Foreword
Last year we did a project in transition micro Services Architecture 1.0, but this service monitoring has not kept pace. This does not, recently I was assigned the task you want to service our core micro-monitoring applications all together. Our micro-service applications are SpringBoot application, and therefore naturally think of Actuator With Spring Boot module.
Benpian after I complete this work order, summarize learning applications for Spring Boot Actuator module. In this article, you can learn to:
1. Getting started quickly using Spring Boot Actuator of
2, some of the important endpoints of Spring Boot Actuator introduction of
3, how to view real-time thread dump information currently applied by Actuator module
4, how to view the heap information about the current application in real time by Actuator Module
5, how to print the log level of the current real-time changes applied by Actuator module
6, ...
Then I will introduce:
TODO: SpringBoot micro-services application integration to achieve Prometheus + Grafana Monitoring Alarms
First, what is Spring Boot Actuator
Spring Boot Actuator module provides production-level features, such as health checks, audits, metrics collection, HTTP tracking, help us monitor and manage Spring Boot application, Bean loading conditions, environment variables, log information, thread information, JVM heap information . This module is a collection of information within the application module is exposed to the outside, the above-described functions can be accessed via HTTP and JMX.
Because exposure characteristics of inside information, Actuator can also be some external application monitoring and system integration (Prometheus, Graphite, DataDog, Influx, Wavefront, New Relic, etc.). These monitoring systems provide excellent dashboards, graphs, analysis and alerts to help you through a unified user-friendly interface, monitor and manage your applications.
Actuator use Micrometer integration with these external application monitoring system. As a result, with little configuration can easily integrate external monitoring system.
Micrometer provides a common API to collect performance data on the Java platform, applications only need to use Micrometer common API to collect performance metrics can be. Micrometer will be responsible for completing the work of adaptation to different monitoring systems. This makes the switch monitoring system easy.
The contrast Slf4j located in the Java Logger.
Second, the fast start, create a Spring Boot Actuator Demo
Let's create a demo application.
You can create by Spring Boot CLI:
spring init -d=web,actuator -n=actuator-demo actuator-demoOr create by Spring Initializr:
Corresponding maven dependency:
<dependencies>
...
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
...
</dependencies>Corresponding Gradle dependency:
dependencies {
compile("org.springframework.boot:spring-boot-starter-actuator")
}Three, Endpoints introduction
Spring Boot provides a so-called endpoints (endpoint translation below) to access and interact with the application to the outside.
Analogy, the /healthendpoint provides some basic information about the health of the application. metricsEndpoint provides some useful applications index (JVM memory usage, CPU usage systems, etc.).
These Actuator module already has an endpoint which we call primary endpoint. According to the role of the endpoint, we can be divided into three categories:
Application configuration class: obtain configuration information category is closely related to the Spring Boot application application loading the application configuration, environment variables, automated configuration reports.
度量指标类:获取应用程序运行过程中用于监控的度量指标,比如:内存信息、线程池信息、HTTP请求统计等。
