This is an automated email from the ASF dual-hosted git repository.
tanjian pushed a commit to branch 9.2.0-master-tlsnoverify
in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit 8efcf8a3457c575d6092bbe6cad6fb76d3182a0a
Author: jian.tan <jian....@daocloud.io>
AuthorDate: Wed Jun 8 14:17:19 2022 +0800
tls insecure host verify
---
apm-webapp/pom.xml | 6 +++---
.../client/elasticsearch/ElasticSearchClient.java | 8 +++++++-
.../elasticsearch/bulk/ITElasticSearch.java | 24 ++++++++++++++++------
.../elasticsearch/ElasticSearchBuilder.java | 11 ++++++++++
.../src/main/resources/application.yml | 1 +
.../StorageModuleElasticsearchConfig.java | 1 +
.../StorageModuleElasticsearchProvider.java | 2 +-
7 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/apm-webapp/pom.xml b/apm-webapp/pom.xml
index 2761c731a9..3a6a5ed510 100644
--- a/apm-webapp/pom.xml
+++ b/apm-webapp/pom.xml
@@ -149,7 +149,7 @@
<workingDirectory>${ui.path}</workingDirectory>
<nodeVersion>v16.14.0</nodeVersion>
</configuration>
- <executions>
+ <!-- <executions>
<execution>
<id>install node and npm</id>
<goals>
@@ -162,7 +162,7 @@
<goal>npm</goal>
</goals>
<configuration>
- <arguments>install
--registry=https://registry.npmjs.org/</arguments>
+ <arguments>install
--registry=https://registry.npm.taobao.org</arguments>
</configuration>
</execution>
<execution>
@@ -174,7 +174,7 @@
<arguments>run build</arguments>
</configuration>
</execution>
- </executions>
+ </executions>-->
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
diff --git
a/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java
b/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java
index 44440d67fc..1c92411e91 100644
---
a/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java
+++
b/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java
@@ -86,6 +86,7 @@ public class ElasticSearchClient implements Client,
HealthCheckable {
private final int numHttpClientThread;
+ private final String insecureHosts;
private final AtomicReference<ElasticSearch> es = new AtomicReference<>();
public ElasticSearchClient(String clusterNodes,
@@ -98,7 +99,8 @@ public class ElasticSearchClient implements Client,
HealthCheckable {
int connectTimeout,
int socketTimeout,
int responseTimeout,
- int numHttpClientThread) {
+ int numHttpClientThread,
+ String insecureHosts) {
this.clusterNodes = clusterNodes;
this.protocol = protocol;
this.trustStorePath = trustStorePath;
@@ -110,6 +112,7 @@ public class ElasticSearchClient implements Client,
HealthCheckable {
this.socketTimeout = socketTimeout;
this.responseTimeout = responseTimeout;
this.numHttpClientThread = numHttpClientThread;
+ this.insecureHosts = insecureHosts;
}
@Override
@@ -145,6 +148,9 @@ public class ElasticSearchClient implements Client,
HealthCheckable {
if (!Strings.isNullOrEmpty(password)) {
cb.password(password);
}
+ if (!Strings.isNullOrEmpty(insecureHosts)) {
+ cb.insecureHosts(insecureHosts);
+ }
final ElasticSearch newOne = cb.build();
// Only swap the old / new after the new one established a new
connection.
