一、elasticsearch安装x-pack
1.切换安装目录
root@ubuntu: cd /usr/local/elk/elasticsearch-6.2.3/bin
2.执行安装命令
root@ubuntu:/usr/local/elk/elasticsearch-6.2.3/bin# ./elasticsearch-plugin install x-pack
-> Downloading x-pack from elastic
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin forks a native controller @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.
Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-security,x-pack-logstash,x-pack-core,x-pack-upgrade,x-pack-watcher,x-pack-monitoring,x-pack-ml,x-pack-deprecation,x-pack-graph
3.授权
root@ubuntu: cd /usr/local/elk/elasticsearch-6.2.3
root@ubuntu: chown -R elasticsearch.elasticsearch *
4.重启elasticsearch kill进程
root@ubuntu: su elasticsearch -l -c "/usr/local/elk/elasticsearch-6.2.3/bin/elasticsearch -d"
5.登入http://192.168.15.69:9200 已经出现验证界面
6. 修改密码 setup-passwords interactive
root@ubuntu:/usr/local/elk/elasticsearch-6.2.3/bin# x-pack/setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [elastic]
#查询所有用户
curl -XGET -u elastic 'localhost:9200/_xpack/security/user?pretty'
#查询所有Roles
curl -XGET -u elastic 'localhost:9200/_xpack/security/role'
二、kibana 安装x-pack
1.执行安装界面
root@ubuntu:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin# ./kibana-plugin install x-pack
2.添加配置文件kibana.yml
#登入elasticsearch 账号密码
elasticsearch.username: "elastic"
elasticsearch.password: "123abc"
#下面2条启动警告信息
xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"
3.重启kibana kill进程
root@ubuntu:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin/kibana &
4.登入http://192.168.15.69:5601/
5.进去kibana使用elastic账户登入
三、破解x-pack
查看到期时间
root@ubuntu:curl -XGET -u elastic:123abc "http://192.168.15.69:9200/_license"
覆盖反编译的jar文件
root@ubuntu:cp -rf x-pack-core-6.2.3.jar /usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/
申请一个免费license(https://license.elastic.co/registration) 注册后可以下载文件,下载后修改,例如:
主要修改:type改为platinum表示可以使用所有功能 ; expiry_date_in_millis 我这里改了10年
issue_date_in_millis":1490832000000
因为elasticsearch 6.2.3,现在更新license文件时,要么配置SSL\TLS,要么就禁用security。
更新之前先配置elasticsearch.yml,加入:
xpack.security.enabled: false
重启elasticsearch
执行更新license语句
root@ubuntu:curl -XPUT -u elastic:123abc 'http://192.168.15.69:9200/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @license.json
生效之后,配置elasticsearch.yml 再开启security,并开启SSL\TLS:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
最后重启elasticsearch。
查看License状态:
root@ubuntu:curl -XGET -u elastic:123abc "http://192.168.15.69:9200/_license"
或登入kibana查看