es集群证书秘钥xpack+springboot
转载自 https://blog.csdn.net/Xiaodongge521/article/details/118392396
es搭建秘钥证书操作:参考 https://blog.csdn.net/qq330983778/article/details/103537252
elasticsearch.yml配置如下
#集群名称
cluster.name: my-application
#节点名称
node.name: node-2
#服务启动后绑定的地址,这里设置为可以任意地址
network.host: 0.0.0.0
http.port: 9201
transport.tcp.port: 9301
#以便集群中的节点都互相发现对方进行选主
discovery.seed_hosts: [ "192.168.0.173:9301", "192.168.0.173:9302"]
#第一次启动全新的ES集群时,这个配置起作用,告诉集群符合选主条件的节点
cluster.initial_master_nodes: [ "node-2", "node-3"]
## 开启跨域访问(配置文件末尾添加即可)
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: E:/ProgramFiles/ESS/elasticsearch-7.2.1/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: E:/ProgramFiles/ESS/elasticsearch-7.2.1/config/certs/elastic-certificates.p12
springboot集成
<properties>
<java.version>1.8</java.version>
<elasticsearch.version>6.8.10</elasticsearch.version>
</properties>
<!--es -->
<!-- Elasticsearch相关配置开始 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-elasticsearch</artifactId>
</dependency>
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.plugin</groupId>
<artifactId>transport-netty4-client</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>transport</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>x-pack-transport</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
springboot yml文件
#注意在根目录 没在spring下边
elasticsearch:
cluster-name: cluster-name
cluster-nodes: host1:9300,host2:9300,host3:9300
cluster-password: elastic:elastic #es设置好的账号密码,格式账号:密码
cert-path: /mnt/data/instdb/certs/elastic-certificates.p12 #生成证书后存放的位置 必须指定
ssl-enabled: true
java代码集成 注入elasticsearchTemplate
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.xpack.client.PreBuiltXPackTransportClient;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.io.FileNotFoundException;
import java.net.InetAddress;
import java.net.UnknownHostException;
/**
* @Auther: wdd
* @Date: 2021/06/17/12:47
* @Description:
*/
@Configuration
@Slf4j
@Data
@ConfigurationProperties(prefix = "elasticsearch")
public class AuthenHighLevelElastic {
private String clusterName;
private String clusterNodes;
private String clusterPassword;
private String certPath;
private boolean sslEnabled;
/**
* elasticsearch客户端注入(配置)
*
* @return
* @throws FileNotFoundException
*/
@Bean
public Client transportClient() {
try {
PreBuiltXPackTransportClient packTransportClient = new PreBuiltXPackTransportClient(settings());
String[] split = clusterNodes.split(",");
for (String s : split) {
String[] split1 = s.split(":");
int port = Integer.parseInt(split1[1]);
packTransportClient.addTransportAddress(new TransportAddress(InetAddress.getByName(split1[0]), port));
}
return packTransportClient;
} catch (UnknownHostException e) {
e.printStackTrace();
return null;
}
}
private Settings settings() {
if (sslEnabled) {
Settings.Builder builder = Settings.builder();
builder.put("cluster.name", clusterName);
builder.put("xpack.security.user", clusterPassword);
builder.put("xpack.security.enabled", sslEnabled);
builder.put("xpack.security.transport.ssl.keystore.path", certPath);
builder.put("xpack.security.transport.ssl.keystore.password", "bigdata");
// builder.put("xpack.security.transport.ssl.truststore.path", certPath);
builder.put("xpack.security.transport.ssl.verification_mode", "certificate");
builder.put("xpack.security.transport.ssl.enabled", sslEnabled);
builder.put("client.transport.sniff", true);
builder.put("thread_pool.search.size", 10);
return builder.build();
} else {
Settings.Builder builder = Settings.builder();
return builder.build();
}
}
}