elasticsearch6.3.2之x-pack6.3.2破解安裝並配合kibana使用

原文連接：https://www.plaza4me.com/article/20180825223826278java

因爲在elasticsearch在6.3版本以後x-pack是默認安裝好的，因此再也不須要用戶本身去安裝node

在此以前你能夠先體驗試用版30天（不影響後面破解）apache

啓動elasticsearch後經過curl啓動測試(注意端口修改)json

curl -H "Content-Type:application/json" -XPOST http://localhost:9285/_xpack/license/start_trial?acknowledge=true

而後你會看到以下返回信息表示啓用測試版成功bootstrap

{"acknowledged":true,"trial_was_started":true,"type":"trial"}

因爲接下來的密碼設置等步驟和破解使用是同樣的方式，就很少贅述了，你們能夠往下翻查找本身想要的配置vim

1.進入/usr/local目錄（根據本身喜愛選擇，建立的文件後期會刪除）

若是不想本身弄的也能夠直接使用我打包好的(而後能夠跳到步驟3的覆蓋命令去)安全

jar包下載地址:https://pan.baidu.com/s/1ESSuFfQI-eSewV_kGdNo8A 密碼：img3bash

①建立LicenseVerifier.java文件服務器

vim LicenseVerifier.java

複製如下代碼app

package org.elasticsearch.license;
import java.nio.*; import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}

②建立XPackBuild.java文件

vim XPackBuild.java

複製如下代碼

package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try { return PathUtils.get(url.toURI()); }
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus); }
}
XPackBuild( final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date(){
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: { shortHash = "Unknown"; date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}

2.分別編譯兩個文件

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar" LicenseVerifier.java

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar:/usr/local/elasticsearch/lib/elasticsearch-core-6.3.2.jar" XPackBuild.java

編譯完成後會生成LicenseVerifier.class和XPackBuild.class兩個文件

3.覆蓋以前的jar文件

cd /usr/local
mkdir tempJar
cp /usr/ local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar tempJar/
cd tempJar
jar -xf x-pack-core-6.3.2.jar
cp ../LicenseVerifier.class org/elasticsearch/license/
cp ../XPackBuild.class org/elasticsearch/xpack/core/
rm x-pack-core-6.3.2.jar
jar -cvf x-pack-core-6.3.2.jar *
#覆蓋以前的jar包
cp x-pack-core-6.3.2.jar /usr/ local/elasticsearch/modules/x-pack/x-pack-core/

4.修改elasticsearch.yml配置文件

#添加以下代碼打開x-pack安全驗證
xpack.security.enabled: true

5.生成用戶名和密碼

cd /usr/local/elasticsearch/bin
#自動生成(二選一)
./elasticsearch-setup-passwords auto
#手動生成(二選一)
./elasticsearch-setup-passwords interactive

6.將生成的elastic密碼配置到kibana中（如何安裝配置kibana）

cd /usr/local/kibana/config
vim kibana.yml
#找到如下參數並修改(如下用戶名和密碼均爲你本身的elasticsearch的帳戶和密碼)
#就是上一步驟5生成的密碼
elasticsearch.username: elastic
elasticsearch.password: XXXXXXXXXXX

7.啓動kibana(先啓動elasticsearch)

cd /usr/local/kibana/bin
./kibana

啓動完成後訪問kibana(這個就不用我多說了吧，記得要開放端口哦)

可是咱們發現只有一個月的試用時間（在登錄成功後的主頁面Management->LicenseManagement能夠看到）

Your Trial license is active

Your license will expire on September 20, 2018 2:49 PM CST

8.破解

因此接下來咱們要作的就是上傳license.json(這是我弄好的，注意保存爲.json格式)

{
"license": {
"uid": "9gfhf46-5g78-4f1e-b5a4-afet359bc3a3",
"type": "platinum",
"issue_date_in_millis": 1534723200000,
"expiry_date_in_millis": 2544271999999,
"max_nodes": 100,
"issued_to": "www.plaza4me.com",
"issuer": "Web Form",
"signature": "AAAAAwAAAA3lQFlr4GED3cGRsdfgrDDFEWGN0hjZDBGYnVyRXpCOsdfasdfsgEfghgdg3423MVZwUzRxVk1PSmkxagfsdf3242UWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCGcZtOlZwj0Rnl2MUjERG94a+xcifpVAurIA+z4rroxaqaewpb2MJLZVJt1ZCGeKB0KIWRAm2pkPjM2JigjaPIUBhpW4/yUzbdRtRuQB4loEKd7/p9EbHDh5GzeI8qfkMh3j7QaAlz4Bk+eett+ZNqNXHEdkr+Re9psdnqfUESz1uROhMoYWbn/Bdd0AJLKzhRnEOE972xdnAar8bCP1DIDljI9IOnYhEc6O6CboKCMJY4AWOvJY83bud4FO25hrKf6bMy0F2oO2yUkVV0UiFMX19JbhcC+WIAgxMk/KG7e/MqR8bJ1jNu2usMlgkvV97BxiPogTujFnTQxoHdpNdR",
"start_date_in_millis": 1534723200000
}
}

