x-pack只给了30天的试用,可能我们摸清楚Elasticsearch怎么用就不止30天了。所以我们还是主动延长一下x-pack的使用期。
接下来我们演示在8.0.1版本下延长x-pack的试用期限。
首先先去elastic的github仓库获取源码,我们需要以下两个文件:
elasticsearch-8.0.1x-packplugincoresrcmainjavaorgelasticsearchlicenseLicenseVerifier.java elasticsearch-8.0.1x-packplugincoresrcmainjavaorgelasticsearchxpackcoreXPackBuild.java修改x-pack源码
首先注释掉LicenseVerifier.java的校验代码:
package org.elasticsearch.license;
import org.apache.lucene.util.BytesRef;
import org.apache.lucene.util.BytesRefIterator;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.core.internal.io.Streams;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentFactory;
import org.elasticsearch.xcontent.XContentType;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.base64;
import java.util.Collections;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, PublicKey publicKey) {
return true;
}
private static final PublicKey PUBLIC_KEY;
static {
try (InputStream is = LicenseVerifier.class.getResourceAsStream("/public.key")) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, out);
PUBLIC_KEY = CryptUtils.readPublicKey(out.toByteArray());
} catch (IOException e) {
throw new AssertionError("key file is part of the source and must deserialize correctly", e);
}
}
public static boolean verifyLicense(final License license) {
//return verifyLicense(license, PUBLIC_KEY);
return true;
}
}
然后修改XPackBuild.java
package org.elasticsearch.xpack.core;
import org.elasticsearch.core.PathUtils;
import org.elasticsearch.core.SuppressForbidden;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
public class XPackBuild {
public static final XPackBuild CURRENT;
static {
final String shortHash;
final String date;
Path path = getElasticsearchCodebase();
shortHash = "Unknown";
date = "Unknown";
CURRENT = new XPackBuild(shortHash, date);
}
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
private String shortHash;
private String date;
XPackBuild(String shortHash, String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return shortHash;
}
public String date() {
return date;
}
}
编译java文件
编译环境:UbuntuJava版本:Openjdk17Elasticsearch版本:8.0.1 安装Elasticsearch
安装Elasitcsearch为了提供编译需要的jar包。
- 下载并安装PGP Key
$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
- 安装Elasticsearch Debain Package
apt-get update && sudo apt-get install elasticsearch安装java环境
- 安装openjdk17
$ apt install openjdk-17-jdk
- 测试是否安装成功
$ java --version openjdk 17.0.1 2021-10-19 OpenJDK Runtime Environment (build 17.0.1+12-Ubuntu-120.04) OpenJDK 64-Bit Server VM (build 17.0.1+12-Ubuntu-120.04, mixed mode, sharing)将java源码编译为class文件
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-8.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-9.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-8.0.1.jar" /root/LicenseVerifier.java javac -cp "/usr/share/elasticsearch/lib/elasticsearch-8.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-9.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-8.0.1.jar" /root/XPackBuild.java
我们会得到LicenseVerifier.class和XPackBuild.class两个编译好的class文件
