ElasticSearch with SSL and F5 url


(Ashok Gadiraju) #1

HI,

I am facing issue with connecting to ElasticSearch cluster that is secured with SSL and using a F5 on top of that.

My code without F5 and connecting directly to a node is as follows

private SSLContext getSocketFactory() {
	SSLContext sslContext = null;
	InputStream identityKeyStoreFile = null;
	InputStream trustKeyStoreFile = null;
	try {
		KeyStore identityKeyStore = KeyStore.getInstance("jks");
		Resource r = new FileSystemResource(keyStore);
			
		identityKeyStoreFile = r.getInputStream();
		identityKeyStore.load(identityKeyStoreFile, keyStorePwd.toCharArray());

		KeyStore trustKeyStore = KeyStore.getInstance("jks");
		Resource r1 = new FileSystemResource(trustStore);
		trustKeyStoreFile = r1.getInputStream();
		trustKeyStore.load(trustKeyStoreFile, trustStorePwd.toCharArray());
		
		sslContext = SSLContexts.custom()
				// load identity keystore
				.loadKeyMaterial(identityKeyStore, keyPwd.toCharArray())
				// load trust keystore
				.loadTrustMaterial(trustKeyStore, null).build();
	} catch (Exception e) {
		LOGGER.info(e.getMessage());
		throw new InternalException("Issue with connecting to ElasticSearch.");
	} finally {
		try {
			if (identityKeyStoreFile != null)
				identityKeyStoreFile.close();
		} catch (IOException e) {
			LOGGER.info("Failed to close filestream : {}", e.getMessage());
		}
		try {
			if (trustKeyStoreFile != null)
				trustKeyStoreFile.close();
		} catch (IOException e) {
			LOGGER.info("Failed to close filestream : {}", e.getMessage());
		}
	}
	return sslContext;
}

And this SSL Context is used to connect to ES with RestHighLevelClient
public RestHighLevelClient restClient() throws Exception {
RestClientBuilder builder = null;

		final SSLContext sslContext = getSocketFactory();
		**HttpHost post = new HttpHost("192.168.1.10", 9200, "https")**;
		builder = RestClient.builder(post)
					.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
						public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
							return httpClientBuilder.setSSLContext(sslContext);
						}
					});
		
		RestHighLevelClient client = new RestHighLevelClient(builder);
		return client;
	}

With F5 url on top of elastic cluster my connection looks like below
public RestHighLevelClient restClient() throws Exception {
RestClientBuilder builder = null;

		final SSLContext sslContext = getSocketFactory();
		**HttpHost post = new HttpHost("elastic-dev", -1, "https");**
		builder = RestClient.builder(post)
					.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
						public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
							return httpClientBuilder.setSSLContext(sslContext);
						}
					});
		
		RestHighLevelClient client = new RestHighLevelClient(builder);
		return client;
	}

When I execute with the change after F5 url, and execute search, I am getting an connection closed erro which I am not facing when directly calling the host

Can some one help me how can I connect to Elasticsearch with SSL and F5 on top of that


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.