Secure Elastic connection using transport client

1.8k views Asked by At

Need to connect to a secure elastic search which has https authentication using Transport client in java code. I have userId and password to connect secure elastic. I am using elasticsearch 7.10.0.

try {
            Settings settings = Settings.builder().put("cluster.name", clusterName)
                    .put("xpack.security.user", "elastic:elastic")      
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .put("xpack.ssl.key", "/etc/elasticsearch/elasticsearch.keystore")
                    .put("xpack.ssl.certificate", "/etc/elasticsearch/elastic-certificates.p12")
                    .put("xpack.ssl.certificate_authorities", "/etc/elasticsearch/elastic-stack-ca.p12")
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .build();
            ESclient = new PreBuiltTransportClient(settings);

            //changes for add multiple IP address
            String[] hosts = elasticHost.split(",");
            for (String host : hosts) {
                ESclient.addTransportAddress(new TransportAddress(InetAddress.getByName(host.trim()), elasticPort));
            }
            System.out.println(ESclient.settings());
        } catch (UnknownHostException ex) {
            System.out.println("Exception :" + ex);
            //logger.error("Exception : " + ex);
            throw ex;
        }

But its showing Error:

java.lang.IllegalArgumentException: unknown setting [xpack.security.transport.ssl.enabled] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

Please let me know,what i am missing in above code.Thanks in advance.

2

There are 2 answers

11
Val On

You should not use the TCP transport client anymore since it's been deprecated in 7.0. Instead you should use the REST client which communicates with your cluster over HTTP.

If you need to communicate over HTTPS with your cluster, here is how to do it with the REST client:

// 1. create an SSL context to trust the CA that signed the ES server certificate
String keyStorePass = "keystorePassword";
Path trustStorePath = Paths.get("/etc/elasticsearch/elastic-stack-ca.p12");
KeyStore truststore = KeyStore.getInstance("pkcs12");
try (InputStream is = Files.newInputStream(trustStorePath)) {
    truststore.load(is, keyStorePass.toCharArray());
}
SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, null);
final SSLContext sslContext = sslBuilder.build();

// 2. Basic authentication
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "password"));

// 3. Changes for add multiple IP address
String[] hosts = elasticHost.split(",");
HttpHost[] httpHosts = Arrays.stream(hosts)
     .map(host -> new HttpHost(host.trim(), elasticPort, "https"))
     .collect(Collectors.toList())
     .toArray(new HttpHost[hosts.length]);

// 4. Build the low-level client
RestClientBuilder builder = RestClient.builder(httpHosts)
    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(
                HttpAsyncClientBuilder httpClientBuilder) {

            // set Basic credentials
            httpClientBuilder.setDefaultCredentialsProvider(credsProvider);
            // set SSL context
            return httpClientBuilder.setSSLContext(sslContext);
        }
    });

// 5. Build the high-level client
RestHighLevelClient client = new RestHighLevelClient(builder);

If you need to migrate your Java code to use the new RETS client, the official documentation provides a step-by-step guide on what needs to be done.

0
user3049594 On

Use x-pack-transport jar and PreBuiltXPackTransportClient constructor

Use x-pack-transport jar and PreBuiltXPackTransportClient constructor

            Settings settings = Settings.builder()
                .put("cluster.name", "elasticsearch")
                .put("xpack.security.user", "elastic:elastic")
                .build();
        TransportClient transportClient = new PreBuiltXPackTransportClient(settings);
        transportClient = transportClient.addTransportAddress(new TransportAddress(new InetSocketAddress("127.0.0.1", 9300)));