Actuator 是 SpringBoot 项目中一个非常强大一个功能,有助于对应用程序进行监视和管理,通过 Restful Api 请求来监管、审计、收集应用的运行情况。
Actuator 的核心是端点 Endpoint,它用来监视应用程序及交互,Spring-Boot-Actuator 目前已经内置了非常多的 Endpoint(health、info、beans、metrics、httptrace、shutdown等等),同时也允许我们自己扩展自己的 Endpoints。每个 Endpoint 都可以启用和禁用。要远程访问 Endpoint,还必须通过 JMX 或 HTTP 进行暴露,大部分应用选择HTTP,Endpoint 的ID默认映射到一个带 /actuator 前缀的URL。例如,Health 端点默认映射到 /actuator/health。
除此,Actuator同时还可以与外部应用监控系统整合,比如 Prometheus, Graphite, DataDog, Influx, Wavefront, New Relic等。这些系统提供了非常好的仪表盘、图标、分析和告警等功能,使得你可以通过统一的接口轻松的监控和管理你的应用。
Actuator使用
启用Actuator功能,最直接的方式是添加 spring-boot-starter-actuator ‘Starter’依赖
1、pom.xml
<!-- 2、监控 —— Actuator插件 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency>
2、application.yml 或application.properties
management: endpoints: # 暴露 EndPoint 以供访问,有jmx和web两种方式,exclude 的优先级高于 include jmx: exposure: exclude: '*' include: '*' web: exposure: # exclude: '*' include: ["health","info","beans","mappings","logfile","metrics","shutdown","env"] base-path: /actuator # 配置 Endpoint 的基础路径 cors: # 配置跨域资源共享 allowed-origins: http://example.com allowed-methods: GET,POST enabled-by-default: true # 修改全局 endpoint 默认设置 endpoint: auditevents: # 1、显示当前引用程序的审计事件信息,默认开启 enabled: true cache: time-to-live: 10s # 配置端点缓存响应的时间 beans: # 2、显示一个应用中所有 Spring Beans 的完整列表,默认开启 enabled: true conditions: # 3、显示配置类和自动配置类的状态及它们被应用和未被应用的原因,默认开启 enabled: true configprops: # 4、显示一个所有@ConfigurationProperties的集合列表,默认开启 enabled: true env: # 5、显示来自Spring的 ConfigurableEnvironment的属性,默认开启 enabled: true flyway: # 6、显示数据库迁移路径,如果有的话,默认开启 enabled: true health: # 7、显示健康信息,默认开启 enabled: true show-details: always info: # 8、显示任意的应用信息,默认开启 enabled: true liquibase: # 9、展示任何Liquibase数据库迁移路径,如果有的话,默认开启 enabled: true metrics: # 10、展示当前应用的metrics信息,默认开启 enabled: true mappings: # 11、显示一个所有@RequestMapping路径的集合列表,默认开启 enabled: true scheduledtasks: # 12、显示应用程序中的计划任务,默认开启 enabled: true sessions: # 13、允许从Spring会话支持的会话存储中检索和删除(retrieval and deletion)用户会话。使用Spring Session对反应性Web应用程序的支持时不可用。默认开启。 enabled: true shutdown: # 14、允许应用以优雅的方式关闭,默认关闭 enabled: true threaddump: # 15、执行一个线程dump enabled: true # web 应用时可以使用以下端点 heapdump: # 16、 返回一个GZip压缩的hprof堆dump文件,默认开启 enabled: true jolokia: # 17、通过HTTP暴露JMX beans(当Jolokia在类路径上时,WebFlux不可用),默认开启 enabled: true logfile: # 18、返回日志文件内容(如果设置了logging.file或logging.path属性的话),支持使用HTTP Range头接收日志文件内容的部分信息,默认开启 enabled: true prometheus: #19、以可以被Prometheus服务器抓取的格式显示metrics信息,默认开启 enabled: true
以简单的项目为例,简要讲解下Actuator功能的相关配置及具体实现,具体如下:
构建完项目后进行启动,应用程序默认以端口8080运行,上图表面程序启动正常,可直接通过Uri访问以获取指定暴露的Endpoints。
通过访问http://localhost:8080/actuator来展示所有通过HTTP暴露的Endpoints:
[administrator@JavaLangOutOfMemory java ]% curl http://localhost:8080/actuator {"_links":{"self":{"href":"http://localhost:8080/actuator","templated":false},"auditevents":{"href":"http://localhost:8080/actuator/auditevents","templated":false},"beans":{"href":"http://localhost:8080/actuator/beans","templated":false},"caches-cache":{"href":"http://localhost:8080/actuator/caches/{cache}","templated":true},"caches":{"href":"http://localhost:8080/actuator/caches","templated":false},"health-component":{"href":"http://localhost:8080/actuator/health/{component}","templated":true},"health-component-instance":{"href":"http://localhost:8080/actuator/health/{component}/{instance}","templated":true},"health":{"href":"http://localhost:8080/actuator