注意:当x-pack安装好之后,Logstash 输出到es的配置文件 与 kibana 的配置文件中都要配置x-pack的账户密码,因为两个应用都需要与es连接。
syslog.conf
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["192.168.1.135:9200"]
user => elastic
password => elastic
index => "nginx-test-%{+YYYY.MM.dd}"
}
kibana.yml
#登入elasticsearch 账号密码
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
一、elasticsearch安装x-pack
1.切换安装目录
root@ubuntu: cd /usr/local/elk/elasticsearch-6.2.3/bin
2.执行安装命令
root@ubuntu:/usr/local/elk/elasticsearch-6.2.3/bin# ./elasticsearch-plugin install x-pack
-> Downloading x-pack from elastic
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin forks a native controller @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.
Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-security,x-pack-logstash,x-pack-core,x-pack-upgrade,x-pack-watcher,x-pack-monitoring,x-pack-ml,x-pack-deprecation,x-pack-graph
3.授权
root@ubuntu: cd /usr/local/elk/elasticsearch-6.2.3
root@ubuntu: chown -R elasticsearch.elasticsearch *
4.重启elasticsearch kill进程
root@ubuntu: su elasticsearch -c "/usr/local/elk/elasticsearch-6.2.3/bin/elasticsearch -d"
5.登入http://192.168.15.69:9200 已经出现验证界面
6. 修改密码 setup-passwords interactive
root@ubuntu:/usr/local/elk/elasticsearch-6.2.3/bin# x-pack/setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [elastic]
#查询所有用户
curl -XGET -u elastic 'localhost:9200/_xpack/security/user?pretty'
#查询所有Roles
curl -XGET -u elastic 'localhost:9200/_xpack/security/role'
二、kibana 安装x-pack
1.执行安装界面
root@ubuntu:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin# ./kibana-plugin install x-pack
2.添加配置文件kibana.yml
#登入elasticsearch 账号密码
elasticsearch.username: "elastic"
elasticsearch.password: "123abc"
#下面2条启动警告信息
xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"
3.重启kibana kill进程
root@ubuntu:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin/kibana &
4.登入http://192.168.15.69:5601/
5.进去kibana使用elastic账户登入
三、破解x-pack
查看到期时间
root@ubuntu:curl -XGET -u elastic:123abc "http://192.168.15.69:9200/_license"
直接在linux上机器上操作解压(jar -xvf x-pack-core-5.6.4.jar),在windows机器上使用Luyten(下载地址:https://github.com/deathmarine/Luyten/releases/tag/v0.5.0)进行反编译
使用Luyten打开org.elasticsearch/license/LicenseVerifier.class先保存为LicenseVerifier.java文件,然后修改内容如下
package org.elasticsearch.license;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
上传文件到linux机器,执行此命令编译得到LicenseVerifier.class文件
javac -cp “/opt/elasticsearch-5.6.4/lib/elasticsearch-5.6.4.jar:/opt/elasticsearch-5.6.4/lib/lucene-core-6.6.1.jar:/opt/elasticsearch-5.6.4/plugins/x-pack/x-pack-5.6.4.jar” LicenseVerifier.java
替换原有文件并重新打包
mkdir /opt/123
cd /opt/123
cp /opt/elasticsearch-5.6.4/plugins/x-pack/x-pack-5.6.4.jar /opt/123/
jar -xvf x-pack-5.6.4.jar
mv … /LicenseVerifier.class org/elasticsearch/license/
jar -cvf x-pack-core-5.6.4.jar ./*
root@ubuntu:cp -rf x-pack-core-6.2.3.jar /usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/
申请一个免费license(https://license.elastic.co/registration) 注册后可以下载文件,下载后修改,例如:
主要修改:type改为platinum表示可以使用所有功能 ; expiry_date_in_millis 我这里改了10年
issue_date_in_millis":1490832000000
因为elasticsearch 6.2.3,现在更新license文件时,要么配置SSL\TLS,要么就禁用security。
更新之前先配置elasticsearch.yml,加入:
xpack.security.enabled: false
重启elasticsearch
执行更新license语句
root@ubuntu:curl -XPUT -u elastic:123abc 'http://192.168.15.69:9200/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @license.json
生效之后,配置elasticsearch.yml 再开启security,并开启SSL\TLS:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
最后重启elasticsearch。
查看License状态:
root@ubuntu:curl -XGET -u elastic:elastic "http://192.168.15.69:9200/_license"
或登入kibana查看