使用传输客户端的安全弹性连接 [英] Secure Elastic connection using transport client
问题描述
需要使用Java代码中的传输客户端连接到具有https身份验证的安全弹性搜索.我有userId和密码来连接安全弹性.我正在使用Elasticsearch 7.10.0.
Need to connect to a secure elastic search which has https authentication using Transport client in java code. I have userId and password to connect secure elastic. I am using elasticsearch 7.10.0.
try {
Settings settings = Settings.builder().put("cluster.name", clusterName)
.put("xpack.security.user", "elastic:elastic")
.put("xpack.security.transport.ssl.enabled", "true")
.put("xpack.ssl.key", "/etc/elasticsearch/elasticsearch.keystore")
.put("xpack.ssl.certificate", "/etc/elasticsearch/elastic-certificates.p12")
.put("xpack.ssl.certificate_authorities", "/etc/elasticsearch/elastic-stack-ca.p12")
.put("xpack.security.transport.ssl.enabled", "true")
.build();
ESclient = new PreBuiltTransportClient(settings);
//changes for add multiple IP address
String[] hosts = elasticHost.split(",");
for (String host : hosts) {
ESclient.addTransportAddress(new TransportAddress(InetAddress.getByName(host.trim()), elasticPort));
}
System.out.println(ESclient.settings());
} catch (UnknownHostException ex) {
System.out.println("Exception :" + ex);
//logger.error("Exception : " + ex);
throw ex;
}
但显示错误:
java.lang.IllegalArgumentException: unknown setting [xpack.security.transport.ssl.enabled] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
请让我知道,上面的代码中我缺少什么.谢谢.
Please let me know,what i am missing in above code.Thanks in advance.
推荐答案
由于它已经 REST客户端可以通过HTTP与您的集群进行通信.
You should not use the TCP transport client anymore since it's been deprecated in 7.0. Instead you should use the REST client which communicates with your cluster over HTTP.
如果您需要通过 HTTPS进行通信群集,这是使用REST客户端的方法:
If you need to communicate over HTTPS with your cluster, here is how to do it with the REST client:
// 1. create an SSL context to trust the CA that signed the ES server certificate
String keyStorePass = "keystorePassword";
Path trustStorePath = Paths.get("/etc/elasticsearch/elastic-stack-ca.p12");
KeyStore truststore = KeyStore.getInstance("pkcs12");
try (InputStream is = Files.newInputStream(trustStorePath)) {
truststore.load(is, keyStorePass.toCharArray());
}
SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, null);
final SSLContext sslContext = sslBuilder.build();
// 2. Basic authentication
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "password"));
// 3. Changes for add multiple IP address
String[] hosts = elasticHost.split(",");
HttpHost[] httpHosts = Arrays.stream(hosts)
.map(host -> new HttpHost(host.trim(), elasticPort, "https"))
.collect(Collectors.toList())
.toArray(new HttpHost[hosts.length]);
// 4. Build the low-level client
RestClientBuilder builder = RestClient.builder(httpHosts)
.setHttpClientConfigCallback(new HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(
HttpAsyncClientBuilder httpClientBuilder) {
// set Basic credentials
httpClientBuilder.setDefaultCredentialsProvider(credsProvider);
// set SSL context
return httpClientBuilder.setSSLContext(sslContext);
}
});
// 5. Build the high-level client
RestHighLevelClient client = new RestHighLevelClient(builder);
如果您需要迁移Java代码以使用新的RETS客户端,则官方文档提供了
If you need to migrate your Java code to use the new RETS client, the official documentation provides a step-by-step guide on what needs to be done.
这篇关于使用传输客户端的安全弹性连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!