Elasticsearch6.5.1破解x-pack,设置密码并使用head插件登陆。
2024-09-02 14:12:10
#没有许可证的es无法持久的设置密码,而且使用一段时间后会过期,过期后,一些功能无法被使用,例如head插件无法看到es状态。
下图是过期的es的状态,可通过此url查看:http://ip:port_xpack/license
使用es-head插件连接提示403,无法直接连接已过期的es
#elasticsearch通过x-pack模块来提供密码认证等功能,不过我们无需额外安装x-pack插件,x-pack包在6.3版本后已经集成在es安装包内
#此文章应该不仅限于6.5.1版本,没有验证过,不过直觉告诉我只要是6.3+的版本参照这个也能成功破解,毕竟步骤差不多,什么,为什么这么自信?因为早上用了飘柔(因为我也是参照了其他高手的文章的,人家6.3.2可行:https://blog.csdn.net/qq_25475209/article/details/81906701)
下面开始破解es,步骤大致如下,准备开干。
取出es中的x-pack包jar文件,解压后用破解后的代码替换掉原有的类文件,后将更改后的文件
||
重新打成jar包
||
上传许可证
||
创建证书文件
||
调整es配置文件后启动即可
环境信息
es版本:6.5.
安装路径:/home/admin/elasticsearch-6.5.
使用端口:
#配置文件
cluster.name: test
node.name: es-node-
path.data: /home/admin/elasticsearch-6.5./data
path.logs: /home/admin/elasticsearch-6.5./logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port:
1.先把之前代码取出来,然后把破解后的代码替换进去
#破解后的类文件(百度网盘)
链接:https://pan.baidu.com/s/1GTCwQfcLBpDc8QStoMPlKA
提取码:1swg
#创建个零时目录,我们在这里动手术,不能误伤友军。
#如果是其他版本的es,cp的时候将下图表红的版本号,记得换成你那个版本的,不然完全按照我这儿步骤可是行不通的。
[admin@es-node- ~]$ pwd
/home/admin
[admin@es-node- ~]$ mkdir jartmp
[admin@es-node- ~]$ cd jartmp/
[admin@es-node- jartmp]$ cp /home/admin/elasticsearch-6.5./modules/x-pack-core/x-pack-core-6.5.1.jar ./
[admin@es-node- jartmp]$ jar -xf x-pack-core-6.5..jar #解压jar包
[admin@es-node- jartmp]$ cp /tmp/XPackBuild.class org/elasticsearch/xpack/core/ #将百度盘上面的文件替换掉现有文件
[admin@es-node- jartmp]$ cp /tmp/LicenseVerifier.class org/elasticsearch/license/
[admin@es-node-1 jartmp]$ rm -rf x-pack-core-6.5.1.jar #删除原有jar包
[admin@es-node-1 jartmp]$ jar -cfv x-pack-core-6.5.1.jar * #用咋们刚改过的代码生成新的jar包(名称不要变)
[admin@es-node-1 jartmp]$ cp x-pack-core-6.5.1.jar /home/admin/elasticsearch-6.5.1/modules/x-pack-core/ #将手术完成的模块放回去
2.手术完了,改改配置,试试改完后的es好不好使,还好使的话,继续望下执行,要是不好使,都启动不起来,那么这个教程可能不适合你,可能因为版本原因把。
#调整下配置文件后重新启动es,启动一下xpack模块
cluster.name: test
node.name: es-node-
path.data: /home/admin/elasticsearch-6.5./data
path.logs: /home/admin/elasticsearch-6.5./logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port:
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
#开启密码功能(返回如下格式json代表成功)(如果没有继续按照步骤执行,上传许可证,这个密码也就能用30天)
[admin@es-node-1 elasticsearch-6.5.1]$ curl -H "Content-Type:application/json" -XPOST http://10.0.1.103:9200/_xpack/license/start_trial?acknowledge=true
[2019-12-10T19:58:37,751][INFO ][o.e.l.LicenseService ] [es-node-1] license [bd5aaeb7-a213-4696-8e53-865884e51ebc] mode [trial] - valid
{"acknowledged":true,"trial_was_started":true,"type":"trial"}
#试一下,发现es要密码了,TNN的还没设置,咋知道密码是啥。
#再设置也不迟。
[admin@es-node- elasticsearch-6.5.]$ /home/admin/elasticsearch-6.5./bin/elasticsearch-setup-passwords auto # auto|interactive 模式二选一,正如字面意思,可以自动生成密码也可以手动输入要设置的密码
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y [--10T20::,][INFO ][o.e.c.m.MetaDataCreateIndexService] [es-node-] [.security-] creating index, cause [api], templates [security-index-template], shards []/[], mappings [doc]
[--10T20::,][INFO ][o.e.c.r.a.AllocationService] [es-node-] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.security-][]] ...]).
