In case you don't see the **Create a codespace** option in your repository, add a **README.md** file, refresh the page and retry.
> Wait for the provisioning to complete. This might take about 3 minutes.
1. Change the current directory to the **workspaces** folder. Next, clone the newly created GitHub repository by typing `git clone`, pasting the clone URL you copied into Clipboard in the previous step, and entering the PAT string followed by the `@` symbol in front of `github.com`.
1. Run the following commands to create a database in the Azure Database for MySQL Flexible Server instance.

```bash
cd ~/workspaces
# Clone config repo
git clone https://<token>@github.com/<your-github-username>/spring-petclinic-microservices-config.git
az mysql flexible-server db create \
--server-name $MYSQL_SERVER_NAME \
--resource-group $RESOURCE_GROUP \
-d $DATABASE_NAME
```

{: .note }
> Make sure to replace the `<token>` and `<your-github-username>` placeholders in the URL listed above with the value of the GitHub PAT and your GitHub user name when running the `git clone` command.
1. Change the current directory to the newly created **spring-petclinic-microservices-config** folder and prepare all the config server configuration yaml files from the [config folder of the GitHub repo for this lab](https://github.com/Azure-Samples/java-microservices-aca-lab/tree/main/config) to the local folder on your lab computer.
1. You will also need to allow connections to the server from your ACA environment. For now, you will create a server firewall rule to allow inbound traffic from all Azure Services.

You may copy from the lab repo directory. Adjust the source directory in your lab environment.
Check the status of your sql server
![SQL Server Networking](../../images/sql-server-manage-firewall.png)

```bash
cp ../java-microservices-aca-lab/config/*.yml .
```
The configuration `Allow Azure services and resources to access this server` adds an IP based firewall rule with start and end IP address of `0.0.0.0`, See [Connections from inside Azure](https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql#connections-from-inside-azure).

1. Run the following commands to commit and push your changes to your private GitHub repository.
If this checkbox is not set for your sql server by default policy, run this command to set:

```bash
git add .
git commit -m 'added base config'
git push
az mysql flexible-server firewall-rule create \
--rule-name allAzureIPs \
--name $MYSQL_SERVER_NAME \
--resource-group $RESOURCE_GROUP \
--start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
```

1. In your web browser, refresh the page of the newly created _spring-petclinic-microservices-config_ repository and double check that all the configuration files are there.

{: .note }
> At this point, the admin account user name and password are stored in clear text in the application.yml config file. In one of upcoming exercises, you will remediate this potential vulnerability by removing clear text credentials from your configuration.
93 changes: 28 additions & 65 deletions docs/02_lab_launch/0204.md
View file
Original file line number Diff line number Diff line change
@@ -1,87 +1,50 @@
---
title: '4. MySQL database'
title: '4. Config repo'
layout: default
nav_order: 4
parent: 'Lab 2: Launch to Azure Container Apps'
---

# Create an Azure MySQL Database service
# Set up a configuration repository

You now have the compute service that will host your applications and the config server that will be used by your migrated application. Before you start deploying individual microservices as Azure Container Apps, you need to first create an Azure Database for MySQL Flexible Server-hosted database for them. To accomplish this, you can use the following guidance:
You now have the compute service that will host your applications and the MySQL Server database to persistent the application data.

- [Quickstart: Create an Azure Database for MySQL Flexible Server using Azure CLI](https://learn.microsoft.com/azure/mysql/flexible-server/quickstart-create-server-cli).
The Spring Petclinic microservices provides a config server that your apps can use. In Azure Container Apps, we can make use of the build-in config server component, which you will use in one of the next modules.

You will also need to update the config for your applications to use the newly provisioned MySQL Server. This will involve updating the application.yml config file in your private git config repo with the values provided in the MySQL Server connection string.

Your MySQL database will also have a firewall enabled. This firewall will by default block all incoming calls. You will need to open this firewall in case you want to connect to it from your microservices running in the ACA environment.
In this guide, we will see how we set the database info in configurations.

## Step by step guidance

1. Run the following commands to create an instance of MySQL Flexible server. Note that the name of the server must be globally unique, so adjust it accordingly in case the randomly generated name is already in use. Keep in mind that the name can contain only lowercase letters, numbers and hyphens. In addition, replace the `<sqladmin-password>` placeholder with a complex password and record its value.

