elasticsearch实战之xpack安装、解密和更换证书以及head加密

前面有专门讲解xpack的安装，但介于整个过程比较繁琐，所以本章节简化操作。

1 环境介绍

ip	软件版本	节点属性	节点环境	操作系统
192.168.116.2	elaticsearch6.5.1	master	java、node	CentOS 7.6.1810
192.168.116.3	elaticsearch6.5.1	slave	java、node	CentOS 7.6.1810
192.168.116.4	elaticsearch6.5.1	slave	java、node	CentOS 7.6.1810

elaticsearch6.5.1集群安装详见：

安装完之后通过日志和证书类型发现：当前证书类型为basic。

2 修改x-pack-core-6.5.1.jar,反向编译和修改两个验证文件

1）解压jar包

jar包所在路径:elasticsearch-6.5.1/modules/x-pack-core/x-pack-core-6.5.1.jar
LicenseVerifier.class 位于 x-pack-core-6.5.1\org\elasticsearch\license

cd /u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core
mkdir /tmp/core                               #创建临时目录
unzip x-pack-core-6.5.1.jar -d /tmp/core/    #解压jar包，或者通过jar -xf 解压也可以

通过filezilla将两个class文件下载到本地电脑

2）反向编译并编辑两个静态方法的文件

如果不修改这两个文件，直接导入license，则会导入失败

1> 安装反编译软件jd-gui

https://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-windows-1.6.6.zip

打开jd-gui，打开文件–选择目标文件（确认后选择打开）—file—save（保存为.java文件即可）–用notepad++打开编辑即可—保存

<1> 反编译LicenseVerifier.class文件

notepad++编辑，保存为LicenseVerifier.java

package org.elasticsearch.license;
import java.nio.*; 
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
 
public class LicenseVerifier {
    
     
    public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
    
    
        return true; 
    } 
    
    public static boolean verifyLicense(final License license)     {
    
     
        return true; 
    } 
}

<2> 反编译XPackBuild.class文件

notepad++编辑，保存为XPackPlugin.java

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*; 
import java.util.jar.*; 
public class XPackBuild {
    
     
    public static final XPackBuild CURRENT;
    private String shortHash; 
    private String date; 
    @SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
    
     
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
    
     return PathUtils.get(url.toURI()); }
        catch (URISyntaxException bogus) {
    
     
            throw new RuntimeException(bogus); } 
        } 
        
    XPackBuild(final String shortHash, final String date) {
    
    
            this.shortHash = shortHash; 
            this.date = date; 
            } 
            
    public String shortHash() {
    
    
        return this.shortHash;
        } 
    public String date(){
    
     
        return this.date; 
        }
        
    static {
    
     
        final Path path = getElasticsearchCodebase();
        String shortHash = null; 
        String date = null;
        Label_0157: {
    
     shortHash = "Unknown"; date = "Unknown"; 
    } 
    
    CURRENT = new XPackBuild(shortHash, date); 
    }
}

2> 通过filezilla上传编辑好的文件到系统中

3> 编译文件

javac -cp "/u01/isi/application/component/elasticsearch-6.5.1/lib/elasticsearch-6.5.1.jar:/u01/isi/application/component/elasticsearch-6.5.1/lib/lucene-core-7.5.0.jar:/u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/x-pack-core-6.5.1.jar:/u01/isi/application/component/elasticsearch-6.5.1/lib/elasticsearch-core-6.5.1.jar" XPackBuild.java

javac -cp "/u01/isi/application/component/elasticsearch-6.5.1/lib/elasticsearch-6.5.1.jar:/u01/isi/application/component/elasticsearch-6.5.1/lib/lucene-core-7.5.0.jar:/u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/x-pack-core-6.5.1.jar" LicenseVerifier.java

