Tutorial: Read a secret from Azure Key Vault in a Spring Boot application | Microsoft Docs
======================
PS E:\ideaMyProject2\keyvault> az login
A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
[
{
"cloudName": "AzureCloud",
"homeTenantId": "9c6f33c6-0a22-45e9-b129-78843f81e5f8",
"id": "1e084e44-86cb-4469-a7b4-144285f0f2cb",
"isDefault": true,
"managedByTenants": [],
"name": "免费试用",
"state": "Enabled",
"tenantId": "9c6f33c6-0a22-45e9-b129-78843f81e5f8",
"user": {
"name": "908163862@qq.com",
"type": "user"
}
}
]PS E:\ideaMyProject2\keyvault> az account list
[
{
"cloudName": "AzureCloud",
"homeTenantId": "9c6f33c6-0a22-45e9-b129-78843f81e5f8",
"id": "1e084e44-86cb-4469-a7b4-144285f0f2cb",
"isDefault": true,
"managedByTenants": [],
"name": "免费试用",
"state": "Enabled",
"tenantId": "9c6f33c6-0a22-45e9-b129-78843f81e5f8",
"user": {
"name": "908163862@qq.com",
"type": "user"
}
}
]
PS E:\ideaMyProject2\keyvault> az account set -s 1e084e44-86cb-4469-a7b4-144285f0f2cbPS E:\ideaMyProject2\keyvault> az account set -s 1e084e44-86cb-4469-a7b4-144285f0f2cb
PS E:\ideaMyProject2\keyvault> az ad sp create-for-rbac --name contososp --role Contributor --scopes /subscriptions/1e084e44-86cb-4469-a7b4-144285f0f2cb
{
"appId": "6dbe9b78-5f0a-46f2-b653-9c229a88a776",
"displayName": "contososp",
"password": "XSt8Q~V02HZy6ZRxDqV3AU2A~c1w.xcMsnMQYau2",
"tenant": "9c6f33c6-0a22-45e9-b129-78843f81e5f8"
}PS E:\ideaMyProject2\keyvault> az group create --name contosorg --location eastasia
{
"id": "/subscriptions/1e084e44-86cb-4469-a7b4-144285f0f2cb/resourceGroups/contosorg",
"location": "eastasia",
"managedBy": null,
"name": "contosorg",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}PS E:\ideaMyProject2\keyvault> az keyvault create --resource-group contosorg --name contosokv0614 --enabled-for-deployment true --enabled-for-disk-encryption true --enabled-for-template-deployment true --location eastasia --query properties.vaultUri --sku standard
"https://contosokv0614.vault.azure.net/"az keyvault set-policy --name contosokv0614 --spn 6dbe9b78-5f0a-46f2-b653-9c229a88a776 --secret-permissions get listaz keyvault secret set --name "connectionString" --vault-name "contosokv0614" --value "jdbc:sqlserver://SERVER.database.windows.net:1433;database=DATABASE;"<plugin>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-webapp-maven-plugin</artifactId>
<version>2.5.0</version>
</plugin>mvn azure-webapp:configmvn -DskipTests clean package azure-webapp:deployaz webapp identity assign --resource-group contosorg --name keyvault0614
PS E:\ideaMyProject2\keyvault> az webapp identity assign --resource-group contosorg --name keyvault0614
{
"principalId": "c617a35b-353a-4633-9780-740551ee75c0",
"tenantId": "9c6f33c6-0a22-45e9-b129-78843f81e5f8",
"type": "SystemAssigned",
"userAssignedIdentities": null
}
az keyvault set-policy --name contosokv0614--object-id c617a35b-353a-4633-9780-740551ee75c0 --secret-permissions get list
mvn -DskipTests clean package azure-webapp:deploy
报错了。。。
2022-06-14T01:01:22.828440530Z Picked up JAVA_TOOL_OPTIONS: -Xmx1350M -Djava.net.preferIPv4Stack=true
2022-06-14T01:03:19.406749968Z 01:03:19.378 [main] ERROR org.springframework.boot.SpringApplication - Application run failed
2022-06-14T01:03:19.406836068Z java.lang.IllegalStateException: Failed to configure KeyVault property source
2022-06-14T01:03:19.406845069Z at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySource(KeyVaultEnvironmentPostProcessor.java:127)
2022-06-14T01:03:19.406852469Z at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySourceList(KeyVaultEnvironmentPostProcessor.java:112)
2022-06-14T01:03:19.406857569Z at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:85)
2022-06-14T01:03:19.406862569Z at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEnvironmentPreparedEvent(EnvironmentPostProcessorApplicationListener.java:102)
2022-06-14T01:03:19.406867269Z at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEvent(EnvironmentPostProcessorApplicationListener.java:87)
2022-06-14T01:03:19.406871869Z at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176)
2022-06-14T01:03:19.406876569Z at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169)
2022-06-14T01:03:19.406881269Z at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)
2022-06-14T01:03:19.406885969Z at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)
2022-06-14T01:03:19.406890569Z at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:82)
2022-06-14T01:03:19.406901469Z at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:63)
2022-06-14T01:03:19.406907469Z at java.util.ArrayList.forEach(ArrayList.java:1259)
2022-06-14T01:03:19.406911769Z at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:117)
2022-06-14T01:03:19.406916169Z at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:111)
2022-06-14T01:03:19.406926369Z at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:62)
2022-06-14T01:03:19.406930969Z at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:375)
2022-06-14T01:03:19.406934969Z at org.springframework.boot.SpringApplication.run(SpringApplication.java:333)
2022-06-14T01:03:19.406938869Z at org.springframework.boot.SpringApplication.run(SpringApplication.java:1365)
2022-06-14T01:03:19.406942969Z at org.springframework.boot.SpringApplication.run(SpringApplication.java:1354)
