x-pack6.0破解（仅用于个人测试，请支持正版） 配置SSL/TSL以及ca证书生成

安装方式

1.在线安装x-pack
elasticsearch权限管理 x-pack 6.0 的安装及Security模块使用 内置角色介绍

2.离线安装x-pack
安装包下载地址

1. 安装命令

elasticsearch-6.0.0/bin/elasticsearch-plugin install file:///usr/local/x-pack-6.0.0.zip

2. 解压x-pack-6.0.0.zip包

#为x-pack-6.0.0.zip创建一个文件
mkdir x-pack

#将压缩包移到文件中
mv x-pack-6.0.0.zip x-pack

#解压zip包
unzip x-pack-6.0.0.zip

#创建一个目录，用于存放x-pack-6.0.0.jar
mkdir jar

#找到x-pack-6.0.0.jar移至jar目录
cd elasticsearch
cp x-pack-6.0.0.jar jar

#解压jar
jar -xvf x-pack-6.0.0.jar

#删除jar包
rm -rf x-pack-6.0.0.jar

找到org.elasticsearch/license/LicenseVerifier.class文件
3. 使用Luyten进行反编译
4. 将内容复制到一个文件中
5. 将代码修改成如下：

package org.elasticsearch.license;

import java.nio.*;
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
        return true;
    }
    
    public static boolean verifyLicense(final License license) {
        return true;
    }
}

保存名字为 LicenseVerifier.java
6. 对文件进行编译

javac -cp "/usr/elasticsearch-6.0.0/lib/elasticsearch-6.0.0.jar:/usr/elasticsearch-6.0.0/lib/lucene-core-7.0.1.jar:/usr/elasticsearch-6.0.0/plugins/x-pack/x-pack-6.0.0.jar:/usr/elasticsearch-6.0.0/lib/elasticsearch-6.0.0.jar" LicenseVerifier.java

7.将编译后的文件替换原来的文件
8. 重新打包

jar -cvf x-pack-6.0.0.jar ./*

9.覆盖原来的jar包

mv x-pack-6.0.0.jar /usr/local/elasticsearch/plugins/x-pack

10.在elasticsearch官网申请免费的证书
11.在你填写的邮箱中下载此证书。

"type": "platinum" 证书类型改为platinum铂金
"expiry_date_in_millis": 2524579200999 将申请的证书前加一位即可。我这里配置到了2050年1月1日

12.在kibana界面更新证书

POST _xpack/license
{
  "license": {
    "uid": "xxxxxxxx",
    "type": "platinum",
    "issue_date_in_millis": 1521158400000,
    "expiry_date_in_millis": 2524579200999,
    "max_nodes": 100,
    "issued_to": "xxx",
    "issuer": "Web Form",
    "signature": "xxxxxxxx",
    "start_date_in_millis": 1521158400000
  }
}

13.配置SSL/TSL
vi instances.yml

instances:
  - name: "node-0" 
    ip: 
      - "192.168.205.70"
    dns: 
      - "tMaster"
  - name: "node-1"
    ip: 
      - "192.168.205.17"
    dns: 
      - "tSlave1"
  - name: "node-2"
    ip: 
      - "192.168.205.78"
    dns: 
      - "tSlave2"

通过yml生产证书

bin/x-pack/certgen -in instances.yml

生成证书时会提示选择一个目录（certs.zip必须是不存在的文件）
eg：
/usr/local/elasticsearch-6.0.0/config/certs/certs.zip

14.解压生成的zip文件

unzip certs.zip

15.然后将相应的node-x和ca分发到各个节点
16.在elasticsearch.yml配置文件中添加如下几行

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: /usr/local/elasticsearch-6.0.0/config/certs/node-x/node-x.key
xpack.ssl.certificate: /usr/local/elasticsearch-6.0.0/config/certs/node-x/node-x.crt
xpack.ssl.certificate_authorities: /usr/local/elasticsearch-6.0.0/config/certs/ca/ca.crt
xpack.security.authc.accept_default_password: false

17.启动es
18.初始化es默认账号的密码
bin/x-pack/setup-passwords interactive

Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [elastic]

19.kibana安装x-pack

kibana-6.0.0-linux-x86_64/bin/kibana-plugin install file:///usr/local/x-pack-6.0.0.zip

20.在kibana.yml配置文件中添加如下几行

elasticsearch.url: "http://192.168.205.70:8200"
elasticsearch.username: "kibana"
elasticsearch.password: "elastic"

21.启动kibana