diff --git
a/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java
b/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java
index 6a6980a626..f29dec66b0 100644
---
a/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java
+++
b/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java
@@ -27,7 +27,6 @@ import java.util.Optional;
import java.util.function.Function;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
-import org.apache.skywalking.oap.server.library.util.StringUtil;
import org.apache.skywalking.library.elasticsearch.requests.search.Query;
import org.apache.skywalking.library.elasticsearch.requests.search.Search;
import
org.apache.skywalking.library.elasticsearch.requests.search.SearchBuilder;
@@ -37,6 +36,7 @@ import
org.apache.skywalking.library.elasticsearch.response.Mappings;
import
org.apache.skywalking.library.elasticsearch.response.search.SearchResponse;
import
org.apache.skywalking.oap.server.library.client.elasticsearch.ElasticSearchClient;
import
org.apache.skywalking.oap.server.library.client.elasticsearch.IndexRequestWrapper;
+import org.apache.skywalking.oap.server.library.util.StringUtil;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -54,10 +54,22 @@ public class ITElasticSearch {
@Parameterized.Parameters(name = "version: {0}, namespace: {1}")
public static Collection<Object[]> versions() {
return Arrays.asList(new Object[][] {
- {"6.3.2", ""},
- {"6.3.2", "test"},
- {"7.8.0", ""},
- {"7.8.0", "test"}
+ {
+ "6.3.2",
+ ""
+ },
+ {
+ "6.3.2",
+ "test"
+ },
+ {
+ "7.8.0",
+ ""
+ },
+ {
+ "7.8.0",
+ "test"
+ }
});
}
@@ -80,7 +92,7 @@ public class ITElasticSearch {
server.getHttpHostAddress(),
"http", "", "", "test", "test",
indexNameConverter(namespace), 500, 6000,
- 0, 15
+ 0, 15, ""
);
client.connect();
}
diff --git
a/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java
b/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java
index b85b749216..68f643f3c0 100644
---
a/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java
+++
b/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java
@@ -72,6 +72,8 @@ public final class ElasticSearchBuilder {
private int numHttpClientThread;
+ private String insecureHosts;
+
public ElasticSearchBuilder protocol(String protocol) {
checkArgument(StringUtil.isNotBlank(protocol), "protocol cannot be
blank");
this.protocol = SessionProtocol.of(protocol);
@@ -145,6 +147,11 @@ public final class ElasticSearchBuilder {
return this;
}
+ public ElasticSearchBuilder insecureHosts(String insecureHosts) {
+ this.insecureHosts = insecureHosts;
+ return this;
+ }
+
@SneakyThrows
public ElasticSearch build() {
final List<Endpoint> endpoints =
@@ -159,6 +166,10 @@ public final class ElasticSearchBuilder {
.useHttp2Preface(false)
.workerGroup(numHttpClientThread > 0 ?
numHttpClientThread : NUM_PROC);
+ if (StringUtil.isNotBlank(insecureHosts)) {
+ factoryBuilder.tlsNoVerifyHosts(insecureHosts.split(","));
+ }
+
if (StringUtil.isNotBlank(trustStorePath)) {
final TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
diff --git a/oap-server/server-starter/src/main/resources/application.yml
b/oap-server/server-starter/src/main/resources/application.yml
index e936055426..4ba7eb5ed3 100755
--- a/oap-server/server-starter/src/main/resources/application.yml
+++ b/oap-server/server-starter/src/main/resources/application.yml
@@ -143,6 +143,7 @@ storage:
password: ${SW_ES_PASSWORD:""}
trustStorePath: ${SW_STORAGE_ES_SSL_JKS_PATH:""}
trustStorePass: ${SW_STORAGE_ES_SSL_JKS_PASS:""}
+ insecureHosts: ${SW_STORAGE_ES_SSL_INSECURE_HOSTS:""} # e.g.
"172.16.1.1,172.16.1.2". You should never use this in production but only for a
testing purpose.
secretsManagementFile: ${SW_ES_SECRETS_MANAGEMENT_FILE:""} # Secrets
management file in the properties format includes the username, password, which
are managed by 3rd party tool.
dayStep: ${SW_STORAGE_DAY_STEP:1} # Represent the number of days in the
one minute/hour/day index.
indexShardsNumber: ${SW_STORAGE_ES_INDEX_SHARDS_NUMBER:1} # Shard number
of new indexes
diff --git
a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java
b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java
index 50fccf6aab..d25df190af 100644
---
a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java
+++
b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java
@@ -107,6 +107,7 @@ public class StorageModuleElasticsearchConfig extends
ModuleConfig {
* @since 7.0.0 This could be managed inside {@link #secretsManagementFile}
*/
private String trustStorePass;
+ private String insecureHosts;
private int resultWindowMaxSize = 10000;
private int metadataQueryMaxSize = 5000;
/**
diff --git
a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java
b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java
index 679ba121a8..d1ca8062ea 100644
---
a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java
+++
b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java
@@ -169,7 +169,7 @@ public class StorageModuleElasticsearchProvider extends
ModuleProvider {
.getTrustStorePass(), config.getUser(), config.getPassword(),
indexNameConverter(config.getNamespace()),
config.getConnectTimeout(),
config.getSocketTimeout(), config.getResponseTimeout(),
- config.getNumHttpClientThread()
+ config.getNumHttpClientThread(), config.getInsecureHosts()
);
this.registerServiceImplementation(
IBatchDAO.class,
