前言
最近公司skywalking服务经常出现大盘空白的情况,经查明,是由于ES的写入瓶颈造成线程阻塞,数据没有落地到ES造成。后综合运维成本等方面考虑,准备使用阿里云提供的Elasticsearch服务,阿里云的ES无论内外网都加上了Http Basic认证,但是skywalking6.x提供的RestHighLevelClient客户端并没有适配带Http Basic基础认证的ES服务,所以需要稍加改动下skywalking源码。
skywalking项目结构
项目从github拉下来后,先了解下项目结构。在skywalking2.x的版本时,我曾研究过skywalking的插件机制,到现在的6.x版本,在项目结构和设计上都有了很大的变化。6.x的项目结构如下,我们主要关注箭头所指的模块,es存储插件的实现
定位代码改动
1.定位StorageModuleElasticsearchConfig.java,新增Http Basicr认证所需的用户和密码
@Setter @Getter private String nameSpace;
@Setter @Getter private String clusterNodes;
private int indexShardsNumber;
private int indexReplicasNumber;
private boolean highPerformanceMode;
private int traceDataTTL = 90;
private int minuteMetricDataTTL = 90;
private int hourMetricDataTTL = 36;
private int dayMetricDataTTL = 45;
private int monthMetricDataTTL = 18;
private int bulkActions = 2000;
private int bulkSize = 20;
private int flushInterval = 10;
private int concurrentRequests = 2;
private String user;
private String password;
2.定位ElasticSearchClient.java,新增用户和密码属性,改动构造方法,将用户和密码传入进来,在创建connect时判断用户是否配置了认证信息,如果配置就走带认证的连接,如果没有,就走默认的不带认证连接,具体改动如下:
private static final String TYPE = "type";
private final String clusterNodes;
private final String namespace;
private final String user;
private final String password;
private RestHighLevelClient client;
public ElasticSearchClient(String clusterNodes, String namespace, String user, String password) {
this.clusterNodes = clusterNodes;
this.namespace = namespace;
this.user = user;
this.password = password;
}
@Override
public void connect() {
List<HttpHost> pairsList = parseClusterNodes(clusterNodes);
RestClientBuilder builder;
if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password)) {
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user, password));
builder = RestClient.builder(pairsList.toArray(new HttpHost[0]))
.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(
HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
});
} else {
builder = RestClient.builder(pairsList.toArray(new HttpHost[0]));
}
client = new RestHighLevelClient(builder);
}
Elasticsearch的basic_authentication连接官方文档说明:https://www.elastic.co/guide/en/elasticsearch/client/doc
3.定位StorageModuleElasticsearchProvider.java和ElasticSearchClientTestCase.java 修改构造方法入参。基本上就是如上的改动,就可以让skywalking支持带basic_authentication认证的Elasticsearch服务了。在配置时添加user和password,如:
storage:
elasticsearch:
nameSpace: ${SW_NAMESPACE:""}
clusterNodes: ${SW_STORAGE_ES_CLUSTER_NODES:localhost:9200}
user: ${SW_ES_USER:""}
password: ${SW_ES_PASSWORD:""}
indexShardsNumber: ${SW_STORAGE_ES_INDEX_SHARDS_NUMBER:2}
indexReplicasNumber: ${SW_STORAGE_ES_INDEX_REPLICAS_NUMBER:0}
# Batch process setting, refer to https://www.elastic.co/guide/en/elasticsearch/client/java-api/5.5/java-docs-bulk-processor.html
bulkActions: ${SW_STORAGE_ES_BULK_ACTIONS:2000} # Execute the bulk every 2000 requests
bulkSize: ${SW_STORAGE_ES_BULK_SIZE:20} # flush the bulk every 20mb
flushInterval: ${SW_STORAGE_ES_FLUSH_INTERVAL:10} # flush the bulk every 10 seconds whatever the number of requests
concurrentRequests: ${SW_STORAGE_ES_CONCURRENT_REQUESTS:2} # the number of concurrent requests
注意事项
- skywalking项目从个人开源走到国际化开源项目,和其代码质量和项目管理密不可分。skywalking项目里有严格的代码编译检查,比如逗号前面不能有空格,逗号后面一定要有空格等。
- 还有别忘记修改assembly\application.yml文件,添加上user和password,不然打出来的包默认不带这两个配置属性
- 编译的话,因为涉及到GPRC部分的依赖,和前端子项目的结构,需要做些处理,参考官方说明:docs/en/guides/How-to-build.md
- 因为系统字符集的问题,Windows系统下打出来的包,bin目录下的shell脚步可能运行不了,这个是因为Windows字符集的问题导致的,不过没关系,可以拷贝官方包中的脚步替换
改完编译成功后,会在项目的根目录下生产一个dist目录,目录下包含两个压缩包,分别对应linux系统tar,和Windows下的zip包。
结语
其实解决这个问题的方式除了改造skywalking外,还可以通过Nginx做一下转发,Http Basic认证的动作在Nginx侧给做了。之所以想到改动skywalking,是因为Elasticsearch的RestHighLevelClient 官方文档有这种Http Basic认证支持说明。所以觉得是一个比较常规的操作,而不是多依赖一个外部组件来解决。目前关于改动Elasticsearch Client支持Http Basic的代码已给官方提交pr:https://github.com/apache/incubator-skywalking/pull/2384,已合并分支,在skywalking6.1发行版本中会包含这块代码。希望早点发布。能用官方发布的版本解决Http Basic认证的问题最好了。