Statement: This article does not contain any transactions. If there is any infringement, please contact me to delete it.
The version of this environment is: elasticsearch-6.6.2
Starting from version 6.3+, xpack is built into es and there is no need to install a plug-in.
Start the main topic:
Step 1: Generate ca certificate
Execute in the elasticsearch/bin directory: (I kept pressing Enter for all four commands without setting a password)
./elasticsearch-certutil ca ## will ask you to enter the password, or you can directly press Enter to use the default password. ./elasticsearch-certutil cert --ca elastic-stack-ca.p12 ./elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password ./elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
After the execution is completed, two files elastic-stack-ca.p12 and elastic-certificates.p12 will be generated in the bin, and the elasticsearch.keystore file will be generated in the config directory (if it is not under config, move elasticsearch.keystore to config). Send the three files to the corresponding directories of all es services.
Step 2: Configure x-pack
Create the certs directory under config. (All es services require operation)
mkdir certs
Place the two files elastic-stack-ca.p12 and elastic-certificates.p12 in the certs directory (all es services require operation)
The three file structures are as follows: (Be sure to pay attention to the file location!!)
Add configuration elasticsearch.yml (all es services require operation)
xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
Step 3: Start x-pack trial and crack
Start trial:
curl -H "Content-Type:application/json" -XPOST http://10.91.1.87:9200/_xpack/license/start_trial?acknowledge=true
Without starting the trial, executing ./elasticsearch-setup-passwords interactive will report the following error
Hack the x-pack method
Create a temporary directory and enter the directory
mkdir /root/xpack
Create LicenseVerifier.java
vim LicenseVerifier.java
package org.elasticsearch.license; import java.nio.*; import java.util.*; import java.security.*; import org.elasticsearch.common.xcontent.*; import org.apache.lucene.util.*; import org.elasticsearch.common.io.*; import java.io.*; public class LicenseVerifier { public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) { return true; } public static boolean verifyLicense(final License license) { return true; } }
Create XPackBuild.java
vim XPackBuild.java
package org.elasticsearch.xpack.core; import org.elasticsearch.common.io.*; import java.net.*; import org.elasticsearch.common.*; import java.nio.file.*; import java.io.*; import java.util.jar.*; public class XPackBuild { public static final XPackBuild CURRENT; private String shortHash; private String date; @SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() { final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation(); try { return PathUtils.get(url.toURI()); } catch (URISyntaxException bogus) { throw new RuntimeException(bogus); } } XPackBuild(final String shortHash, final String date) { this.shortHash = shortHash; this.date = date; } public String shortHash() { return this.shortHash; } public String date(){ return this.date; } static { final Path path = getElasticsearchCodebase(); String shortHash = null; String date = null; Label_0157: { shortHash = "Unknown"; date = "Unknown"; } CURRENT = new XPackBuild(shortHash, date); } }
Compile LicenseVerifier.java and XPackBuild.java respectively
javac -cp "/opt/bdp/data01/es01/elasticsearch-6.6.2/lib/elasticsearch-6.6.2.jar:/opt/bdp/data01/es01/elasticsearch-6.6.2/lib/ lucene-core-7.6.0.jar:/opt/bdp/data01/es01/elasticsearch-6.6.2/modules/x-pack-core/x-pack-core-6.6.2.jar" LicenseVerifier.java javac -cp "/opt/bdp/data01/es01/elasticsearch-6.6.2/lib/elasticsearch-6.6.2.jar:/opt/bdp/data01/es01/elasticsearch-6.6.2/lib/lucene-core -7.6.0.jar:/opt/bdp/data01/es01/elasticsearch-6.6.2/modules/x-pack-core/x-pack-core-6.6.2.jar:/opt/bdp/data01/es01 /elasticsearch-6.6.2/lib/elasticsearch-core-6.6.2.jar" XPackBuild.java
After compilation, two .class files with the same name as .java are generated.
Overwrite the original x-pack-core-6.6.2.jar class file.
mkdir tmp & amp; & amp; cd tmp cp /opt/bdp/data01/es01/elasticsearch-6.6.2/modules/x-pack-core/x-pack-core-6.6.2.jar ./ jar -xf x-pack-core-6.6.2.jar ##Decompression cp ../LicenseVerifier.class org/elasticsearch/license/ ##Replacement file cp ../XPackBuild.class org/elasticsearch/xpack/core/ ##Replacement file jar -cvf x-pack-core-6.6.2.jar * ##Recompress
Send the generated x-pack-core-6.6.2.jar to all es, overwriting the original jar file
Step 4: Restart the machine and set a password
restartes
At this time, the cluster status cannot be observed through curl http://10.91.1.87:9200/_cluster/health?pretty
Observe the log of one of the masters. The cluster status changes from red to yellow.
Cluster health status changed from [RED] to [YELLOW]
Execute to generate password:
./elasticsearch-setup-passwords interactive
Enter your password. until the end.
Check the health status of the cluster through the user password. You can check it and x-pack takes effect.
Step 5: Apply for license
View the license information of the current es cluster
curl -u "elastic":"123123" http://10.91.1.81:9200/_license
type indicates that it is on trial, expiry_date indicates that it will expire in one month
Log in to the official website and apply for a license
Register | Elastic
Select china as the country, write the email address that you can receive emails from, and write whatever else you want.
Receive emails and download json files.
Open the file and modify the contents:
“type”: “platinum” ##Platinum version
“expiry_date_in_millis”: 2547615064000 ##Expiration date 2050-09-24 14:51:04
Step 6: Upload license
Uploading the license must be executed on all three masters.
curl -XPUT -u "elastic":"123123" 'http://10.91.1.81:9200/_xpack/license' -H "Content-Type: application/json" - d @license.json
Check the license information again. The expiration date has changed to 2050.
This is the end. I have been working on it for a day and a half (very annoying) and checked various documentation blogs. This article is my overall sad process that combines my own operations and documentation support. I hope others will not step in and complete it smoothly.
references:
Thanks to all the bloggers for providing documentation support! ! ! ! !
Elasticsearch6.3.2 x-pack-Tencent Cloud Developer Community-Tencent Cloud
Elasticsearch installation X-pack_elasticsearch xpack-CSDN blog
ElasticSearch learning (12) – es7.2 log warning SSLHandshakeException: no cipher suites in common-CSDN blog
Configure elk cluster and crack x-pack, deploy elk – Developer Blog