2022-06-14T01:03:19.406946869Z at com.example.keyvault.sample.KeyvaultApplication.main(KeyvaultApplication.java:18)
2022-06-14T01:03:19.406950769Z at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2022-06-14T01:03:19.406954969Z at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
2022-06-14T01:03:19.406958969Z at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2022-06-14T01:03:19.406962869Z at java.lang.reflect.Method.invoke(Method.java:498)
2022-06-14T01:03:19.406966769Z at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
2022-06-14T01:03:19.406970769Z at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
2022-06-14T01:03:19.406974770Z at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
2022-06-14T01:03:19.406978670Z at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)
2022-06-14T01:03:19.406982770Z Caused by: reactor.core.Exceptions$ReactiveException: java.io.IOException: Server returned HTTP response code: 400 for URL: http://172.16.0.2:8081/msi/token?resource=https%3A%2F%2Fvault.azure.net&api-version=2019-08-01&client_id=c617a35b-353a-4633-9780-740551ee75c0
2022-06-14T01:03:19.406987670Z at reactor.core.Exceptions.propagate(Exceptions.java:392)
2022-06-14T01:03:19.406991470Z at reactor.core.publisher.BlockingSingleSubscriber.blockingGet(BlockingSingleSubscriber.java:97)
2022-06-14T01:03:19.406995470Z at reactor.core.publisher.Flux.blockLast(Flux.java:2645)
2022-06-14T01:03:19.406999270Z at com.azure.core.util.paging.ContinuablePagedByIteratorBase.requestPage(ContinuablePagedByIteratorBase.java:94)
2022-06-14T01:03:19.407003270Z at com.azure.core.util.paging.ContinuablePagedByPageIterable$ContinuablePagedByPageIterator.<init>(ContinuablePagedByPageIterable.java:57)
2022-06-14T01:03:19.407007470Z at com.azure.core.util.paging.ContinuablePagedByPageIterable.iterator(ContinuablePagedByPageIterable.java:41)
2022-06-14T01:03:19.407011470Z at java.lang.Iterable.spliterator(Iterable.java:101)
2022-06-14T01:03:19.407015570Z at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultOperation.lambda$refreshProperties$2(KeyVaultOperation.java:140)
2022-06-14T01:03:19.407019670Z at java.util.Optional.map(Optional.java:215)
2022-06-14T01:03:19.407027170Z at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultOperation.refreshProperties(KeyVaultOperation.java:140)
2022-06-14T01:03:19.407031470Z at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultOperation.<init>(KeyVaultOperation.java:77)
2022-06-14T01:03:19.407035770Z at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySource(KeyVaultEnvironmentPostProcessor.java:124)
2022-06-14T01:03:19.407039870Z ... 27 common frames omitted
2022-06-14T01:03:19.407043670Z Suppressed: java.lang.Exception: #block terminated with an error
2022-06-14T01:03:19.407047370Z at reactor.core.publisher.BlockingSingleSubscriber.blockingGet(BlockingSingleSubscriber.java:99)
2022-06-14T01:03:19.407051370Z ... 37 common frames omitted
2022-06-14T01:03:19.407055170Z Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: http://172.16.0.2:8081/msi/token?resource=https%3A%2F%2Fvault.azure.net&api-version=2019-08-01&client_id=c617a35b-353a-4633-9780-740551ee75c0
2022-06-14T01:03:19.407059670Z at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1902)
2022-06-14T01:03:19.407063570Z at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1500)
2022-06-14T01:03:19.407067470Z at com.azure.identity.implementation.IdentityClient.lambda$authenticateToManagedIdentityEndpoint$55(IdentityClient.java:1322)
2022-06-14T01:03:19.407071770Z at reactor.core.publisher.MonoCallable.subscribe(MonoCallable.java:57)
2022-06-14T01:03:19.407075770Z at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
2022-06-14T01:03:19.407079870Z at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
2022-06-14T01:03:19.407083770Z at reactor.core.publisher.MonoDelaySubscription.accept(MonoDelaySubscription.java:53)
2022-06-14T01:03:19.407087570Z at reactor.core.publisher.MonoDelaySubscription.accept(MonoDelaySubscription.java:34)
2022-06-14T01:03:19.407091570Z at reactor.core.publisher.FluxDelaySubscription$DelaySubscriptionOtherSubscriber.onNext(FluxDelaySubscription.java:131)
2022-06-14T01:03:19.407095570Z at reactor.core.publisher.MonoDelay$MonoDelayRunnable.propagateDelay(MonoDelay.java:271)
2022-06-14T01:03:19.407099470Z at reactor.core.publisher.MonoDelay$MonoDelayRunnable.run(MonoDelay.java:286)
2022-06-14T01:03:19.407103670Z at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68)
2022-06-14T01:03:19.407107471Z at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28)
2022-06-14T01:03:19.407111271Z at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2022-06-14T01:03:19.407115171Z at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
2022-06-14T01:03:19.407119071Z at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
2022-06-14T01:03:19.407125771Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
2022-06-14T01:03:19.407129871Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
2022-06-14T01:03:19.407133771Z at java.lang.Thread.run(Thread.java:748)
2022-06-14T01:03:19.784883717Z Wait for pid == 159 either returned successfully or was interrupted due to a signal 159
2022-06-14T01:03:19.786090226Z Done waiting for main process. GLOBAL_PID_MAIN=159.
