es-2. 安装配置启动在bin目录下执行启动时修改集群名称和节点名称配置license过期过期现象授权license

启动

在bin目录下执行

./elasticsarch

启动时修改集群名称和节点名称

./elasticsearch --cluster.name fanyank_cluster --node.name fanyank_node1

配置

config/elasticsearch.yml

xpack.security.enabled: true
xpack.monitoring.enabled: true
xpack.graph.enabled: true
xpack.watcher.enabled: true
~

license过期

过期现象

# curl "localhost:9200/_cat/health?v"    
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cat/health?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cat/health?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
# curl --user elastic:testEs369 "localhost:9200/_cat/health?v"
{"error":{"root_cause":[{"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security"}],"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security"},"status":403}
# curl --user elastic:testEs369 "localhost:9200/_xpack/license"
{
  "license" : {
    "status" : "expired",
    "uid" : "51df5191-863e-47d9-bb58-a1c02a3ac013",
    "type" : "trial",
    "issue_date" : "2020-07-20T08:30:39.744Z",
    "issue_date_in_millis" : 1595233839744,
    "expiry_date" : "2020-08-19T08:30:39.744Z",
    "expiry_date_in_millis" : 1597825839744,
    "max_nodes" : 1000,
    "issued_to" : "yinhe",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

授权license

编写license文件

申请一个免费trial license(license.elastic.co/registratio…) ，下载license，保存为license.json

X-PACK免费证书无安全验证功能。需要破解！！！

修改license.json内容为：

"type":"platinum", "expiry_date_in_millis":2524579200999

{"license":{"uid":"cca0a231-ea55-4951-ba0e-303bd4439f8c","type":"platinum","issue_date_in_millis":1599609600000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"sheng ning (jd)","issuer":"Web Form","signature":"AAAAAwAAAA2kGzQMPz1Of1yTavt5AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBWc3f67Zzvuu8sqrSbDuYN08XrSfXCv3bnBUfP0pmXn6I6p4QHPE2qiFLdNscRIN1a6UjNct+TwmXX5b1iFIWmvdiRftBpbqHsFwLdzwYztXgpKBiNhznMVg4h6iYLixwdrXMXoMFVpBJnHbb77nMHxlVQmjY24w4yLS0+mCaLZnSKa9+7pZIf4609t20Z4wJJH+AeDkBScyJ0evSXCtBsAFE9gdMZOkFQ5AV0pNLakP/Et/0Oe+I5BTGyAHICJqAs2yQWxPX/P4YWf3gq4JQx6E68M11xeKUJNZMbjiBO23Q19ozG+yFMjsjkx3AQyo38WGCD9wIl5Z6oavVO23xF","start_date_in_millis":1599609600000}}

platinum是白金版，expiry_date_in_millis就是截止日期，配置的是到2050年

编译class文件

新建/tmp/LicenseVerifier.java文件：


package org.elasticsearch.license;

import java.nio.*;
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;

public class LicenseVerifier{
    public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
        return true;
    }

    public static boolean verifyLicense(final License license) {
        return true;
    }
}

编译

javac -cp "/usr/local/elasticsearch/lib/elasticsearch-5.5.0.jar:/usr/local/elasticsearch/lib/lucene-core-6.6.0.jar:/usr/local/elasticsearch/plugins/x-pack/x-pack-5.5.0.jar" LicenseVerifier.java

cp plugins/x-pack/x-pack-6.0.0.jar /tmp/test/

jar -xvf /tmp/test/x-pack-6.0.0.jar

cp /tmp/LicenseVerifier.class /tmp/test/test/org/elasticsearch/license/
cd /tmp/test

jar -cvf ../x-pack-6.0.0.jar ./*

mv /tmp/x-pack-6.0.0.jar /usr/local/elasticsearch/plugins/x-pack/

替换license

5.x 直接执行 curl 即可

# curl -XPUT --user elastic:testEs369 "localhost:9200/_xpack/license?acknowledge=true" -d @license.json 
{"acknowledged":true,"license_status":"valid"}

6.x 更新之前先配置elasticsearch.yml，加入： xpack.security.enabled: false

执行

curl -XPUT -u elastic:testEs369 "http://localhost:9200/_xpack/license?acknowledge=true" -d @license.json

生效之后，再开启security，并开启SSL\TLS： xpack.security.enabled: true xpack.security.transport.ssl.enabled: true

重启es

# ：
{
  "license" : {
    "status" : "active",
    "uid" : "cca0a231-ea55-4951-ba0e-303bd4439f8c",
    "type" : "basic",
    "issue_date" : "2020-09-09T00:00:00.000Z",
    "issue_date_in_millis" : 1599609600000,
    "expiry_date" : "2021-09-09T23:59:59.999Z",
    "expiry_date_in_millis" : 1631231999999,
    "max_nodes" : 100,
    "issued_to" : "sheng ning (jd)",
    "issuer" : "Web Form",
    "start_date_in_millis" : 1599609600000
  }
}

更新es密码

curl -XPUT -u elastic http://localhost:9200/_xpack/security/user/elastic/_password -d '{ "password" : "your_new_passwd" }'