Enterprise Search 企业搜索实践

发表于 更新于 阅读次数: 阅读次数:

Elastic 企业搜索中包含Workplace Search、App Search、Site Search
我们来实践一下App Search

DwyI50

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
version: '3.0'
services:
  ent-search:
    image: docker.elastic.co/enterprise-search/enterprise-search:7.13.0
    container_name: ent-search
    environment:
      - "JAVA_OPTS=-Xms2048m -Xmx2048m"
      - "ENT_SEARCH_DEFAULT_PASSWORD=XXX"
    volumes:
        - ./enterprise-search/config/enterprise-search.yml:/usr/share/enterprise-search/config/enterprise-search.yml
        - ./enterprise-search/config/certs:/usr/share/enterprise-search/config/certs
    ports:
    - 3002:3002
networks:
   default:
    external:
      name: dakewe

配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
secret_management.encryption_keys: [f70aa30d98a4ebf1570f3d0587b10d4712ae17ec6e9d114d9615c6d38588007f]

ent_search.listen_host: 0.0.0.0
ent_search.auth.default.source: standard

ent_search.external_url: http://103.39.231.XXX:3002

# ent_search 连接 Elasticsearch
elasticsearch.host: https://es01:9200
elasticsearch.username: elastic
elasticsearch.password: "123456"
elasticsearch.ssl.enabled: true
elasticsearch.ssl.certificate_authority: "/usr/share/enterprise-search/config/certs/client-ca.crt"
elasticsearch.ssl.certificate: "/usr/share/enterprise-search/config/certs/client.crt"
elasticsearch.ssl.key: "/usr/share/enterprise-search/config/certs/client.key"
elasticsearch.ssl.verify: false

elasticsearch.startup_retry.enabled: true
elasticsearch.startup_retry.interval: 15

# 允许操作es settings 
allow_es_settings_modification: true

kibana.external_url: http://kibana:5601

生成PKI客户端证书,供组件到ES的校验使用

1
2
3
4
5
6
# Private Key 私钥
openssl pkcs12 -in elastic-certificates.p12 -out client.crt -nokeys
# Public Certificate 公共证书
openssl pkcs12 -in elastic-certificates.p12 -out client.key -nodes -nocerts
# CA Certificate 签署公共证书的CA
openssl pkcs12 -in elastic-certificates.p12 -cacerts -nokeys -out client-ca.crt

1
2
3
4
5
6
7
# Private Key 私钥
openssl pkcs12 -in elastic-certificates.p12 -nocerts -nodes > client.key
# Public Certificate 公共证书
openssl pkcs12 -in elastic-certificates.p12 -clcerts -nokeys  > client.cer
# CA Certificate 签署公共证书的CA
openssl pkcs12 -in elastic-certificates.p12 -cacerts -nokeys -chain > client-ca.cer

注意生成后的文件 删除 Bag attributes ,本人在这里卡了2天,原来是个bug

bug缘由
为此特别整理了SSL/TLS 加密传输与数字证书

实践

KitmEZ
agQyLc

IRy42Q
BivxFf

通过 monstache实践mongodb同步es,将数据从mongodb同步到es
当然你也可以使用不同的方式去得到搜索引擎的数据

在app search尝试进行搜索和数据分析

8wwon6

nV8qgF

相关链接:
生成密钥

官方文档

Programming language clients