2022-06-14T01:03:19.792486274Z Exiting entry script!
2022-06-14T01:03:20.646Z ERROR - Container keyvault0614_0_0c96f113 for site keyvault0614 has exited, failing site start
2022-06-14T01:03:21.432Z ERROR - Container keyvault0614_0_0c96f113 didn't respond to HTTP pings on port: 80, failing site start. See container logs for debugging.
2022-06-14T01:03:21.472Z INFO - Stopping site keyvault0614 because it failed during startup.
2022-06-14T01:04:24 No new trace in the past 1 min(s).
2022-06-14T01:05:24 No new trace in the past 2 min(s).
2022-06-14T01:06:24 No new trace in the past 3 min(s).
2022-06-14T01:06:43.445Z INFO - Pulling image: mcr.microsoft.com/appsvc/msitokenservice:stage6
2022-06-14T01:06:43.627Z INFO - stage6 Pulling from appsvc/msitokenservice
2022-06-14T01:06:43.628Z INFO - Digest: sha256:cc56bdc01ad5e52f2ec2d529b120f08e42e4eb67685d4d02c7c4236c1eb11aa6
2022-06-14T01:06:43.628Z INFO - Status: Image is up to date for mcr.microsoft.com/appsvc/msitokenservice:stage6
2022-06-14T01:06:43.634Z INFO - Pull Image successful, Time taken: 0 Minutes and 0 Seconds
2022-06-14T01:06:43.684Z INFO - Starting container for site
2022-06-14T01:06:43.685Z INFO - docker run -d --expose=8081 --name keyvault0614_0_d5134716_msiProxy -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=keyvault0614.azurewebsites.net -e WEBSITE_INSTANCE_ID=dc53be36b799cb821204690280fca101c99336de96f5c8afcfa31feca04d4aad -e WEBSITE_USE_DIAGNOSTIC_SERVER=False mcr.microsoft.com/appsvc/msitokenservice:stage6
2022-06-14T01:06:43.685Z INFO - Logging is not enabled for this container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
is container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
2022-06-14T01:06:54.100Z INFO - Initiating warmup request to container keyvault0614_0_d5134716_msiProxy for site keyvault0614
2022-06-14T01:06:54.161Z INFO - Container keyvault0614_0_d5134716_msiProxy for site keyvault0614 initialized successfully and is ready to serve requests.
2022-06-14T01:06:54.167Z INFO - Initiating warmup request to container keyvault0614_0_d5134716 for site keyvault0614
2022-06-14T01:07:09.625Z INFO - Waiting for response to warmup request for container keyvault0614_0_d5134716. Elapsed time = 15.5658225 sec
2022-06-14T01:07:25.321Z INFO - Waiting for response to warmup request for container keyvault0614_0_d5134716. Elapsed time = 31.261722 sec
2022-06-14T01:07:40.722Z INFO - Waiting for response to warmup request for container keyvault0614_0_d5134716. Elapsed time = 46.6634521 sec
2022-06-14T01:07:55.920Z INFO - Waiting for response to warmup request for container keyvault0614_0_d5134716. Elapsed time = 61.8617045 sec
2022-06-14T01:08:11.121Z INFO - Waiting for response to warmup request for container keyvault0614_0_d5134716. Elapsed time = 77.0620566 sec
2022-06-14T01:08:26.381Z INFO - Waiting for response to warmup request for container keyvault0614_0_d5134716. Elapsed time = 92.3226127 sec
免费30天的账号只能新建B1类型的pricingTier ,内存只有1.7G,怀疑是不是起容器的时候内存不够了?导致起不了。
crazy。。。
扫一扫
1034
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
