前言
上次写了一篇springboot集成elasticsearch6.81设置密码xpack连接 记录了es仅设置密码springboot集成方式,这次再来记录一下加上证书秘钥的方式;
如果还没安装es还没设置好es密码的,请参考我上面这篇博客即可
关于es搭建秘钥证书操作,还请自行百度,因为本人自己搭建的时候忘记记录过程,导致不太全;
不过也推荐一个博客供大家参考https://blog.csdn.net/qq330983778/article/details/103537252
安装完成后,最终的/config/elasticsearch.yml配置如下
#action.destructive_requires_name: true
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.name: findata-cluster-demo
node.name: master
node.data: true
#network.host: 10.238.68.100
discovery.zen.ping.unicast.hosts: ["host1","host2","host3"]
discovery.zen.minimum_master_nodes: 2
bootstrap.memory_lock: false
#http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
network.host: 0.0.0.0
http.port: 9200
开始springboot集成 带有秘钥证书的es
springboot版本
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
<relativePath/>
</parent>
pom文件
<properties>
<java.version>1.8</java.version>
<elasticsearch.version>6.8.10</elasticsearch.version>
</properties>
<!--es -->
<!-- Elasticsearch相关配置开始 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-elasticsearch</artifactId>
</dependency>
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.plugin</groupId>
<artifactId>transport-netty4-client</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>transport</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>x-pack-transport</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
yml文件
#注意在根目录 没在spring下边
elasticsearch:
cluster-name: cluster-name
cluster-nodes: host1:9300,host2:9300,host3:9300
cluster-password: elastic:elastic #es设置好的账号密码,格式账号:密码
cert-path: /mnt/data/instdb/certs/elastic-certificates.p12 #生成证书后存放的位置 必须指定
ssl-enabled: true
java代码集成 注入elasticsearchTemplate
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.xpack.client.PreBuiltXPackTransportClient;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.io.FileNotFoundException;
import java.net.InetAddress;
import java.net.UnknownHostException;
/**
* @Auther: wdd
* @Date: 2021/06/17/12:47
* @Description:
*/
@Configuration
@Slf4j
@Data
@ConfigurationProperties(prefix = "elasticsearch")
public class AuthenHighLevelElastic {
private String clusterName;
private String clusterNodes;
private String clusterPassword;
private String certPath;
private boolean sslEnabled;
/**
* elasticsearch客户端注入(配置)
*
* @return
* @throws FileNotFoundException
*/
@Bean
public Client transportClient() {
try {
PreBuiltXPackTransportClient packTransportClient = new PreBuiltXPackTransportClient(settings());
String[] split = clusterNodes.split(",");
for (String s : split) {
String[] split1 = s.split(":");
int port = Integer.parseInt(split1[1]);
packTransportClient.addTransportAddress(new TransportAddress(InetAddress.getByName(split1[0]), port));
}
return packTransportClient;
} catch (UnknownHostException e) {
e.printStackTrace();
return null;
}
}
private Settings settings() {
if (sslEnabled) {
Settings.Builder builder = Settings.builder();
builder.put("cluster.name", clusterName);
builder.put("xpack.security.user", clusterPassword);
builder.put("xpack.security.enabled", sslEnabled);
builder.put("xpack.security.transport.ssl.keystore.path", certPath);
builder.put("xpack.security.transport.ssl.keystore.password", "bigdata");
// builder.put("xpack.security.transport.ssl.truststore.path", certPath);
builder.put("xpack.security.transport.ssl.verification_mode", "certificate");
builder.put("xpack.security.transport.ssl.enabled", sslEnabled);
builder.put("client.transport.sniff", true);
builder.put("thread_pool.search.size", 10);
return builder.build();
} else {
Settings.Builder builder = Settings.builder();
return builder.build();
}
}
}
配置完成即可使用 ElasticsearchRepository或者ElasticsearchTemplate方式任意都可
总结
针对elasticsearch加密认证集成就这么简单,亲测已经成功使用中,如果有问题欢迎留言讨论~
如果对你有所帮助,别忘了点赞让我知道。