4> 将编译好的文件打包并复制回原目录

cd /tmp/core
mv LicenseVerifier.class org/elasticsearch/license/   #将编译好的class文件移到到原来的路径下
mv XPackBuild.class org/elasticsearch/xpack/core/     #将编译好的class文件移到到原来的路径下
rm -rf XPackBuild.java LicenseVerifier.java           #删除java文件
jar -cvf x-pack-core-6.5.1.jar ./*                    #打包
cp /u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/{
    
    x-pack-core-6.5.1.jar,x-pack-core-6.5.1.jar.bak}                  #备份原有的jar包
mv x-pack-core-6.5.1.jar /u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/                                            #替换jar包
chown -R isi:isi /u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/  #统一文件的属性
chmod -R 755 /u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/*    #统一文件的权限

3 证书申请

1）从官网申请basic授权文件

https://license.elastic.co/registration         #其他信息随便写,邮箱必须真实,country写china

2）授权文件修改

"type":"basic" 替换为"platinum"    # 基础版变更为铂金版
"expiry_date_in_millis":1561420799999 替换为3107746200000   #1年变为50年

4 开始解密并上传证书

1）将编译好的jar包拷贝到其他节点

scp -p  /u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/x-pack-core-6.5.1.jar 192.168.116.3:/u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/
scp -p  /u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/x-pack-core-6.5.1.jar 192.168.116.4:/u01/isi/application/component/elasticsearch-6.5.1/modules/x-pack-core/

2）授权(修改配置文件后记得重启)

1> 禁用security，如果不禁用，将不能正常导入授权文件

cat elasticsearch.yml
...
...
xpack.security.enabled: false

2> 上传license证书,通过filezilla上传到elasticsearch的目录下即可

curl -H "Content-Type: application/json" -XPUT '192.168.1.156:9200/_xpack/license?acknowledge=true' -d @license.json

3> 生成xpack证书(主服务器生成，并分发到其他node节点)

cd /u01/isi/application/component/elasticsearch-6.5.1/bin
./elasticsearch-certutil ca                             #按两次回车即可
./elasticsearch-certutil cert --ca elastic-stack-ca.p12 #按三次回车即可
mv ./elastic-certificates.p12 ../config/                #移动到config目录下
mv ./elastic-stack-ca.p12 ../config/                    #移动到config目录下
scp -p ../config/elastic-certificates.p12 192.168.116.3:/u01/isi/application/component/elasticsearch-6.5.1/config/ #分到到116.3节点
scp -p ../config/elastic-certificates.p12 192.168.116.4:/u01/isi/application/component/elasticsearch-6.5.1/config/ #分到到116.4节点

4> 配置文件添加xpack配置并重启(所有节点)

cat elasticsearch.yml
...
#启用security
xpack.security.enabled: true     
#开启集群中https传输
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
#解决head无法登录问题
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

5> 修改密码(否则将无法进行数据读取)

安装完成X-Pack之后重启Elasticsearch和Kibana，再次登陆Elasticsearch和Kibana，会提示需要输入用户名和密码，因此还需要修改密码。

cd /u01/isi/application/component/elasticsearch-6.5.1/bin
./elasticsearch-setup-passwords interactive     #自定义修改 
或（二选一）
./elasticsearch-setup-passwords auto            #自动生成密码，默认密码：changeme

也可通过kibana修改 manageement->security->users->change password
注:修改密码后记得在kibana.yml中同步配置用户名密码

6> 查看license是否生效

curl '192.168.116.2:9200/_xpack/license?pretty' -u elastic:password -H "Content-Type: application/json"

7> kibana配置添加

cat kibana.yml
...
elasticsearch.username: elastic
elasticsearch.password: zkwg123
#因为开启了elastic https传输所以要把http改为https
elasticsearch.hosts: ["https://localhost:9200"]
#ssl证书认证为none
elasticsearch.ssl.verificationMode: none

8> 访问head端口方式(url中增加了参数)

http://192.168.116.2:9100/?auth_user=elastic&auth_password=zkwg123