/health","templated":false},"conditions":{"href":"http://localhost:8080/actuator/conditions","templated":false},"shutdown":{"href":"http://localhost:8080/actuator/shutdown","templated":false},"configprops":{"href":"http://localhost:8080/actuator/configprops","templated":false},"env":{"href":"http://localhost:8080/actuator/env","templated":false},"env-toMatch":{"href":"http://localhost:8080/actuator/env/{toMatch}","templated":true},"info":{"href":"http://localhost:8080/actuator/info","templated":false},"loggers":{"href":"http://localhost:8080/actuator/loggers","templated":false},"loggers-name":{"href":"http://localhost:8080/actuator/loggers/{name}","templated":true},"heapdump":{"href":"http://localhost:8080/actuator/heapdump","templated":false},"threaddump":{"href":"http://localhost:8080/actuator/threaddump","templated":false},"metrics":{"href":"http://localhost:8080/actuator/metrics","templated":false},"metrics-requiredMetricName":{"href":"http://localhost:8080/actuator/metrics/{requiredMetricName}","templated":true},"scheduledtasks":{"href":"http://localhost:8080/actuator/scheduledtasks","templated":false},"httptrace":{"href":"http://localhost:8080/actuator/httptrace","templated":false},"mappings":{"href":"http://localhost:8080/actuator/mappings","templated":false}}}%
打开http://localhost:8080/actuator/health,则会显示如下内容:
[administrator@JavaLangOutOfMemory java ]% curl http://localhost:8080/actuator/health {"status":"UP","details":{"diskSpace":{"status":"UP","details":{"total":100790001664,"free":94206066688,"threshold":10485760}}}}%
请求结果状态若为UP,表明应用是健康的。如果应用不健康将会显示DOWN,比如与仪表盘的连接异常或者缺水磁盘空间等。
打开http://localhost:8080/actuator/metrics,则会显示如下内容:
[administrator@JavaLangOutOfMemory java ]% curl -i http://localhost:8080/actuator/metrics HTTP/1.1 200 Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8 Transfer-Encoding: chunked Date: Sun, 10 Jan 2021 01:59:29 GMT {"names":["jvm.memory.max","jvm.threads.states","process.files.max","jvm.gc.memory.promoted","tomcat.cache.hit","tomcat.servlet.error","system.load.average.1m","tomcat.cache.access","jvm.memory.used","jvm.gc.max.data.size","jvm.gc.pause","jvm.memory.committed","system.cpu.count","logback.events","http.server.requests","tomcat.global.sent","jvm.buffer.memory.used","tomcat.sessions.created","jvm.threads.daemon","system.cpu.usage","jvm.gc.memory.allocated","tomcat.global.request.max","tomcat.global.request","tomcat.sessions.expired","jvm.threads.live","jvm.threads.peak","tomcat.global.received","process.uptime","tomcat.sessions.rejected","process.cpu.usage","tomcat.threads.config.max","jvm.classes.loaded","jvm.classes.unloaded","tomcat.global.error","tomcat.sessions.active.current","tomcat.sessions.alive.max","jvm.gc.live.data.size","tomcat.servlet.request.max","tomcat.threads.current","tomcat.servlet.request","process.files.open","jvm.buffer.count","jvm.buffer.total.capacity","tomcat.sessions.active.max","tomcat.threads.busy","process.start.time"]}%
以下整理了一些非常有用的Actuator Endpoints列表。完整的可以在official documentation上面获取。
| Endpoint ID | Description |
| auditevents | 显示应用暴露的审计事件 (比如认证进入、订单失败) |
info |
显示应用的基本信息 |
health |
显示应用的健康状态 |
metrics |
显示应用多样的度量信息 |
loggers |
显示和修改配置的loggers |
logfile |
返回log file中的内容(如果logging.file或者logging.path被设置) |
httptrace |
显示HTTP足迹,最近100个HTTP request/repsponse |
env |
显示当前的环境特性 |
flyway |
