X-Pack简介
X-Pack是一个Elastic Stack的扩展,将安全,警报,监视,报告和图形功能包含在一个易于安装的软件包中。在Elasticsearch 5.0.0之前,您必须安装单独的Shield,Watcher和Marvel插件才能获得在X-Pack中所有的功能.
项目目标:
虽然elasticsearch-6.6.0已经全面集成x-pack不需要单独安装,但是自带的x-pack仍然是试用版,所以要想无限期使用全部功能还得破解,本文承接上一篇博文完成,实现步骤如下:
环境介绍:
Elasticsearch-6.6.0
Kibana-6.6.0
X-Pack-6.6.0
一、修改x-pack-core-6.6.0.jar
1.解压x-pack-core-6.6.0.jar
①cd /elk/elasticsearch-6.6.0/modules/x-pack-core
②mkdir core
③cp x-pack-core-6.6.0.jar core
④cd core
⑤unzip x-pack-core-6.6.0.jar
2.反向编译和修改两个验证文件,如果不修改这两个文件,直接导入license,则会导入失败
①反向编译网站http://javare.cn/
②编辑LicenseVerifier.java#找到两个静态方法,修改返回为true
文件所在路径: x-pack-core-6.6.0\org\elasticsearch\license
package org.elasticsearch.license;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import org.apache.lucene.util.BytesRef;
import org.apache.lucene.util.BytesRefIterator;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.common.xcontent.ToXContent.MapParams;
import org.elasticsearch.core.internal.io.Streams;
import org.elasticsearch.license.CryptUtils;
import org.elasticsearch.license.License;
public class LicenseVerifier {
public static boolean verifyLicense(License license, byte[] publicKeyData) {
return true;
}
public static boolean verifyLicense(License license) {
return true;
}
}
③编辑XPackBuild.java #删除XPackBuild的49-75行文字,并替换红色字体中的文字
文件所在路径: x-pack-core-6.6.0\org\elasticsearch\xpack\core
package org.elasticsearch.xpack.core;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(
reason = "looks up path of xpack.jar directly"
)
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
} catch (URISyntaxException var2) {
throw new RuntimeException(var2);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: {
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
3.编译修改后的文件
①javac -cp
"/elk/elasticsearch-6.6.0/lib/elasticsearch-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/lucene-core-7.6.0.jar:
/elk/elasticsearch-6.6.0/modules/x-pack-core/x-pack-core-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/elasticsearch-core-6.6.0.jar" XPackBuild.java
②javac -cp
"/elk/elasticsearch-6.6.0/lib/elasticsearch-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/lucene-core-7.6.0.jar:
/elk/elasticsearch-6.6.0/modules/x-pack-core/x-pack-core-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/elasticsearch-core-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/elasticsearch-x-content-6.6.0.jar" LicenseVerifier.java
4.将编译好的文件打包并复制回原目录
①jar -cvf x-pack-core-6.6.0.jar -C x-pack-core-6.6.0
②cp x-pack-core-6.6.0.jar /elk/elasticsearch-6.6.0/modules/x-pack-core
二、导入授权文件
1. 从官网申请basic授权文件
https://license.elastic.co/registration #其他信息随便写,邮箱必须真实
2. 授权文件修改
vim license.json
{
"license":
{"uid":"932e8686-f90e-4472-8a5f-77c2e753f269",
"type":"platinum", #白金授权
"issue_date_in_millis":1560384000000,
"expiry_date_in_millis":2855980923000, #2060年过期
"max_nodes":100, #最大节点数
"issued_to":"w hb (elk)",
"issuer":"Web Form",
"signature":"...",
"start_date_in_millis":1560384000000
}
}
3. 授权文件导入及登录验证设置
①禁用security #如果不禁用,将不能正常导入授权文件
vim conf/elasticsearch.yml
xpack.security.enabled: false
②重启elasticsearch
./bin/elasticsearch -d
③利用API导入授权文件
curl -XPUT -u elastic:changeme " -H "Content-Type:application/json" -d @license.json
④启用security
xpack.security.enabled: true xpack.security.transport.ssl.enabled: true #如果开启security则ssl传输也必须开启
⑤启用登录密码认证
1.获取ES的CA证书
./bin/elasticsearch-certutil ca #默认设置即可,生成elastic-stack-ca.p12文件
2.获取ES的SSL传输加密证书
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 #默认设置,生成elastic-certificates.p12 文件
3.修改配置文件,把证书文件放到conf/certs目录中
vim conf/elasticsearch.yml
xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
4.现在需要设置用户密码,否则将无法进行数据读取
./bin/elasticsearch-setup-passwords interactive #通过命令给elastic设置密码
5.测试连通
curl -XGET -u elastic:changeme "http://10.0.9.24:9200
⑥重启elasticsearch
./bin/elasticsearch -d
⑦查看License状态 #只能在主节点执行
curl -XGET -u elastic:changeme "http://10.0.9.24:9200/_license"
{
"license" : {
"status" : "active",
"uid" : "932e8686-f90e-4472-8a5f-77c2e753f269",
"type" : "platinum",
"issue_date" : "2019-06-13T00:00:00.000Z",
"issue_date_in_millis" : 1560384000000,
"expiry_date" : "2060-07-02T08:02:03.000Z",
"expiry_date_in_millis" : 2855980923000,
"max_nodes" : 100,
"issued_to" : "w hb (elk)",
"issuer" : "Web Form",
"start_date_in_millis" : 1560384000000
}
}
三、错误排查
1. 原来的ELK没有密码如何重设密码
①以下操作必须在master节点执行
②cd /elk/elasticsearch-6.6.0/
③./bin/elasticsearch-setup-passwords interactive #手动设置所有用户密码,auto随机设置所有用户密码
注:节点健康状态为red也可以成功设置,但是在集群中必须有master节点
2.验证elastic用户失败
Authentication of [elastic] was terminated by realm [reserved] - faile
d to authenticate user [elastic]
此报错为kibana配置文件中的用户名密码和elasticsearch所设置的不同导致
①cd /elk/kibana-6.6.0
②vim conf/kibana.yml
elasticsearch.username: "elastic" elasticsearch.password: "changeme"
③重启kibana后进入网页
http://10.0.9.24:7601
