es6.5.4破解xpack
我的集群规划如下
kibana 192.168.8.23 版本是6.5.4
elasticsearch 192.168.8.23 版本是6.5.4
elasticsearch 192.168.8.24 版本是6.5.4
elasticsearch 192.168.8.25 版本是6.5.4
破解之前保证所有的机器都是正常运行的
0 先使用xpack的使用版本(一台机器执行命令即可)
curl -H "Content-Type:application/json" -XPOST http://192.168.8.23:9200/_xpack/license/start_trial?acknowledge=true
返回结果如下。表示开启成功
{"acknowledged":true,"trial_was_started":true,"type":"trial"}
注意:不用重启集群
开始破解xpack
1 替换x-pack-core-6.5.4.jar
mdkir -p /bigdata/xpackpojie
cp /bigdata/install2/elasticsearch-6.5.4/modules/x-pack-core/x-pack-core-6.5.4.jar /bigdata/xpackpojie
cp /bigdata/install2/elasticsearch-6.5.4/lib/ lucene-core-7.5.0.jar /bigdata/xpackpojie
cp /bigdata/install2/elasticsearch-6.5.4/lib/ elasticsearch-core-6.5.4.jar /bigdata/xpackpojie
cp /bigdata/install2/elasticsearch-6.5.4/lib/ elasticsearch-6.5.4.jar /bigdata/xpackpojie
2 新建 LicenseVerifier.java 和 XPackBuild.java
2.1 vim /bigdata/xpackpojie/LicenseVerifier.java
package org.elasticsearch.license;
import java.nio.*; import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
2.2 vim /bigdata/xpackpojie/XPackBuild.java
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try { return PathUtils.get(url.toURI()); }
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus); }
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date(){
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: { shortHash = "Unknown"; date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
3 编译 LicenseVerifier.java 和 XPackBuild.java
javac -cp "/bigdata/xpackpojie/elasticsearch-6.5.4.jar:/bigdata/xpackpojie/lucene-core-7.5.0.jar:/bigdata/xpackpojie/x-pack-core-6.5.4.jar" LicenseVerifier.java
javac -cp "/bigdata/xpackpojie/elasticsearch-6.5.4.jar:/bigdata/xpackpojie/lucene-core-7.5.0.jar:/bigdata/xpackpojie/x-pack-core-6.5.4.jar:/bigdata/xpackpojie/elasticsearch-core-6.5.4.jar" XPackBuild.java
4 覆盖之前的x-pack-core-6.5.4.jar文件
cd /bigdata/xpackpojie
mkdir tempJar
cp x-pack-core-6.5.4.jar tempJar/
cd tempJar
jar -xf x-pack-core-6.5.4.jar
cp ../LicenseVerifier.class org/elasticsearch/license/
cp ../XPackBuild.class org/elasticsearch/xpack/core/
rm x-pack-core-6.5.4.jar
jar -cvf x-pack-core-6.5.4.jar *
#覆盖之前的jar包 注意:所有的机器都需要替换
cp x-pack-core-6.5.4.jar /bigdata/install2/elasticsearch-6.5.4/modules/x-pack-core/
5 修改elasticsearch.yml配置文件
vim /bigdata/install2/elasticsearch-6.5.4/config/elasticsearch.yml
在最后追加
xpack.security.enabled: true #开启权限认证 默认是false
注意:需要重启所有集群
6 休息休息,喝喝茶,看看前端小姐姐…
sleep 300s
7 手动生成密码
我的 用户名elastic 密码123456
cd /bigdata/install/elasticsearch-6.5.4/bin
#自动生成(二选一)
./elasticsearch-setup-passwords auto
#手动生成(二选一)
./elasticsearch-setup-passwords interactive
8 将生成的elastic密码配置到kibana中并重启kibana
vim /es6.5.4/bigdata/kibana-6.5.4-linux-x86_64/config/kibana.yml
#在最后追加
elasticsearch.username: elastic
elasticsearch.password: "123456"
11 官网申请 license 证书
网址:https://license.elastic.co/registration
1 邮箱认真写,用来接收json文件的
2 country写china,其它都可以随便写
3 点击申请后邮箱马上会收到一个证书JSON文件
修改收到的json文件
1 “type”:“basic” 替换为 “type”:“platinum” # 基础版变更为铂金版
2 “expiry_date_in_millis”:1561420799999 替换为 “expiry_date_in_millis”:3107746200000# 1年变为50年
以下是我的licence证书
