Spring cloud config server and SSH git repository


Create a spring cloud config server application

Create a maven project with following POM file

    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-monitor</artifactId>
        </dependency>
    </dependencies>

Create main java class with required configuration as following:

@SpringBootApplication
@EnableConfigServer
public class ConfigServerApplication {

    public static void main(String[] args) {
        SpringApplication.run(ConfigServerApplication.class, args);
    }
}

Generate a key pair

Then export the private key under OpenSSH format by Conversions -> Export OpenSSH key

Now you have two private keys and one public key:

  • id_rsa
  • id_rsa_openssh
  • id_rsa.pub

Register the public key with git account

Copy the public key in file id_rsa.pub and add to Git server, e.g., Gitlab

Get the host key according to key pair

The host key is a key for one specified client (config service server in our case) that access to git server. You need to get this key when deploy this component to different server.

Use the following command:

ssh git-server.org

Then you will receive a question as following:

ECDSA key fingerprint is 1e:1a:24:a1:51:9e:b3:65:5c:1e:96:e3:35:e2:cb:bb.
Are you sure you want to continue connecting (yes/no)?

After choosing yes, there will be one added entry in file .ssh/known_hosts indicate the host key for this server, it could like

AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKGyq3I/rmrUrmB8yPFogHsrBK/2rN7+WrNJwbaYQgWiY/iK32RVnO7RwslBOEPoODOF8b4CmNUP+z1L0Mo41ik=

Update the config server application

Ignore the system system settings

spring:
    cloud:
        config:
            server:
                git:
                    uri: git@gitlabserver/config-repo.git
                    ignoreLocalSshSettings: true

Configure host key and private key

spring:
    cloud:
        config:
            server:
                git:
                    uri: git@gitlabserver/config-repo.git
                    ignoreLocalSshSettings: true
                    strictHostKeyChecking: false
                    host-key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKGyq3I/rmrUrmB8yPFogHsrBK/2rN7+WrNJwbaYQgWiY/iK32RVnO7RwslBOEPoODOF8b4CmNUP+z1L0Mo41ik=
                    hostKeyAlgorithm: ssh-rsa
                    clone-on-start: true
                    force-pull: true
                    basedir: ${user.home}/data/config-repo
                    privateKey: |
                        -----BEGIN RSA PRIVATE KEY-----
                        MIIEoQIBAAKCAQEAqVJhFzMZ1P+NnKBFBkOZa89qhNOVSyKazYaSFJc64LoEW/CD
                        pYBg2lVUL49njjq5RKqTjRhE4yWyqqafpbKLaRDejoY65roteGB9ilH059oUen9W
                        pDrhc9O0BqL9sfUptMI1Enhzo/kZLc1VKmU72croohTe6Rhlh5LjrACql2CLUm9k
                        pXzih1CH5UE2c7AiabkMbyAOsPp0Z/TZekXSvoIratxDtCKanNroIUTs+K51+eC6
                        Gx0eZ+UqPjMyRzBv7N+zW2NC+CNG2365W56c9afuYE9P9QYxACo6yt5BLB4EjeQN
                        zqicHXh6Irc1JLVsQhFRyCWNj/UmLgOy6eU6ZQIBJQKCAQBAEVUrX3GO3TyAc/5x
                        EqjBAl+n4VsVgrcdVYNhvK5+i5LyWwFhN36XzUJy3FCyW2iyMrRdYyD8AG0d+duK
                        ze+PiderjLxXTV1QJIKHXUfpBmidDZZnp5OTnDZHs0s8apoouC/BzLYiXkDg5ejf
                        m+0h+b/OoBz+QJUeiptV1r0Wrkf/AwtBGJSIOrDaduBE3YuE1avL/OKC3D5Dc5qZ
                        yzyML9oXmCamLIUt7SNbGOg0/2K9aL74LNoYCCHkQmjP+gwVFvXs0ON6AaOIXYbI
                        AK02wPsLnX7J/sZBkf+/0JV0xRbBv2dyE2UIbEXpzTHp/PFPK49v/3jxwk3dhSOk
                        T3I1AoGBAP1y92iavzuUMjHDTSoSOcxQ1i3FIyHj/RpPwW4B11c1vJaskcGeN2oF
                        cVjUiI6S7vHgJeuGj5hTQ7WcgQJC67NB0KabXszXvlABtfCKwHrKm5AqR1TcCe6m
                        a4x5PvBcQE7Mctzbl8Z8MaXyELcN6OskJdDct16LswHMLahNCvDrAoGBAKsGpswD
                        RdVB8PBy3nKG466C9098l3GXt0fTpnd0QxJfa6/JE9LMdYd5dtZuQ6+QikhJuEOW
                        8mpC1RsPlPZw5sFOwBUXShzwPA/M0Zt3JXz1xTRywywDJBHRBfgf03yti7B4QHr8
                        b9zmcdJGvwx1i3EV0876SwGp5TIGGr6zvy3vAoGAS1mH0v2SzIYBFbaaZnQfBWQj
                        /8T8m190wqIW6Vp+SlwVeOcyQHslOzIM8OU9WtG8qMYZHIHzVsylbVgKraUxUPfk
                        FdsqBYw/f5HOTm5wkzVQ19U3zR7ShThlKcMuYyJYTscpETpdjgk/MVXNnjSRWqnh
                        uqJ7tFMLtG0iVKFIcSMCgYEAhgwh3iwUI7A5YoOLwYxRlp4AG7SuDOyIu8GQT8nT
                        tHRNe/Cg1acrr18zoSX9sx5C3rZSJyNIYR+gHCD4NscxZxQ1r6p4W97i96CInHIk
                        TS9VYHWf5DnQKaPUPwQwI3ND+QRONuGIG9c2neRsOjKduX/PhozTAU3PULitLa96
                        KusCgYAtIHsoZ6Y5at1jtOICyhCnjxdBrvb60XJyqyG7uNLZERaRveNDE9axpNPV
                        ffhdWXxdDuXqpFi+Ci0jWxC/aWar4g9fWH3AITNM2t2HBDpEzfjICZx7GKqFeTEk
                        Rg3zqTBX6uSyR7JVwqZI04TOK3wWpRdCt67kjuWGnTclSS0ayg==
                        -----END RSA PRIVATE KEY-----

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.