elasticsearch6.3.2之x-pack6.3.2破解安装并配合kibana使用

原文链接：https://www.plaza4me.com/article/20180825223826278

由于在elasticsearch在6.3版本之后x-pack是默认安装好的，所以不再需要用户自己去安装

在此之前你可以先体验试用版30天（不影响后面破解）

启动elasticsearch后通过curl启动测试(注意端口修改)

curl -H "Content-Type:application/json" -XPOST  http://localhost:9285/_xpack/license/start_trial?acknowledge=true

然后你会看到如下返回信息表示启用测试版成功

{"acknowledged":true,"trial_was_started":true,"type":"trial"}

由于接下来的密码设置等步骤和破解使用是一样的方式，就不多赘述了，大家可以往下翻查找自己想要的配置

1.进入/usr/local目录（根据自己喜好选择，创建的文件后期会删除）

如果不想自己弄的也可以直接使用我打包好的(然后可以跳到步骤3的覆盖命令去)

jar包下载地址:https://pan.baidu.com/s/1ESSuFfQI-eSewV_kGdNo8A 密码：img3

①创建LicenseVerifier.java文件

vim LicenseVerifier.java

复制以下代码

package org.elasticsearch.license;
import java.nio.*; import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}

②创建XPackBuild.java文件

vim XPackBuild.java

复制以下代码

package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try { return PathUtils.get(url.toURI()); }
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus); }
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date(){
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: { shortHash = "Unknown"; date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}

2.分别编译两个文件

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar" LicenseVerifier.java

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar:/usr/local/elasticsearch/lib/elasticsearch-core-6.3.2.jar"  XPackBuild.java

编译完成后会生成LicenseVerifier.class和XPackBuild.class两个文件

3.覆盖之前的jar文件

cd /usr/local
mkdir tempJar
cp /usr/local/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar tempJar/
cd tempJar
jar -xf x-pack-core-6.3.2.jar
cp ../LicenseVerifier.class org/elasticsearch/license/
cp ../XPackBuild.class org/elasticsearch/xpack/core/
rm x-pack-core-6.3.2.jar
jar -cvf x-pack-core-6.3.2.jar *
#覆盖之前的jar包
cp x-pack-core-6.3.2.jar /usr/local/elasticsearch/modules/x-pack/x-pack-core/

4.修改elasticsearch.yml配置文件

#添加如下代码打开x-pack安全验证
xpack.security.enabled: true

5.生成用户名和密码

cd /usr/local/elasticsearch/bin
#自动生成(二选一)
./elasticsearch-setup-passwords auto
#手动生成(二选一)
./elasticsearch-setup-passwords interactive

6.将生成的elastic密码配置到kibana中（如何安装配置kibana）

cd /usr/local/kibana/config
vim kibana.yml
#找到以下参数并修改(以下用户名和密码均为你自己的elasticsearch的账户和密码)
#就是上一步骤5生成的密码
elasticsearch.username: elastic
elasticsearch.password: XXXXXXXXXXX

7.启动kibana(先启动elasticsearch)

cd /usr/local/kibana/bin
./kibana

启动完成后访问kibana(这个就不用我多说了吧，记得要开放端口哦)

但是我们发现只有一个月的试用时间（在登陆成功后的主页面Management->LicenseManagement可以看到）

Your Trial license is active

Your license will expire on September 20, 2018 2:49 PM CST

8.破解

所以接下来我们要做的就是上传license.json(这是我弄好的，注意保存为.json格式)

{
"license": {
"uid": "9gfhf46-5g78-4f1e-b5a4-afet359bc3a3",
"type": "platinum",
"issue_date_in_millis": 1534723200000,
"expiry_date_in_millis": 2544271999999,
"max_nodes": 100,
"issued_to": "www.plaza4me.com",
"issuer": "Web Form",
"signature": "AAAAAwAAAA3lQFlr4GED3cGRsdfgrDDFEWGN0hjZDBGYnVyRXpCOsdfasdfsgEfghgdg3423MVZwUzRxVk1PSmkxagfsdf3242UWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCGcZtOlZwj0Rnl2MUjERG94a+xcifpVAurIA+z4rroxaqaewpb2MJLZVJt1ZCGeKB0KIWRAm2pkPjM2JigjaPIUBhpW4/yUzbdRtRuQB4loEKd7/p9EbHDh5GzeI8qfkMh3j7QaAlz4Bk+eett+ZNqNXHEdkr+Re9psdnqfUESz1uROhMoYWbn/Bdd0AJLKzhRnEOE972xdnAar8bCP1DIDljI9IOnYhEc6O6CboKCMJY4AWOvJY83bud4FO25hrKf6bMy0F2oO2yUkVV0UiFMX19JbhcC+WIAgxMk/KG7e/MqR8bJ1jNu2usMlgkvV97BxiPogTujFnTQxoHdpNdR",
"start_date_in_millis": 1534723200000
}
}