操作控制类:提供了对应用的关闭等操作类功能。
详细的原生端点介绍,请以官网为准,这里就不赘述徒增篇幅。
需要注意的就是:
1、每一个端点都可以通过配置来单独禁用或者启动
2、不同于Actuator 1.x,Actuator 2.x 的大多数端点默认被禁掉。Actuator 2.x 中的默认端点增加了 /actuator前缀。默认暴露的两个端点为 /actuator/health和 /actuator/info
四、端点暴露配置
我们可以通过以下配置,来配置通过JMX 和 HTTP 暴露的端点。
| Property | Default |
|---|---|
management.endpoints.jmx.exposure.exclude |
|
management.endpoints.jmx.exposure.include |
* |
management.endpoints.web.exposure.exclude |
|
management.endpoints.web.exposure.include |
info,healt |
可以打开所有的监控点
management.endpoints.web.exposure.include=*也可以选择打开部分,"*" 代表暴露所有的端点,如果指定多个端点,用","分开
management.endpoints.web.exposure.exclude=beans,trace`Actuator 默认所有的监控点路径都在 /actuator/*,当然如果有需要这个路径也支持定制。
management.endpoints.web.base-path=/minitor设置完重启后,再次访问地址就会变成 /minitor/*。
现在我们按照如下配置:
# "*" 代表暴露所有的端点 如果指定多个端点,用","分开
management.endpoints.web.exposure.include=*
# 赋值规则同上
management.endpoints.web.exposure.exclude=启动DEMO程序,访问 http://localhost:8080/actuator,查看暴露出来的端点:
上面这样显示是因为chrome 浏览器安装了 JSON-handle 插件,实际上就是返回一大段json
下面,我会着重介绍几个比较重要的端点。
五、重要端点解析
5.1 /health端点
/health端点会聚合你程序的健康指标,来检查程序的健康情况。端点公开的应用健康信息取决于:
management.endpoint.health.show-details=always该属性可以使用以下值之一进行配置:
| Name | Description |
|---|---|
never |
不展示详细信息,up或者down的状态,默认配置 |
when-authorized |
详细信息将会展示给通过认证的用户。授权的角色可以通过 management.endpoint.health.roles配置 |
always |
对所有用户暴露详细信息 |
按照上述配置,配置成 always之后,我们启动项目,访问 http://localhost:8080/actuator/health端口,可以看到这样的信息:
是不是感觉好像健康信息有点少?先别急,那是因为我们创建的是一个最基础的Demo项目,没有依赖很多的组件。
/health端点有很多自动配置的健康指示器:如redis、rabbitmq、db等组件。当你的项目有依赖对应组件的时候,这些健康指示器就会被自动装配,继而采集对应的信息。如上面的 diskSpace 节点信息就是 DiskSpaceHealthIndicator 在起作用。
上述截图取自官方文档
这是我另一个项目的 /health端点信息。
当如上的组件有一个状态异常,应用服务的整体状态即为down。我们也可以通过配置禁用某个组件的健康监测。
management.health.mongo.enabled: false或者禁用所有自动配置的健康指示器:
management.health.defaults.enabled: false⭐自定义 Health Indicator
当然你也可以自定义一个Health Indicator,只需要实现 HealthIndicator 接口或者继承 AbstractHealthIndicator类。
/**
* @author Richard_yyf
* @version 1.0 2020/1/16
*/
@Component
public class CustomHealthIndicator extends AbstractHealthIndicator {
@Override
protected void doHealthCheck(Health.Builder builder) throws Exception {
// 使用 builder 来创建健康状态信息
// 如果你throw 了一个 exception,那么status 就会被置为DOWN,异常信息会被记录下来
builder.up()
.withDetail("app", "这个项目很健康")
.withDetail("error", "Nothing, I'm very good");
}
}最终效果:
5.2 /metrics端点
/metrics端点用来返回当前应用的各类重要度量指标,比如:内存信息、线程信息、垃圾回收信息、tomcat、数据库连接池等。
{
"names": [
"tomcat.threads.busy",
"jvm.threads.states",
"jdbc.connections.active",
"jvm.gc.memory.promoted",
"http.server.requests",
"hikaricp.connections.max",
"hikaricp.connections.min",
"jvm.memory.used",
"jvm.gc.max.data.size",
"jdbc.connections.max",
....
]
}不同于1.x,Actuator在这个界面看不到具体的指标信息,只是展示了一个指标列表。为了获取到某个指标的详细信息,我们可以请求具体的指标信息,像这样:
http://localhost:8080/actuator/metrics/{MetricName}比如我访问 /actuator/metrics/jvm.memory.max,返回信息如下:
你也可以用query param的方式查看单独的一块区域。比如你可以访问 /actuator/metrics/jvm.memory.max?tag=id:Metaspace。结果就是:
5.3 /loggers端点
/loggers 端点暴露了我们程序内部配置的所有logger的信息。我们访问 /actuator/loggers可以看到,
你也可以通过下述方式访问单独一个logger,
http://localhost:8080/actuator/loggers/{name}比如我现在访问 root logger, http://localhost:8080/actuator/loggers/root
{
"configuredLevel": "INFO",
"effectiveLevel": "INFO"
}⭐改变运行时的日志等级
/loggers端点我最想提的就是这个功能,能够动态修改你的日志等级。
比如,我们可以通过下述方式来修改 root logger的日志等级。我们只需要发起一个URL 为 http://localhost:8080/actuator/loggers/root的 POST请求,POST报文如下:
{
"configuredLevel": "DEBUG"
}
仔细想想,这个功能是不是非常有用。如果在生产环境中,你想要你的应用输出一些Debug信息以便于你诊断一些异常情况,你你只需要按照上述方式就可以修改,而不需要重启应用。
如果想重置成默认值,把value 改成
null
5.4 /info端点
/info端点可以用来展示你程序的信息。我理解过来就是一些程序的基础信息。并且你可以按照自己的需求在配置文件 application.properties中个性化配置(默认情况下,该端点只会返回一个空的json内容。):
info.app.name=actuator-test-demo
info.app.encoding=UTF-8
info.app.java.source=1.8
info.app.java.target=1.8
