x-pack破解

支持5.x 6.x。这里以6.3.2为例，因为阿里的是这个版本。虽然有参考文章，还是有非常多的坑，在此缅怀我的脑细胞 ！！！
参考：
https://zhuanlan.zhihu.com/p/38576593
https://blog.51cto.com/forall/2410593

备份：已经做好的jar：x-pack-core-6.3.2.jar

破解过程

初始化基础环境

设置esdir变量，方便后续操作。（es路径要绝对路径）
新建空文件夹，方便编译文件

esdir=/home/es/elasticsearch-6.3.2
cd ${esdir}
mkdir tempdir && cd tempdir
cp ${esdir}/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar ./
jar -xvf x-pack-core-6.3.2.jar && rm -f x-pack-core-6.3.2.jar

反编译LicenseVerifier

echo "
package org.elasticsearch.license;
public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
        return true;
    }
    public static boolean verifyLicense(final License license) {
        return true;
    }
}
" > LicenseVerifier.java
javac -cp "${esdir}/lib/*:${esdir}/modules/x-pack/x-pack-core/*" LicenseVerifier.java
mv LicenseVerifier.class org/elasticsearch/license/

反编译XPackBuild

cat > XPackBuild.java << \EOF
package org.elasticsearch.xpack.core;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
public class XPackBuild {
   public static final XPackBuild CURRENT;
   private String shortHash;
   private String date;
   @SuppressForbidden(
      reason = "looks up path of xpack.jar directly"
   )
   static Path getElasticsearchCodebase() {
       final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
      try {
         return PathUtils.get(url.toURI());
      } catch (URISyntaxException var2) {
         throw new RuntimeException(var2);
      }
   }
   XPackBuild(final String shortHash, final String date) {
      this.shortHash = shortHash;
      this.date = date;
   }
   public String shortHash() {
      return this.shortHash;
   }
   public String date() {
      return this.date;
   }
   static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0157: {
        shortHash = "Unknown";
        date = "Unknown";
    }
    CURRENT = new XPackBuild(shortHash, date);
    }
}
EOF
javac -cp "${esdir}/lib/*:${esdir}/modules/x-pack/x-pack-core/*" XPackBuild.java
mv XPackBuild.class org/elasticsearch/xpack/core/

打包并替换新的jar包

jar -cvf x-pack-core-6.3.2.jar ./*
# 备份并替换x-pack包
mv ${esdir}/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar ${esdir}/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar.back
mv x-pack-core-6.3.2.jar ${esdir}/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar

更新license

# es关闭验证，并启动
vim ${esdir}/config/elasticsearch.yml
xpack.security.enabled: false
# 创建license.json，里面参数可以修改
cat > license.json << \EOF
{"license":{"uid":"6e7e391d-3a63-4624-b627-127da3824fd3","type":"platinum","issue_date_in_millis":1579392000000,"expiry_date_in_millis":2855980923000,"max_nodes":100,"issued_to":"tian yun (yzs)","issuer":"Web Form","signature":"AAAAAwAAAA3eClFPz7RjJ4/7n0O7AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQA1swTP4mHuuHRpvVXR/QQ4RZdLz/vJyKfqOLpRCoSX+sOUzWhzF21j/uyjyVMFca55gj1Af26rIHxdaYuXB6iysWaGq8YolT5cJX3r67LtAzf+w83ZQQlg8Ack4owmsgzWyMMKRvOIjH5eSgVoPJtrPSZ/gfwmHE3gQbbzawKkDX81V5QvgdSz8uxCakBGFGxrHKqCBPQHXrRvz4em/Cl6ZadwDOIxF2fo9JNyDDfXFrxojjPynI6tIK7VyT6JREoQOd/6Ie07pqsYXsNsQ4Gv8qMzwhF6oy2lomM9DiTxxzv65RgCzPEILasMD5pPucc9TLKrwiVp0Krrq3+iuk0A","start_date_in_millis":1579392000000}}
EOF
设置密码和更新license，记得修改自己的密码
curl -H "Content-Type:application/json" \
-XPUT -u elastic:changeme \
"http://127.0.0.1:9200/_xpack/license?acknowledge=true" \
-d @license.json
如果返回 ：{"acknowledged":true,"license_status":"valid"}  则表示成功，否则表示之前的jar编译失败。

重新启动es

# 修改配置并重新启动
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
# 设置密码
sh bin/elasticsearch-setup-passwords interactive
# 查看是否成功
curl -XGET -u elastic:changeme "http://127.0.0.1:9200/_license"

修改密码方式

方式1：

sh bin/elasticsearch-setup-passwords interactive

方式2：

curl -H "Content-Type:application/json" \
-XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' \
-d '{ "password" : "123456" }'

CA证书

集群节点通信需要，单节点可以忽略。

1、生成证书

# 获取CA证书，默认即可
./bin/elasticsearch-certutil ca
# 获取ssl加密证书，使用第一步默认文件
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

2、修改es配置

xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

kibana设置

vim config/kibana.yml

elasticsearch.username: elastic
elasticsearch.password: "123456"  # 如果是数字，则必须加引号，是一个坑
server.host: "0.0.0.0" # 必须设置，否则远程不能访问，是一个坑
elasticsearch.url: "http://localhost:9200"

启动即可

nohup bin/kibana >/etc/null &

访问ip:5601

bug

第二次修改密码

bin/elasticsearch-setup-passwords interactive —设置密码 可能会出现如下内容： Possible causes include:

• The password for the ‘elastic’ user has already been changed on this cluster

• Your elasticsearch node is running against a different keystore

• This tool used the keystore at /usr/share/elasticsearch/config/elasticsearch.keystore

解决：

1、关掉安全防护，然后重启

2、curl -XDELETE http://localhost:9200/.security-6

3、打开安全防护，然后重启

4、正常输入：bin/elasticsearch-setup-passwords interactive