es配置x-pack使用账号密码验证

1.修改配置添加如下选项
xpack.security.enabled: true2.启动测试
curl -H "Content-Type:application/json" -XPOST  http://172.16.10.61:29200/_xpack/license/start_trial?acknowledge=true
{"acknowledged":true,"trial_was_started":true,"type":"trial"}3.设置密码
[esuser@esuser-oracle-9e96168-prd bin]$ ./elasticsearch-setup-passwords interactive                                                                          
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]yEnter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]4.步骤2启用的license只有30天的免费试用,下面需要进行破解
[esuser@esuser-oracle-9e96168-prd bin]$ curl -u elastic:elastic "172.16.10.61:29200/_license"
{"license" : {"status" : "active","uid" : "2dae74d3-beb3-446b-bfbd-208ab0104fff","type" : "trial","issue_date" : "2019-10-22T09:14:55.966Z","issue_date_in_millis" : 1571735695966,"expiry_date" : "2019-11-21T09:14:55.966Z","expiry_date_in_millis" : 1574327695966,"max_nodes" : 1000,"issued_to" : "elasticsearch","issuer" : "elasticsearch","start_date_in_millis" : -1}
}这个时候不使用密码是无法使用了
curl -X GET 'http://172.16.10.61:29200/_cat/indices?v'
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}curl -u elastic:elastic -X GET 'http://172.16.10.61:29200/_cat/indices?v'
[esuser@esuser-oracle-9e96168-prd bin]$ curl -u elastic:elastic -X GET 'http://172.16.10.61:29200/_cat/indices?v'
health status index                     uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   .security-6               VdNkBc8fS628pPWUTvMgjA   1   0          6            0     19.5kb         19.5kb
yellow open   index02                   CWrRaT0aRTCwwbjWqLi8Tw   5   1          9            0       33kb           33kb
yellow open   index01                   sbMbdhSgTSao90DFaiqPxg   5   1     201648        13003     54.1mb         54.1mb5.破解
5.1 创建两个java文件
[esuser]$ cd /home/esuser
[esuser]$ mkdir javacode
[esuser]$ cd javacode
vi LicenseVerifier.javapackage org.elasticsearch.license;
import java.nio.*; import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;public class LicenseVerifier {public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {return true;}public static boolean verifyLicense(final License license) {return true;}
}vi XPackBuild.javapackage org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;import java.net.*;import org.elasticsearch.common.*;import java.nio.file.*;import java.io.*;import java.util.jar.*;public class XPackBuild {public static final XPackBuild CURRENT;private String shortHash;private String date;@SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();try { return PathUtils.get(url.toURI()); }catch (URISyntaxException bogus) {throw new RuntimeException(bogus); }}XPackBuild(final String shortHash, final String date) {this.shortHash = shortHash;this.date = date;}public String shortHash() {return this.shortHash;}public String date(){return this.date;}static {final Path path = getElasticsearchCodebase();String shortHash = null;String date = null;Label_0157: { shortHash = "Unknown"; date = "Unknown";}CURRENT = new XPackBuild(shortHash, date);}
}生成的两个文件如下:
[esuser]$ ls -1
LicenseVerifier.java
XPackBuild.java5.2.将刚创建的两个java包打包成class文件，我们需要做的就是替换这两个class文件（因里面需要引用到其他的jar，故需要用到javac -cp命令）javac -cp "/usr/local/services/elasticsearch/lib/elasticsearch-6.5.0.jar:/usr/local/services/elasticsearch/lib/lucene-core-7.5.0.jar:/usr/local/services/elasticsearch/modules/x-pack-core/x-pack-core-6.5.0.jar" LicenseVerifier.java
javac -cp "/usr/local/services/elasticsearch/lib/elasticsearch-6.5.0.jar:/usr/local/services/elasticsearch/lib/lucene-core-7.5.0.jar:/usr/local/services/elasticsearch/modules/x-pack-core/x-pack-core-6.5.0.jar:/usr/local/services/elasticsearch/lib/elasticsearch-core-6.5.0.jar" XPackBuild.java这里的路径/usr/local/services/elasticsearch 是我自己机器部署的es路径,根据个人部署情况进行修改执行如上的两个命令后查看目录多生成了2个class文件
[esuser]$ ls -1
LicenseVerifier.class
LicenseVerifier.java
XPackBuild.class
XPackBuild.java5.3.把原来的文件给解压出来，然后覆盖
下面操作所在目录为:/home/esuser/javacode
[esuser]$cd /home/esuser/javacode
将原来的包拷贝到当前目录
[esuser]$cp -a /usr/local/services/elasticsearch-esuser/modules/x-pack-core/x-pack-core-6.5.0.jar .
