Environment:
ES:6.5.0
OS:Centos 7
1. Create Directory
[[email protected] ~]$ cd /home/esuser
[[email protected] ~]$ mkdir xpach
2. Prepare the following 2 Java files
LicenseVerifier.java
package org.elasticsearch.license; import java.nio.*; import java.util.*; import java.security.*; import org.elasticsearch.common.xcontent.*; import org.apache.lucene.util.*; import org.elasticsearch.common.io.*; import java.io.*; public class LicenseVerifier {public static boolean verifyLicense(final License license, final byte< span style="color: #000000;">[] encryptedPublicKeyData) {return true ;} publi c static boolean verifyLicense(final License license) {return true;} }
XPackBuild.java
package org.elasticsearch.xpack.core; import org.elasticsearch.common.io.*; import java.net.*; import org.elasticsearch.common.*; import java.nio.file.* ; import java.io.*; import java.util.jar.*; public class XPackBuild {public static final XPackBuild CURRENT; private String shortHash; private String date; @SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() {final URL url = XPackBuild.class .getProtectionDomain().getCodeSource().getLocation(); try {return PathUtils.get(url.toURI());} catch (URISyntaxException bogus) {throw new RuntimeException(bogus);}} XPackBuild(final String shortHash, final String date) { this.shortHash = shortHash; this.date = date;} public String shortHash() {return this.shortHash;} public String date(){ return this.date;} static {final Path path = getElasticsearchCodebase(); String shortHash = null; String date = null; Label_0157: {shortHash = "Unknown"; date = "Unknown" ;} CURRENT = new XPackBuild (shortHash, date);} }
Place the above two files under the directory created in step 1
[[emailprotected] xpach]$ pwd span>
/home/esuser/xpach
[[emailprotected] xpach ]$ ls -1
LicenseVerifier.java
XPackBuild. java
3. Regenerate the package
Pack the two java packages just created into class files, what we need to do is to replace these two class files (because they need to be referenced to other jars, the javac -cp command needs to be used)< br>
[[email protected] xpach]$ cd /home/esuser/xpach
javac -cp “/home/esuser/single_elasticsearch/lib/elasticsearch-6.5.0.jar:/home/esuser/single_elasticsearch/lib/lucene-core-7.5.0.jar:/home/esuser/single_elasticsearch/ modules/x-pack-core/x-pack-core-6.5.0.jar” LicenseVerifier.java
javac -cp “/home/ esuser/single_elasticsearch/lib/elasticsea rch-6.5.0.jar:/home/esuser/single_elasticsearch/lib/lucene-core-7.5.0.jar:/home/esuser/single_elasticsearch/modules/x-pack-core/x-pack-core-6.5. 0.jar:/home/esuser/single_elasticsearch/lib/elasticsearch-core-6.5.0.jar” XPackBuild.java
Execute The above two commands show that 2 class files have been produced
[[emailprotected] xpach]$ ls -1< br>LicenseVerifier.class
LicenseVerifier.java
XPackBuild.class
XPackBuild.java
4. Unzip the original file, and then overwrite
The directory where the following operation is located is:/home /esuser/xpach
[esuser]$cd /home/esuser/xpach
copy the original package to the current directory
[esuser]$cp -a /home/esuser/single_elasticsearch/modules/x -pack-core/x-pack-cor e-6.5.0.jar .
