SSL弹性搜索 [英] SSL Elasticsearch

问题描述

我有一个 es_client（java / dropwizard）应用程序。它通过纯文本连接与弹性搜索进行通信。
我按照 https://github.com/sonian/elasticsearch-jetty为 es客户端设置SSL。
但是当我开始我的 es_client 它会每5秒报告一次：

INFO [2014-01-08 23：02：14,814] org.elasticsearch.client.transport：[Karolina Dean]无法获取[＃transport＃-1]的节点信息[inet [localhost / 127.0.0.1：9443 ]]，断开...
！ org.elasticsearch.transport.NodeDisconnectedException：[] [inet [localhost / 127.0.0.1：9443]] [cluster / nodes / info] disconnect

$ b $ p
Maciej

解决方案

Elasticsearch默认不支持SSL在其传输层，所以这将是你必须添加自己。这需要服务器和客户端的新代码。

幸运的是， Elasticsearch在其源代码中非常模块化，因此可以通过在配置文件中添加一行来轻松地交换传输实现。

不幸的是，Elasticsearch使用了很多私有领域和方法，使得很难仅仅在现有实现中添加一个新功能，而无需重新实现所有这些功能或复制/粘贴大量代码。此外，Elasticsearch着色他们的 Netty - 包括并跳过他们不使用的类，这意味着您必须包括所需的自己的兼容Netty版本的SSL +助手类。

找到，托管的Elasticsearch提供程序，它使用Java传输客户端进行完整的SSL支持，使用此开源插件，如果您决定自行执行，您可以将其用作灵感。

另一种不同的方法是使用 stunnel 在您的机器之间处理SSL特定的部分，而不是使用Elasticsearch本身进行任何操作。

I have an es_client (java/dropwizard) application. It communicates with the elastic search just fine over plain text connection. I have followed the instructions at https://github.com/sonian/elasticsearch-jetty to set up SSL for es client. However when I start my es_client it reports every 5 seconds the following:

INFO [2014-01-08 23:02:14,814] org.elasticsearch.client.transport: [Karolina Dean] failed to get node info for [#transport#-1][inet[localhost/127.0.0.1:9443]], disconnecting... ! org.elasticsearch.transport.NodeDisconnectedException: [][inet[localhost/127.0.0.1:9443]][cluster/nodes/info] disconnected

How can I go about figuring this one out?

Thanks, Maciej

解决方案

Elasticsearch by default does not support SSL on its transport layer, so that would be something you would have to add yourself. This requires new code on both the server and client side.

Fortunately, Elasticsearch is very modular at its source code, so it's possible to swap out the transport implementations rather easily by just adding one line to the configuration file.

Unfortunately, Elasticsearch uses a lot of private fields and methods that make it hard to just add a new feature to their existing implementation without re-implementing it all or copy/pasting large amounts of code. Additionally, Elasticsearch shades their Netty-includes and skips classes they don't use, which means that you have to include the required SSL+helper classes from a compatible Netty version yourself.

Found, a hosted Elasticsearch provider which has full SSL support using the Java transport client does this using this open source plugin, which you can probably use as an inspiration should you decide to implement it yourself.

Another different approach would be using stunnel ot take care of the SSL-specific parts between your machines instead of doing anything with Elasticsearch itself.

这篇关于SSL弹性搜索的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！