OpenSearch/x-pack/docs/en/sql/endpoints/jdbc.asciidoc

195 lines
6.4 KiB
Plaintext
Raw Normal View History

[role="xpack"]
[[sql-jdbc]]
== SQL JDBC
Elasticsearch's SQL jdbc driver is a rich, fully featured JDBC driver for Elasticsearch.
It is Type 4 driver, meaning it is a platform independent, stand-alone, Direct to Database,
pure Java driver that converts JDBC calls to Elasticsearch SQL.
[float]
=== Installation
The JDBC driver can be obtained either by downloading it from the https://www.elastic.co/downloads/jdbc-client[elastic.co] site or by using a http://maven.apache.org/[Maven]-compatible tool with the following dependency:
["source","xml",subs="attributes"]
----
<dependency>
<groupId>org.elasticsearch.plugin.jdbc</groupId>
<artifactId>jdbc</artifactId>
<version>{version}</version>
</dependency>
----
from `artifacts.elastic.co/maven` by adding it to the repositories list:
["source","xml",subs="attributes"]
----
<repositories>
<repository>
<id>elastic.co</id>
<url>https://artifacts.elastic.co/maven</url>
</repository>
</repositories>
----
[[jdbc-setup]]
[float]
=== Setup
The driver main class is `org.elasticsearch.xpack.sql.jdbc.jdbc.JdbcDriver`. Note the driver
also implements the JDBC 4.0 +Service Provider+ mechanism meaning it is registerd automatically
as long as its available in the classpath.
Once registered, the driver expects the following syntax as an URL:
["source","text",subs="attributes"]
----
jdbc:es://<1>[http|https]?<2>[host[:port]]*<3>/[prefix]*<4>[?[option=value]&<5>]*
----
<1> `jdbc:es://` prefix. Mandatory.
<2> type of HTTP connection to make - `http` (default) or `https`. Optional.
<3> host (`localhost` by default) and port (`9200` by default). Optional.
<4> prefix (empty by default). Typically used when hosting {es} under a certain path. Optional.
<5> Parameters for the JDBC driver. Empty by default. Optional.
The driver recognized the following parameters:
[[jdbc-cfg]]
[float]
===== Essential
`timezone` (default JVM timezone)::
Timezone used by the driver _per connection_ indicated by its `ID`.
*Highly* recommended to set it (to, say, `UTC`) as the JVM timezone can vary, is global for the entire JVM and can't be changed easily when running under a security manager.
[[jdbc-cfg-network]]
[float]
===== Network
`connect.timeout` (default 30s)::
Connection timeout (in seconds). That is the maximum amount of time waiting to make a connection to the server.
`network.timeout` (default 60s)::
Network timeout (in seconds). That is the maximum amount of time waiting for the network.
`page.timeout` (default 45s)::
Page timeout (in seconds). That is the maximum amount of time waiting for a page.
`page.size` (default 1000)::
Page size (in entries). The number of results returned per page by the server.
`query.timeout` (default 90s)::
Query timeout (in seconds). That is the maximum amount of time waiting for a query to return.
[[jdbc-cfg-auth]]
[float]
==== Basic Authentication
`user`:: Basic Authentication user name
`password`:: Basic Authentication password
[[jdbc-cfg-ssl]]
[float]
==== SSL
`ssl` (default false):: Enable SSL
`ssl.keystore.location`:: key store (if used) location
`ssl.keystore.pass`:: key store password
`ssl.keystore.type` (default `JKS`):: key store type. `PKCS12` is a common, alternative format
`ssl.truststore.location`:: trust store location
`ssl.truststore.pass`:: trust store password
`ssl.cert.allow.self.signed` (default `false`):: Whether or not to allow self signed certificates
`ssl.protocol`(default `TLS`):: SSL protocol to be used
[float]
==== Proxy
`proxy.http`:: Http proxy host name
`proxy.socks`:: SOCKS proxy host name
To put all of it together, the following URL:
["source","text",subs="attributes"]
----
jdbc:es://http://server:3456/timezone=UTC&page.size=250
----
Opens up a {es-jdbc} connection to `server` on port `3456`, setting the JDBC timezone to `UTC` and its pagesize to `250` entries.
=== API usage
One can use JDBC through the official `java.sql` and `javax.sql` packages:
==== `java.sql`
The former through `java.sql.Driver` and `DriverManager`:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{jdbc-tests}/JdbcIntegrationTestCase.java[connect-dm]
--------------------------------------------------
<1> The server and port on which Elasticsearch is listening for
HTTP traffic. The port is by default 9200.
<2> Properties for connecting to Elasticsearch. An empty `Properties`
instance is fine for unsecured Elasticsearch.
==== `javax.sql`
Accessible through the `javax.sql.DataSource` API:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{jdbc-tests}/JdbcIntegrationTestCase.java[connect-ds]
--------------------------------------------------
<1> The server and port on which Elasticsearch is listening for
HTTP traffic. By default 9200.
<2> Properties for connecting to Elasticsearch. An empty `Properties`
instance is fine for unsecured Elasticsearch.
Which one to use? Typically client applications that provide most
configuration parameters in the URL rely on the `DriverManager`-style
while `DataSource` is preferred when being _passed_ around since it can be
configured in one place and the consumer only has to call `getConnection`
without having to worry about any other parameters.
To connect to a secured Elasticsearch server the `Properties`
should look like:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{security-tests}/JdbcSecurityIT.java[admin_properties]
--------------------------------------------------
Once you have the connection you can use it like any other JDBC
connection. For example:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{jdbc-tests}/SimpleExampleTestCase.java[simple_example]
--------------------------------------------------
[[sql-jdbc-permissions]]
[NOTE]
===============================
If you are using Security you need to add a few permissions to
users so they can run SQL. To run SQL a user needs `read` and
`indices:admin/get`. Some parts of the API require
`cluster:monitor/main`. The following example configures a
role that can run SQL in JDBC querying the `test` and `bort`
indices:
["source","yaml",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{sql-tests}/security/roles.yml[cli_jdbc]
--------------------------------------------------
===============================