ELK 系列三、ELK6.5.3 +xpack编译

目录

一、编译生成jar包和license更新

1.1开启试用版

1.2 进入/usr/local目录（根据自己喜好选择，创建的文件后期会删除）

1.3 分别编译两个文件

1.4 覆盖之前的jar文件

1.5 修改elasticsearch.yml配置文件

 1.6 生成用户名和密码

1.7 将生成的elastic密码配置到kibana中

1.8 启动kibana(先重启elasticsearch)

二、配置logstash

三、新增账号密码

---

 

大家好，继续上一章安装部署完环境后需要开启用户登录授权等白金许可证的功能。我把许可证续到2050年了

 

好，不多说了，开始操作

 

一、编译生成jar包和license更新

由于在elasticsearch在6.3版本之后x-pack是默认安装好的，所以不再需要用户自己去安装，在此之前你可以先体验试用版30天（不影响后面破解

1.1开启试用版

启动elasticsearch后通过curl启动试用版(注意端口修改)

curl -H "Content-Type:application/json" -XPOST  http://localhost:9200/_xpack/license/start_trial?acknowledge=true

当然你也可以在网页上操作

点击Management，点击 Elasticsearch，点击 License Management，再开启试用

1.2 进入/usr/local目录（根据自己喜好选择，创建的文件后期会删除）

如果不想自己弄的也可以直接使用我打包好的(然后可以跳到步骤1.4的覆盖命令去)

jar包下载地址:https://pan.baidu.com/s/1L3cqrSP6Q3s1oREISjEj7g  密码:t3q4

①创建LicenseVerifier.java文件

vim LicenseVerifier.java
 

package org.elasticsearch.license; 
import java.nio.*; import java.util.*; 
import java.security.*; 
import org.elasticsearch.common.xcontent.*; 
import org.apache.lucene.util.*; 
import org.elasticsearch.common.io.*; 
import java.io.*; 
 
public class LicenseVerifier { 
    public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
        return true; 
    } 
    
    public static boolean verifyLicense(final License license)     { 
        return true; 
    } 
}

②创建XPackBuild.java文件

vim XPackBuild.java
 

package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*; 
import java.util.jar.*; 
public class XPackBuild { 
    public static final XPackBuild CURRENT;
    private String shortHash; 
    private String date; 
    @SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() { 
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try { return PathUtils.get(url.toURI()); }
        catch (URISyntaxException bogus) { 
            throw new RuntimeException(bogus); } 
        } 
        
    XPackBuild(final String shortHash, final String date) {
            this.shortHash = shortHash; 
            this.date = date; 
            } 
            
    public String shortHash() {
        return this.shortHash;
        } 
    public String date(){ 
        return this.date; 
        }
        
    static { 
        final Path path = getElasticsearchCodebase();
        String shortHash = null; 
        String date = null;
        Label_0157: { shortHash = "Unknown"; date = "Unknown"; 
    } 
    
    CURRENT = new XPackBuild(shortHash, date); 
    }
}

1.3 分别编译两个文件

javac -cp "/data/elasticsearch-6.5.3/lib/elasticsearch-6.5.3.jar:/data/elasticsearch-6.5.3/lib/lucene-core-7.5.0.jar:/data/elasticsearch-6.5.3/modules/x-pack-core/x-pack-core-6.5.3.jar" LicenseVerifier.java
javac -cp "/data/elasticsearch-6.5.3/lib/elasticsearch-6.5.3.jar:/data/elasticsearch-6.5.3/lib/lucene-core-7.5.0.jar:/data/elasticsearch-6.5.3/modules/x-pack-core/x-pack-core-6.5.3.jar:/data/elasticsearch-6.5.3/lib/elasticsearch-core-6.5.3.jar"  XPackBuild.java

编译完成后会生成LicenseVerifier.class和XPackBuild.class两个文件

1.4 覆盖之前的jar文件

cd /usr/local
mkdir tempJar
cp /data/elasticsearch-6.5.3/modules/x-pack-core/x-pack-core-6.5.3.jar tempJar/
cd tempJar
jar -xf x-pack-core-6.5.3.jar
cp ../LicenseVerifier.class org/elasticsearch/license/
cp ../XPackBuild.class org/elasticsearch/xpack/core/
rm x-pack-core-6.5.3.jar
jar -cvf x-pack-core-6.5.3.jar *
#覆盖之前备份原jar包
cp /data/elasticsearch-6.5.3/modules/x-pack-core/x-pack-core-6.5.3.jar /data/elasticsearch-6.5.3/modules/x-pack-core/x-pack-core-6.5.3.jar.bak
#覆盖之前的jar包
cp x-pack-core-6.5.3.jar /data/elasticsearch-6.5.3/modules/x-pack-core/

1.5 修改elasticsearch.yml配置文件

vim /data/elasticsearch-6.5.3/config/elasticsearch.yml

#添加如下代码打开x-pack安全验证
xpack.security.enabled: true

 1.6 生成用户名和密码

#需要重启elasticsearch，上面的配置修改才起作用
5.生成用户名和密码
cd /data/elasticsearch，上面的配置修改才起作用-6.5.3/bin
#自动生成(二选一)
./elasticsearch-setup-passwords auto
#手动生成(二选一)
./elasticsearch-setup-passwords interactive

我这次使用了自动

./elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = Qql5kU1s0qlgjvH5OeTcZ7