{: .note }
> Here we use mysql admin password for apps to connect to sql server, this is not recommanded in production environment. Please refer to [Lab 04: Connect to Database securely using identity]({% link docs/04_lab_secrets/04_openlab_secrets_aca.md %}) for the secured managed identity solution.
You do need to however provide a git repository for this config server and link this git repo to the server. The current configuration used by the Spring microservices resides in the [config folder of the GitHub repo for this lab](https://github.com/Azure-Samples/java-microservices-aca-lab/tree/main/config).

Replace the `<sqladmin-password>` with your own password.
{: .note }
> We simplified some of the original config of the spring-petclinic-microservices application to make some of the lab steps easier to execute.
```bash
MYSQL_SERVER_NAME=mysql-$APPNAME-$UNIQUEID
MYSQL_ADMIN_USERNAME=sqladmin
MYSQL_ADMIN_PASSWORD="<sqladmin-password>"
DATABASE_NAME=petclinic
1. Check the content of the config file [application.yml](https://github.com/Azure-Samples/java-microservices-aca-lab/blob/main/config/application.yml).

az mysql flexible-server create \
--admin-user "$MYSQL_ADMIN_USERNAME" \
--admin-password "$MYSQL_ADMIN_PASSWORD" \
--name "$MYSQL_SERVER_NAME" \
--resource-group "$RESOURCE_GROUP" \
--public-access none \
--yes
```yaml
spring:
datasource:
url: jdbc:mysql://${SQL_SERVER}.mysql.database.azure.com:3306/petclinic?useSSL=true
username: ${SQL_USER}
password: ${SQL_PASSWORD}
sql:
init:
schema-locations: classpath*:db/mysql/schema.sql
data-locations: classpath*:db/mysql/data.sql
mode: ALWAYS
```
{: .note }
> Wait for the provisioning to complete. This might take about 3 minutes.
1. Run the following commands to create a database in the Azure Database for MySQL Flexible Server instance.

```bash
az mysql flexible-server db create \
--server-name $MYSQL_SERVER_NAME \
--resource-group $RESOURCE_GROUP \
-d $DATABASE_NAME
```

1. You will also need to allow connections to the server from your ACA environment. For now, you will create a server firewall rule to allow inbound traffic from all Azure Services.

Check the status of your sql server
![SQL Server Networking](../../images/sql-server-manage-firewall.png)

The configuration `Allow Azure services and resources to access this server` adds an IP based firewall rule with start and end IP address of `0.0.0.0`, See [Connections from inside Azure](https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql#connections-from-inside-azure).

If this checkbox is not set for your sql server by default policy, run this command to set:

```bash
az mysql flexible-server firewall-rule create \
--rule-name allAzureIPs \
--name $MYSQL_SERVER_NAME \
--resource-group $RESOURCE_GROUP \
--start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
```

1. In the config repository you cloned locally, use your favorite text editor to open the _application.yml_ file. Replace the full contents of the _application.yml_ file with the contents of [this application.yml](0204_application.yml) file. The updated _application.yml_ file includes the following changes:

- It changes the default `spring.sql.init` values to use `mysql` configuration.
- It adds a `spring.datasource` property for your mysql database.

1. In the part you pasted, update the values of `url`, `username`, `password` in the segment `spring.datasource`. Set these values by using the information in the Azure Database for MySQL Flexible Server connection string you recorded earlier in this task.
- properties of `spring.datasource` to build connections to mysql database.
- properties of `spring.sql.init` for sql database initial operations.

1. Save the changes and push the updates you made to the _application.yml_ file to your private GitHub repo by running the following commands from the commandline prompt:
1. Collect info about the default git config repo

```bash
git add .
git commit -m 'azure mysql info'
git push
GIT_URI="https://github.com/Azure-Samples/java-microservices-aca-lab.git"
SEARCH_PATH="config"
LABEL=main
```

{: .note }
> At this point, the admin account user name and password are stored in clear text in the application.yml config file. In one of upcoming exercises, you will remediate this potential vulnerability by removing clear text credentials from your configuration.
{: .note }
> In the first part of this lab, we use public repository for the config server and put place holder variables in the application.yml config file for SQL user and passord. We have to put the credentials in some configurations when create or update container apps. In one of upcoming exercises, you will remediate this potential vulnerability by removing clear text credentials from your configuration.
71 changes: 0 additions & 71 deletions docs/02_lab_launch/0204_application.yml
View file

This file was deleted.

Loading

0 comments on commit e83202b

Please sign in to comment.