显示数据库迁移路径的详细信息 |
liquidbase |
显示Liquibase 数据库迁移的纤细信息 |
shutdown |
让你逐步关闭应用 |
mappings |
显示所有的@RequestMapping路径 |
scheduledtasks |
显示应用中的调度任务 |
threaddump heapdump |
执行一个线程dump 返回一个GZip压缩的JVM堆dump |
Actuator Endpoint解析
/health endpoint
Health Endpoint通过合并几个健康指数检查应用的健康情况。
Spring Boot Actuator有几个预定义的健康指标比如DataSourceHealthIndicator, DiskSpaceHealthIndicator, MongoHealthIndicator, RedisHealthIndicator, CassandraHealthIndicator等。它使用这些健康指标作为健康检查的一部分。
打个比方,如果你的应用使用Redis,RedisHealthindicator将被当作检查的一部分。如果使用MongoDB,那么MongoHealthIndicator将被当作检查的一部分。你也可以关闭特定的健康检查指标,比如在properties或yml文件中使用如下命令:
management.health.redis.enabled=false
Health Endpoint只展示了简单的UP和DOWN状态。为了获得健康检查中所有指标的详细信息,可以通过在application.yaml中增加如下内容:
management: endpoint: health: show-details: always
当然,如果觉得自带的不能够满足我们的实际业务场景,可以通过实现HealthIndicator接口来自定义一个健康指标,或者继承AbstractHealthIndicator类。具体如下:
package com.example.actuator.health; import org.springframework.boot.actuate.health.AbstractHealthIndicator; import org.springframework.boot.actuate.health.Health; import org.springframework.stereotype.Component; @Component public class CustomHealthIndicator extends AbstractHealthIndicator { @Override protected void doHealthCheck(Health.Builder builder) throws Exception { // Use the builder to build the health status details that should be reported. // If you throw an exception, the status will be DOWN with the exception message. builder.up() .withDetail("app", "Alive and Kicking") .withDetail("error", "No!"); } }
一旦你增加上面的健康指标到你的应用中去后,Health Endpoint将展示如下细节:
{ "status":"UP", "details":{ "custom":{ "status":"UP", "details":{ "app":"Alive and Kicking", "error":"No!" } }, "diskSpace":{ "status":"UP", "details":{ "total":250790436864, "free":97949245440, "threshold":10485760 } } } }
Spring Security引入
Actuator Eendpoints是敏感的,必须对其安全性进行可控。如果Spring Security是包含在你的应用中,那么Endpoint是通过HTTP认证被保护起来。如果没有, 可以增加以下依赖到应用中:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
通过以下示例简要展示一个简单的Spring Securiy配置。它借助EndPointRequest
的ReqeustMatcher工厂模式来配置Actuator Endpoints进入规则。具体如下:
package com.example.actuator.config; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.boot.actuate.context.ShutdownEndpoint; import org.springframework.boot.autoconfigure.security.servlet.PathRequest; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter { /* This spring security configuration does the following 1. Restrict access to the Shutdown endpoint to the ACTUATOR_ADMIN role. 2. Allow access to all other actuator endpoints. 3. Allow access to static resources. 4. Allow access to the home page (/). 5. All other requests need to be authenticated. 5. Enable http basic authentication to make the configuration complete. You are free to use any other form of authentication. */ @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .requestMatchers(EndpointRequest.to(ShutdownEndpoint.class)) .hasRole("ACTUATOR_ADMIN") .requestMatchers(EndpointRequest.toAnyEndpoint()) .permitAll() .requestMatchers(PathRequest.toStaticResources().atCommonLocations()) .permitAll() .antMatchers("/") .permitAll() .antMatchers("/**") .authenticated() .and() .httpBasic(); } }
然后在application.yaml文件中定义Spring Security用户,具体如下:
# Spring Security Default user name and password spring: security: user: name: actuator password: actuator roles: ACTUATOR_ADMIN
至此,Actuator监控功能的讲解到此为止,若您在使用过程中有任何的想法或建议,欢迎留言进行技术交流。
