使用传输客户端保护弹性连接

8dtrkrch  于 2021-06-09  发布在  ElasticSearch
关注(0)|答案(1)|浏览(427)

需要连接到一个安全的ElasticSearch,该搜索使用java代码中的传输客户端进行https身份验证。我有用户名和密码连接安全弹性。我正在使用elasticsearch 7.10.0。

try {
            Settings settings = Settings.builder().put("cluster.name", clusterName)
                    .put("xpack.security.user", "elastic:elastic")      
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .put("xpack.ssl.key", "/etc/elasticsearch/elasticsearch.keystore")
                    .put("xpack.ssl.certificate", "/etc/elasticsearch/elastic-certificates.p12")
                    .put("xpack.ssl.certificate_authorities", "/etc/elasticsearch/elastic-stack-ca.p12")
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .build();
            ESclient = new PreBuiltTransportClient(settings);

            //changes for add multiple IP address
            String[] hosts = elasticHost.split(",");
            for (String host : hosts) {
                ESclient.addTransportAddress(new TransportAddress(InetAddress.getByName(host.trim()), elasticPort));
            }
            System.out.println(ESclient.settings());
        } catch (UnknownHostException ex) {
            System.out.println("Exception :" + ex);
            //logger.error("Exception : " + ex);
            throw ex;
        }

但它的显示错误:

java.lang.IllegalArgumentException: unknown setting [xpack.security.transport.ssl.enabled] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

请让我知道,我在上面的代码丢失了什么。提前谢谢。

xv8emn3q

xv8emn3q1#

您不应该再使用tcp传输客户机,因为它在7.0中已被弃用。相反,您应该使用rest客户机,它通过http与集群通信。
如果您需要通过https与集群通信,下面介绍如何使用rest客户端:

// 1. create an SSL context to trust the CA that signed the ES server certificate
String keyStorePass = "keystorePassword";
Path trustStorePath = Paths.get("/etc/elasticsearch/elastic-stack-ca.p12");
KeyStore truststore = KeyStore.getInstance("pkcs12");
try (InputStream is = Files.newInputStream(trustStorePath)) {
    truststore.load(is, keyStorePass.toCharArray());
}
SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, null);
final SSLContext sslContext = sslBuilder.build();

// 2. Basic authentication
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "password"));

// 3. Changes for add multiple IP address
String[] hosts = elasticHost.split(",");
HttpHost[] httpHosts = Arrays.stream(hosts)
     .map(host -> new HttpHost(host.trim(), elasticPort, "https"))
     .collect(Collectors.toList())
     .toArray(new HttpHost[hosts.length]);

// 4. Build the low-level client
RestClientBuilder builder = RestClient.builder(httpHosts)
    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(
                HttpAsyncClientBuilder httpClientBuilder) {

            // set Basic credentials
            httpClientBuilder.setDefaultCredentialsProvider(credsProvider);
            // set SSL context
            return httpClientBuilder.setSSLContext(sslContext);
        }
    });

// 5. Build the high-level client
RestHighLevelClient client = new RestHighLevelClient(builder);

如果您需要迁移java代码以使用新的rets客户机,那么官方文档提供了一个关于需要做什么的分步指南。

相关问题