Changed password for user apm_system
PASSWORD apm_system = ZMLYeAwXynEECiPY8KuV Changed password for user kibana
PASSWORD kibana = SR0BAPhVXLYUCqERsm2W Changed password for user logstash_system
PASSWORD logstash_system = RxUBjW4Wq1coYqvXRZKa Changed password for user beats_system
PASSWORD beats_system = pA9SMgXzFTU4hslSQSnf Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 7G5mm9QZBCJECA8yXAwm Changed password for user elastic
PASSWORD elastic = HPlwGuzgQsG712KymGyY
#这时候,输入刚才生成的密码就可以进来啦
#看下许可证情况,一个月就又到期了很尴尬,接下来让他。。。永不过期有点太狂了,让他晚点过期把。。
3.上传许可证,因为我们已经破解了x-pack,许可证上传的时候可以狂一点,比如搞个高端版本的es,实际上,第二个步骤的操作不用破解都能干,破解的作用主要就是为了这步开始,为了永恒的使用~。
#创建许可证文件(许可证文件为官方申请https://register.elastic.co/marvel_register,申请下来后自己改点东西,也可以自行申请,信息填写准确)
#红标处为改动过的内容,分别为白金版和过期时间(时间戳)
[admin@es-node- elasticsearch-6.5.]$ cat license.json
{"license":{"uid":"640fd711-1234-4ccf-8cd3-737396ed3597","type":"platinum","issue_date_in_millis":,"expiry_date_in_millis":,"max_nodes":,"issued_to":"? ?? (?)","issuer":"Web Form","signature":"AAAAAwAAAA2CzEVG2T4xrY3F7fi0AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQAURfLHTfnsxhRKDusn05L7HpgN2Fbc8XHRJNNWQ6WgeMoSUcF9uyA39/TYti6wAdXLbq6z18Jgd0uj6JgDv9W5r/Lm1P0ca7xeIeoHnjCkT/EW95nM6HrQVbkRT5ofLWu0ZqD9s/leiPAMorjBkVHe2AwefE+LYbK1JhGhkRINESGx0Lva0Cxx/QvZNY86/dCWQ3e1PfgSlBpDYN2d6bzsdXivumfGdMv15McoYMNFGy9WsivhD/S3AfuN/6e8LfNZCTjAXrYawKcFlXoPIX9oZe/doAxpACOVmDoC5cdSGDfLMZ/Y6e0sXYZuSgiL68udLilJHRR6iqXeMgxkC3qZ","start_date_in_millis":}}
[admin@es-node- elasticsearch-6.5.]$ curl -XPUT -u elastic 'http://10.0.1.103:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
Enter host password for user 'elastic':
[--10T20::,][WARN ][r.suppressed ] [es-node-] path: /_xpack/license, params: {}
java.lang.IllegalStateException: Cannot install a [PLATINUM] license unless TLS is configured or security is disabled
at org.elasticsearch.license.LicenseService.registerLicense(LicenseService.java:) ~[?:?]
at org.elasticsearch.license.TransportPutLicenseAction.masterOperation(TransportPutLicenseAction.java:) ~[?:?]
at org.elasticsearch.license.TransportPutLicenseAction.masterOperation(TransportPutLicenseAction.java:) ~[?:?]
at org.elasticsearch.action.support.master.TransportMasterNodeAction.masterOperation(TransportMasterNodeAction.java:) ~[elasticsearch-6.5..jar:6.5.]
at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$.doRun(TransportMasterNodeAction.java:)~[elasticsearch-6.5..jar:6.5.]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:) [elasticsearch-6.5..jar:6.5.]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:) [elasticsearch-6.5..jar:6.5.]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:) [?:1.8.0_201]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:) [?:1.8.0_201]
at java.lang.Thread.run(Thread.java:) [?:1.8.0_201]
{"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"}],"type":"illegal_state_exception","reason":"Cannot install a [PLATINUM] license unless TLS is configured or security is disabled"},"status":}[admin@es-node- elasticsearch-6.5.]$
#不允许安全模式下上传许可证,先改配置文件把x-pack关了,注意不是注释,是将配置定为false,重启后再试
cluster.name: test
node.name: es-node-
path.data: /home/admin/elasticsearch-6.5./data
path.logs: /home/admin/elasticsearch-6.5./logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port:
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: false
#这次就成功了
[admin@es-node- elasticsearch-6.5.]$ curl -XPUT -u elastic 'http://10.0.1.103:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
Enter host password for user 'elastic':
[--10T20::,][INFO ][o.e.l.LicenseService ] [es-node-] license [640fd711--4ccf-8cd3-737396ed3597] mode [platinum] - valid
{"acknowledged":true,"license_status":"valid"}
#再次将x-pack开启,这次是true,再重启
cluster.name: test
node.name: es-node-
path.data: /home/admin/elasticsearch-6.5./data
path.logs: /home/admin/elasticsearch-6.5./logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port:
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
#启动会报错,因为没有搞证书,进入下一个阶段。
ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
4.私有证书申请,配置使用。
#按照下方步骤申请证书,第一个需要填写的是文件名,这个直接默认,回车,接下来标红处分别是,es集群名称:test,证书文件存放的目录:es_ca,节点ip:10.0.1.103(我这只有一台所以就写一台,如果是集群环境,又多台那么按照格式填写节点ip:1.1.1.1,2.2.2.2,3.3.3.3逗号分隔),节点名称:es-node-1(es配置文件中的node.name,同主机名,跟ip同理,如果是集群的话,那就用逗号隔开)
[admin@es-node- elasticsearch-6.5.]$ /home/admin/elasticsearch-6.5./bin/elasticsearch-certgen
******************************************************************************
Note: The 'elasticsearch-certgen' tool has been deprecated in favour of the
'elasticsearch-certutil' tool. This command will be removed in a future
release.
