X-Pack是一个Elastic Stack的扩展,将安全,警报,监视,报告和图形功能包含在一个易于安装的软件包中,使用是收费的,本地自己搭建elk的话,可以使用破解的x-pack
试用期一个月,license会过期导致无法登陆(或者你可以选择无密码登陆)
wget ‘https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.0.0.zip’
package org.elasticsearch.license;
public class LicenseVerifier {
public static boolean verifyLicense(License license, byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(License license) {
return true;
}
}
上面的代码是为了方便我们替换license.json文件,所以全部返回true
cd /usr/local/elk
javac -cp "/usr/local/elk/elasticsearch-5.0.0/lib/elasticsearch-5.0.0.jar:/usr/local/elk/elasticsearch-5.0.0/lib/lucene-core-6.4.1.jar:/usr/local/elk/elasticsearch-5.0.0/plugins/x-pack/x-pack-5.0.0.jar" LicenseVerifier.java
正常情况,我们可能需要对这个项目编译,其实javac命令也可以对单个文件进行编译,只需要进入相应的类路径就可以啦
我的elasticsearch安装目录在/usr/local/elk/elasticsearch-5.0.0
编译完成会生成LicenseVerifier.class文件
准备临时目录test,将x-pack-5.0.0.zip在本地解压,解压后在elasticsearch目录中找到x-pack-5.0.0.jar,将x-pack-5.0.0.jar上传至test目录下,依次执行如下命令:
# 进入目录
cd /usr/local/elk/test
# 解压
jar -xvf x-pack-5.0.0.jar
# 删除
rm -rf x-pack-5.0.0.jar
# 删除原文件
rm -rf org/elasticsearch/license/LicenseVerifier.class
# 拷贝新的LicenseVerifier.class到指定目录
cp /usr/local/elk/LicenseVerifier.class org/elasticsearch/license/
# 重新打包
jar -cvf x-pack-5.0.0.jar ./*
此时生成的x-pack-5.0.0.jar一定要保存好
cd ../
rm -rf test
cd /usr/local/elk/kibana-5.0.0-linux-x86_64/bin
./kibana-plugin install file:///usr//local/elk/x-pack-5.0.0.zip
返回:
Attempting to transfer from file:///usr//local/elk/x-pack-5.0.0.zip
Transferring 72364732 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete
cd /usr/local/elk/elasticsearch-5.0.0/bin
./elasticsearch-plugin install file:///usr//local/elk/x-pack-5.0.0.zip
返回:
-> Downloading file:///usr//local/elk/x-pack-5.0.0.zip
[************************************************=] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission sun.nio.ch.bugLevel write
* javax.net.ssl.SSLPermission setHostnameVerifier
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
-> Installed x-pack
cd /usr/local/elk/elasticsearch-5.0.0/bin/x-pack
# 生成秘钥
./syskeygen
返回:
[elk-weifan@iZ2ze2lelgjwuyib5l73eaZ x-pack]$ ./syskeygen
Storing generated key in [/usr/local/elk/elasticsearch-5.0.0/config/x-pack/system_key]...
Ensure the generated key can be read by the user that Elasticsearch runs as, permissions are set to owner read/write only
如果es是一个集群,请将生成的密钥复制到集群的其他节点
vi /usr/local/elk/elasticsearch-5.0.0/config/elasticsearch.yml
# 添加内容
xpack.security.audit.enabled: true
vi /usr/local/elk/kibana-5.0.0-linux-x86_64/config/kibana.yml
elasticsearch.url: "http://39.106.136.84:9200"
elasticsearch.username: "elastic"
elasticsearch.password: "changeme"
elasticsearch安装x-pack之后,X-pack提供以下几个级别保护elastic集群
cd /usr/local/elk/elasticsearch-5.0.0/bin/
./elasticsearch
cd /usr/local/elk/kibana-5.0.0-linux-x86_64/bin/
./kibana
curl -XGET -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license'
返回:
{
"license" : {
"status" : "active",
"uid" : "742848f8-dd85-46fa-bb5d-2e06ff985fca",
"type" : "trial", 测试的意思
"issue_date" : "2018-04-19T02:22:52.491Z",
"issue_date_in_millis" : 1524104572491,
"expiry_date" : "2018-05-19T02:22:52.491Z", 一个月过期时间
"expiry_date_in_millis" : 1526696572491,
"max_nodes" : 1000,
"issued_to" : "elasticsearch",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
{"license":{"uid":"ba9ae270-28ee-4051-810f-09469dfd4aa4","type":"platinum","issue_date_in_millis":1498694400000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"yu tao (shanghai)","issuer":"Web Form","signature":"AAAAAwAAAA0d3SXUL/5bRSxB/OU4AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCBFriH7K2dVFXmsQLHDvpY0Ppda0FHGTDSjAmnCcplQWaNKHtX+DR6znV+vOiokhQ8s/Yz5PmI5GFhsqkLEWXl975x1/8GHaDgb7aMv7UzciFw2duWsrH8mKTGGr2wHUKMVW7pUx2Kcr5WkH0G3ax3gynsvnYTApqWiyWdkdPX/jR/T1UhfjEqpCKCQryj+aNLxy2GP+4wF/wH4NvmDF0aWALFCKDAWhuDMCNmm+oKrLrgcIXyQERk7JBf5rZG5Xm7ViiyQ8aFf8X4CN7hA8xxrPmT57jtTrX9d4Q3Kf4jEBVeUnk/qa1Doj0/Ezn2G0vVE2oRQOXmUp9nwo0JTAHj","start_date_in_millis":1498694400000}}
主要修改:”type”:”platinum” “expiry_date_in_millis”:2524579200999
license由来:申请license(访问网站:https://license.elastic.co/registration), 此处为了方便,直接复制粘贴license内容即可使用。
cd /usr/local/elk
curl -XPUT -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license' -d @license.json
返回:
{"acknowledged":true,"license_status":"valid"}
curl -XGET -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license'
返回:
{
"license" : {
"status" : "active",
"uid" : "ba9ae270-28ee-4051-810f-09469dfd4aa4",
"type" : "platinum", 白金会员,应该足够了
"issue_date" : "2017-06-29T00:00:00.000Z",
"issue_date_in_millis" : 1498694400000,
"expiry_date" : "2049-12-31T16:00:00.999Z",过期时间是我自己设置的50年
"expiry_date_in_millis" : 2524579200999,
"max_nodes" : 100,
"issued_to" : "yu tao (shanghai)",
"issuer" : "Web Form",
"start_date_in_millis" : 1498694400000
}
}