该教程适用于 5.x 6.x 版本

破解

一、反编译class文件
在elasticsearch安装目录plugins/x-pack/找到x-pack-6.0.0.jar文件。

# 新建测试目录
mkdir test

# 剪切到测试目录
cp /usr/local/elasticsearch/plugins/x-pack/x-pack-6.0.0.jar test/

# 切换到测试目录,解压jar包
cd test/
jar -xvf x-pack-6.0.0.jar
rm x-pack-6.0.0.jar

二、修改代码
找到文件org/elasticsearch/license/LicenseVerifier.class拷贝到mac/windows中,用Luyten(jd-gui不准)反编译查看。luyten项目地址:https://github.com/deathmarine/Luyten

LicenseVerifier 中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回true,并拷贝内容到新建的文件LicenseVerifier.java,内容如下:

package org.elasticsearch.license;

import java.nio.*;
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
        return true;
    }

    public static boolean verifyLicense(final License license) {
        return true;
    }
}

三、重新编译LicenseVerifier.java

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-5.5.0.jar:/usr/local/elasticsearch/lib/lucene-core-6.6.0.jar:/usr/local/elasticsearch/plugins/x-pack/x-pack-5.5.0.jar" LicenseVerifier.java

四、替换原来的class文件

cp LicenseVerifier.class test/org/elasticsearch/license/

#重新打包jar包
cd test
jar -cvf ../x-pack-6.0.0.jar ./*

#覆盖原来x-pack的jar包
mv ../x-pack-6.0.0.jar /usr/local/elasticsearch/plugins/x-pack/

五、编写License文件
去官网申请免费license,会发邮件给你进行下载。
将得到的文件进行如下修改:
{"license":{"uid":"ba9ae270-28ee-4051-810f-09469dfd4aa4","type":"platinum","issue_date_in_millis":1498694400000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"yu tao (shanghai)","issuer":"Web Form","signature":"AAAAAwAAAA0d3SXUL/5bRSxB/OU4AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCBFriH7K2dVFXmsQLHDvpY0Ppda0FHGTDSjAmnCcplQWaNKHtX+DR6znV+vOiokhQ8s/Yz5PmI5GFhsqkLEWXl975x1/8GHaDgb7aMv7UzciFw2duWsrH8mKTGGr2wHUKMVW7pUx2Kcr5WkH0G3ax3gynsvnYTApqWiyWdkdPX/jR/T1UhfjEqpCKCQryj+aNLxy2GP+4wF/wH4NvmDF0aWALFCKDAWhuDMCNmm+oKrLrgcIXyQERk7JBf5rZG5Xm7ViiyQ8aFf8X4CN7hA8xxrPmT57jtTrX9d4Q3Kf4jEBVeUnk/qa1Doj0/Ezn2G0vVE2oRQOXmUp9nwo0JTAHj","start_date_in_millis":1498694400000}}

其中主要的就是:

①"type":"platinum"
②"expiry_date_in_millis":2524579200999

本来我想把type改为enterprise的,结果它不认。platinum是白金版,权限也很高。
expiry_date_in_millis就是你要截止的日期,我配置的是到2050年。
保存文件为:license.json。

六、更新License文件
这里可以查看官网:https://www.elastic.co/guide/en/x-pack/5.5/installing-license.html

5.x 直接执行 curl 即可

curl -XPUT -u elastic:changeme "http://192.168.0.166:9200/_xpack/license?acknowledge=true" -d @license.json

6.x 更新之前先配置elasticsearch.yml,加入:
xpack.security.enabled: false
#执行
curl -XPUT -u elastic:changeme "http://192.168.0.166:9200/_xpack/license?acknowledge=true" -d @license.json

生效之后,再开启security,并开启SSL\TLS:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

七、最后重启 elasticsearch

八、查看License状态
curl -XGET -u elastic:changeme "http://192.168.0.166:9200/_license"

九、重置密码
更改内置elastic用户和kibana使Kibana在部署到生产之前与Elasticsearch通信的 用户的密码。有关更多信息,请参阅设置用户身份验证。

curl -XPUT -u elastic http://192.168.0.166:9200/_xpack/security/user/elastic/_password -d '{ "password" : "your_new_passwd" }'
curl -XPUT -u elastic http://192.168.0.166:9200/_xpack/security/user/kibana/_password -d '{ "password" : "your_new_passwd" }'
curl -XPUT -u elastic http://192.168.0.166:9200/_xpack/security/user/logstash_system/_password -d '{ "password" : "your_new_passwd" }'

十、修改配置文件
kibana用户密码被重置,则需要通过设置 kibana.yml的配置文件:

elasticsearch.password: "your_new_passwd"
xpack.security.enabled: true

要在Logstash中启用此功能,需要在logstash.yml配置文件中进行设置来使用新密码更新Logstash配置:

xpack.monitoring.elasticsearch.url: "http://192.168.0.166:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "your_new_passwd"

参考
centos6安装elasticsearch6错误笔记
x-pack 5破解
忘记密码
x-pack授权区别