用mongo-connector连接亚马逊的Elasticsearch
[英]connecting amazon's elasticsearch with mongo-connector
问题描述
I'm trying to use mongo-connector with Amazon's new hosted Elasticsearch . 
我正在尝试将mongo-connector与Amazon的新托管Elasticsearch结合使用 。
I believe that it's not using normal Elasticsearch Shield etc, but instead it is using Amazon's rather complex authentication scheme. 我相信它不是在使用普通的Elasticsearch Shield等,而是在使用亚马逊相当复杂的身份验证方案。
(related GH issue: https://github.com/mongodb-labs/mongo-connector/issues/337 ) (相关的GH问题: https : //github.com/mongodb-labs/mongo-connector/issues/337 )
1 个解决方案
解决方案1
5 2015-11-01 05:53:33
I guess you've tried that, but the easiest way is to modify your access policy to "Allow Open Access to the domain" in your Amazon Elasticsearch configuration. 我想您已经尝试过了,但是最简单的方法是在Amazon Elasticsearch配置中将访问策略修改为“允许对域的开放访问” 。 Of course, that means your ES cluster is open to the world, so that might be OK for testing purposes, but not in production. 当然,这意味着您的ES集群向世界开放,因此出于测试目的可能是可以的,但不适用于生产环境。
You can also choose "Allow access from specific IPs" , which will "secure" your cluster in a way that only requests from the specified IP addresses will be accepted. 您还可以选择“允许来自特定IP的访问” ,这将以仅接受来自指定IP地址的请求的方式“保护”群集。 For my personal use, I've found this mode to be the easiest to work with, because you get a secured access (provided you're the only one on your IP address) and you don't need to go through the whole AWS signing request stuff. 就我个人而言,我发现此模式最容易使用,因为您获得了安全的访问(前提是您是IP地址上的唯一访问者),并且无需遍历整个AWS签名请求的东西。 Although, if you're in VPC, that option won't work obviously. 虽然,如果您使用的是VPC,则该选项显然不会起作用。
With any of the above access policies configured on your search domain, you don't need to do anything special on the mongo-connector side, you can simply start your mongo-connector with the standard command-line and the replication will work out of the box. 通过在搜索域上配置上述任何访问策略,您无需在mongo-connector端做任何特殊的事情,您只需使用标准命令行启动mongo-connector,复制就可以正常进行了。盒子。
mongo-connector -m localhost:27017 -t search-<yourdomain>.us-west-2.es.amazonaws.com:80 -d elastic_doc_manager
Now, if your search domain is secured with Allow/Deny access to specific AWS account or IAM users" , you will need to sign your requests , which implies that elastic_doc_manager.py will need to somehow be modified to do so. The easiest option would be to write a dedicated doc manager by extending elastic_doc_manager.py into elastic_aws_doc_manager.py and use the Amazon-provided Python boilerplate code to sign each request made by the ES doc manager, that's trivial but still a lot of work. 现在,如果您的搜索域受到对特定AWS帐户或IAM用户的“允许/拒绝”访问权限的保护” ,则需要签署请求 ,这意味着需要以某种方式修改elastic_doc_manager.py 。最简单的选择是通过将elastic_doc_manager.py扩展为elastic_aws_doc_manager.py并使用Amazon提供的Python样板代码来签名ES文档管理器发出的每个请求,可以编写一个专用的文档管理器,这很繁琐,但仍需要大量工作。
However, since mongo_connector es_doc_manager.py uses the official Elasticsearch Python client, and someone had the nice idea to tweak it and make it work for signing requests to AWS Elasticsearch , writing a custom elastic_aws_doc_manager.py doc manager becomes much more trivial. 但是,由于mongo_connector es_doc_manager.py使用了官方的Elasticsearch Python客户端,并且有人想到了一个很好的主意,可以对其进行调整并使其可以用于签署对AWS Elasticsearch的请求 ,因此编写自定义的elastic_aws_doc_manager.py文档管理器变得更为简单。
I firmly believe this should even be built into the main elastic_doc_manager.py and offer a configuration option when working with the AWS Elasticsearch service. 我坚信,这甚至应该内置在main elastic_doc_manager.py并在使用AWS Elasticsearch服务时提供配置选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.