1.修改配置添加如下選項
xpack.security.enabled: true
2.啟動測試
curl -H "Content-Type:application/json" -XPOST http://172.16.10.61:29200/_xpack/license/start_trial?acknowledge=true
{"acknowledged":true,"trial_was_started":true,"type":"trial"}
3.設置密碼
[esuser@esuser-oracle-9e96168-prd bin]$ ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
4.步驟2啟用的license只有30天的免費試用,下面需要進行破解
[esuser@esuser-oracle-9e96168-prd bin]$ curl -u elastic:elastic "172.16.10.61:29200/_license"
{
"license" : {
"status" : "active",
"uid" : "2dae74d3-beb3-446b-bfbd-208ab0104fff",
"type" : "trial",
"issue_date" : "2019-10-22T09:14:55.966Z",
"issue_date_in_millis" : 1571735695966,
"expiry_date" : "2019-11-21T09:14:55.966Z",
"expiry_date_in_millis" : 1574327695966,
"max_nodes" : 1000,
"issued_to" : "elasticsearch",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
這個時候不使用密碼是無法使用了
curl -X GET 'http://172.16.10.61:29200/_cat/indices?v'
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
curl -u elastic:elastic -X GET 'http://172.16.10.61:29200/_cat/indices?v'
[esuser@esuser-oracle-9e96168-prd bin]$ curl -u elastic:elastic -X GET 'http://172.16.10.61:29200/_cat/indices?v'
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .security-6 VdNkBc8fS628pPWUTvMgjA 1 0 6 0 19.5kb 19.5kb
yellow open index02 CWrRaT0aRTCwwbjWqLi8Tw 5 1 9 0 33kb 33kb
yellow open index01 sbMbdhSgTSao90DFaiqPxg 5 1 201648 13003 54.1mb 54.1mb
5.破解
5.1 創建兩個java文件
[esuser]$ cd /home/esuser
[esuser]$ mkdir javacode
[esuser]$ cd javacode
vi LicenseVerifier.java
package org.elasticsearch.license;
import java.nio.*; import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
vi XPackBuild.java
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try { return PathUtils.get(url.toURI()); }
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus); }
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date(){
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: { shortHash = "Unknown"; date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
生成的兩個文件如下:
[esuser]$ ls -1
LicenseVerifier.java
XPackBuild.java
5.2.將剛創建的兩個java包打包成class文件,我們需要做的就是替換這兩個class文件(因里面需要引用到其他的jar,故需要用到javac -cp命令)
javac -cp "/usr/local/services/elasticsearch/lib/elasticsearch-6.5.0.jar:/usr/local/services/elasticsearch/lib/lucene-core-7.5.0.jar:/usr/local/services/elasticsearch/modules/x-pack-core/x-pack-core-6.5.0.jar" LicenseVerifier.java
javac -cp "/usr/local/services/elasticsearch/lib/elasticsearch-6.5.0.jar:/usr/local/services/elasticsearch/lib/lucene-core-7.5.0.jar:/usr/local/services/elasticsearch/modules/x-pack-core/x-pack-core-6.5.0.jar:/usr/local/services/elasticsearch/lib/elasticsearch-core-6.5.0.jar" XPackBuild.java
這里的路徑/usr/local/services/elasticsearch 是我自己機器部署的es路徑,根據個人部署情況進行修改
執行如上的兩個命令后查看目錄多生成了2個class文件
[esuser]$ ls -1
LicenseVerifier.class
LicenseVerifier.java
XPackBuild.class
XPackBuild.java
5.3.把原來的文件給解壓出來,然后覆蓋
下面操作所在目錄為:/home/esuser/javacode
[esuser]$cd /home/esuser/javacode
將原來的包拷貝到當前目錄
[esuser]$cp -a /usr/local/services/elasticsearch-esuser/modules/x-pack-core/x-pack-core-6.5.0.jar .