而後把license.json上傳到服務器並使用curl提交

curl -XPUT -u elastic 'http://127.0.0.1:9255/_xpack/license' -H "Content-Type: application/json" -d @license.json

不出意外的話你會獲得報錯信息

{"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":500}

大意就是說你把x-pack關了再上傳試試（而後咱們關了再試試）

vim /usr/ local/elasticsearch/config/elasticsearch.yml
#找到並修改如下變量
xpack.security.enabled: false

再次啓動elasticsearch並提交license.json咱們會獲得以下響應{"acknowledged":true,"license_st.......................}（就是這種）

這就說明咱們基本上已經快要成功了

而後咱們把x-pack再打開

vim /usr/ local/elasticsearch/config/elasticsearch.yml
#找到並修改如下變量
xpack.security.enabled: true

重啓elasticsearch

不出意外的話大家會獲得這個

ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

意思就是說:你要me把ssl什麼的打開，要麼就把x-pack關了才行（我去，我費這麼大勁你給我說這個）

9.配置SSL

cd /usr/local/elasticsearch/bin/
./elasticsearch-certgen

而後會出現以下信息標紅的表明你要填寫的

******************************************************************************
Note: The 'elasticsearch-certgen' tool has been deprecated in favour of the
'elasticsearch-certutil' tool. This command will be removed in a future
release.
******************************************************************************

This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL in the Elastic stack. Depending on the command
line option specified, you may be prompted for the following:

* The path to the output file
* The output file is a zip file containing the signed certificates and
private keys for each instance. If a Certificate Authority was generated,
the certificate and private key will also be included in the output file.
* Information about each instance
* An instance is any piece of the Elastic Stack that requires a SSL certificate.
Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
may all require a certificate and private key.
* The minimum required value for each instance is a name. This can simply be the
hostname, which will be used as the Common Name of the certificate. A full
distinguished name may also be used.
* A filename value may be required for each instance. This is necessary when the
name would result in an invalid file or directory name. The name provided here
is used as the directory name (within the zip) and the prefix for the key and
certificate files. The filename is required if you are prompted and the name
is not displayed in the prompt.
* IP addresses and DNS names are optional. Multiple values can be specified as a
comma separated string. If no IP addresses or DNS names are provided, you may
disable hostname verification in your SSL configuration.
* Certificate Authority private key password
* The password may be left empty if desired.

Let's get started...

Please enter the desired output file [certificate-bundle.zip]: cert.zip （壓縮包名稱）
Enter instance name: my-application(實例名)
Enter name for directories and files [p4mES]: elasticsearch（文件夾名）
Enter IP Addresses for instance (comma-separated if more than one) []: 127.0.0.1(實例ip，多個ip用逗號隔開)
Enter DNS names for instance (comma-separated if more than one) []: node-1（節點名，多個節點用逗號隔開）
Would you like to specify another instance? Press 'y' to continue entering instance information:
Certificates written to /usr/local/elasticsearch/bin/cert.zip（這個是生成的文件存放地址，不用填寫）

This file should be properly secured as it contains the private keys for all
instances and the certificate authority.

After unzipping the file, there will be a directory for each instance containing
the certificate and private key. Copy the certificate, key, and CA certificate
to the configuration directory of the Elastic product that they will be used for
and follow the SSL configuration instructions in the product guide.

For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.

接下來就是把.zip壓縮包解壓而後把ca文件夾和elasticsearch文件夾的東西都放到/usr/local/elasticsearch/config目錄下

再修改elasticsearch.yml配置文件

vim /usr/ local/elasticsearch/config/elasticsearch.yml
#添加以下變量
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: elasticsearch.key
xpack.ssl.certificate: elasticsearch.crt
xpack.ssl.certificate_authorities: ca.crt

再從新啓動elasticsearch會出現exception caught on transport layer [NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:45812, remoteAddress=/0:0:0:0:0:0:0:1:9300}], closing connection

出現這種狀況個人選擇是禁用ipv6

vim /etc/sysctl.conf
#添加以下變量
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#保存退出

#使修改生效
sysctl -p

再次啓動便沒有任何問題了

而後看咱們的license也應該是到2050年過時了

10.總結

本身配置起來很快，可是寫了這麼可能是真不容易，有些地方可能還比較囉嗦但主要是爲了寫清楚。若是還不清楚的話能夠私信或者留言，我會第一時間回覆。最後奉上個人小站（plaza4me.com）