es6.7集群配置安装略
申请license 证书 https://register.elastic.co 按照提示填写相关内容
填写完成后邮箱会收到一封邮件按照提示下载证书即可,邮件内容如下:
证书下载完成后修改到期时间,编辑器打开修改以下内容
"type":"basic" 替换为 "type":"platinum" # 基础版变更为铂金版
"expiry_date_in_millis":1561420799999 替换为 "expiry_date_in_millis":3107746200000# 1年变为50年
ES6之后xpack为默认安装,破解需要重写x-pack下的2个类:LicenseVerifier.java和XPackBuild.java 将es目录modules/x-pack-core/x-pack-core-6.7.0.jar下载进行反编译修改
vim LicenseVerifier.java
#LicenseVerifier 中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回true.
package org.elasticsearch.license;
import java.nio.*; import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier {
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
vim XPackBuild.java
#最后一个静态代码块中 try的部分全部删除,这部分会验证jar包是否被修改
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild {
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try { return PathUtils.get(url.toURI()); }
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus); }
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date(){
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: { shortHash = "Unknown"; date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
重新编译打包后替换原来的x-pack-core-6.7.0.jar 重启ES集群
为方便今后使用已保留一份修改好的可供使用,下载地址:
链接:https://pan.baidu.com/s/1qI6DaUKsF-ydgFYzUEwHxw
提取码:a2zv
上传改好的证书到服务器
[root@master elasticsearch]# ll kc-license.json
-rw-r--r-- 1 root root 1210 Dec 3 14:38 kc-license.json
修改hosts 保证es配置文件中的节点名称与hosts中主机名称保持一致
启动ES集群(三个节点)
./bin/elasticsearch -d
查看集群状态
http://主节点IP:9200/_cluster/health?pretty 集群正常状态返回结果如下:
导入证书需要用到集群的用户名密码
为es集群用户设置密码
启动x-pack安全插件
curl -H "Content-Type:application/json" -XPOST http://192.168.1.159:9200/_xpack/license/start_trial?acknowledge=true
bin/elasticsearch-setup-passwords interactive
共需要为6个用户设置密码
此时若导入证书会报错如下:
{"error":{"root_cause":[{"type":"remote_transport_exception","reason":"[node1][192.168.1.212:9300][cluster:admin/xpack/license/put]"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":500}[root@master elastics
大致意思是需要配置SSL安全连接
因此需要配置CA认证SSL证书 ES6.7自带生成证书工具,无需搭建openssl
[root@master elasticsearch]# ./bin/elasticsearch-certgen
完成后会生成cert.zip文件,解压后有ca 和节点密钥文件夹
将生成的证书上传到其他节点解压放到统一目录下
修改ES配置文件,添加以下内容
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: /opt/elasticsearch/config/kcwles/kcwles.key
xpack.ssl.certificate: /opt/elasticsearch/config/kcwles/kcwles.crt
xpack.ssl.certificate_authorities: /opt/elasticsearch/config/ca/ca.crt
三个节点全部修改完后全部重启
导入证书
curl -XPUT -u elastic 'http://192.168.1.211:9200/_license?acknowledge=true' -H "Content-Type: application/json" -d @/opt/elasticsearch/kc-license.json
输入密码,导入成功返回如下:
{"acknowledged":true,"license_status":"valid"}
查看证书状态:
curl -XGET -u elastic 'http://192.168.1.211:9200/_license'
此时到期时间已经修改为2068年。以上操作均在主节点进行,从节点无需操作自动同步
配置kibana
修改kibana.yml添加以下内容
server.port: "5601"
server.host: "192.168.1.213"
elasticsearch.hosts: ["http://192.168.1.211:9200"] #添加ES主节点IP地址
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
登录Kibana此时会看到用户登录验证页面