安装x-pack（密码登录）

最新推荐文章于 2024-07-26 14:41:58 发布

sixgod_0807

最新推荐文章于 2024-07-26 14:41:58 发布

阅读量703

点赞数

分类专栏： ELK

本文链接：https://blog.csdn.net/weixin_39318540/article/details/108208553

版权

ELK 专栏收录该内容

9 篇文章 0 订阅

订阅专栏

注意：当x-pack安装好之后，Logstash 输出到es的配置文件与 kibana 的配置文件中都要配置x-pack的账户密码，因为两个应用都需要与es连接。

syslog.conf

output {

stdout { codec => rubydebug }

elasticsearch {

hosts => ["192.168.1.135:9200"]

user => elastic

password => elastic

index => "nginx-test-%{+YYYY.MM.dd}"

}

kibana.yml

#登入elasticsearch 账号密码

elasticsearch.username: "elastic"

elasticsearch.password: "elastic"

一、elasticsearch安装x-pack 

1.切换安装目录

root@ubuntu: cd /usr/local/elk/elasticsearch-6.2.3/bin

2.执行安装命令

root@ubuntu:/usr/local/elk/elasticsearch-6.2.3/bin# ./elasticsearch-plugin install x-pack

-> Downloading x-pack from elastic

[=================================================] 100%

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: plugin requires additional permissions @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

* java.io.FilePermission \\.\pipe\* read,write

* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries

* java.lang.RuntimePermission getClassLoader

* java.lang.RuntimePermission setContextClassLoader

* java.lang.RuntimePermission setFactory

* java.net.SocketPermission * connect,accept,resolve

* java.security.SecurityPermission createPolicy.JavaPolicy

* java.security.SecurityPermission getPolicy

* java.security.SecurityPermission putProviderProperty.BC

* java.security.SecurityPermission setPolicy

* java.util.PropertyPermission * read,write

See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html

for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: plugin forks a native controller @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This plugin launches a native controller that is not subject to the Java

security manager nor to system call filters.

Continue with installation? [y/N]y

Elasticsearch keystore is required by plugin [x-pack-security], creating...

-> Installed x-pack with: x-pack-security,x-pack-logstash,x-pack-core,x-pack-upgrade,x-pack-watcher,x-pack-monitoring,x-pack-ml,x-pack-deprecation,x-pack-graph

3.授权

root@ubuntu: cd /usr/local/elk/elasticsearch-6.2.3

root@ubuntu: chown -R elasticsearch.elasticsearch *

4.重启elasticsearch kill进程

root@ubuntu: su elasticsearch -c "/usr/local/elk/elasticsearch-6.2.3/bin/elasticsearch -d"

5.登入http://192.168.15.69:9200 已经出现验证界面

6. 修改密码 setup-passwords interactive

root@ubuntu:/usr/local/elk/elasticsearch-6.2.3/bin# x-pack/setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.

You will be prompted to enter passwords as the process progresses.

Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:

Reenter password for [elastic]:

Enter password for [kibana]:

Reenter password for [kibana]:

Enter password for [logstash_system]:

Reenter password for [logstash_system]:

Changed password for user [kibana]

Changed password for user [logstash_system]

Changed password for user [elastic]

#查询所有用户

curl -XGET -u elastic 'localhost:9200/_xpack/security/user?pretty'

#查询所有Roles

curl -XGET -u elastic 'localhost:9200/_xpack/security/role'

二、kibana 安装x-pack

1.执行安装界面

root@ubuntu:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin# ./kibana-plugin install x-pack

2.添加配置文件kibana.yml

#登入elasticsearch 账号密码

elasticsearch.username: "elastic"

elasticsearch.password: "123abc"

#下面2条启动警告信息

xpack.reporting.encryptionKey: "a_random_string"

xpack.security.encryptionKey: "something_at_least_32_characters"

3.重启kibana kill进程

root@ubuntu:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin/kibana &

4.登入http://192.168.15.69:5601/

5.进去kibana使用elastic账户登入

三、破解x-pack

查看到期时间

root@ubuntu:curl -XGET -u elastic:123abc "http://192.168.15.69:9200/_license"

直接在linux上机器上操作解压（jar -xvf x-pack-core-5.6.4.jar），在windows机器上使用Luyten(下载地址：https://github.com/deathmarine/Luyten/releases/tag/v0.5.0）进行反编译

使用Luyten打开org.elasticsearch/license/LicenseVerifier.class先保存为LicenseVerifier.java文件，然后修改内容如下

package org.elasticsearch.license;

public class LicenseVerifier

{

public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {

return true;

}

public static boolean verifyLicense(final License license) {

return true;

}

上传文件到linux机器，执行此命令编译得到LicenseVerifier.class文件

javac -cp “/opt/elasticsearch-5.6.4/lib/elasticsearch-5.6.4.jar:/opt/elasticsearch-5.6.4/lib/lucene-core-6.6.1.jar:/opt/elasticsearch-5.6.4/plugins/x-pack/x-pack-5.6.4.jar” LicenseVerifier.java

替换原有文件并重新打包

mkdir /opt/123

cd /opt/123

cp /opt/elasticsearch-5.6.4/plugins/x-pack/x-pack-5.6.4.jar /opt/123/

jar -xvf x-pack-5.6.4.jar

mv … /LicenseVerifier.class org/elasticsearch/license/

jar -cvf x-pack-core-5.6.4.jar ./*

root@ubuntu:cp -rf x-pack-core-6.2.3.jar /usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/

申请一个免费license(https://license.elastic.co/registration) 注册后可以下载文件,下载后修改，例如：

主要修改：type改为platinum表示可以使用所有功能 ; expiry_date_in_millis 我这里改了10年

issue_date_in_millis":1490832000000

因为elasticsearch 6.2.3，现在更新license文件时，要么配置SSL\TLS，要么就禁用security。

更新之前先配置elasticsearch.yml，加入：

xpack.security.enabled: false

重启elasticsearch

执行更新license语句

root@ubuntu:curl -XPUT -u elastic:123abc 'http://192.168.15.69:9200/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @license.json

生效之后，配置elasticsearch.yml 再开启security，并开启SSL\TLS：

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

最后重启elasticsearch。

查看License状态：

root@ubuntu:curl -XGET -u elastic:elastic "http://192.168.15.69:9200/_license"

或登入kibana查看