es配置x-pack使用账号密码验证(last)

环境:
ES:6.5.0
OS:Centos 7


1.创建目录
[[email protected] ~]$ cd /home/esuser
[[email protected] ~]$ mkdir xpach

 

2.准备如下2个java文件
LicenseVerifier.java

package org.elasticsearch.license; import java.nio.*; import java.util.*; import java.security.*; import org.elasticsearch.common.xcontent.*; import org.apache.lucene.util.*; import org.elasticsearch.common.io.*; import java.io.*; public class LicenseVerifier { public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) { return true; } public static boolean verifyLicense(final License license) { return true; } }

 

XPackBuild.java

package org.elasticsearch.xpack.core; import org.elasticsearch.common.io.*; import java.net.*; import org.elasticsearch.common.*; import java.nio.file.*; import java.io.*; import java.util.jar.*; public class XPackBuild { public static final XPackBuild CURRENT; private String shortHash; private String date; @SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() { final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation(); try { return PathUtils.get(url.toURI()); } catch (URISyntaxException bogus) { throw new RuntimeException(bogus); } } XPackBuild(final String shortHash, final String date) { this.shortHash = shortHash; this.date = date; } public String shortHash() { return this.shortHash; } public String date(){ return this.date; } static { final Path path = getElasticsearchCodebase(); String shortHash = null; String date = null; Label_0157: { shortHash = "Unknown"; date = "Unknown"; } CURRENT = new XPackBuild(shortHash, date); } }

 

将以上两个文件放到步骤1创建的目录下面
[[email protected] xpach]$ pwd
/home/esuser/xpach
[[email protected] xpach]$ ls -1
LicenseVerifier.java
XPackBuild.java


3.重新生成打包
将刚创建的两个java包打包成class文件,我们需要做的就是替换这两个class文件(因里面需要引用到其他的jar,故需要用到javac -cp命令)

[[email protected] xpach]$ cd /home/esuser/xpach
javac -cp "/home/esuser/single_elasticsearch/lib/elasticsearch-6.5.0.jar:/home/esuser/single_elasticsearch/lib/lucene-core-7.5.0.jar:/home/esuser/single_elasticsearch/modules/x-pack-core/x-pack-core-6.5.0.jar" LicenseVerifier.java
javac -cp "/home/esuser/single_elasticsearch/lib/elasticsearch-6.5.0.jar:/home/esuser/single_elasticsearch/lib/lucene-core-7.5.0.jar:/home/esuser/single_elasticsearch/modules/x-pack-core/x-pack-core-6.5.0.jar:/home/esuser/single_elasticsearch/lib/elasticsearch-core-6.5.0.jar" XPackBuild.java

执行以上两个命令可以看出已经生产了2个class文件
[[email protected] xpach]$ ls -1
LicenseVerifier.class
LicenseVerifier.java
XPackBuild.class
XPackBuild.java

4.将原来的文件给解压出来,然后覆盖
下面操作所在目录为:/home/esuser/xpach
[esuser]$cd /home/esuser/xpach
将原来的包拷贝到当前目录
[esuser]$cp -a /home/esuser/single_elasticsearch/modules/x-pack-core/x-pack-core-6.5.0.jar .
解压原来的包
[esuser]$jar -xf x-pack-core-6.5.0.jar
删除之前的java文件和拷贝过来的包
[esuser]$rm -rf LicenseVerifier.java XPackBuild.java x-pack-core-6.5.0.jar
将class文件拷贝到相应目录
[esuser]$cp -a LicenseVerifier.class org/elasticsearch/license/
[esuser]$cp -a XPackBuild.class org/elasticsearch/xpack/core/
删除class文件
[esuser]$rm -rf LicenseVerifier.class XPackBuild.class
重新生成jar包
[esuser]$jar -cvf x-pack-core-6.5.0.jar *
将生成的java包覆盖原来的
[esuser]$cp -a x-pack-core-6.5.0.jar /home/esuser/single_elasticsearch/modules/x-pack-core/

5.添加如下参数后进行重启
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true



6.License申请
申请地址
https://license.elastic.co/registration
填写信息后,会有一个邮件发到注册的邮箱,然后安装提示点击链接进行下载
下载后上传服务器,修改过期时间expiry_date_in_millis,我这里修改为 4102416000000,即2100-01-01 00:00:00,type修改为platinum
我这里下载的文件名为my.json,内容如下
{"license":{"uid":"1e9a1465-3398-44e8-aa06-c76062dcfedf","type":"platinum","issue_date_in_millis":1544659200000,"expiry_date_in_millis":4102416000000,"max_nodes":100,"issued_to":"xueliang huang (richinfo)","issuer":"Web Form","signature":"AAAAAwAAAA0CkXSNg+Yl6jgouxuAAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBbRJOy1WgeFasn9hkqXcUu4jbVTH5B51CpsbpQTIukDJUeyo9z0DW1DzXzgUn1y0LQ62VDVcjiJvi0Xci5w9ZYDQPPVwf8PN0Pg8rOkawcJpr4ZmCiBgh/dFmgcOsjOjro1EcVOp3rm9zil89FsACMUcgRiYf//Ejahsx7giFEyYnUNOqfy4umh3aHj+awlg76P1OVxnyu74IjJdWGXluMw+hTJ0EKXcaUEfJpJgBLtPUmyD6jd/LtzV8ysKL6JQTxkUzdlWVdzipskQ8MWt5Nn6ClddwJFVb5lTAOJvLy6jyEmro4Fho5LJ6eRW2NvsWS4Y1Yu6lHVoWBVW4v++Wx","start_date_in_millis":1544659200000}}

将该文件上传到服务器指定的目录,我这里上传到/home/esuser目录下


7.将license进行导入
cd /home/esuser (my.json文件在该目录下)
curl -XPUT ‘http://192.168.1.135:19200/_xpack/license‘ -H "Content-Type: application/json" -d @my.json

这个时候已经导入证书并启用了认证,下面的登陆都必须使用账号密码,否则没法使用,但是我们这里还没有设置密码,下面通过elasticsearch-setup-passwords设置各账号的密码
查看证书状态

8.交互式设置各账号的密码

[[email protected] bin]$ cd /home/esuser/single_elasticsearch/bin
[[email protected] bin]$ ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y  

Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]


9.使用账号密码访问
[[email protected] bin]$ curl -u elastic:elastic "http://192.168.1.135:19200/_license"
{
  "license" : {
    "status" : "active",
    "uid" : "1e9a1465-3398-44e8-aa06-c76062dcfedf",
    "type" : "platinum",
    "issue_date" : "2018-12-13T00:00:00.000Z",
    "issue_date_in_millis" : 1544659200000,
    "expiry_date" : "2049-12-31T16:00:00.000Z",
    "expiry_date_in_millis" : 2524579200000,
    "max_nodes" : 100,
    "issued_to" : "xueliang huang (richinfo)",
    "issuer" : "Web Form",
    "start_date_in_millis" : 1544659200000
  }
}


10.证书可以修改后重新导入,比如我想修改下过期时间
curl -u elastic:elastic -XPUT ‘http://192.168.1.135:19200/_xpack/license‘ -H "Content-Type: application/json" -d @my.json


11.修改密码
curl -H "Content-Type:application/json" -XPUT -u elastic:elastic ‘http://192.168.1.135:19200/_xpack/security/user/elastic/_password‘ -d ‘{ "password" : "elastic123" }‘



12.集群模式配置使用xpack

相关文章
相关标签/搜索