ElasticSearch添加xpack认证

一、新增xpack依赖包
由于xpack包需要从es的私服仓库下载，在data-platform-parent工程下的pom.xml新增如下：

<properties><x-pack-transport.version>5.5.3</x-pack-transport.version>
</properties><repositories><repository><id>elasticsearch-releases</id><url>https://artifacts.elastic.co/maven</url><releases><enabled>true</enabled></releases><snapshots><enabled>false</enabled></snapshots></repository>
</repositories><dependencyManagement><dependencies><dependency><groupId>org.elasticsearch.client</groupId><artifactId>x-pack-transport</artifactId><version>${x-pack-transport.version}</version></dependency></dependencies>
</dependencyManagement>

二、在其他工程中引用
以bus为例，在message-bus工程pom.xml新增如下：

<dependency><groupId>org.elasticsearch.client</groupId><artifactId>x-pack-transport</artifactId>
</dependency>

然后进入工程执行

mvn clean install -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true

三、es整合xpack实现
application.yml 配置
由于需要整合xpack，则需要重新申明es client，由于原来是直接整合springboot，则去掉application.yml中es配置：

新增如下配置

#自定义常量,先定义，后复用
framework:#es配置elasticsearch:#es 集群名#cluster-name: es-clustercluster-name: docker-cluster#es tcp的端口 多个用逗号隔开 192.168.81.5:9300,192.168.81.5:9300cluster-nodes-tcp: 192.168.6.77:9300#cluster-nodes-tcp: 192.168.81.6:9310#es http的端口 多个用逗号隔开 192.168.81.5:9200,192.168.81.5:9200#cluster-nodes-http: 192.168.81.5:9200#是否启用xpack认证xpack-security-enable: falsexpack-security-user-pwd: elastic:linewell@2019xpack-security-transport-ssl-enable: truexpack-security-transport-ssl-certificate-authorities: classpath:cert/ca.crtxpack-security-transport-ssl-key: classpath:cert/elasticsearch.keyxpack-security-transport-ssl-certificate: classpath:cert/elasticsearch.crt

说明：如果不需要xpcak认证，则只需要将设置 xpack-security-enable: false

要重新申明es client，重新初始化TransportClient 以及ElasticsearchTemplate
具体实现如下：

@Configuration
public class ElasticsearchClientConfig {@Value("${framework.elasticsearch.cluster-name:}")private String clusterName;@Value("${framework.elasticsearch.cluster-nodes-tcp:}")private String tcpClusterNodes;@Value("${framework.elasticsearch.xpack-security-enable:false}")private boolean xpackSecurityEnable;@Value("${framework.elasticsearch.xpack-security-user-pwd:}")private String xpackSecurityUserPwd;@Value("${framework.elasticsearch.xpack-security-transport-ssl-enable:false}")private boolean xpackSecurityTsslEnable;@Value("${framework.elasticsearch.xpack-security-transport-ssl-certificate-authorities:classpath:cert/ca.crt}")private String xpackSecurityTsslAuthoritiesCert;@Value("${framework.elasticsearch.xpack-security-transport-ssl-key:classpath:cert/elasticsearch.key}")private String xpackSecurityTsslKey;@Value("${framework.elasticsearch.xpack-security-transport-ssl-certificate:classpath:cert/classpath:cert/elasticsearch.crt}")private String xpackSecurityTsslCert;@Beanpublic TransportClient transportClient() throws Exception  {System.setProperty("es.set.netty.runtime.available.processors", "false");Settings.Builder SettingsBuilder = Settings.builder().put("cluster.name", clusterName).put("xpack.security.enabled", xpackSecurityEnable);//.put("client.transport.sniff", true) //使客户端去嗅探整个集群的状态，把集群中其它机器的ip地址加到客户端中。这样做的好处是，一般你不用手动设置集群里所有集群的ip到连接客户端，它会自动帮你添加，并且自动发现新加入集群的机器。//开启xpack认证if(xpackSecurityEnable) {//认证账号/密码SettingsBuilder.put("xpack.security.user", xpackSecurityUserPwd);//开启ssl认证协议if (xpackSecurityTsslEnable) {File authoritiesCertFile = ResourceUtils.getFile(xpackSecurityTsslAuthoritiesCert);File esTransportKeyFile = ResourceUtils.getFile(xpackSecurityTsslKey);File esTransportCerFile = ResourceUtils.getFile(xpackSecurityTsslCert);SettingsBuilder//是否开启ssl认证协议.put("xpack.security.transport.ssl.enabled", xpackSecurityTsslEnable)//ssl证书模式.put("xpack.security.transport.ssl.verification_mode", "certificate")//ssl身份认证证书.put("xpack.security.transport.ssl.certificate_authorities", authoritiesCertFile.getPath())//ssl key.put("xpack.security.transport.ssl.key", esTransportKeyFile.getPath())//ssl 认证证书.put("xpack.security.transport.ssl.certificate", esTransportCerFile.getPath());}}TransportClient client = new PreBuiltXPackTransportClient(SettingsBuilder.build());String[] tcpClusterNodesArr = tcpClusterNodes.split(",");for (String nodes : tcpClusterNodesArr) {String InetSocket [] = nodes.split(":");String address = InetSocket[0];Integer port = Integer.valueOf(InetSocket[1]);client.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(address), port));}return client;}@Beanpublic ElasticsearchTemplate elasticsearchTemplate() throws  Exception {return new ElasticsearchTemplate(transportClient());}}

其他代码保持不变即可。。。

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.xdnf.cn/news/1523240.html

如若内容造成侵权/违法违规/事实不符，请联系一条长河网进行投诉反馈，一经查实，立即删除！