elasticsearch6.4.2 破解X-Pack外掛license
阿新 • • 發佈:2018-11-14
說明:我的elasticsearch(後文簡稱ES)版本為6.4.2,安裝方式為安裝包直接解壓安裝,安裝包地址:https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.2.tar.gz
1,安裝ES,在此不在詳述,可參考官方文件:https://www.elastic.co/downloads/elasticsearch,X-Pack外掛在這個版本是軟體自帶的,無需額外安裝步驟;
我的安裝目錄為/usr/local/elasticsearch,檢視X-Pack外掛:
[[email protected] elasticsearch]$ ll modules/x-pack-core/x-pack-core-6.4.2.jar -rw-r--r-- 1 es es 1811502 Nov 12 15:50 modules/x-pack-core/x-pack-core-6.4.2.ja
啟動ES:
[[email protected] elasticsearch]$ bin/elasticsearch
2,檢視當前X-Pack的版本及功能,可以使用curl命令:
[[email protected] elasticsearch]# curl -XGET 'http://192.168.28.10:9200/_xpack/license'
也可使用kibana的Dev Tools工具,我使用Dev Tools工具檢視資訊如下:
GET _xpack/license { "license": { "status": "active", "uid": "46f0b3bc-76c5-414b-b89f-1ad81481de1c", "type": "basic", #基本型別License "issue_date": "2018-10-22T19:40:31.602Z","issue_date_in_millis": 1540237231602, "max_nodes": 1000, "issued_to": "my-es", "issuer": "elasticsearch", "start_date_in_millis": -1 }
3,將X-Pack的jar包複製出來,便於解壓和修改操作:
[[email protected] home]# cp /usr/local/elasticsearch/modules/x-pack-core/x-pack-core-6.4.2.jar /home/test/ [[email protected] home]# ll test/ total 1772 -rw-r--r-- 1 root root 1811502 Nov 14 11:25 x-pack-core-6.4.2.jar
4,解壓X-Pack的jar包,並把原.jar包刪除:
[[email protected] test]# jar -xvf x-pack-core-6.4.2.jar
[[email protected] test]# ll total 1900 -rw-r--r-- 1 root root 994 Sep 26 13:37 logstash-index-template.json drwxr-xr-x 2 root root 4096 Nov 12 15:50 META-INF -rw-r--r-- 1 root root 1247 Sep 26 13:37 monitoring-alerts.json -rw-r--r-- 1 root root 12826 Sep 26 13:37 monitoring-beats.json -rw-r--r-- 1 root root 27426 Sep 26 13:37 monitoring-es.json -rw-r--r-- 1 root root 5899 Sep 26 13:37 monitoring-kibana.json -rw-r--r-- 1 root root 11787 Sep 26 13:37 monitoring-logstash.json drwxr-xr-x 3 root root 4096 Sep 26 13:37 org -rw-r--r-- 1 root root 294 Sep 26 13:37 public.key -rw-r--r-- 1 root root 556 Sep 26 13:37 rollup-dynamic-template.json -rw-r--r-- 1 root root 1797 Sep 26 13:37 security_audit_log.json -rw-r--r-- 1 root root 5129 Sep 26 13:37 security-index-template.json -rw-r--r-- 1 root root 893 Sep 26 13:37 triggered-watches.json -rw-r--r-- 1 root root 1391 Sep 26 13:37 watches.json -rw-r--r-- 1 root root 19869 Sep 26 13:37 watch-history.json
5,修改解壓出來的如下兩個檔案:
[[email protected] test]# ll org/elasticsearch/license/LicenseVerifier.class -rw-r--r-- 1 root root 410 Nov 12 15:46 org/elasticsearch/license/LicenseVerifier.class [[email protected] test]# ll org/elasticsearch/xpack/core/XPackBuild.class -rw-r--r-- 1 root root 2635 Nov 12 15:36 org/elasticsearch/xpack/core/XPackBuild.class
首先將兩個檔案使用luyten反編譯工具解析出原始碼,該工具可以網上下載:
然後將解析後的原始碼儲存為.java格式的檔案;
使用文字編輯工具編輯LicenseVerifier.java檔案,內容如下:
package org.elasticsearch.license; import java.nio.*; import org.elasticsearch.common.bytes.*; import java.util.*; import java.security.*; import org.elasticsearch.common.xcontent.*; import org.apache.lucene.util.*; import org.elasticsearch.core.internal.io.*; import java.io.*; public class LicenseVerifier { public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) { return true; } public static boolean verifyLicense(final License license) { return true; } }