解压原来的包
[esuser]$jar -xf x-pack-core-6.5.0.jar
删除之前的java文件和拷贝过来的包
[esuser]$rm -rf LicenseVerifier.java XPackBuild.java x-pack-core-6.5.0.jar
将class文件拷贝到相应目录
[esuser]$cp -a LicenseVerifier.class org/elasticsearch/license/
[esuser]$cp -a XPackBuild.class org/elasticsearch/xpack/core/
删除class文件
[esuser]$rm -rf LicenseVerifier.class XPackBuild.class
重新生成jar包
[esuser]$jar -cvf x-pack-core-6.5.0.jar *
将生成的java包覆盖原来的
[esuser]$cp -a x-pack-core-6.5.0.jar /usr/local/services/elasticsearch-esuser/modules/x-pack-core/6.重新启动es
kill掉es进程,然后重新启动
[esuser@localhost bin]$ ./elasticsearch -d7.License申请
申请地址
https://license.elastic.co/registration
填写信息后,会有一个邮件发到注册的邮箱,然后安装提示点击链接进行下载
下载后上传服务器,修改过期时间expiry_date_in_millis,我这里修改为2524579200000,即2050-01-01 00:00:00,type修改为platinum
将下载的文件上传到es所在的服务器的相应目录,我这里是cd /home/esuser/soft
cd /home/esuser/soft
my.json文件内如如下
{"license":{"uid":"1e9a1465-3398-44e8-aa06-c76062dcfedf","type":"platinum","issue_date_in_millis":1544659200000,"expiry_date_in_millis":2524579200000,"max_nodes":100,"issued_to":"xueliang huang (richinfo)","issuer":"Web Form","signature":"AAAAAwAAAA0CkXSNg+Yl6jgouxuAAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBbRJOy1WgeFasn9hkqXcUu4jbVTH5B51CpsbpQTIukDJUeyo9z0DW1DzXzgUn1y0LQ62VDVcjiJvi0Xci5w9ZYDQPPVwf8PN0Pg8rOkawcJpr4ZmCiBgh/dFmgcOsjOjro1EcVOp3rm9zil89FsACMUcgRiYf//Ejahsx7giFEyYnUNOqfy4umh3aHj+awlg76P1OVxnyu74IjJdWGXluMw+hTJ0EKXcaUEfJpJgBLtPUmyD6jd/LtzV8ysKL6JQTxkUzdlWVdzipskQ8MWt5Nn6ClddwJFVb5lTAOJvLy6jyEmro4Fho5LJ6eRW2NvsWS4Y1Yu6lHVoWBVW4v++Wx","start_date_in_millis":1544659200000}}curl -XPUT -u elastic:elastic 'http://172.16.10.61:29200/_xpack/license' -H "Content-Type: application/json" -d @my.json这里报错:
{"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":500}解决办法:
在elasticsearch.yml将xpack.security.enabled先修改成flase重新启动
xpack.security.enabled: false再次导入,可以看到导入成功
cd /home/esuser/soft
curl -XPUT -u elastic:elastic 'http://172.16.10.61:29200/_xpack/license' -H "Content-Type: application/json" -d @my.json
{"acknowledged":true,"license_status":"valid"}curl -u elastic:elastic "172.16.10.61:29200/_license"
{"license" : {"status" : "active","uid" : "1e9a1465-3398-44e8-aa06-c76062dcfedf","type" : "platinum","issue_date" : "2018-12-13T00:00:00.000Z","issue_date_in_millis" : 1544659200000,"expiry_date" : "2049-12-31T16:00:00.000Z","expiry_date_in_millis" : 2524579200000,"max_nodes" : 100,"issued_to" : "xueliang huang (richinfo)","issuer" : "Web Form","start_date_in_millis" : 1544659200000}
}8.将如下参数修改为true后重新启动
xpack.security.enabled: true发现启动的时候报错误
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]安装提示将如下参数设置为true
xpack.security.transport.ssl.enabled: true如果有多个节点ES集群，先将xpack.security.enabled设置为false后启动整个集群，然后再导入license.9.修改密码curl -H "Content-Type:application/json" -XPUT -u elastic:elastic 'http://172.16.10.61:29200/_xpack/security/user/elastic/_password' -d '{ "password" : "elastic123" }'