elasticsearch版本6.3.1
重写x-pack下的2个类:LicenseVerifier.java和XPackBuild.java,反编译jar丁
创建目录test
mkdir test
cd test
vim LicenseVerifier.java
跳过校验部分,直接返回true
package org.elasticsearch.license;
import java.nio.*;
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
vim XPackBuild.java
主要修改static部分,获取hash和date
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try { return PathUtils.get(url.toURI()); }
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus); }
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date(){
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: { shortHash = "Unknown"; date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
将刚创建的两个java包打包成class文件,我们需要做的就是替换这两个class文件(因里面需要引用到其他的jar,故需要用到javac -cp命令)
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-6.3.1.jar:/usr/share/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.1.jar" LicenseVerifier.java
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-6.3.1.jar:/usr/share/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-6.3.1.jar" XPackBuild.java
会生成2个class文件:LicenseVerifier.class,XPackBuild.class。把原文件给解压出来,然后覆盖生成新的文件
cp -a /usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.1.jar .
jar -xf x-pack-core-6.3.1.jar
删除多余的文件
mv x-pack-core-6.3.1.jar /tmp/
rm -rf *.java
cp -a LicenseVerifier.class org/elasticsearch/license/
cp -a XPackBuild.class org/elasticsearch/xpack/core/
rm -rf LicenseVerifier.class XPackBuild.class
压缩,替换原文件
jar -cvf x-pack-core-6.3.1.jar *
cp -a x-pack-core-6.3.1.jar /usr/share/elasticsearch/modules/x-pack/x-pack-core/
chown -R elasticsearch.elasticsearch /usr/share/elasticsearch/
注意:集群其他几点都需要替换
也可以下载我已经修改好的jar包
链接: https://pan.baidu.com/s/14sGaXxp4khhOfYALmXxObA
提取码: 88gr
systemctl restart elasticsearch
到此补丁包准备完成。
去官网申请license证书https://license.elastic.co/registration官网地址;邮箱需要认真写,主要用来接收json文件,其他可以随便写.然后就是修改申请到的证书,
我申请的证书如下
{"license":{"uid":"b5cd0a14-8673-499c-b806-3bdc3aa5fcb2","type":"platinum","issue_date_in_millis":1583452800000,"expiry_date_in_millis":3161375999000,"max_nodes":100,"issued_to":"sun quan (oracle)","issuer":"Web Form","signature":"AAAAAwAAAA1...此处省略...V5uBHn","start_date_in_millis":1583452800000}}
将其中的type修改为“platinum”,过期时间(expiry_date_in_millis)随便设置一个将来的日期,其他数据视实际情况修改。将文件保存为license.json
主要修改如下:
"type":"basic" 替换为 "type":"platinum" # 基础版变更为铂金版
"expiry_date_in_millis":1615075199999 替换为 "expiry_date_in_millis":3161375999000# 1年变为50年
vim /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: false
curl -XPUT -u elastic:changeme 'http://127.0.0.1:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
[root@es1 ~]# curl -XGET -u elastic:changeme 127.0.0.1:9200/_license
{
“license” : {
“status” : “active”,
“uid” : “b5cd0a14-8673-499c-b806-3bdc3aa5fcb2”,
“type” : “platinum”,
“issue_date” : “2020-03-06T00:00:00.000Z”,
“issue_date_in_millis” : 1583452800000,
“expiry_date” : “2070-03-06T23:59:59.000Z”,
“expiry_date_in_millis” : 3161375999000,
“max_nodes” : 100,
“issued_to” : “sun quan (oracle)”,
“issuer” : “Web Form”,
“start_date_in_millis” : 1583452800000
}
}
vim /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: true
/usr/share/elasticsearch/bin/elasticsearch-certgen
Please enter the desired output file [certificate-bundle.zip]: cert.zip
Enter instance name: es-cluster
Enter name for directories and files [es-cluster]: elasticsearch
Enter IP Addresses for instance (comma-separated if more than one) []: 172.16.10.219,172.16.10.220,172.16.10.221
Enter DNS names for instance (comma-separated if more than one) []: es1,es2,es3
Would you like to specify another instance? Press 'y' to continue entering instance information:
Certificates written to /root/test/cert.zip
This file should be properly secured as it contains the private keys for all
instances and the certificate authority.
After unzipping the file, there will be a directory for each instance containing
the certificate and private key. Copy the certificate, key, and CA certificate
to the configuration directory of the Elastic product that they will be used for
and follow the SSL configuration instructions in the product guide.
For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.
解压生成的 cert.zip文件,将压缩包下的2个文件夹复制到 elasticsearch配置文件目录下,每台服务器都要复制一遍这个生成的证书
unzip cert.zip
cp -r ca elasticsearch /etc/elasticsearch/
vim /etc/elasticsearch/elasticsearch.yml
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: elasticsearch/elasticsearch.key
xpack.ssl.certificate: elasticsearch/elasticsearch.crt
xpack.ssl.certificate_authorities: ca/ca.crt
systemctl restart elasticsearch
自定义设置elastic、kibana等所有工具的登录密码,最高级账号elastic 可以登录所有组件。
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
vim /etc/kibana/kibana.yml
elasticsearch.username: "elastic"
elasticsearch.password: "password"
配置完后重启kibana
systemctl restart kibana
output {
if [fields][log-type] == "service" {
elasticsearch {
hosts => ["http://es1:9200","http://es2:9200","http://es3:9200"]
index => "service-%{+YYYY.MM.dd}"
user => "elastic"
password => "password"
}
}
}
所有output写到elaticsearch都需要配置user、password
配置完后重启logstash
systemctl restart logstash
在elasticsearhc.yml中添加如下配置:
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
重启ES就可以通过:http://127.0.0.1:9100/?auth_user=elastic&auth_password=password 访问head插件了