X-Pack簡介
X-Pack是一個Elastic Stack的擴展,將安全,警報,監視,報告和圖形功能包含在一個易於安裝的軟件包中。在Elasticsearch 5.0.0之前,您必須安裝單獨的Shield,Watcher和Marvel插件才能獲得在X-Pack中所有的功能.
項目目標:
雖然elasticsearch-6.6.0已經全面集成x-pack不需要單獨安裝,但是自帶的x-pack仍然是試用版,所以要想無限期使用全部功能還得破解,本文承接上一篇博文完成,實現步驟如下:
環境介紹:
Elasticsearch-6.6.0
Kibana-6.6.0
X-Pack-6.6.0
一、修改x-pack-core-6.6.0.jar
1.解壓x-pack-core-6.6.0.jar
①cd /elk/elasticsearch-6.6.0/modules/x-pack-core
②mkdir core
③cp x-pack-core-6.6.0.jar core
④cd core
⑤unzip x-pack-core-6.6.0.jar
2.反向編譯和修改兩個驗證文件
①反向編譯網站 http://javare.cn/
②編輯LicenseVerifier.java #找到兩個靜態方法,修改返回爲true
文件所在路徑: x-pack-core-6.6.0\org\elasticsearch\license
package org.elasticsearch.license; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.nio.ByteBuffer; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.Signature; import java.security.SignatureException; import java.util.Arrays; import java.util.Base64; import java.util.Collections; import org.apache.lucene.util.BytesRef; import org.apache.lucene.util.BytesRefIterator; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.common.xcontent.ToXContent.MapParams; import org.elasticsearch.core.internal.io.Streams; import org.elasticsearch.license.CryptUtils; import org.elasticsearch.license.License; public class LicenseVerifier { public static boolean verifyLicense(License license, byte[] publicKeyData) { return true; } public static boolean verifyLicense(License license) { return true; } }
③編輯XPackBuild.java #刪除XPackBuild的49-75行文字,並替換紅色字體中的文字
文件所在路徑: x-pack-core-6.6.0\org\elasticsearch\xpack\core
package org.elasticsearch.xpack.core; import java.io.IOException; import java.net.URISyntaxException; import java.net.URL; import java.nio.file.Files; import java.nio.file.OpenOption; import java.nio.file.Path; import java.util.jar.JarInputStream; import java.util.jar.Manifest; import org.elasticsearch.common.SuppressForbidden; import org.elasticsearch.common.io.PathUtils; public class XPackBuild { public static final XPackBuild CURRENT; private String shortHash; private String date; @SuppressForbidden( reason = "looks up path of xpack.jar directly" ) static Path getElasticsearchCodebase() { final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation(); try { return PathUtils.get(url.toURI()); } catch (URISyntaxException var2) { throw new RuntimeException(var2); } } XPackBuild(final String shortHash, final String date) { this.shortHash = shortHash; this.date = date; } public String shortHash() { return this.shortHash; } public String date() { return this.date; } static { final Path path = getElasticsearchCodebase(); String shortHash = null; String date = null; Label_0157: { shortHash = "Unknown"; date = "Unknown"; } CURRENT = new XPackBuild(shortHash, date); } }
3.編譯修改後的文件
①javac -cp
"/elk/elasticsearch-6.6.0/lib/elasticsearch-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/lucene-core-7.6.0.jar:
/elk/elasticsearch-6.6.0/modules/x-pack-core/x-pack-core-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/elasticsearch-core-6.6.0.jar" XPackBuild.java
②javac -cp
"/elk/elasticsearch-6.6.0/lib/elasticsearch-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/lucene-core-7.6.0.jar:
/elk/elasticsearch-6.6.0/modules/x-pack-core/x-pack-core-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/elasticsearch-core-6.6.0.jar:
/elk/elasticsearch-6.6.0/lib/elasticsearch-x-content-6.6.0.jar" LicenseVerifier.java
4.將編譯好的文件打包並複製回原目錄
①jar -cvf x-pack-core-6.6.0.jar -C x-pack-core-6.6.0
②cp x-pack-core-6.6.0.jar /elk/elasticsearch-6.6.0/modules/x-pack-core
二、導入授權文件
1. 從官網申請basic授權文件
https://license.elastic.co/registration #其他信息隨便寫,郵箱必須真實
2. 授權文件修改
vim license.json
{ "license": {"uid":"932e8686-f90e-4472-8a5f-77c2e753f269", "type":"platinum", #白金授權 "issue_date_in_millis":1560384000000, "expiry_date_in_millis":2855980923000, #2060年過期 "max_nodes":100, #最大節點數 "issued_to":"w hb (elk)", "issuer":"Web Form", "signature":"AAAAAwAAAA0rYWaQ1TxlnACl7nXpAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBq9LhcAeE9kYA4S7l3IiRIqYFH47DfrsJ0IVn2JISluCR661SZiAiakbP2WsYMSm/Y2R5YPygqh1myu/enUag0HJg6Q4Nk4sgpqcfVwjNrGyImy9B5dQO14VJSA6H9DtrQuqIAZLMp9cCm9iuY9L7uIzyFMK0EMUZbF4DNOk6mqQSrYVFp03HHvJWhWvfSZotW8crWWtRWoDwB846oFK+ZRk2njxC93dCl2PRwzqivvCl4O/Kc1x9Zn0w0B5s7eW1ezVQaLrExV0YNvJm9IcM1ZdXL/7bMAWPXIxZlqcno7WCGySTo9cYmVXCf0TcfUB+jgjijru+XX2vpcCv58PJJ", "start_date_in_millis":1560384000000 } }
3. 授權文件導入
①禁用security #如果不禁用,將不能正常導入授權文件
vim conf/elasticsearch.yml
xpack.security.enabled: false
②重啓elasticsearch
./bin/elasticsearch -d
③利用API導入授權文件
curl -XPUT -u elastic:changeme "http://10.0.9.24:9200/_xpack/license?acknowledge=true" -d @license.json
④啓用security
xpack.security.enabled: true xpack.security.transport.ssl.enabled: true #如果開啓security則ssl傳輸也必須開啓
⑤重啓elasticsearch
./bin/elasticsearch -d
⑥查看License狀態 #只能在主節點執行
curl -XGET -u elastic:changeme "http://10.0.9.24:9200/_license"
{ "license" : { "status" : "active", "uid" : "932e8686-f90e-4472-8a5f-77c2e753f269", "type" : "platinum", "issue_date" : "2019-06-13T00:00:00.000Z", "issue_date_in_millis" : 1560384000000, "expiry_date" : "2060-07-02T08:02:03.000Z", "expiry_date_in_millis" : 2855980923000, "max_nodes" : 100, "issued_to" : "w hb (elk)", "issuer" : "Web Form", "start_date_in_millis" : 1560384000000 } }
三、錯誤排查
1. 原來的ELK沒有密碼如何重設密碼
①以下操作必須在master節點執行
②cd /elk/elasticsearch-6.6.0/
③./bin/elasticsearch-setup-passwords interactive #手動設置所有用戶密碼,auto隨機設置所有用戶密碼
注:節點健康狀態爲red也可以成功設置,但是在集羣中必須有master節點
2.驗證elastic用戶失敗
Authentication of [elastic] was terminated by realm [reserved] - faile
d to authenticate user [elastic]
此報錯爲kibana配置文件中的用戶名密碼和elasticsearch所設置的不同導致
①cd /elk/kibana-6.6.0
②vim conf/kibana.yml
elasticsearch.username: "elastic" elasticsearch.password: "changeme"
③重啓kibana後進入網頁
http://10.0.9.24:7601