云搜索服务 CSS-通过Go客户端接入Elasticsearch集群:连接安全集群

时间:2024-10-08 18:50:00

连接安全集群

  • 连接未开启https的安全集群,示例如下:
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    package main
    
    import (
    	"github.com/elastic/go-elasticsearch/v7"
    	"log"
    )
    
    func main() {
    	cfg := elasticsearch.Config{
    		Addresses: []string{
    			"http://HOST:9200/",
    		},
    		Username: "USERNAME",
    		Password: "PASSWORD",
    	}
    
    	es, _ := elasticsearch.NewClient(cfg)
    	log.Println(es.Info())
    }
    
  • 连接开启https的安全集群,不使用证书,示例代码如下:
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    package main
    
    import (
    	"crypto/tls"
    	"github.com/elastic/go-elasticsearch/v7"
    	"log"
    	"net/http"
    )
    
    func main() {
    	cfg := elasticsearch.Config{
    		Addresses: []string{
    			"https://HOST:9200/",
    		},
    		Username: "USERNAME",
    		Password: "PASSWORD",
    		Transport: &http.Transport{
    			TLSClientConfig: &tls.Config{
    				InsecureSkipVerify: true,
    			},
    		},
    	}
    
    	es, _ := elasticsearch.NewClient(cfg)
    	log.Println(es.Info())
    }
    
  • 连接开启https的安全集群,使用证书,示例代码如下:
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    package main
    
    import (
    	"crypto/tls"
    	"crypto/x509"
    	"flag"
    	"github.com/elastic/go-elasticsearch/v7"
    	"io/ioutil"
    	"log"
    	"net"
    	"net/http"
    	"time"
    )
    
    func main() {
    	insecure := flag.Bool("insecure-ssl", false, "Accept/Ignore all server SSL certificates")
    	flag.Parse()
    
    	// Get the SystemCertPool, continue with an empty pool on error
    	rootCAs, _ := x509.SystemCertPool()
    	if rootCAs == nil {
    		rootCAs = x509.NewCertPool()
    	}
    
    	// Read in the cert file
    	certs, err := ioutil.ReadFile("/tmp/CloudSearchService.cer")
    	if err != nil {
    		log.Fatalf("Failed to append %q to RootCAs: %v", "xxx", err)
    	}
    
    	// Append our cert to the system pool
    	if ok := rootCAs.AppendCertsFromPEM(certs); !ok {
    		log.Println("No certs appended, using system certs only")
    	}
    
    	config := elasticsearch.Config{
    		Addresses: []string{
    			"https://HOST:9200/",
    		},
    		Username: "USERNAME",
    		Password: "PASSWORD",
    		Transport: &http.Transport{
    			MaxIdleConnsPerHost:   10,
    			ResponseHeaderTimeout: time.Second,
    			DialContext: (&net.Dialer{
    				Timeout:   30 * time.Second,
    				KeepAlive: 30 * time.Second,
    			}).DialContext,
    			TLSClientConfig: &tls.Config{
    				InsecureSkipVerify: *insecure,
    				RootCAs:            rootCAs,
    			},
    		},
    	}
    	es, _ := elasticsearch.NewClient(config)
    	log.Println(elasticsearch.Version)
    	log.Println(es.Info())
    }
    
表1 函数中的变量说明

参数

描述

HOST

ES集群的访问地址,当存在多个IP地址时,中间用“,”隔开。

USERNAME

访问集群的用户名。

PASSWORD

用户名对应的密码。

support.huaweicloud.com/usermanual-css/css_01_0073.html