解壓原來的包
[esuser]$jar -xf x-pack-core-6.5.0.jar
刪除之前的java文件和拷貝過來的包
[esuser]$rm -rf LicenseVerifier.java XPackBuild.java x-pack-core-6.5.0.jar
將class文件拷貝到相應目錄
[esuser]$cp -a LicenseVerifier.class org/elasticsearch/license/
[esuser]$cp -a XPackBuild.class org/elasticsearch/xpack/core/
刪除class文件
[esuser]$rm -rf LicenseVerifier.class XPackBuild.class
重新生成jar包
[esuser]$jar -cvf x-pack-core-6.5.0.jar *
將生成的java包覆蓋原來的
[esuser]$cp -a x-pack-core-6.5.0.jar /usr/local/services/elasticsearch-esuser/modules/x-pack-core/
6.重新啟動es
kill掉es進程,然后重新啟動
[esuser@localhost bin]$ ./elasticsearch -d
7.License申請
申請地址
https://license.elastic.co/registration
填寫信息后,會有一個郵件發到注冊的郵箱,然后安裝提示點擊鏈接進行下載
下載后上傳服務器,修改過期時間expiry_date_in_millis,我這里修改為2524579200000,即2050-01-01 00:00:00,type修改為platinum
將下載的文件上傳到es所在的服務器的相應目錄,我這里是cd /home/esuser/soft
cd /home/esuser/soft
my.json文件內如如下
{"license":{"uid":"1e9a1465-3398-44e8-aa06-c76062dcfedf","type":"platinum","issue_date_in_millis":1544659200000,"expiry_date_in_millis":2524579200000,"max_nodes":100,"issued_to":"xueliang huang (richinfo)","issuer":"Web Form","signature":"AAAAAwAAAA0CkXSNg+Yl6jgouxuAAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBbRJOy1WgeFasn9hkqXcUu4jbVTH5B51CpsbpQTIukDJUeyo9z0DW1DzXzgUn1y0LQ62VDVcjiJvi0Xci5w9ZYDQPPVwf8PN0Pg8rOkawcJpr4ZmCiBgh/dFmgcOsjOjro1EcVOp3rm9zil89FsACMUcgRiYf//Ejahsx7giFEyYnUNOqfy4umh3aHj+awlg76P1OVxnyu74IjJdWGXluMw+hTJ0EKXcaUEfJpJgBLtPUmyD6jd/LtzV8ysKL6JQTxkUzdlWVdzipskQ8MWt5Nn6ClddwJFVb5lTAOJvLy6jyEmro4Fho5LJ6eRW2NvsWS4Y1Yu6lHVoWBVW4v++Wx","start_date_in_millis":1544659200000}}
curl -XPUT -u elastic:elastic 'http://172.16.10.61:29200/_xpack/license' -H "Content-Type: application/json" -d @my.json
這里報錯:
{"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":500}
解決辦法:
在elasticsearch.yml將xpack.security.enabled先修改成flase重新啟動
xpack.security.enabled: false
再次導入,可以看到導入成功
cd /home/esuser/soft
curl -XPUT -u elastic:elastic 'http://172.16.10.61:29200/_xpack/license' -H "Content-Type: application/json" -d @my.json
{"acknowledged":true,"license_status":"valid"}
curl -u elastic:elastic "172.16.10.61:29200/_license"
{
"license" : {
"status" : "active",
"uid" : "1e9a1465-3398-44e8-aa06-c76062dcfedf",
"type" : "platinum",
"issue_date" : "2018-12-13T00:00:00.000Z",
"issue_date_in_millis" : 1544659200000,
"expiry_date" : "2049-12-31T16:00:00.000Z",
"expiry_date_in_millis" : 2524579200000,
"max_nodes" : 100,
"issued_to" : "xueliang huang (richinfo)",
"issuer" : "Web Form",
"start_date_in_millis" : 1544659200000
}
}
8.將如下參數修改為true后重新啟動
xpack.security.enabled: true
發現啟動的時候報錯誤
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
安裝提示將如下參數設置為true
xpack.security.transport.ssl.enabled: true
如果有多個節點ES集群,先將xpack.security.enabled設置為false后啟動整個集群,然后再導入license.
9.修改密碼
curl -H "Content-Type:application/json" -XPUT -u elastic:elastic 'http://172.16.10.61:29200/_xpack/security/user/elastic/_password' -d '{ "password" : "elastic123" }'