Unzip the original package
[esuser]$jar -xf x-pack-core-6.5.0.jar
Delete the previous java files and copied packages
[esuser]$rm -rf LicenseVerifier.java XPackBuild.java x-pack-core-6.5.0.jar
Copy the class file to the corresponding directory
[esuser]$cp -a LicenseVerifier. class org/elasticsearch/license/
[esuser]$cp -a XPackBuild.class org/elasticsearch/xpack/core/< br>Delete class files
[esuser]$rm -rf LicenseVerifier.class XPackBuild. class
regenerate the jar package
[esuser]$jar -cvf x-pack-core-6.5.0.jar *
overwrite the generated java package to the original
< span style="font-size: 16px;">[esuser]$cp -a x-pack-core-6.5.0.jar /ho me/esuser/single_elasticsearch/modules/x-pack-core/
5. Restart after adding the following parameters< br>xpack.security.enabled: true
xpack.security.transport.ssl. enabled: true
6.License application
Application address
https://license.elastic.co/registration
After filling in the information, an email will be sent to the registered mailbox, and then the installation prompt will click the link to download
Upload to the server after downloading, modify the expiry_date_in_millis, I modified it here to 4102416000000, which is 2100-01-01 00:00:00, and the type is modified to platinum
The file I downloaded here is called my.json, and the content is as follows
{“license”:{“uid”:”1e9a1465-3398- 44e8-aa06-c76062dcfedf”,”type”:”platinum”,”issue_date_in_millis”:1544659200000,”expiry_date_in_millis”:4102416000000,”max_nodes”:100,”issued_to”:”xueliang huang (richinfo)”,”issuer”:” Web Form”, “Signature”: “AAAAAwAAAA0CkXSNg + Yl6jgouxuAAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBbRJOy1WgeFasn9hkqXcUu4jbVTH5B51CpsbpQTIukDJUeyo9z0DW1DzXzgUn1y0LQ62VDVcjiJvi0Xci5w9ZYDQPPVwf8PN0Pg8rOkawcJpr4ZmCiBgh / dFmgcOsjOjro1EcVOp3rm9zil89FsACMUcgRiYf // Ejahsx7giFEyYnUNOqfy4umh3aHj + awlg76P1OVxnyu74IjJdWGXluMw + hTJ0EKXcaUEfJpJgBLtPUmyD6jd / LtzV8ysKL6JQTxkUzdlWVdzipskQ8MWt5Nn6ClddwJFVb5lTAOJvLy6jyEmro4Fho5LJ6eRW2NvsWS4Y1Yu6lHVoWBVW4v ++ Wx”, “start_date_in_millis”: 1544659200000}}
Upload the file to the directory specified by the server, and I upload it here to the /home/esuser directory
7. Import the license
cd /home/esuser (my.json file is in this directory)
cd /home/esuser (my.json file is in this directory) span>
curl -XPUT’http://192.168.1.135:19200/_xpack/license’ -H “Content-Type: application/json” -d @ my.json
At this time, the certificate has been imported and the authentication has been enabled. The following login must use the account password, otherwise it cannot be used. But we haven’t set a password yet. Now, set the password of each account through elasticsearch-setup-passwords
View certificate status
8. Interactively set the password of each account
[[ email protected] bin]$ cd /home/esuser/single_elasticsearch/bin
[[emailprotected] bin]$ ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]: < br>Reenter password for [kibana]:
Enter password for [logstash_system]: < /span>
Reenter password for [logstash_system]:
Enter password for [ beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]< br>
9. Use account password to access
[[email protected] bin]$ curl -u elastic:elastic “http://192.168.1.135:19200/_license”
{< br> “license”: {
“status”: “active”,
“uid”: “1e9a1465-3398-44e8-aa06-c76062dcfedf”,
“type”: “platinum “,
“issue_date”: “2018-12-13T00:00:00.000Z”,
“issue_date_in_millis”: 1544659200000,
“expiry_date”: “2049-12-31T16:00:00.000Z “,
“expiry_date_in_millis”: 2524579200000,
“max_nodes “: 100,
“issued_to”: “xueliang huang (richinfo)”,
“issuer”: “Web Form”,
“start_date_in_millis”: 1544659200000
}
}
10. The certificate can be modified and re-imported, for example, I want to modify the expiration time
curl -ue lastic:elastic -XPUT’http://192.168.1.135:19200/_xpack/license’ -H “Content-Type: application/json” -d @my.json
11. Modify password
curl -H “Content-Type:application/json”- XPUT -u elastic:elastic’http://192.168.1.135:19200/_xpack/security/user/elastic/_password’ -d'{ “password”: “elastic123” }’
12. Cluster mode configuration uses xpack
package org.elasticsearch.license; import java.nio.*; import java.util.*; import java.security.*; import org.elasticsearch.common.xcontent.*; import org.apache.lucene.util.*; import org.elasticsearch.common.io.*; import java.io.* ; public class LicenseVerifier {public static< /span> boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {return true;} < span style="color: #0000ff;">public static boolean verifyLicense(final License license ) {return true;} }
package org.elasticsearch.xpack.core; import org. elasticsearch.common.io.*; import java.net.*; import org.elasticsearch.common.*; import java.nio.file.*; import java.io.*; import java.util.jar.*; public class XPackBuild {public static final XPackBuild CURRENT; private String shortHash; private String date; @SuppressForbidden(reason = "looks up path of xpack.jar directly") static span> Path getElasticsearchCodebase() {final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation(); try {returnPathUtils.get(url.toURI());} catch (URISyntaxException bogus) {throw < span style="color: #0000ff;">new RuntimeException(bogus);}} XPackBuild(final String shortHash, final String date) {this.shortHash = shortHash; this< /span>.date = date;} public String shortHash() {return this.shortHash;} p ublic String date(){ return this.date;} static {final Path path = getElasticsearchCodebase(); String shortHash = null; String date = null; Label_0157: {shortHash = "Unknown"; date = "Unknown";} CURRENT = new XPackBuild(shortHash, date);}}