使用传输客户端的安全弹性连接

Question

需要使用 Java 代码中的传输客户端连接到具有 https 身份验证的安全弹性搜索。我有用户 ID 和密码来连接安全弹性。我正在使用弹性搜索 7.10.0。

try {
            Settings settings = Settings.builder().put("cluster.name", clusterName)
                    .put("xpack.security.user", "elastic:elastic")      
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .put("xpack.ssl.key", "/etc/elasticsearch/elasticsearch.keystore")
                    .put("xpack.ssl.certificate", "/etc/elasticsearch/elastic-certificates.p12")
                    .put("xpack.ssl.certificate_authorities", "/etc/elasticsearch/elastic-stack-ca.p12")
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .build();
            ESclient = new PreBuiltTransportClient(settings);

            //changes for add multiple IP address
            String[] hosts = elasticHost.split(",");
            for (String host : hosts) {
                ESclient.addTransportAddress(new TransportAddress(InetAddress.getByName(host.trim()), elasticPort));
            }
            System.out.println(ESclient.settings());
        } catch (UnknownHostException ex) {
            System.out.println("Exception :" + ex);
            //logger.error("Exception : " + ex);
            throw ex;
        }

但它显示错误：

java.lang.IllegalArgumentException: unknown setting [xpack.security.transport.ssl.enabled] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

请告诉我，我在上面的代码中缺少什么。提前致谢。

Answer 1

您不应该再使用 TCP 传输客户端，因为它是 deprecated in 7.0。相反，您应该使用 REST client 通过 HTTP 与您的集群通信。

如果您需要通过HTTPS with your cluster 进行通信，以下是使用 REST 客户端的方法：

// 1. create an SSL context to trust the CA that signed the ES server certificate
String keyStorePass = "keystorePassword";
Path trustStorePath = Paths.get("/etc/elasticsearch/elastic-stack-ca.p12");
KeyStore truststore = KeyStore.getInstance("pkcs12");
try (InputStream is = Files.newInputStream(trustStorePath)) {
    truststore.load(is, keyStorePass.toCharArray());
}
SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, null);
final SSLContext sslContext = sslBuilder.build();

// 2. Basic authentication
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "password"));

// 3. Changes for add multiple IP address
String[] hosts = elasticHost.split(",");
HttpHost[] httpHosts = Arrays.stream(hosts)
     .map(host -> new HttpHost(host.trim(), elasticPort, "https"))
     .collect(Collectors.toList())
     .toArray(new HttpHost[hosts.length]);

// 4. Build the low-level client
RestClientBuilder builder = RestClient.builder(httpHosts)
    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(
                HttpAsyncClientBuilder httpClientBuilder) {

            // set Basic credentials
            httpClientBuilder.setDefaultCredentialsProvider(credsProvider);
            // set SSL context
            return httpClientBuilder.setSSLContext(sslContext);
        }
    });

// 5. Build the high-level client
RestHighLevelClient client = new RestHighLevelClient(builder);

如果您需要迁移 Java 代码以使用新的 RETS 客户端，官方文档提供了step-by-step guide 说明需要做什么。

Answer 2

使用 x-pack-transport jar 和 PreBuiltXPackTransportClient 构造函数

Use x-pack-transport jar and PreBuiltXPackTransportClient constructor

            Settings settings = Settings.builder()
                .put("cluster.name", "elasticsearch")
                .put("xpack.security.user", "elastic:elastic")
                .build();
        TransportClient transportClient = new PreBuiltXPackTransportClient(settings);
        transportClient = transportClient.addTransportAddress(new TransportAddress(new InetSocketAddress("127.0.0.1", 9300)));