elasticsearch6.3.2之x-pack6.3.2破解安装并配合kibana使用

原文连接：https://www.plaza4me.com/article/20180825223826278java

因为在elasticsearch在6.3版本以后x-pack是默认安装好的，因此再也不须要用户本身去安装node

在此以前你能够先体验试用版30天（不影响后面破解）apache

启动elasticsearch后经过curl启动测试(注意端口修改)json

curl -H "Content-Type:application/json" -XPOST http://localhost:9285/_xpack/license/start_trial?acknowledge=true

而后你会看到以下返回信息表示启用测试版成功bootstrap

{"acknowledged":true,"trial_was_started":true,"type":"trial"}

因为接下来的密码设置等步骤和破解使用是同样的方式，就很少赘述了，你们能够往下翻查找本身想要的配置vim

1.进入/usr/local目录（根据本身喜爱选择，建立的文件后期会删除）

若是不想本身弄的也能够直接使用我打包好的(而后能够跳到步骤3的覆盖命令去)安全

jar包下载地址:https://pan.baidu.com/s/1ESSuFfQI-eSewV_kGdNo8A 密码：img3bash

①建立LicenseVerifier.java文件服务器

vim LicenseVerifier.java

复制如下代码app

package org.elasticsearch.license;
import java.nio.*; import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}

②建立XPackBuild.java文件

vim XPackBuild.java

复制如下代码

package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try { return PathUtils.get(url.toURI()); }
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus); }
}
XPackBuild( final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date(){
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: { shortHash = "Unknown"; date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}

2.分别编译两个文件

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar" LicenseVerifier.java

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar:/usr/local/elasticsearch/lib/elasticsearch-core-6.3.2.jar" XPackBuild.java

编译完成后会生成LicenseVerifier.class和XPackBuild.class两个文件

3.覆盖以前的jar文件

cd /usr/local
mkdir tempJar
cp /usr/ local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar tempJar/
cd tempJar
jar -xf x-pack-core-6.3.2.jar
cp ../LicenseVerifier.class org/elasticsearch/license/
cp ../XPackBuild.class org/elasticsearch/xpack/core/
rm x-pack-core-6.3.2.jar
jar -cvf x-pack-core-6.3.2.jar *
#覆盖以前的jar包
cp x-pack-core-6.3.2.jar /usr/ local/elasticsearch/modules/x-pack/x-pack-core/

4.修改elasticsearch.yml配置文件

#添加以下代码打开x-pack安全验证
xpack.security.enabled: true

5.生成用户名和密码

cd /usr/local/elasticsearch/bin
#自动生成(二选一)
./elasticsearch-setup-passwords auto
#手动生成(二选一)
./elasticsearch-setup-passwords interactive

6.将生成的elastic密码配置到kibana中（如何安装配置kibana）

cd /usr/local/kibana/config
vim kibana.yml
#找到如下参数并修改(如下用户名和密码均为你本身的elasticsearch的帐户和密码)
#就是上一步骤5生成的密码
elasticsearch.username: elastic
elasticsearch.password: XXXXXXXXXXX

7.启动kibana(先启动elasticsearch)

cd /usr/local/kibana/bin
./kibana

启动完成后访问kibana(这个就不用我多说了吧，记得要开放端口哦)

可是咱们发现只有一个月的试用时间（在登录成功后的主页面Management->LicenseManagement能够看到）

Your Trial license is active

Your license will expire on September 20, 2018 2:49 PM CST

8.破解

因此接下来咱们要作的就是上传license.json(这是我弄好的，注意保存为.json格式)

{
"license": {
"uid": "9gfhf46-5g78-4f1e-b5a4-afet359bc3a3",
"type": "platinum",
"issue_date_in_millis": 1534723200000,
"expiry_date_in_millis": 2544271999999,
"max_nodes": 100,
"issued_to": "www.plaza4me.com",
"issuer": "Web Form",
"signature": "AAAAAwAAAA3lQFlr4GED3cGRsdfgrDDFEWGN0hjZDBGYnVyRXpCOsdfasdfsgEfghgdg3423MVZwUzRxVk1PSmkxagfsdf3242UWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCGcZtOlZwj0Rnl2MUjERG94a+xcifpVAurIA+z4rroxaqaewpb2MJLZVJt1ZCGeKB0KIWRAm2pkPjM2JigjaPIUBhpW4/yUzbdRtRuQB4loEKd7/p9EbHDh5GzeI8qfkMh3j7QaAlz4Bk+eett+ZNqNXHEdkr+Re9psdnqfUESz1uROhMoYWbn/Bdd0AJLKzhRnEOE972xdnAar8bCP1DIDljI9IOnYhEc6O6CboKCMJY4AWOvJY83bud4FO25hrKf6bMy0F2oO2yUkVV0UiFMX19JbhcC+WIAgxMk/KG7e/MqR8bJ1jNu2usMlgkvV97BxiPogTujFnTQxoHdpNdR",
"start_date_in_millis": 1534723200000
}
}