修改x-pack-core文件位置:
/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar
- 把x-pack-core-8.0.1.jar复制到任意位置,然后解包:
$ jar -xvf x-pack-core-8.0.1.jar
- 删除当前文件夹下的x-pack-core-8.0.1.jar覆盖破解好的文件:
LicenseVerifier.class 路径在 /org/elasticsearch/license/LicenseVerifier.class
XPackBuild.class 路径在 /org/elasticsearch/xpack/core/XPackBuild.class重新打包x-pack-core-8.0.1.jar
$ jar cvf x-pack-core-8.0.1.jar *
- 把破解好的文件覆盖到/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar就完成破解。
- 启动elasticsearch
$ docker run -d -p 9200:9200 --name=elasticsearch -e xpack.security.enabled=false -e discovery.type=single-node elasticsearch:8.0.1
- 用修改的x-pack-core-8.0.1.jar替换镜像内的原版
$ docker cp .x-pack-core-8.0.1.jar elasticsearch:/usr/share/elasticsearch/modules/x-pack-core
- 修改镜像内文件的权限
首先以root用户进入容器
$ docker exec -it -u root elasticsearch /bin/bash
然后修改x-pack-core-8.0.1.jar的权限
$ cd /usr/share/elasticsearch/modules/x-pack-core $ chmod -R 444 x-pack-core-8.0.1.jar $ chown -R root x-pack-core-8.0.1.jar $ chgrp -R root x-pack-core-8.0.1.jar $ exit
- 重启容器
$ docker restart elasticsearch
- 生成镜像
$ docker commit elasticsearch elasticsearch:8.0.1C
使用elasticsearch:8.0.1C这个镜像再导入证书就可以直接激活白金权限了
6. 导出/导入镜像
# 导出镜像为tar文件 $ docker save -o elastic.tar elasticsearch:8.0.1C # 导入tar镜像 $ docker load -i elastic.tar激活白金授权 申请Basic License
到这个网址申请授权,我们会得到一个license.json。文件内容大概是下面这个样子
{
"license": {
"uid": "13370dd7-23e4-4470-ad2a-ccacb620f60a",
"type": "basic",
"issue_date_in_millis": 1563235200000,
"expiry_date_in_millis": 2207746200000,
"max_nodes": 10000,
"issued_to": "netpro",
"issuer": "Web Form",
"signature": "AAAAAwAAAA3uiNJR7B8rdgnwFZItAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCyhef7hVFMq4orIbwULz0c1dX+Ng4sva5RTmWxKYLnJAyXmMRLp2Pvk9YE5G9JoI4gaSB4mIUtVyPzNGJpHLQCPS/kQ8y0B+mc0aXbBKZgbDTqE6p9E+kk1j8myN9GU+JR8QnYd8GiP4ziBUc2zOyx4hskiGE++Kx1KbD4862GbZwLCo9pIIHoxnpt44OytDB9lb7rYr2JBwc07flaR8ndkHlOL7AhuV2OMwDNw978l4OK/O4qxdthxc/XVo6l03IkVoy17coeJ9Oi4YIpOBXrIAYRgjPa68SvnnM8Ykb0KvNvJ7Y8GJ7x+l2q5qMu8QrBeJQ6U0fH/2ATgUy9EiwA",
"start_date_in_millis": 1563235200000
}
}
### 修改授权类型和过期时间
我们需要修改license.json的以下内容:
修改type为platinum修改expiry_date_in_millis为2524579200999(过期时间为2050年) 导入授权
这里我们直接用别人修改好的授权文件license.json
{
"license": {
"uid": "13370dd7-23e4-4470-ad2a-ccacb620f60a",
"type": "platinum",
"issue_date_in_millis": 1563235200000,
"expiry_date_in_millis": 3207746200000,
"max_nodes": 10000,
"issued_to": "bibi",
"issuer": "Web Form",
"signature": "AAAAAwAAAA3uiNJR7B8rdgnwFZItAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCyhef7hVFMq4orIbwULz0c1dX+Ng4sva5RTmWxKYLnJAyXmMRLp2Pvk9YE5G9JoI4gaSB4mIUtVyPzNGJpHLQCPS/kQ8y0B+mc0aXbBKZgbDTqE6p9E+kk1j8myN9GU+JR8QnYd8GiP4ziBUc2zOyx4hskiGE++Kx1KbD4862GbZwLCo9pIIHoxnpt44OytDB9lb7rYr2JBwc07flaR8ndkHlOL7AhuV2OMwDNw978l4OK/O4qxdthxc/XVo6l03IkVoy17coeJ9Oi4YIpOBXrIAYRgjPa68SvnnM8Ykb0KvNvJ7Y8GJ7x+l2q5qMu8QrBeJQ6U0fH/2ATgUy9EiwA",
"start_date_in_millis": 1563235200000
}
}
导入授权:
curl -XPUT -u elastic 'http://192.168.0.106:9200/_license' -H "Content-Type: application/json" -d @license.json
在kibana里能看到授权成功
