@Alex-Zhao
2021-09-27T15:08:09.000000Z
字数 8029
阅读 75
ELK
在Elastic6.4之后,x-pack默认就放在安装包中,不需要另下载。
本文章场景是Centos7.7-minimal系统,通过yum安装。elasticsearch默认安装路径是/usr/share/elasticsearch。
repo文件:
[logstash-7.x]name=Elastic repository for 7.x packagesbaseurl=https://artifacts.elastic.co/packages/7.x/yumgpgcheck=1gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearchenabled=1autorefresh=1type=rpm-md
破解x-pack只需要x-pack-core-7.4.2.jar文件,该文件路径/usr/share/elasticsearch/modules/x-pack-core
反编译软件Luyten:Luyten下载地址
免费版basic版本的license json文件:注册地址,注册完成会将链接发送到邮箱,然后下载json文件。
x-pack-core-7.4.2.jar文件:从原目录拷贝一份到工作电脑中,进行修改源代码。
JAVA1.8以上环境
JAVA1.8以上开发环境(javac)
在Luyten工具中我们需要把2个文件提取出来进行修改。org.elasticsearch.license.LicenseVerifier和org.elasticsearch.xpack.core.XPackBuild,该工具并不能将其转换成文件,只能显示其代码,将代码拷贝出来,另创建两个java文件进行修改。
LicenseVerifier中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回true
package org.elasticsearch.license;import java.nio.*;import org.elasticsearch.common.bytes.*;import java.security.*;import java.util.*;import org.elasticsearch.common.xcontent.*;import org.apache.lucene.util.*;import org.elasticsearch.core.internal.io.*;import java.io.*;public class LicenseVerifier{public static boolean verifyLicense(final License license, final byte[] publicKeyData) {/*byte[] signedContent = null;byte[] publicKeyFingerprint = null;try {final byte[] signatureBytes = Base64.getDecoder().decode(license.signature());final ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);final int version = byteBuffer.getInt();final int magicLen = byteBuffer.getInt();final byte[] magic = new byte[magicLen];byteBuffer.get(magic);final int hashLen = byteBuffer.getInt();publicKeyFingerprint = new byte[hashLen];byteBuffer.get(publicKeyFingerprint);final int signedContentLen = byteBuffer.getInt();signedContent = new byte[signedContentLen];byteBuffer.get(signedContent);final XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);license.toXContent(contentBuilder, (ToXContent.Params)new ToXContent.MapParams((Map)Collections.singletonMap("license_spec_view", "true")));final Signature rsa = Signature.getInstance("SHA512withRSA");rsa.initVerify(CryptUtils.readPublicKey(publicKeyData));final BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();BytesRef ref;while ((ref = iterator.next()) != null) {rsa.update(ref.bytes, ref.offset, ref.length);}return rsa.verify(signedContent);}catch (IOException ex) {}catch (NoSuchAlgorithmException ex2) {}catch (SignatureException ex3) {}catch (InvalidKeyException e) {throw new IllegalStateException(e);}finally {if (signedContent != null) {Arrays.fill(signedContent, (byte)0);}}*/return true; //新增一行}public static boolean verifyLicense(final License license) {/*byte[] publicKeyBytes;try {final InputStream is = LicenseVerifier.class.getResourceAsStream("/public.key");try {final ByteArrayOutputStream out = new ByteArrayOutputStream();Streams.copy(is, (OutputStream)out);publicKeyBytes = out.toByteArray();if (is != null) {is.close();}}catch (Throwable t) {if (is != null) {try {is.close();}catch (Throwable t2) {t.addSuppressed(t2);}}throw t;}}catch (IOException ex) {throw new IllegalStateException(ex);}//return verifyLicense(license, publicKeyBytes);*/return true; //新增一行}}
XPackBuild中最后一个静态代码块中 try的部分全部删除,这部分会验证jar包是否被修改.