Changed password for user kibana
PASSWORD kibana = 9BTNVpn1xF21k2bcAKH1He

Changed password for user logstash_system
PASSWORD logstash_system = JFboJA33c997QcxMetkMTX

Changed password for user beats_system
PASSWORD beats_system = PEjPdJw9r4HUZ8kHezOK5Zy

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 1yn3L53C71Wgml8uGdKUcf

Changed password for user elastic
PASSWORD elastic = 1CHYC5IO6T86rgZM66kyOw

 

修改密码命令

curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'

 

可以执行测试命令

curl 127.0.0.1:9200 --user elastic:123456

 

1.7 将生成的elastic密码配置到kibana中

vim /data/kibana-6.5.3-linux-x86_64/config/kibana.yml
#找到以下参数并修改(以下用户名和密码均为你自己的elasticsearch的账户和密码)
#就是上一步骤5生成的密码
elasticsearch.username: elastic
elasticsearch.password: 1CHYC5IO6T86rgZM66kyOw

1.8 启动kibana(先重启elasticsearch)

supervisorctl restart elasticsearch
supervisorctl restart kibana

启动完成后访问kibana(这个就不用我多说了吧，记得要开放端口哦)

但是我们发现只有一个月的试用时间（在登陆成功后的主页面Management->LicenseManagement可以看到）

 

更新license前先关闭x-pack，不然会报错

{"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":500}

关闭操作：

vim /data/elasticsearch-6.5.3/config/elasticsearch.yml
#添加如下代码打开x-pack安全验证
xpack.security.enabled: false


#然后重启
supervisorctl restart elasticsearch

 

我生成的license内容为：

"type":"platinum" 为白金版许可证，如果需要自己生成license可去官网申请然后修改

license.json的内容如下：

{"license":{"uid":"21b42476-d3a5-4662-95e3-7463c9a9c167","type":"platinum","issue_date_in_millis":1545177600000,"expiry_date_in_millis":2544271999999,"max_nodes":100,"issued_to":"wei wu (wu2700222)","issuer":"Web Form","signature":"AAAAAwAAAA0BdC1OCE7WMDdZ1TX7AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCCwaKavNagUevP7tN1UWQm/z55fhxtdtdjWkE5MD5pI34OZFd8UZmvy5k0zhhE1wteH8AglWG7J5TPFbpW4dkQ2SdhOmvv5QeFjrzeCgmQl4r1H0lBmZ9sznAwK9yKKh4v4BTNIW6y4LDzYmKdMU1JUpbr9gvULOlZxRyGijA09phlyJ97mQfnjPSvn55Bg8PXhsoJ2RIabUAK204z5bYHINKfRltKyy6b3QuRjPHtzEP6xsON6STHROAVWLrmy3XUp2VMC2gQnx9G64xgMBdvC7KZQfpJiXqWAJf49Ojz+xAf0xC9DhGopq+a29fb5GutPaeIi10XDopfkn9z4ZeL","start_date_in_millis":1545177600000}}

然后把license.json上传到服务器并使用curl提交

curl -XPUT -u elastic 'http://127.0.0.1:9200/_xpack/license' -H "Content-Type: application/json" -d @elk_license.json

 

返回{"acknowledged":true,"license_status":"valid"} 则成功

接着重启打开x-pack

vim /data/elasticsearch-6.5.3/config/elasticsearch.yml
#添加如下代码打开x-pack安全验证
xpack.security.enabled: true


#然后重启
supervisorctl restart elasticsearch

有网友反应碰到一个情况，重启es后报错信息如下：

[2019-01-21T21:23:07,030][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@192.168.1.222:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@192.168.1.222:9200/][Manticore::SocketException] Connection refused"}

解决方法：

在上面的配置文件中再增加一项：

xpack.security.transport.ssl.enabled: true

 

二、配置logstash

因为我们打开了x-pack，需要认证才能上传数据，所有需要在logstash的配置文件中加入认证

[root@i-uzt2a3oi local]# vim /data/logstash-6.5.3/default.conf

需要修改output中的设置，新增user和password

output {
  if [logtype] == "otosaas_app_xingneng" {
    elasticsearch {
        user => "elastic"
        password => "XXXXXX"
        hosts => ["127.0.0.1:9200"]
        index => "otosaas_app_xingneng-%{+YYYY.MM.dd}"
    }
  }
  if [logtype] == "otosaas_app_yunxing" {
    elasticsearch {
        user => "elastic"
        password => "XXXXXX"
        hosts => ["127.0.0.1:9200"]
        index => "otosaas_app_yunxing-%{+YYYY.MM.dd}"
    }
  }
  if [logtype] == "otosaas_konglog" {
    elasticsearch {
        user => "elastic"
        password => "XXXXXX"
        hosts => ["127.0.0.1:9200"]
        index => "otosaas_konglog-%{+YYYY.MM.dd}"
    }
  }
}

不然logstash会报401和403错误

修改完需要重启logstash

 

三、新增账号密码

新增xpack后第一次登录http://192.168.1.78:5601/的时候使用 elastic/XXXX  用户密码登录

然后可以新建一个超级管理员，一个普通read用户

用户roles选择superuser为超级管理员

新增普通用户，先新建一个view的roles，设置如下

然后再新建一个users，绑定这个view就ok了