参考博文链接
操作前提
已经像这篇博文一样部署好了elasticsearch、kibana,并成功配置tls,即能够通过https访问,访问的时候需要输入用户名和密码。
docker-compose安装elasticsearch、kibana,并配置tls,使用filebeat发送日志给es
把docker中的x-pack jar包拷贝出来
新建一个目录xpack,切换到该目录,使用以下命令找出elasticsearch的docker容器id:
$ sudo docker ps |grep elasticsearch
4b663e938ec8 docker.elastic.co/elasticsearch/elasticsearch:6.3.2 "/usr/local/bin/do..." 3 hours ago Up 11 minutes 9200/tcp, 9300/tcp es02
ffe36b1d3634 docker.elastic.co/elasticsearch/elasticsearch:6.3.2 "/usr/local/bin/do..." 3 hours ago Up 11 minutes (healthy) 0.0.0.0:9200->9200/tcp, 9300/tcp es01
第一列2个字符串就是容器id,使用如下命令把x-pack jar包复制到当前目录。
sudo docker cp 4b663e938ec8:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar .
由于编译x-pack里的java文件需要elasticsearch的jar包,因此把elasticsearch lib目录下的jar文件全部复制出来。
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/HdrHistogram-2.1.9.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-cli-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-core-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-launchers-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-secure-sm-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-x-content-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/hppc-0.7.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-core-2.8.10.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.8.10.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-dataformat-smile-2.8.10.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.8.10.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jna-4.5.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/joda-time-2.9.9.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jopt-simple-5.0.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jts-core-1.15.0.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/log4j-1.2-api-2.9.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/log4j-api-2.9.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/log4j-core-2.9.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-analyzers-common-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-backward-codecs-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-core-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-grouping-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-highlighter-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-join-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-memory-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-misc-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-queries-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-queryparser-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-sandbox-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-spatial-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-spatial-extras-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-spatial3d-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-suggest-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/plugin-classloader-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/plugin-cli-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/snakeyaml-1.17.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/spatial4j-0.7.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/t-digest-3.2.jar .;
luyten反编译x-pack-core-6.3.2.jar并修改2个文件
新建一个java工程,把刚刚复制出来的jar包全部加入到buildpath。
然后用luyten打开x-pack-core-6.3.2.jar,打开以下2个文件:
luyten项目地址:https://github.com/deathmarine/Luyten
org.elasticsearch.license.LicenseVerifier.class
org.elasticsearch.xpack.core.XPackBuild.class
使用luyten的另存为功能另存为.java文件。复制到eclipse或者idea中,按照文件头的package信息创建java package。
修改LicenseVerifier.java
LicenseVerifier 中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回true.
package org.elasticsearch.license;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
修改XPackBuild.java
XPackBuild 中最后一个静态代码块中 try的部分全部删除,这部分会验证jar包是否被修改.
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Path;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: {
//去掉代码块中的这部分代码
// if (path.toString().endsWith(".jar")) {
// try {
// final JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0]));
// Throwable t = null;
// try {
// final Manifest manifest = jar.getManifest();
// shortHash = manifest.getMainAttributes().getValue("Change");
// date = manifest.getMainAttributes().getValue("Build-Date");
// }
// catch (Throwable t2) {
// t = t2;
// throw t2;
// }
// finally {
// if (t != null) {
// try {
// jar.close();
// }
// catch (Throwable t3) {
// t.addSuppressed(t3);
// }
// }
// else {
// jar.close();
// }
// }
// break Label_0157;
// }
// catch (IOException e) {
// throw new RuntimeException(e);
// }
// }
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
修改完成之后,把这2个.java文件编译成.class文件,然后使用WinRAR打开x-pack-core-6.3.2.jar,并把2个.classs文件拖入到对应的目录。
替换容器里边的x-pack-core-6.3.2.jar文件
上传到操作目录,使用如下命令把替换完成的x-pack-core-6.3.2.jar的文件复制到正在运行的容器当中。
sudo docker cp x-pack-core-6.3.2.jar ffe36b1d3634:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar;
sudo docker cp x-pack-core-6.3.2.jar 4b663e938ec8:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar;
2个容器都要复制,然后重启elasticsearch容器:
sudo docker restart ffe36b1d3634;
sudo docker restart 4b663e938ec8;
导入授权文件
先从官网申请basic授权文件https://license.elastic.co/registration
下载下来的授权文件是个json文件,文件内容类似如下:
{
"license": {
"uid": "b5fa3f5d-af81-4c80-a100-937800c58666",
"type": "platinum",# 修改授权为白金版本
"issue_date_in_millis": 1534032000000,
"expiry_date_in_millis": 3043001166000,#修改到期时间为2066-06-06
"max_nodes": 100, # 修改最大节点数
"issued_to": "Wang Xianfeng (SV)",
"issuer": "Web Form",
"signature": "AAAAAwAAAA0SP2G6iMVyYkC1Df6HAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBmsCMMVSDAn976bQ4h6zE9ounjKVy/8SaiOZEDR14SVZ++lBxVURl31VFDHhvxgoexYtyOfdQppPTJ/t8YNzlAfoc/6tE6u2AUiPaZlgGtraN9WZUB5+VGTXMgGX+QbIq9lCEazvKnRTlVkxY4JHcqCiaGEc4WjGm/tE9Ra8uFbme9jPdumJw2Yqenn69MRR5gRBSOVCmH46u0qmztC1cuLU2QuDWxAh1vxlZ+ZcqSlXnqOLKNEp80kl48ejk8qHBiQbp9B9kqJG1A7E0yF6xx2cGqsrGcWPVwDRq+yArxQqIYctX5RaI07tw6tB+sN1vDJT7t2urKZE6CSp1TKyfU",
"start_date_in_millis": 1534032000000
}
}
时间戳、时间转换
https://tool.lu/timestamp
然后使用kibana导入授权文件,登录kibana,management->listence management,上传修改完成的json文件即可。
文章评论