时间:2022-08-30 09:29:42 | 栏目:JAVA代码 | 点击:次
最近公司skywalking服务经常出现大盘空白的情况,经查明,是由于ES的写入瓶颈造成线程阻塞,数据没有落地到ES造成。后综合运维成本等方面考虑,准备使用阿里云提供的Elasticsearch服务,阿里云的ES无论内外网都加上了Http Basic认证,但是skywalking6.x提供的RestHighLevelClient客户端并没有适配带Http Basic基础认证的ES服务,所以需要稍加改动下skywalking源码。
项目从github拉下来后,先了解下项目结构。在skywalking2.x的版本时,我曾研究过skywalking的插件机制,到现在的6.x版本,在项目结构和设计上都有了很大的变化。6.x的项目结构如下,我们主要关注箭头所指的模块,es存储插件的实现
1.定位StorageModuleElasticsearchConfig.java,新增Http Basicr认证所需的用户和密码
@Setter @Getter private String nameSpace; @Setter @Getter private String clusterNodes; private int indexShardsNumber; private int indexReplicasNumber; private boolean highPerformanceMode; private int traceDataTTL = 90; private int minuteMetricDataTTL = 90; private int hourMetricDataTTL = 36; private int dayMetricDataTTL = 45; private int monthMetricDataTTL = 18; private int bulkActions = 2000; private int bulkSize = 20; private int flushInterval = 10; private int concurrentRequests = 2; private String user; private String password;
2.定位ElasticSearchClient.java,新增用户和密码属性,改动构造方法,将用户和密码传入进来,在创建connect时判断用户是否配置了认证信息,如果配置就走带认证的连接,如果没有,就走默认的不带认证连接,具体改动如下:
private static final String TYPE = "type"; private final String clusterNodes; private final String namespace; private final String user; private final String password; private RestHighLevelClient client; public ElasticSearchClient(String clusterNodes, String namespace, String user, String password) { this.clusterNodes = clusterNodes; this.namespace = namespace; this.user = user; this.password = password; } @Override public void connect() { ListpairsList = parseClusterNodes(clusterNodes); RestClientBuilder builder; if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password)) { final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user, password)); builder = RestClient.builder(pairsList.toArray(new HttpHost[0])) .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() { @Override public HttpAsyncClientBuilder customizeHttpClient( HttpAsyncClientBuilder httpClientBuilder) { return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); } }); } else { builder = RestClient.builder(pairsList.toArray(new HttpHost[0])); } client = new RestHighLevelClient(builder); }
Elasticsearch的basic_authentication连接官方文档说明:https://www.elastic.co/guide/en/elasticsearch/client/doc
3.定位StorageModuleElasticsearchProvider.java和ElasticSearchClientTestCase.java 修改构造方法入参。基本上就是如上的改动,就可以让skywalking支持带basic_authentication认证的Elasticsearch服务了。在配置时添加user和password,如:
storage: elasticsearch: nameSpace: ${SW_NAMESPACE:""} clusterNodes: ${SW_STORAGE_ES_CLUSTER_NODES:localhost:9200} user: ${SW_ES_USER:""} password: ${SW_ES_PASSWORD:""} indexShardsNumber: ${SW_STORAGE_ES_INDEX_SHARDS_NUMBER:2} indexReplicasNumber: ${SW_STORAGE_ES_INDEX_REPLICAS_NUMBER:0} # Batch process setting, refer to https://www.elastic.co/guide/en/elasticsearch/client/java-api/5.5/java-docs-bulk-processor.html bulkActions: ${SW_STORAGE_ES_BULK_ACTIONS:2000} # Execute the bulk every 2000 requests bulkSize: ${SW_STORAGE_ES_BULK_SIZE:20} # flush the bulk every 20mb flushInterval: ${SW_STORAGE_ES_FLUSH_INTERVAL:10} # flush the bulk every 10 seconds whatever the number of requests concurrentRequests: ${SW_STORAGE_ES_CONCURRENT_REQUESTS:2} # the number of concurrent requests
改完编译成功后,会在项目的根目录下生产一个dist目录,目录下包含两个压缩包,分别对应linux系统tar,和Windows下的zip包。
其实解决这个问题的方式除了改造skywalking外,还可以通过Nginx做一下转发,Http Basic认证的动作在Nginx侧给做了。之所以想到改动skywalking,是因为Elasticsearch的RestHighLevelClient 官方文档有这种Http Basic认证支持说明。所以觉得是一个比较常规的操作,而不是多依赖一个外部组件来解决。
目前关于改动Elasticsearch Client支持Http Basic的代码已给官方提交pr,在是否需要合并此pr,和skywalking作者们沟通交流很多个来回。截止发文这个pr还没正式合并到官方仓库。如果你看到这了,希望能发表下你对这个pr合并的意见和看法。不过,最后还是希望这个pr能够合并进去,能用官方发布的版本解决Http Basic认证的问题最好了。