为了保证安全,Elasticsearch中启用用户权限验证。本文将对服务端的配置、客户端访问的配置进行一些个人总结。 环境:CentOS 7.0 软件版本:elasticsearch 7.3.1
- 服务端配置
进入安装目录下config,编辑elasticsearch.yml文件,在最后添加如下配置:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
重启elasticserch生效。
- 客户端访问配置
(1) 通过RestHighLevelClient访问
public RestHighLevelClient restHighLevelClient() {
RestHighLevelClient client;
try {
RestClientBuilder builder = RestClient.builder(getHttpHosts());
// 配置connect超时时间、socket超时时间
RestClientBuilder.RequestConfigCallback requestConfigCallback = new RestClientBuilder.RequestConfigCallback() {
@Override
public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder builder) {
return builder.setConnectTimeout(10 * 60 * 1000).setSocketTimeout(10 * 60 * 1000);
}
};
builder.setRequestConfigCallback(requestConfigCallback);
// 配置用户、密码验证
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("用户名", "密码"));
builder.setHttpClientConfigCallback(f -> f.setDefaultCredentialsProvider(credentialsProvider));
client = new RestHighLevelClient(builder);
ClusterHealthRequest request = new ClusterHealthRequest();
ClusterHealthResponse clusterHealthResponse = client.cluster().health(request, RequestOptions.DEFAULT);
logger.info("连接ES集群成功!集群状态:{}", clusterHealthResponse.getStatus().name());
return client;
} catch (Exception e) {
logger.error("连接ES集群失败!", e);
return null;
}
}
(2)使用http访问 访问url模板:http://用户名:密码@IP:PORT/_cat/health,示例如下:
public static String get(String url, String encoding) {
String url = String.format("http://%s:%s@%s:%s/_cat/health", "用户名","密码","IP","PORT");
CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse response;
HttpGet httpGet;
HttpEntity httpEntity;
String re = null;
try {
httpGet = new HttpGet(url);
response = httpClient.execute(httpGet);
httpEntity = response.getEntity();
if (httpEntity != null) {
re = EntityUtils.toString(httpEntity, encoding);
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
} finally {
try {
httpClient.close();
} catch (IOException e) {
logger.error(e.getMessage(), e);
}
}
return re;
}
|