This is an automated email from the ASF dual-hosted git repository. tanjian pushed a commit to branch 9.2.0-master-tlsnoverify in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit 8efcf8a3457c575d6092bbe6cad6fb76d3182a0a Author: jian.tan <jian....@daocloud.io> AuthorDate: Wed Jun 8 14:17:19 2022 +0800 tls insecure host verify --- apm-webapp/pom.xml | 6 +++--- .../client/elasticsearch/ElasticSearchClient.java | 8 +++++++- .../elasticsearch/bulk/ITElasticSearch.java | 24 ++++++++++++++++------ .../elasticsearch/ElasticSearchBuilder.java | 11 ++++++++++ .../src/main/resources/application.yml | 1 + .../StorageModuleElasticsearchConfig.java | 1 + .../StorageModuleElasticsearchProvider.java | 2 +- 7 files changed, 42 insertions(+), 11 deletions(-) diff --git a/apm-webapp/pom.xml b/apm-webapp/pom.xml index 2761c731a9..3a6a5ed510 100644 --- a/apm-webapp/pom.xml +++ b/apm-webapp/pom.xml @@ -149,7 +149,7 @@ <workingDirectory>${ui.path}</workingDirectory> <nodeVersion>v16.14.0</nodeVersion> </configuration> - <executions> + <!-- <executions> <execution> <id>install node and npm</id> <goals> @@ -162,7 +162,7 @@ <goal>npm</goal> </goals> <configuration> - <arguments>install --registry=https://registry.npmjs.org/</arguments> + <arguments>install --registry=https://registry.npm.taobao.org</arguments> </configuration> </execution> <execution> @@ -174,7 +174,7 @@ <arguments>run build</arguments> </configuration> </execution> - </executions> + </executions>--> </plugin> <plugin> <artifactId>maven-resources-plugin</artifactId> diff --git a/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java b/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java index 44440d67fc..1c92411e91 100644 --- a/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java +++ b/oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java @@ -86,6 +86,7 @@ public class ElasticSearchClient implements Client, HealthCheckable { private final int numHttpClientThread; + private final String insecureHosts; private final AtomicReference<ElasticSearch> es = new AtomicReference<>(); public ElasticSearchClient(String clusterNodes, @@ -98,7 +99,8 @@ public class ElasticSearchClient implements Client, HealthCheckable { int connectTimeout, int socketTimeout, int responseTimeout, - int numHttpClientThread) { + int numHttpClientThread, + String insecureHosts) { this.clusterNodes = clusterNodes; this.protocol = protocol; this.trustStorePath = trustStorePath; @@ -110,6 +112,7 @@ public class ElasticSearchClient implements Client, HealthCheckable { this.socketTimeout = socketTimeout; this.responseTimeout = responseTimeout; this.numHttpClientThread = numHttpClientThread; + this.insecureHosts = insecureHosts; } @Override @@ -145,6 +148,9 @@ public class ElasticSearchClient implements Client, HealthCheckable { if (!Strings.isNullOrEmpty(password)) { cb.password(password); } + if (!Strings.isNullOrEmpty(insecureHosts)) { + cb.insecureHosts(insecureHosts); + } final ElasticSearch newOne = cb.build(); // Only swap the old / new after the new one established a new connection. diff --git a/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java b/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java index 6a6980a626..f29dec66b0 100644 --- a/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java +++ b/oap-server/server-library/library-client/src/test/java/org/apache/skywalking/library/elasticsearch/bulk/ITElasticSearch.java @@ -27,7 +27,6 @@ import java.util.Optional; import java.util.function.Function; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.apache.skywalking.oap.server.library.util.StringUtil; import org.apache.skywalking.library.elasticsearch.requests.search.Query; import org.apache.skywalking.library.elasticsearch.requests.search.Search; import org.apache.skywalking.library.elasticsearch.requests.search.SearchBuilder; @@ -37,6 +36,7 @@ import org.apache.skywalking.library.elasticsearch.response.Mappings; import org.apache.skywalking.library.elasticsearch.response.search.SearchResponse; import org.apache.skywalking.oap.server.library.client.elasticsearch.ElasticSearchClient; import org.apache.skywalking.oap.server.library.client.elasticsearch.IndexRequestWrapper; +import org.apache.skywalking.oap.server.library.util.StringUtil; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -54,10 +54,22 @@ public class ITElasticSearch { @Parameterized.Parameters(name = "version: {0}, namespace: {1}") public static Collection<Object[]> versions() { return Arrays.asList(new Object[][] { - {"6.3.2", ""}, - {"6.3.2", "test"}, - {"7.8.0", ""}, - {"7.8.0", "test"} + { + "6.3.2", + "" + }, + { + "6.3.2", + "test" + }, + { + "7.8.0", + "" + }, + { + "7.8.0", + "test" + } }); } @@ -80,7 +92,7 @@ public class ITElasticSearch { server.getHttpHostAddress(), "http", "", "", "test", "test", indexNameConverter(namespace), 500, 6000, - 0, 15 + 0, 15, "" ); client.connect(); } diff --git a/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java b/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java index b85b749216..68f643f3c0 100644 --- a/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java +++ b/oap-server/server-library/library-elasticsearch-client/src/main/java/org/apache/skywalking/library/elasticsearch/ElasticSearchBuilder.java @@ -72,6 +72,8 @@ public final class ElasticSearchBuilder { private int numHttpClientThread; + private String insecureHosts; + public ElasticSearchBuilder protocol(String protocol) { checkArgument(StringUtil.isNotBlank(protocol), "protocol cannot be blank"); this.protocol = SessionProtocol.of(protocol); @@ -145,6 +147,11 @@ public final class ElasticSearchBuilder { return this; } + public ElasticSearchBuilder insecureHosts(String insecureHosts) { + this.insecureHosts = insecureHosts; + return this; + } + @SneakyThrows public ElasticSearch build() { final List<Endpoint> endpoints = @@ -159,6 +166,10 @@ public final class ElasticSearchBuilder { .useHttp2Preface(false) .workerGroup(numHttpClientThread > 0 ? numHttpClientThread : NUM_PROC); + if (StringUtil.isNotBlank(insecureHosts)) { + factoryBuilder.tlsNoVerifyHosts(insecureHosts.split(",")); + } + if (StringUtil.isNotBlank(trustStorePath)) { final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); diff --git a/oap-server/server-starter/src/main/resources/application.yml b/oap-server/server-starter/src/main/resources/application.yml index e936055426..4ba7eb5ed3 100755 --- a/oap-server/server-starter/src/main/resources/application.yml +++ b/oap-server/server-starter/src/main/resources/application.yml @@ -143,6 +143,7 @@ storage: password: ${SW_ES_PASSWORD:""} trustStorePath: ${SW_STORAGE_ES_SSL_JKS_PATH:""} trustStorePass: ${SW_STORAGE_ES_SSL_JKS_PASS:""} + insecureHosts: ${SW_STORAGE_ES_SSL_INSECURE_HOSTS:""} # e.g. "172.16.1.1,172.16.1.2". You should never use this in production but only for a testing purpose. secretsManagementFile: ${SW_ES_SECRETS_MANAGEMENT_FILE:""} # Secrets management file in the properties format includes the username, password, which are managed by 3rd party tool. dayStep: ${SW_STORAGE_DAY_STEP:1} # Represent the number of days in the one minute/hour/day index. indexShardsNumber: ${SW_STORAGE_ES_INDEX_SHARDS_NUMBER:1} # Shard number of new indexes diff --git a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java index 50fccf6aab..d25df190af 100644 --- a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java +++ b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchConfig.java @@ -107,6 +107,7 @@ public class StorageModuleElasticsearchConfig extends ModuleConfig { * @since 7.0.0 This could be managed inside {@link #secretsManagementFile} */ private String trustStorePass; + private String insecureHosts; private int resultWindowMaxSize = 10000; private int metadataQueryMaxSize = 5000; /** diff --git a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java index 679ba121a8..d1ca8062ea 100644 --- a/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java +++ b/oap-server/server-storage-plugin/storage-elasticsearch-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/elasticsearch/StorageModuleElasticsearchProvider.java @@ -169,7 +169,7 @@ public class StorageModuleElasticsearchProvider extends ModuleProvider { .getTrustStorePass(), config.getUser(), config.getPassword(), indexNameConverter(config.getNamespace()), config.getConnectTimeout(), config.getSocketTimeout(), config.getResponseTimeout(), - config.getNumHttpClientThread() + config.getNumHttpClientThread(), config.getInsecureHosts() ); this.registerServiceImplementation( IBatchDAO.class,