环境
安装docker、docker-comepose、宝塔
在宝塔中启用端口(9200-9201、9000-9001、5601、9300-9301)
搭建elk
vi docker-compose-elasticsearch6.7.2.yml
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:6.7.2
container_name: es01
environment:
- network.bind_host=0.0.0.0
- cluster.name=elasticsearch_cluster
- cluster.routing.allocation.disk.threshold_enabled=false
- node.name=master
- node.master=true
- node.data=true
- http.cors.enabled=true
- http.cors.allow-origin="*"
- network.host=0.0.0.0
- discovery.zen.minimum_master_nodes=1
- ES_JAVA_OPTS= -Xms5g -Xmx5g
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- esdata01:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9301
networks:
- esnet
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:6.7.2
container_name: es02
environment:
- network.bind_host=0.0.0.0
- cluster.name=elasticsearch_cluster
- cluster.routing.allocation.disk.threshold_enabled=false
- node.name=node1
- node.master=false
- node.data=true
- http.cors.enabled=true
- http.cors.allow-origin="*"
- network.host=0.0.0.0
- discovery.zen.minimum_master_nodes=1
- discovery.zen.ping.unicast.hosts=es01
- ES_JAVA_OPTS= -Xms5g -Xmx5g
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- esdata02:/usr/share/elasticsearch/data
ports:
- 9201:9200
- 9301:9300
networks:
- esnet
kibana:
image: docker.elastic.co/kibana/kibana:6.7.2
container_name: kibana
ports:
- 5601:5601
environment:
ELASTICSEARCH_HOSTS: http://es01:9200
I18N_LOCALE: zh-CN
networks:
- esnet
cerebro:
image: lmenezes/cerebro:latest
container_name: cerebro
ports:
- 9001:9000
networks:
- esnet
volumes:
esdata01:
driver: local
esdata02:
driver: local
networks:
esnet:
docker-comepose -f docker-compose-elasticsearch6.7.2.yml up -d
docker ps
反编译 x-pack-core-6.7.2.jar
重写x-pack下的两个类:LicenseVerifier.java和XPackBuild.java
找到目标jar包
es01找到目标jar包,退出
docker cp 4e70af591199:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-6.7.2.jar .
docker cp 4e70af591199:/usr/share/elasticsearch/lib .
新建LicenseVerifier.java与XPackBuild.java(可在windows端操作,notepad++),上传
LicenseVerifier.java
package org.elasticsearch.license;
import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
XPackBuild.java
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: {
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
编译成class文件
javac -cp "x-pack-core-6.7.2.jar:lib/*" LicenseVerifier.java
javac -cp "x-pack-core-6.7.2.jar:lib/*" XPackBuild.java
解压x-pack-core-6.7.2.jar
mkdir x-pack
jar xvf x-pack-core-6.7.2.jar ./x-pack
替换相关文件
cp LicenseVerifier.class x-pack/org/elasticsearch/license/
cp XPackBuild.class x-pack/org/elasticsearch/xpack/core/
重新打包
jar vcf x-pack-core-6.7.2.jar x-pack/ .
更改所有者
useradd elasticsearch
chgrp elasticsearch x-pack-core-6.7.2.jar
新jar包上传至es01、es02
docker cp x-pack-core-6.7.2.jar 4e70af591199:/usr/share/elasticsearch/modules/x-pack-core/
官网申请授权文件
地址:https://license.elastic.co/registration
修改授权文件
{
"uid": "6fb96d6b-938c-45ff-9ce7-6b53b39cd7dd",
"type": "platinum", # 修改授权为白金版本
"issue_date_in_millis": 1530489600000,
"expiry_date_in_millis": 2855980923000, #修改到期时间为2060-07-02
"max_nodes": 100, # 修改最大节点数
"issued_to": "xxxx",
"issuer": "Web Form",
"signature":"AAAAAwAAAA3PP60wKNtAvRmuCGdSAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01V",
"start_date_in_millis": 1530489600000
}
修改es01、es02的elasticsearch.yml,添加
xpack.security.enabled: false
关闭kibana,重启es01、es02,启动kibana
访问:ip:5601
管理--许可管理--更新许可--上传新的json文件
或通过API接口上传至elasticsearch(elastic默认密码changeme) curl -u elastic:changeme -XPUT ‘http://ip:9200/_xpack/license’ -H “Content-Type: application/json” -d @license.json
开启密码登录
es01
配置安全协议(回车即可)
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mkdir ./config/certs
mv elastic-* ./config/certs/
chmod 777 ./config/certs/* 证书传至es02l
设置密码
./bin/elasticsearch-setup-passwords auto(随机)
./elasticsearch-setup-passwords interactive(自定义)
vi config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
vi config/kibana.yml(添加elastic用户名密码)
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "elastic"
elasticsearch.password: "12345678"
xpack.security.enabled: true