You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2021/04/07 06:04:24 UTC

[GitHub] [incubator-doris] wuyunfeng commented on a change in pull request #5325: [Doris On ES][WIP] Support external ES table with `SSL` secured and configurable node sniffing

wuyunfeng commented on a change in pull request #5325:
URL: https://github.com/apache/incubator-doris/pull/5325#discussion_r608360325



##########
File path: fe/fe-core/src/main/java/org/apache/doris/external/elasticsearch/EsRestClient.java
##########
@@ -207,4 +240,33 @@ private String execute(String path) throws DorisEsException {
         }
         return (T) (key != null ? map.get(key) : map);
     }
+
+    /**
+     * support https
+     **/
+    private static class TrustAllCerts implements X509TrustManager {
+        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
+
+        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
+
+        public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];}
+    }
+
+    private static class TrustAllHostnameVerifier implements HostnameVerifier {
+        public boolean verify(String hostname, SSLSession session) {
+            return true;
+        }
+    }
+
+    private static SSLSocketFactory createSSLSocketFactory() {
+        SSLSocketFactory ssfFactory;
+        try {
+            SSLContext sc = SSLContext.getInstance("TLS");
+            sc.init(null, new TrustManager[]{new TrustAllCerts()}, new SecureRandom());
+            ssfFactory = sc.getSocketFactory();
+        } catch (Exception e) {
+            throw new DorisEsException("createSSLSocketFactory error");

Review comment:
       ```suggestion
               throw new DorisEsException("Errors happens when create ssl socket", e);
   ```

##########
File path: fe/fe-core/src/main/java/org/apache/doris/external/elasticsearch/EsRestClient.java
##########
@@ -141,6 +154,19 @@ public EsShardPartitions searchShards(String indexName) throws DorisEsException
         }
         return EsShardPartitions.findShardPartitions(indexName, searchShards);
     }
+    
+    /**
+     * init ssl networkClient use lazy way
+     **/
+    private synchronized void initSslNetworkClient() {

Review comment:
       ```suggestion
       private synchronized NetworkClient getOrCreateSslNetworkClient() {
   ```

##########
File path: docs/en/extending-doris/doris-on-es.md
##########
@@ -328,6 +328,63 @@ This term does not match any term in the dictionary，and will not return any re
 
 The type of `k4.keyword` is `keyword`, and writing data into ES is a complete term, so it can be matched
 
+### Enable ES node discovery(es\_nodes\_discovery=true)

Review comment:
       ```suggestion
   ### Enable nodes discovery  mechanism, default is true
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org