接触opensearch过程中用官方文档提供的docker-compose.yml文件 在虚拟机中运行了 opensearch集群和opensearch-dashboard 往下看到java实示例代码
System.setProperty("javax.net.ssl.trustStore", "/full/path/to/keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "password-to-keystore");
//Establish credentials to use basic authentication.
//Only for demo purposes. Don't specify your credentials in code.
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("admin", "admin"));
//Create a client.
RestClientBuilder builder = RestClient.builder(new HttpHost("localhost", 9200, "https"))
.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
});
这里面/full/path/to/keystore 和password-to-keystore应该填什么呢
你需要在opensearch集群和opensearch-dashboard中配置证书,这样才能进行安全通信。具体操作可以参考官方文档,其中包括生成证书和配置证书的步骤。如果证书找不到,可以检查证书路径是否正确,以及证书文件是否存在。如果仍然找不到,可以尝试重新生成证书并进行配置。以下是一个示例代码块,用于创建证书:
# 创建证书
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
# 配置opensearch集群
opensearch.yml:
opendistro_security.ssl.transport.pemcert_filepath: <path to certificate>
opendistro_security.ssl.transport.pemkey_filepath: <path to key>
opendistro_security.ssl.transport.pemtrustedcas_filepath: <path to CA certificate>
# 配置opensearch-dashboard
opensearch_dashboad.yml:
opendistro_security.ssl.key: <path to key>
opendistro_security.ssl.cert: <path to certificate>
opendistro_security.ssl.certificateAuthorities: <path to CA certificate>