然后把license.json上传到服务器并使用curl提交

curl -XPUT -u elastic 'http://127.0.0.1:9255/_xpack/license' -H "Content-Type: application/json" -d @license.json

不出意外的话你会得到报错信息

{"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":500}

大意就是说你把x-pack关了再上传试试（然后我们关了再试试）

vim /usr/local/elasticsearch/config/elasticsearch.yml
#找到并修改以下变量
xpack.security.enabled: false

再次启动elasticsearch并提交license.json我们会得到如下响应{"acknowledged":true,"license_st.......................}（就是这种）

这就说明我们基本上已经快要成功了

然后我们把x-pack再打开

vim /usr/local/elasticsearch/config/elasticsearch.yml
#找到并修改以下变量
xpack.security.enabled: true

重启elasticsearch

不出意外的话你们会得到这个

ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

意思就是说:你要me把ssl什么的打开，要么就把x-pack关了才行（我去，我费这么大劲你给我说这个）

9.配置SSL

cd /usr/local/elasticsearch/bin/
./elasticsearch-certgen

然后会出现如下信息标红的代表你要填写的

******************************************************************************
Note: The 'elasticsearch-certgen' tool has been deprecated in favour of the
'elasticsearch-certutil' tool. This command will be removed in a future
release.
******************************************************************************

This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL in the Elastic stack. Depending on the command
line option specified, you may be prompted for the following:

* The path to the output file
* The output file is a zip file containing the signed certificates and
private keys for each instance. If a Certificate Authority was generated,
the certificate and private key will also be included in the output file.
* Information about each instance
* An instance is any piece of the Elastic Stack that requires a SSL certificate.
Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
may all require a certificate and private key.
* The minimum required value for each instance is a name. This can simply be the
hostname, which will be used as the Common Name of the certificate. A full
distinguished name may also be used.
* A filename value may be required for each instance. This is necessary when the
name would result in an invalid file or directory name. The name provided here
is used as the directory name (within the zip) and the prefix for the key and
certificate files. The filename is required if you are prompted and the name
is not displayed in the prompt.
* IP addresses and DNS names are optional. Multiple values can be specified as a
comma separated string. If no IP addresses or DNS names are provided, you may
disable hostname verification in your SSL configuration.
* Certificate Authority private key password
* The password may be left empty if desired.

Let's get started...

Please enter the desired output file [certificate-bundle.zip]: cert.zip （压缩包名称）
Enter instance name: my-application(实例名)
Enter name for directories and files [p4mES]: elasticsearch（文件夹名）
Enter IP Addresses for instance (comma-separated if more than one) []: 127.0.0.1(实例ip，多个ip用逗号隔开)
Enter DNS names for instance (comma-separated if more than one) []: node-1（节点名，多个节点用逗号隔开）
Would you like to specify another instance? Press 'y' to continue entering instance information:
Certificates written to /usr/local/elasticsearch/bin/cert.zip（这个是生成的文件存放地址，不用填写）

This file should be properly secured as it contains the private keys for all
instances and the certificate authority.

After unzipping the file, there will be a directory for each instance containing
the certificate and private key. Copy the certificate, key, and CA certificate
to the configuration directory of the Elastic product that they will be used for
and follow the SSL configuration instructions in the product guide.

For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.

接下来就是把.zip压缩包解压然后把ca文件夹和elasticsearch文件夹的东西都放到/usr/local/elasticsearch/config目录下

再修改elasticsearch.yml配置文件

vim /usr/local/elasticsearch/config/elasticsearch.yml
#添加如下变量
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: elasticsearch.key
xpack.ssl.certificate: elasticsearch.crt
xpack.ssl.certificate_authorities: ca.crt

再重新启动elasticsearch会出现exception caught on transport layer [NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:45812, remoteAddress=/0:0:0:0:0:0:0:1:9300}], closing connection

出现这种情况我的选择是禁用ipv6

vim /etc/sysctl.conf
#添加如下变量
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#保存退出

#使修改生效
sysctl -p

再次启动便没有任何问题了

然后看我们的license也应该是到2050年过期了

10.总结

自己配置起来很快，但是写了这么多是真不容易，有些地方可能还比较啰嗦但主要是为了写清楚。如果还不清楚的话可以私信或者留言，我会第一时间回复。最后奉上我的小站（plaza4me.com）