ElasticSearch添加xpack认证

最新推荐文章于 2025-03-15 15:17:51 发布

空~自由

最新推荐文章于 2025-03-15 15:17:51 发布

阅读量739

点赞数 4

分类专栏：大数据文章标签： elasticsearch xpack

本文链接：https://blog.csdn.net/liu_xue_xue/article/details/141758749

版权

大数据专栏收录该内容

9 篇文章

订阅专栏

一、新增xpack依赖包
由于xpack包需要从es的私服仓库下载，在data-platform-parent工程下的pom.xml新增如下：

<properties>
    <x-pack-transport.version>5.5.3</x-pack-transport.version>
</properties>

<repositories>
    <repository>
        <id>elasticsearch-releases</id>
        <url>https://artifacts.elastic.co/maven</url>
        <releases>
            <enabled>true</enabled>
        </releases>
        <snapshots>
            <enabled>false</enabled>
        </snapshots>
    </repository>
</repositories>

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.elasticsearch.client</groupId>
            <artifactId>x-pack-transport</artifactId>
            <version>${x-pack-transport.version}</version>
        </dependency>
    </dependencies>
</dependencyManagement>

二、在其他工程中引用
以bus为例，在message-bus工程pom.xml新增如下：

<dependency>
    <groupId>org.elasticsearch.client</groupId>
    <artifactId>x-pack-transport</artifactId>
</dependency>

然后进入工程执行

mvn clean install -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true

三、es整合xpack实现
application.yml 配置
由于需要整合xpack，则需要重新申明es client，由于原来是直接整合springboot，则去掉application.yml中es配置：

新增如下配置

#自定义常量,先定义，后复用
framework:
  #es配置
  elasticsearch:
    #es 集群名
    #cluster-name: es-cluster
    cluster-name: docker-cluster
    #es tcp的端口 多个用逗号隔开 192.168.81.5:9300,192.168.81.5:9300
    cluster-nodes-tcp: 192.168.6.77:9300
    #cluster-nodes-tcp: 192.168.81.6:9310
    #es http的端口 多个用逗号隔开 192.168.81.5:9200,192.168.81.5:9200
    #cluster-nodes-http: 192.168.81.5:9200
    #是否启用xpack认证
    xpack-security-enable: false
    xpack-security-user-pwd: elastic:linewell@2019
    xpack-security-transport-ssl-enable: true
    xpack-security-transport-ssl-certificate-authorities: classpath:cert/ca.crt
    xpack-security-transport-ssl-key: classpath:cert/elasticsearch.key
    xpack-security-transport-ssl-certificate: classpath:cert/elasticsearch.crt

说明：如果不需要xpcak认证，则只需要将设置 xpack-security-enable: false

要重新申明es client，重新初始化TransportClient 以及ElasticsearchTemplate
具体实现如下：

@Configuration
public class ElasticsearchClientConfig {

    @Value("${framework.elasticsearch.cluster-name:}")
    private String clusterName;

    @Value("${framework.elasticsearch.cluster-nodes-tcp:}")
    private String tcpClusterNodes;

    @Value("${framework.elasticsearch.xpack-security-enable:false}")
    private boolean xpackSecurityEnable;

    @Value("${framework.elasticsearch.xpack-security-user-pwd:}")
    private String xpackSecurityUserPwd;

    @Value("${framework.elasticsearch.xpack-security-transport-ssl-enable:false}")
    private boolean xpackSecurityTsslEnable;

    @Value("${framework.elasticsearch.xpack-security-transport-ssl-certificate-authorities:classpath:cert/ca.crt}")
    private String xpackSecurityTsslAuthoritiesCert;

    @Value("${framework.elasticsearch.xpack-security-transport-ssl-key:classpath:cert/elasticsearch.key}")
    private String xpackSecurityTsslKey;

    @Value("${framework.elasticsearch.xpack-security-transport-ssl-certificate:classpath:cert/classpath:cert/elasticsearch.crt}")
    private String xpackSecurityTsslCert;


    @Bean
    public TransportClient transportClient() throws Exception  {

        System.setProperty("es.set.netty.runtime.available.processors", "false");

        Settings.Builder SettingsBuilder = Settings.builder()
                .put("cluster.name", clusterName)
                .put("xpack.security.enabled", xpackSecurityEnable);
        //.put("client.transport.sniff", true) //使客户端去嗅探整个集群的状态，把集群中其它机器的ip地址加到客户端中。这样做的好处是，一般你不用手动设置集群里所有集群的ip到连接客户端，它会自动帮你添加，并且自动发现新加入集群的机器。
        //开启xpack认证
        if(xpackSecurityEnable) {
            //认证账号/密码
            SettingsBuilder.put("xpack.security.user", xpackSecurityUserPwd);
            //开启ssl认证协议
            if (xpackSecurityTsslEnable) {
                File authoritiesCertFile = ResourceUtils.getFile(xpackSecurityTsslAuthoritiesCert);
                File esTransportKeyFile = ResourceUtils.getFile(xpackSecurityTsslKey);
                File esTransportCerFile = ResourceUtils.getFile(xpackSecurityTsslCert);
                SettingsBuilder
                        //是否开启ssl认证协议
                        .put("xpack.security.transport.ssl.enabled", xpackSecurityTsslEnable)
                        //ssl证书模式
                        .put("xpack.security.transport.ssl.verification_mode", "certificate")
                        //ssl身份认证证书
                        .put("xpack.security.transport.ssl.certificate_authorities", authoritiesCertFile.getPath())
                        //ssl key
                        .put("xpack.security.transport.ssl.key", esTransportKeyFile.getPath())
                        //ssl 认证证书
                        .put("xpack.security.transport.ssl.certificate", esTransportCerFile.getPath());
            }
        }

        TransportClient client = new PreBuiltXPackTransportClient(SettingsBuilder.build());
        String[] tcpClusterNodesArr = tcpClusterNodes.split(",");
        for (String nodes : tcpClusterNodesArr) {
            String InetSocket [] = nodes.split(":");
            String address = InetSocket[0];
            Integer port = Integer.valueOf(InetSocket[1]);
            client.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(address), port));
        }
        return client;
    }

    @Bean
    public ElasticsearchTemplate elasticsearchTemplate() throws  Exception {
        return new ElasticsearchTemplate(transportClient());
    }

}

其他代码保持不变即可。。。