日常记录:es TransportClient添加证书处理

背景

最近在搞es登录,不知道是不是低版本问题(6.8.12),开启登录之后springboot连接es,es一直报Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 45530000002c000000000000009108004d3603000016696e7465726e616c3a7463702f68616e647368616b650004bb91f302。

最新排查情况,es开启登录,没有springboot应用连接的话,es是没有没有报错的,结合异常信息9300、SSL/TLS协议,猜想是客户端连接没有设置证书,最后一番设置之后证实是连接没有设置证书问题。

另外,查询资料TransportClient 高版本是废弃的,但是6.8.12不高也不低,好像也没废弃,所以还是得对TransportClient 设置证书。

一、es elasticsearch.yml配置文件关于登录最新配置

#开启安全验证

xpack.security.enabled: true

#transport 开启ssl

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

#证书,自己生成吧,es自带工具能生成

xpack.security.transport.ssl.keystore.path: certs/elastic-stack-ca.p12

修改后重启es服务

二、springboot 关于es连接最新配置

maven spring-boot-starter-data-elasticsearch排除x-pack-transport模块,额外引入x-pack-transport6.8.12(版本按实际需求),这样引入才会有PreBuiltXPackTransportClient类,支持xpack相关配置属性。

...

<dependency>

<groupId>org.elasticsearch.client</groupId>

<artifactId>x-pack-transport</artifactId>

<version>6.8.12</version>

</dependency>

<dependency>

<groupId>org.springframework.boot</groupId>

<artifactId>spring-boot-starter-data-elasticsearch</artifactId>

<exclusions>

<exclusion>

<groupId>org.elasticsearch.client</groupId>

<artifactId>x-pack-transport</artifactId>

</exclusion>

</exclusions>

</dependency>

...

yml:enabled控制是否需要配置TransportClient,capath是证书路径文件跟服务器一致就好,username、password稍微移动到ssl(相比之前的文章,当然位置自己随便写)

spring:

data:

elasticsearch:

cluster-name: es

cluster-nodes: xxxx:9300

rest:

uris: http://xxxx:9200

ssl:

enabled: true

username: elastic

password: 123456

capath: /xxxxx/elastic-stack-ca.p12

es 配置类,配置TransportClient对象,由spring.data.elasticsearch.rest.ssl.enabled控制是否需要配置,使用setting配置需要的连接属性

cluster.name:集群名字

xpack.security.user:账号密码

xpack.security.transport.ssl.enabled:开启ssl

xpack.security.transport.ssl.verification_mode:证书模式跟服务配置一致

xpack.security.transport.ssl.keystore.path:证书路径

xpack.security.transport.ssl.keystore.password:证书密码,生成证书时候有输入密码,需要一致

package com.xxxx.configuration;

import java.net.InetAddress;
import java.util.stream.Stream;

import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.xpack.client.PreBuiltXPackTransportClient;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.elasticsearch.config.AbstractElasticsearchConfiguration;
import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;

/**
 * 
 * 描述:elasticsearch配置
 * @author sakyoka
 * @date 2024年10月11日 下午3:47:19
 */
@Configuration
public class ElasticsearchConfiguration extends AbstractElasticsearchConfiguration {
	
	@Value("${spring.data.elasticsearch.cluster-name}")
	private String clusterName;
	
	@Value("${spring.data.elasticsearch.cluster-nodes}")
	private String clusterNodes;
	
	@Value("${spring.data.elasticsearch.rest.uris}")
	private String uris;
	
	@Value("${spring.data.elasticsearch.rest.ssl.username:}")
	private String username;
	
	@Value("${spring.data.elasticsearch.rest.ssl.password:}")
	private String password;
	
	@Value("${spring.data.elasticsearch.rest.ssl.capath:}")
	private String caPath;

    @Bean
    public ElasticsearchRestTemplate elasticsearchRestTemplate(RestHighLevelClient client) {
        return new ElasticsearchRestTemplate(elasticsearchClient());
    }
	
	@Override
	public RestHighLevelClient elasticsearchClient(){
		System.setProperty("es.set.netty.runtime.available.processors", "false");
		CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
		credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
		RestClientBuilder builder = RestClient.builder(HttpHost.create(uris))
				.setHttpClientConfigCallback(http -> {
					return http.setDefaultCredentialsProvider(credentialsProvider);
				});
		return new RestHighLevelClient(builder);
	}
	
	@Bean
	@ConditionalOnProperty(name = "spring.data.elasticsearch.rest.ssl.enabled")
    public TransportClient transportClient() throws Exception {
        Settings settings = Settings.builder()
                .put("cluster.name", clusterName)
                .put("xpack.security.user", username + ":" + password)
                .put("xpack.security.transport.ssl.enabled", true)
                .put("xpack.security.transport.ssl.verification_mode", "certificate")
                .put("xpack.security.transport.ssl.keystore.path", caPath)
                .put("xpack.security.transport.ssl.keystore.password", password)
                .build();

        TransportClient client = new PreBuiltXPackTransportClient(settings);
        Stream.of(clusterNodes.split(",")).forEach(nodeName -> {
        	try {
				client.addTransportAddress(new TransportAddress(
						InetAddress.getByName(nodeName.split(":")[0]), Integer.valueOf(nodeName.split(":")[1])));
			} catch (Exception e) {
				throw new RuntimeException("es 注册节点:" + nodeName, e);
			}
        });
        return client;
    }
}

相关配置配置好之后启动应用,会发现es日志不再报Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:

总结:

万恶的版本,好多类缺失不兼容,搞了好久

相关推荐
御前一品带刀侍卫21 分钟前
elasticsearch基础
大数据·elasticsearch·搜索引擎
武子康44 分钟前
大数据-191 Elasticsearch - ES 集群模式 配置启动 规划调优
java·大数据·elk·elasticsearch·搜索引擎·全文检索
落落落sss1 小时前
es实现自动补全
大数据·服务器·elasticsearch·搜索引擎·全文检索
小汤猿人类1 小时前
什么是Elasticsearch?
大数据·elasticsearch·搜索引擎
武子康1 小时前
大数据-187 Elasticsearch - ELK 家族 Logstash Filter 插件 使用详解
大数据·数据结构·elk·elasticsearch·搜索引擎·全文检索·1024程序员节
Hadoop_Liang1 小时前
Docker Compose一键部署Spring Boot + Vue项目
vue.js·spring boot·docker
阿乾之铭2 小时前
Spring Boot框架中的IO
java·spring boot·log4j·1024程序员节
wclass-zhengge2 小时前
SpringBoot篇(运维实用篇 - 临时属性)
运维·spring boot·后端
2401_857600952 小时前
商场应急管理:SpringBoot技术解决方案
java·spring boot·后端