package org.elasticsearch.xpack.core;import org.elasticsearch.common.io.*;import java.net.*;import org.elasticsearch.common.*;import java.nio.file.*;import java.io.*;import java.util.jar.*;public class XPackBuild{public static final XPackBuild CURRENT;private String shortHash;private String date;@SuppressForbidden(reason = "looks up path of xpack.jar directly")static Path getElasticsearchCodebase() {final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();try {return PathUtils.get(url.toURI());}catch (URISyntaxException bogus) {throw new RuntimeException(bogus);}}XPackBuild(final String shortHash, final String date) {this.shortHash = shortHash;this.date = date;}public String shortHash() {return this.shortHash;}public String date() {return this.date;}static {final Path path = getElasticsearchCodebase();String shortHash = null;String date = null;Label_0109: {/* if (path.toString().endsWith(".jar")) { //将一下部分注释掉try {final JarInputStream jar =new JarInputStream(Files.newInputStream(path, new OpenOption[0]));try {final Manifest manifest = jar.getManifest();shortHash = manifest.getMainAttributes().getValue("Change");date = manifest.getMainAttributes().getValue("Build-Date");jar.close();}catch (Throwable t) {try {jar.close();}catch (Throwable t2) {t.addSuppressed(t2);}throw t;}break Label_0109;}catch (IOException e) {throw new RuntimeException(e);}}*/shortHash = "Unknown";date = "Unknown";}CURRENT = new XPackBuild(shortHash, date);}}
上述LicenseVerifier.java和XPackBuild.java两个文件在本地电脑修改完成后,我们需要将其复制到elasticsearch服务器上并编译成class文件,然后打包到x-pack-core-7.4.2.jar中。
在编译中需要使用elasticsearch的其他jar包:elasticsearch-7.4.2.jar,lucene-core-8.2.0.jar,x-pack-core-7.4.2.jar,netty-common-4.1.38.Final.jar,elasticsearch-core-7.4.2.jar。
[root@elastic-a]# ES_HOME=/usr/share/elasticsearch[root@elastic-a]# javac -cp "$ES_HOME/lib/elasticsearch-7.4.2.jar:$ES_HOME/lib/lucene-core-8.2.0.jar:$ES_HOME/lib/elasticsearch-core-7.4.2.jar:$ES_HOME/modules/netty-common-4.1.38.Final.jar:$ES_HOME/modules/x-pack-core-7.4.2.jar" LicenseVerifier.java[root@elastic-a]# javac -cp "$ES_HOME/lib/elasticsearch-7.4.2.jar:$ES_HOME/lib/lucene-core-8.2.0.jar:$ES_HOME/lib/elasticsearch-core-7.4.2.jar:$ES_HOME/modules/netty-common-4.1.38.Final.jar:$ES_HOME/modules/x-pack-core-7.4.2.jar" XPackBuild.java
此时在当前目录中会生成两个class文件。
单独创建一个文件夹,名为x-pack-core-new,将x-pack-core-7.4.2.jar文件拷贝这该目录下。使用jar命令进行解压缩,并将class文件替换原来的文件。
jar -xvf x-pack-core-7.4.2.jarcp ../XPackBuild.class /root/x-pack-core-new/org/elasticsearch/xpack/core/ //按y进行替换确认cp ../LicenseVerifier.class /root/x-pack-core-new/org/elasticsearch/license/
删除拷贝过来的x-pack-core-7.4.2.jar文件,重新生成x-pack-core-7.4.2.jar包。
rm -rf x-pack-core-7.4.2.jarjar cvf x-pack-core-7.4.2.jar . //此时的工作目录在x-pack-core-new中
将新的jar包拷贝到源目录中/usr/share/elasticsearch/modules/x-pack-core/,并替换掉源文件。
重新启动elasticsearch,看是否可以启动成功。
使用文本编辑器打开json文件,并将该License的type、expiry_date_in_millis、分别修改成platinum、2524579200999,文件名保存为license.json。这样license就成为白金版,可以使用X-PACK的所有功能。
在导入license之前,需要将elasticsearch安全配置为false并重启。不然会出现报错Cannot install a [PLATINUM] license unless TLS is configured or security is disabled
[root@elastic-a]# echo "xpack.security.enabled: false" >> /etc/elasticsearch/elasticsearch.yml[root@elastic-a]# systemctl restart elasticsearch[root@elastic-a]# curl -XPUT -u elastic 'http://localhost:9200/_xpack/license' -H "Content-Type: application/json" -d @/root/license.json{"acknowledged":true,"license_status":"valid"} # license写入成功 这里也可以从kibana界面上传license,在“管理” - “许可管理” - “更改许可”
以上信息说明许可导入成功。通过Kibana查看许可为platinum版本。
[root@elastic-a]# echo "xpack.security.transport.ssl.enabled: true" >> /etc/elasticsearch/elasticsearch.yml[root@elastic-a]# sed -i 's/xpack.security.enabled: false/xpack.security.enabled: true/g' /etc/elasticsearch/elasticsearch.yml[root@elastic-a]# systemctl restart elasticsearch
生成用户密码有两种方式:auto自动方式,interactive交互式手动设置,这里我们采用auto模式。
首先进入到elasticsearch的工作目录。
[root@elastic-a]# cd /usr/share/elasticsearch/bin[root@elastic-a]# ./elasticsearch-setup-passwords autoChanged password for user apm_systemPASSWORD apm_system = xxxxxxxxxxxxxxxxxxxxxChanged password for user kibanaPASSWORD kibana = xxxxxxxxxxxxxxxxxxxxxxxxxxxChanged password for user logstash_systemPASSWORD logstash_system = xxxxxxxxxxxxxxxxxxxChanged password for user beats_systemPASSWORD beats_system = xxxxxxxxxxxxxxxxxxxxxxxChanged password for user remote_monitoring_userPASSWORD remote_monitoring_user = xxxxxxxxxxxxxxxxxxxxxxxxChanged password for user elasticPASSWORD elastic = xxxxxxxxxxxxxxxxxxxxxxxxxx
如果不重新配置Kibana,Kibana无法连接ES
[root@IT-kibana kibana]# cat kibana.yml | grep ^[a-Z]server.port: 5601server.host: "xx.xx.xx.xx"server.name: "kibana"elasticsearch.hosts: ["http://elastic-a:9200"]elasticsearch.username: "kibana" //填写相应的用户名elasticsearch.password: "xxxxxxxxxxxxxxxxxxxxxx" //填写生成的用户密码i18n.locale: "zh-CN" //Kibana调整为中文
如果要开启TLS参考Elasticsearch 安全功能入门