{"license":{"uid":"2e0b5688-f08d-40ce-98b8-096198f65fdc","type":"platinum","issue_date_in_millis":1557792000000,"expiry_date_in_millis":3107746200000,"max_nodes":100,"issued_to":"** (***有限公司)","issuer":"Web Form","signature":"AAAAAwAAAA1soJKsi1OKyarNqisAAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQAp/id72RXUO+cQ9owbKsno7YluSYFKebPMHMM9MsdYvZdLrB1B7opVkHkv9qf6A5P1TwuAZayI/EJFN3GYus5NT0odS9C+s0SY06ei/upL/yttUyIFYtC7DRiFfvTYS9gEKZGew+hkdBMBN0aEaELqCuMgGsyFS8B33uboO/RwRtw82ytTqby06bPygl4f7IYjv4gXqXeDZtNSjyrL8F7n5yuSrOO39YfprbXBsP4Xm7YJsb0ZE5zPtSzbsSyR1lQul4UPj05ZwDE11GxPjlJv/prmBA3OthqdKatOgfiLDHRh4pXEKQSSlKoOAUHmHVq/VcBzuTQzCkluPvCBFHVc","start_date_in_millis":1557792000000}}
12 上传json文件
curl -XPUT -u elastic 'http://192.168.8.23:9200/_xpack/license' -H "Content-Type: application/json" -d license.json
返回结果如下:
{“error”:{“root_cause”:[{“type”:“illegal_state_exception”,“reason”:“Cannot install a [PLATINUM] license unless TLS is configured or security is disabled”}],“type”:“illegal_state_exception”,“reason”:“Cannot install a [PLATINUM] license unless TLS is configured or security is disabled”},“status”:500}
13 破解的时候,需要关闭权限认证(所有的机器都要修改)
vim /bigdata/install2/elasticsearch-6.5.4/config/elasticsearch.yml
#找到并修改以下变量
xpack.security.enabled: false
重启所有的机器
再一次提交,返回"acknowledged":“true”,表示破解成功!!!
破解完成以后,再一次打开xpack的权限认证功能
vim /bigdata/install2/elasticsearch-6.5.4/config/elasticsearch.yml
#找到并修改以下变量
xpack.security.enabled: true
重启所有的机器
14 问题一
访问所有的机器的9200端口,返回输入了正确的用户名和密码登录不了,开始怀疑是不是密码输入错误,几次以后还是进不去,这个时候,可以下楼抽一个烟…,回归正题,但是在 es的logs中发现了如下的错误,有没有。。。
Transport SSL must be enabled for setups with production licenses.
大概意思是需要配置SSL,那就老老实实的配置呗。。。
vim /bigdata/install2/elasticsearch-6.5.4/bin
./elasticsearch-certgen
Please enter the desired output file [certificate-bundle.zip]: zlx.zip (随便写)
Enter instance name: my-application:bigdata (elasticsearch.yml 中cluster.name: bigdata)
Enter name for directories and files [p4mES]: elasticsearch(随便写)
Enter IP Addresses for instance (comma-separated if more than one) []: 192.168.8.23,192.168.8.24,192.168.8.25
Enter DNS names for instance (comma-separated if more than one) []: node-3,node-4,node-5
Would you like to specify another instance? Press ‘y’ to continue entering instance information: (直接回车即可)
会在/bigdata/install2/elasticsearch-6.5.4/bin目录下生产一个zlx.zip的压缩包
mkdir /bigdata/install2/ssl
mv /bigdata/install2/elasticsearch-6.5.4/bin/zlx.zip /bigdata/install2/ssl
cd /bigdata/install2/ssl
unzip zlx.zip
#解压之后 会生成 ca 和 elasticsearch文件夹
cp /bigdata/install2/ssl/ca/* /bigdata/install2/elasticsearch-6.5.4/conf
cp /bigdata/install2/ssl/elasticsearch/* /bigdata/install2/elasticsearch-6.5.4/conf
#scp 自己写 复制到所有的机器conf目录行啦
修改配置文件
vim /bigdata/install2/elasticsearch-6.5.4/config/elasticsearch.yml
#添加如下变量
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: elasticsearch.key
xpack.ssl.certificate: elasticsearch.crt
xpack.ssl.certificate_authorities: ca.crt
重启集群
15 问题二
nnd,还是报错。。。cdh03 no found…
我们当初配置SSL写的是具体的现在,配置文件中配置的ip的映射,所以报错,修改配置文件
#原来配置文件中的参数
#discovery.zen.ping.unicast.hosts: ["cdh03", "cdh04","cdh05"]
#修改如下
discovery.zen.ping.unicast.hosts: ["192.168.8.23", "192.168.8.24","192.168.8.25"]
重启集群
16 验证
重启elasticsearch 和 kibana
浏览器访问9200端口效果:
再一次访问 所有集群的9200和kibana的5601,输入用户名和密码都可以正常的访问,破解完成。
真心的不容易啊。。。。。
完美的破解!!!