****************************************************************************** This tool assists you in the generation of X. certificates and certificate
signing requests for use with SSL in the Elastic stack. Depending on the command
line option specified, you may be prompted for the following: * The path to the output file
* The output file is a zip file containing the signed certificates and
private keys for each instance. If a Certificate Authority was generated,
the certificate and private key will also be included in the output file.
* Information about each instance
* An instance is any piece of the Elastic Stack that requires a SSL certificate.
Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
may all require a certificate and private key.
* The minimum required value for each instance is a name. This can simply be the
hostname, which will be used as the Common Name of the certificate. A full
distinguished name may also be used.
* A filename value may be required for each instance. This is necessary when the
name would result in an invalid file or directory name. The name provided here
is used as the directory name (within the zip) and the prefix for the key and
certificate files. The filename is required if you are prompted and the name
is not displayed in the prompt.
* IP addresses and DNS names are optional. Multiple values can be specified as a
comma separated string. If no IP addresses or DNS names are provided, you may
disable hostname verification in your SSL configuration.
* Certificate Authority private key password
* The password may be left empty if desired. Let's get started... Please enter the desired output file [certificate-bundle.zip]:
Enter instance name: test
Enter name for directories and files [test]: es_ca
Enter IP Addresses for instance (comma-separated if more than one) []: 10.0.1.103
Enter DNS names for instance (comma-separated if more than one) []: es-node-1
Would you like to specify another instance? Press 'y' to continue entering instance information: #此处直接回车
Certificates written to /home/admin/elasticsearch-6.5./certificate-bundle.zip This file should be properly secured as it contains the private keys for all
instances and the certificate authority. After unzipping the file, there will be a directory for each instance containing
the certificate and private key. Copy the certificate, key, and CA certificate
to the configuration directory of the Elastic product that they will be used for
and follow the SSL configuration instructions in the product guide. For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.
#解压ca压缩包并取出证书文件后放置到config目录下
[admin@es-node- elasticsearch-6.5.]$ unzip certificate-bundle.zip
Archive: certificate-bundle.zip
creating: ca/
inflating: ca/ca.crt
inflating: ca/ca.key
creating: es_ca/
inflating: es_ca/es_ca.crt
inflating: es_ca/es_ca.key
[admin@es-node- elasticsearch-6.5.]$ cp ca/* es_ca/* config/
#调整配置文件引入ca配置后重启
cluster.name: test
node.name: es-node-
path.data: /home/admin/elasticsearch-6.5./data
path.logs: /home/admin/elasticsearch-6.5./logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port:
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: es_ca.key
xpack.ssl.certificate: es_ca.crt
xpack.ssl.certificate_authorities: ca.crt
#启动会报一些ca的问题,因为这个ca是私有的肯定是不受信任的不管,总之启动了,接下来访问es看到期时间。
大功告成!!不过用head插件连接时,传入账号密码参数,总是连不上呢
5.head插件连接es
#head传入账号密码参数:http://172.16.169.211:9100/?auth_user=elastic&auth_password=HPlwGuzgQsG712KymGyY
#head访问es时会报跨域问题,但是我们的es已经配置了允许跨域访问了:http.cors.allow-origin: "*"
Access to XMLHttpRequest at 'http://*.*.*.*:60004/_all' from origin 'http://172.16.169.211:9100' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
app.js: {XHR Error: "error", message: ""}
#解决方案-还是得动配置文件,允许一些头部的请求
cluster.name: test
node.name: es-node-
path.data: /home/admin/elasticsearch-6.5./data
path.logs: /home/admin/elasticsearch-6.5./logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port:
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: es_ca.key
xpack.ssl.certificate: es_ca.crt
xpack.ssl.certificate_authorities: ca.crt
http.cors.allow-headers: Authorization,X-Requested-With,Content-Type,Content-Length
#改完后重启es,搞定。
最新文章
- iOS 10、Xcode 8 遇到部分问题解决记录
- 【面试题】D
- VSS每次打开都需要服务器账号和密码的解决方法
- 12,SFDC 管理员篇 - 页面配置
- 【转载】 C++多继承中重写不同基类中相同原型的虚函数
- Android 进程生命周期 Process Lifecycle
- 2016年10月27日--css样式表
- Android的Activity屏幕切换动画-左右滑动切换
- gromacs, quake III和vrsqrtps
- Dev 饼图
- poj1733Parity game
- SDWebImage源码刨根问底
- How to using x++ creating Vendors [AX2012]
- dirname(__FILE__) 的使用总结
- intellij安装Scala及Python插件
- 【4】python核心编程 第七章-映射和集合类型
- OpenGL的配置与搭建
- ●BZOJ 3931 [CQOI2015]网络吞吐量
- 一:Neutron实现网络虚拟化
- ssh hibernate修改数据库