Ach*_*zki 3 java elasticsearch spring-boot kubernetes
有谁知道如何在 Spring Boot 应用程序上使用 SSL 与以 https 形式部署在 Openshift 上的 ElasticSearch 连接?我的 Spring Boot 应用程序中有一个 config.java ,如下所示:
\n@Configuration\n@EnableElasticsearchRepositories(basePackages = "com.siolbca.repository")\n@ComponentScan(basePackages = "com.siolbca.services")\npublic class Config {\n @Bean\n public RestHighLevelClient client() {\n ClientConfiguration clientConfiguration \n = ClientConfiguration.builder()\n .connectedTo("elasticsearch-siol-es-http.siolbca-dev.svc.cluster.local")\n .usingSsl()\n .withBasicAuth("elastic","G0D1g6TurJ79pcxr1065pU0U")\n .build();\n\n return RestClients.create(clientConfiguration).rest();\n }\n\n @Bean\n public ElasticsearchOperations elasticsearchTemplate() {\n return new ElasticsearchRestTemplate(client());\n }\n}\n但是,当我用Postman运行elasticsearch时,会出现如下错误:
\njavax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n我在互联网上看到一些教程说这是一个证书问题,但我不知道如何在我的代码中实现它,因为我是 Java 和 Spring Boot 的初学者。\n 使用- elasticsearch-java-rest-api-with-self-signed-certificates \n如何连接-spring-boot-2-1-with-elasticsearch-6-6-with-cluster-node-https
\n这里\xe2\x80\x99是我的elasticsearch.yml配置:
\ncluster:\n name: elasticsearch-siol\n routing:\n allocation:\n awareness:\n attributes: k8s_node_name\ndiscovery:\n seed_providers: file\nhttp:\n publish_host: ${POD_NAME}.${HEADLESS_SERVICE_NAME}.${NAMESPACE}.svc\nnetwork:\n host: "0"\n publish_host: ${POD_IP}\nnode:\n attr:\n attr_name: attr_value\n k8s_node_name: ${NODE_NAME}\n name: ${POD_NAME}\n roles:\n - master\n - data\n store:\n allow_mmap: false\npath:\n data: /usr/share/elasticsearch/data\n logs: /usr/share/elasticsearch/logs\nxpack:\n license:\n upload:\n types:\n - trial\n - enterprise\n security:\n authc:\n realms:\n file:\n file1:\n order: -100\n native:\n native1:\n order: -99\n reserved_realm:\n enabled: "false"\n enabled: "true"\n http:\n ssl:\n certificate: /usr/share/elasticsearch/config/http-certs/tls.crt\n certificate_authorities: /usr/share/elasticsearch/config/http-certs/ca.crt\n enabled: true\n key: /usr/share/elasticsearch/config/http-certs/tls.key\n transport:\n ssl:\n certificate: /usr/share/elasticsearch/config/node-transport-cert/transport.tls.crt\n certificate_authorities:\n - /usr/share/elasticsearch/config/transport-certs/ca.crt\n - /usr/share/elasticsearch/config/transport-remote-certs/ca.crt\n enabled: "true"\n key: /usr/share/elasticsearch/config/node-transport-cert/transport.tls.key\n verification_mode: certificate\n有谁知道如何在我的 Spring Boot 应用程序中使用提供的证书?谢谢。
\n我通过在从后端(Spring Boot)连接到elasticsearch时忽略SSL证书验证来解决我的问题。我遵循了以下网站的一些说明:
我还修改了代码,添加了基本身份验证,如下所示:
@Configuration
@EnableElasticsearchRepositories(basePackages = "com.siolbca.repository")
@ComponentScan(basePackages = "com.siolbca.services")
public class Config {
@Bean
public RestHighLevelClient createSimpleElasticClient() throws Exception {
try {
final CredentialsProvider credentialsProvider =
new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("elastic","G0D1g6TurJ79pcxr1065pU0U"));
SSLContextBuilder sslBuilder = SSLContexts.custom()
.loadTrustMaterial(null, (x509Certificates, s) -> true);
final SSLContext sslContext = sslBuilder.build();
RestHighLevelClient client = new RestHighLevelClient(RestClient
.builder(new HttpHost("elasticsearch-siol-es-http.siolbca-dev.svc.cluster.local", 9200, "https"))
//port number is given as 443 since its https schema
.setHttpClientConfigCallback(new HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder
.setSSLContext(sslContext)
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
.setDefaultCredentialsProvider(credentialsProvider);
}
})
.setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() {
@Override
public RequestConfig.Builder customizeRequestConfig(
RequestConfig.Builder requestConfigBuilder) {
return requestConfigBuilder.setConnectTimeout(5000)
.setSocketTimeout(120000);
}
}));
System.out.println("elasticsearch client created");
return client;
} catch (Exception e) {
System.out.println(e);
throw new Exception("Could not create an elasticsearch client!!");
}
}
}
| 归档时间: |
|
| 查看次数: |
6600 次 |
| 最近记录: |