What is Arthas and I’m not going to introduce it here, but if you don’t know Arthas you can go to the Arthas website and look at the tutorials Arthas Quick Start

Arthas provides a tool, Arthas Tunnel, that allows you to remotely manage/connect multiple agents using Arthas Tunnel Server/Client.

Based on the actual application scenario, I have extended the Arthas Tunnel Server functionality to make it easier to use:

  • Click through the cascading drop-down boxServices -> InstancesDisplay arthas Agent list automatically without manually entering agentId for connection;
  • Based on Nacos dynamic configurationUser -> ProjectAccess control, can dynamically add and modify users, passwords and users can access the project access;
  • Support for proxy connection mode, i.e. connect to arthas Agent through server forwarding agent;

The project address

GITHUB repository: arthas-ext

Functional specifications

Arthas Agent cascaded display

Access control

Add dataId=application.yaml,group=arthas-tunnel-web to nacOS config management.

arthas:
  tunnel:
    super-admin-role-sign: The '*' # Role identifier of the super administrator
    users:
      - name: arthas  # login name
        password: 123456  # login password
        roles: ${arthas.tunnel.super-admin-role-sign}  #roles=${arthas.tunnel.super-admin-role-sign} #roles=${arthas.tunnel.super-admin-role-sign
      - name: user1  # login name
        password: 123456  # login password
        roles: # list of accessible items
          - service-a
          - service-b
      - name: user2
        password: 123456
        roles:
          - service-b
Copy the code

The proxy pattern

The proxy mode is designed to solve the problem of the current browser being unable to access the arthas Agent due to network connectivity with the target Arthas Agent, for example when the target service is deployed in a K8S environment or to access services online

The solution is to set up the WebSocket proxy through the Tunnel Server (because the network between the Tunnel Server and the Arthas Agent must be connected), and the browser submits the WebSocket request to the Tunnel Server. The tunnel server acts as a forwarding proxy

Websocket implementation of forwarding agent in com. Wf2311. Arthas. Tunnel. The filter bag, most of the code migration in SpringCloud Gateway WebsocketRoutingFilter relevant code

Apply the name separator configuration

In order to distinguish the arthas Agent application name from agentId, the convention for agentId generation is < project name > + < delimiter > + < random string >. The default delimiter is @.

You can also change the delimiter by configuring the arthas.agent.split property value

dynamic-arthas-spring-boot-starter

Refer to the SpringBoot Admin integrated Arthas practice to provide Arthas dynamic switch effects based on com.Taobao. Arthas :arthas-spring-boot-starter

Maven coordinates

<dependency>
    <groupId>com.wf2311</groupId>
    <artifactId>dynamic-arthas-spring-boot-starter</artifactId>
    <version>2021.07 the SNAPSHOT</version>
</dependency>
Copy the code

Dynamic switch configuration

Whether arthas is enabled is controlled by the spring.arthas.enabled property, which defaults to false, meaning arthas is not enabled by default

Arthas can be dynamically turned on or off by setting Spring.arthas.Enabled in a configuration center such as Nacos

Parameter configuration

After dynamic-arthas-spring-boot-starter is introduced in the project, run the following command to connect to the arthas Tunnel Server

arthas:
  tunnel-server: ws://<ip>:<port>/ws  Arthas Tunnel Server IP address and Websocket port number respectively
  # Client ID, application name @ random value, tunnel server will intercept the string before @ delimiter as the application name
  agent-id: ${spring.application.name}@${random.value}
  http-port: 0  # 0 means random
  telnet-port: 0  # 0 means random
Copy the code

or

Arthas Tunnel IP and websocket port number respectively
arthas.tunnel-server=ws://<ip>:<port>/ws
# Client ID, application name @ random value, tunnel server will intercept the string before @ delimiter as the application name
arthas.agent-id=${spring.application.name}@${random.value}
# 0 means random
arthas.http-port=0
# 0 means random
arthas.telnet-port=0
Copy the code

The above parameters arecom.taobao.arthas:arthas-spring-boot-starterConfiguration parameters in. If the dynamic switching function is not required, it can be directly referencedcom.taobao.arthas:arthas-spring-boot-starter

Note: To ensure that the application name can be displayed on the Arthas Tunnel Server page, the format of arthas.agent-id=${spring.application.name}@${random. Value} must be the same as that specified in the application name separator configuration

Directions for use

In order to realize the function of dynamic permission control, this project relies on the configuration management of NACOS, so it needs to connect to the NACOS service

For details, see Permission Control and Application Name Delimiter Configuration

Note: This project does not support cluster deployment

Deployment way

The machine commissioning

Modify bootstrap.yml

  • spring.cloud.nacos.config.server-addr
  • spring.cloud.nacos.config.namespace

Start the project

Docker start

docker run -d -t -p 9999:9999 -p 7777:7777 \ -v ~/logs/arthas-tunnel-web/:/application/logs \ -e JAVA_OPTS='-Xmx512m -xms512m '\ -e SERVER_PORT='< Startup port of the service, default is 9999>' \ -e TUNNEL_SERVER_PORT='< startup port of the Tunnel Server, Default is 7777>' \ -e NACOS_ADDR='< nacOS service address >' \ -e NACOS_NAMESPACE='< nacOS namespace >' \ --name arthas-tunnel-web wf2311/arthas-tunnel-web:latestCopy the code

Docker – compose start

version: "3"
services:
  arthas-tunnel-web:
    image: wf2311/arthas-tunnel-web:latest
    container_name: arthas-tunnel-web
    environment:
      - JAVA_OPTS=-Xmx256m -Xms256m
      - SERVER_PORT=< Start port of the service, default is 9999>
      - TUNNEL_SERVER_PORT=<Tunnel Server boot port, default 7777>
      - NACOS_ADDR=< nacOS service address >
      - NACOS_NAMESPACE='
      
       '
      
    volumes:
      - ~/Share/logs/arthas-tunnel-web/:/application/logs
    ports:
      - "9999:9999"
      - "7777:7777"
Copy the code

K8s deployment script

apiVersion: apps/v1
kind: Deployment
metadata:
  name: arthas-tunnel-web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: arthas-tunnel-web
  template:
    metadata:
      labels:
        app: arthas-tunnel-web
    spec:
      containers:
        - env:
            - name: SERVER_PORT
              value: '< Service startup port, default is 9999>'
            - name: TUNNEL_SERVER_PORT
              value: '< Start port of Tunnel Server, default 7777>'
            - name: JVM_OPTS
              value: '-Xmx256m -Xms256m'
            - name: NACOS_ADDR
              value: '< NACOS service address >'
            - name: NACOS_NAMESPACE
              value: '
      
       '
      
          name: arthas-tunnel-web
          image: 'wf2311/arthas-tunnel-web:latest'
          imagePullPolicy: Always
          ports:
            - containerPort: <SERVER_PORT>
---
apiVersion: v1
kind: Service
metadata:
  name: arthas-tunnel-web
  namespace: support
spec:
  ports:
    - port: 9999
      targetPort: 9999
      name: arthas-tunnel-web
    - port: 7777
      targetPort: 7777
      name: arthas-tunnel-server
  selector:
    app: arthas-tunnel-web
  type: LoadBalancer

Copy the code

reference

  1. SpringBoot Admin integrates Arthas practices
  2. SpringBoot Admin2.0 integrates Arthas practices