而后把license.json上传到服务器并使用curl提交

curl -XPUT -u elastic 'http://127.0.0.1:9255/_xpack/license' -H "Content-Type: application/json" -d @license.json

不出意外的话你会获得报错信息

{"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":500}

大意就是说你把x-pack关了再上传试试（而后咱们关了再试试）

vim /usr/ local/elasticsearch/config/elasticsearch.yml
#找到并修改如下变量
xpack.security.enabled: false

再次启动elasticsearch并提交license.json咱们会获得以下响应{"acknowledged":true,"license_st.......................}（就是这种）

这就说明咱们基本上已经快要成功了

而后咱们把x-pack再打开

vim /usr/ local/elasticsearch/config/elasticsearch.yml
#找到并修改如下变量
xpack.security.enabled: true

重启elasticsearch

不出意外的话大家会获得这个

ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

意思就是说:你要me把ssl什么的打开，要么就把x-pack关了才行（我去，我费这么大劲你给我说这个）

9.配置SSL

cd /usr/local/elasticsearch/bin/
./elasticsearch-certgen

而后会出现以下信息标红的表明你要填写的

******************************************************************************
Note: The 'elasticsearch-certgen' tool has been deprecated in favour of the
'elasticsearch-certutil' tool. This command will be removed in a future
release.
******************************************************************************

This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL in the Elastic stack. Depending on the command
line option specified, you may be prompted for the following:

* The path to the output file
* The output file is a zip file containing the signed certificates and
private keys for each instance. If a Certificate Authority was generated,
the certificate and private key will also be included in the output file.
* Information about each instance
* An instance is any piece of the Elastic Stack that requires a SSL certificate.
Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
may all require a certificate and private key.
* The minimum required value for each instance is a name. This can simply be the
hostname, which will be used as the Common Name of the certificate. A full
distinguished name may also be used.
* A filename value may be required for each instance. This is necessary when the
name would result in an invalid file or directory name. The name provided here
is used as the directory name (within the zip) and the prefix for the key and
certificate files. The filename is required if you are prompted and the name
is not displayed in the prompt.
* IP addresses and DNS names are optional. Multiple values can be specified as a
comma separated string. If no IP addresses or DNS names are provided, you may
disable hostname verification in your SSL configuration.
* Certificate Authority private key password
* The password may be left empty if desired.

Let's get started...

Please enter the desired output file [certificate-bundle.zip]: cert.zip （压缩包名称）
Enter instance name: my-application(实例名)
Enter name for directories and files [p4mES]: elasticsearch（文件夹名）
Enter IP Addresses for instance (comma-separated if more than one) []: 127.0.0.1(实例ip，多个ip用逗号隔开)
Enter DNS names for instance (comma-separated if more than one) []: node-1（节点名，多个节点用逗号隔开）
Would you like to specify another instance? Press 'y' to continue entering instance information:
Certificates written to /usr/local/elasticsearch/bin/cert.zip（这个是生成的文件存放地址，不用填写）

This file should be properly secured as it contains the private keys for all
instances and the certificate authority.

After unzipping the file, there will be a directory for each instance containing
the certificate and private key. Copy the certificate, key, and CA certificate
to the configuration directory of the Elastic product that they will be used for
and follow the SSL configuration instructions in the product guide.

For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.

接下来就是把.zip压缩包解压而后把ca文件夹和elasticsearch文件夹的东西都放到/usr/local/elasticsearch/config目录下

再修改elasticsearch.yml配置文件

vim /usr/ local/elasticsearch/config/elasticsearch.yml
#添加以下变量
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: elasticsearch.key
xpack.ssl.certificate: elasticsearch.crt
xpack.ssl.certificate_authorities: ca.crt

再从新启动elasticsearch会出现exception caught on transport layer [NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:45812, remoteAddress=/0:0:0:0:0:0:0:1:9300}], closing connection

出现这种状况个人选择是禁用ipv6

vim /etc/sysctl.conf
#添加以下变量
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#保存退出

#使修改生效
sysctl -p

再次启动便没有任何问题了

而后看咱们的license也应该是到2050年过时了

10.总结

本身配置起来很快，可是写了这么可能是真不容易，有些地方可能还比较啰嗦但主要是为了写清楚。若是还不清楚的话能够私信或者留言，我会第一时间回复。最后奉上个人小站（plaza4me.com）