# 在 maven 项目中你可以直接用下列方式引用 maven properties的值
# [email protected]@
# [email protected]@
# [email protected]@启动项目,访问 http://localhost:8080/actuator/info:
{
"app": {
"encoding": "UTF-8",
"java": {
"source": "1.8.0_131",
"target": "1.8.0_131"
},
"name": "actuator-test-demo"
}
}5.5 /beans端点
/beans端点会返回Spring 容器中所有bean的别名、类型、是否单例、依赖等信息。
访问 http://localhost:8080/actuator/beans,返回如下:
5.6 /heapdump 端点
访问:http://localhost:8080/actuator/heapdump会自动生成一个 Jvm 的堆文件 heapdump。我们可以使用 JDK 自带的 Jvm 监控工具 VisualVM 打开此文件查看内存快照。
5.7 /threaddump 端点
I personally feel that this endpoint is particularly useful, convenient and we see the thread when the daily positioning problem. The main show thread name, state of the thread ID, thread, whether to wait for lock resources, such as thread stack information. It is possible to see less intuitive. Access http://localhost:8080/actuator/threaddumpreturns the following:
5.8 /shutdownEndpoint
The endpoints belong to the operation control based endpoint, gracefully close Spring Boot application. To use this feature you first need to open the configuration file:
management.endpoint.shutdown.enabled=trueSince the shutdown interface defaults to only support POST requests , we start the Demo project, to http://localhost:8080/actuator/shutdowninitiate POSTthe request. returned messages:
{
"message": "Shutting down, bye..."
}Then the application is closed.
Due to the open close operation of the application itself is a very dangerous thing, so the real online use, we need to join them some protection mechanisms, such as: custom path Actuator endpoints, integrating Spring Security for security check and so on. (Not particularly necessary, do not open this endpoint)
Sixth, the integration of Spring Security endpoint security check
Since the information generated by interaction endpoints and are very sensitive to the need to prevent unauthorized external access. If your application exists in Spring Security dependency, when using the default HTTP-based authentication forms to protect endpoints.
If not, just add the corresponding dependencies to:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>After the addition, we need to define security validation rules to override the default configuration of Spring Security.
Here I give two versions of the template configuration:
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.context.ShutdownEndpoint;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author Richard_yyf
*/
@Configuration
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
/*
* version1:
* 1\. 限制 '/shutdown'端点的访问,只允许ACTUATOR_ADMIN访问
* 2\. 允许外部访问其他的端点
* 3\. 允许外部访问静态资源
* 4\. 允许外部访问 '/'
* 5\. 其他的访问需要被校验
* version2:
* 1\. 限制所有端点的访问,只允许ACTUATOR_ADMIN访问
* 2\. 允许外部访问静态资源
* 3\. 允许外部访问 '/'
* 4\. 其他的访问需要被校验
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// version1
// http
// .authorizeRequests()
// .requestMatchers(EndpointRequest.to(ShutdownEndpoint.class))
// .hasRole("ACTUATOR_ADMIN")
// .requestMatchers(EndpointRequest.toAnyEndpoint())
// .permitAll()
// .requestMatchers(PathRequest.toStaticResources().atCommonLocations())
// .permitAll()
// .antMatchers("/")
// .permitAll()
// .antMatchers("/**")
// .authenticated()
// .and()
// .httpBasic();
// version2
http
.authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint())
.hasRole("ACTUATOR_ADMIN")
.requestMatchers(PathRequest.toStaticResources().atCommonLocations())
.permitAll()
.antMatchers("/")
.permitAll()
.antMatchers("/**")
.authenticated()
.and()
.httpBasic();
}
}application.propertiesThe configuration is as follows:
# Spring Security Default user name and password
spring.security.user.name=actuator
spring.security.user.password=actuator
spring.security.user.roles=ACTUATOR_ADMIN