同樣的方法,將XPackBuild.class儲存為java格式,並修改為如下:
package org.elasticsearch.xpack.core; import org.elasticsearch.common.io.*; import java.net.*; import org.elasticsearch.common.*; import java.nio.file.*; import java.io.*; import java.util.jar.*; public class XPackBuild { public static final XPackBuild CURRENT; private String shortHash; private String date; @SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() { final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation(); try { return PathUtils.get(url.toURI()); } catch (URISyntaxException bogus) { throw new RuntimeException(bogus); } } XPackBuild(final String shortHash, final String date) { this.shortHash = shortHash; this.date = date; } public String shortHash() { return this.shortHash; } public String date() { return this.date; } static { final Path path = getElasticsearchCodebase(); String shortHash = null; String date = null; Label_0157: { shortHash = "Unknown"; date = "Unknown"; } CURRENT = new XPackBuild(shortHash, date); } }
6,將兩個.java檔案重新編譯為.class檔案,命令如下,具體安裝路徑可能會不相同,大家根據自己具體路徑填寫:
[[email protected] test]#javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.4.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.4.0.jar:/usr/local/elasticsearch/modules/x-pack-core/x-pack-core-6.4.2.jar:/usr/local/elasticsearch/lib/elasticsearch-core-6.4.2.jar" LicenseVerifier.java
[[email protected] test]#javac -cp "/usr/local/elasticsearch/lib/elasticsearch-6.4.2.jar:/usr/local/elasticsearch/lib/lucene-core-7.4.0.jar:/usr/local/elasticsearch/modules/x-pack-core/x-pack-core-6.4.2.jar:/usr/local/elasticsearch/lib/elasticsearch-core-6.4.2.jar" XPackBuild.java
7,將重新編譯的這兩個.class檔案複製到解壓x-pack-core-6.4.2.jar檔案的目錄,覆蓋掉之前未修改的檔案,重新打包該.jar包;
[[email protected] test]# jar -cvf x-pack-core-6.4.2.jar .
8,從官網申請新的license,申請地址:https://license.elastic.co/registration
我申請的license,並修改license的版本和期限,type改為platinum白金版,expiry_date_in_millis期限設為2855980923000:
[[email protected] elasticsearch]$ ll li-qq-b5dccd00-b476-4b69-8763-cf22fc136822-v5.json -rw-r--r-- 1 es es 1191 Nov 7 15:20 li-qq-b5dccd00-b476-4b69-8763-cf22fc136822-v5.json
[[email protected] elasticsearch]$ cat li-qq-b5dccd00-b476-4b69-8763-cf22fc136822-v5.json {"license":{"uid":"b5dccd00-b476-4b69-8763-cf22fc136822","type":"platinum","issue_date_in_millis":1541462400000,"expiry_date_in_millis":2855980923000,"max_nodes":100,"issued_to":"li qq (dahe)","issuer":"Web Form","signature":"AAAAAwAAAA0ys5CCV21m9ZmWGtrlAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQAC/v5fLuwsjo419HowJT/4JK4a9/O0ejYR6gvwR2Ss0EgfGkLawQCiMyW6Z0hZtGRgWLZ4/kDL9JBRBD0Mc4KL+uHty8keBDLC+vzHmEEBezI/AWiRyDTt1yq7F9X8GsbgnzkjccnmnkSopHxa3AQfKPjNm4uFdV01d5ud3gZy+vRfY43RsB0QIyC9E/LTBb/+M6gTYWwzuck+InNK3XPK5zU1ouMnWCnFHb97pPNIA6MiNG2x4ekekTA5aJtd7q+9BGhP7srFK6Itywcrh2uJ1bn2yFF8QSRWmP7z3BD+ddBdp4y1Sn597ld61zh2G9rF1sct2nYKeWh4Ctm11tvu","start_date_in_millis":1541462400000}}
9,新license上傳至ES,方法兩種:
一是通過API介面上傳:
[[email protected] elasticsearch]# curl -XPUT 'http://192.168.28.10:9200/_xpack/license' -H "Content-Type: application/json" -d @li-qq-b5dccd00-b476-4b69-8763-cf22fc136822-v5.json {"acknowledged":true,"license_status":"valid"}[[email protected] elasticsearch]#
第二種通過Dev Tools工具上傳:
POST _xpack/license { "license": { "uid": "b5dccd00-b476-4b69-8763-cf22fc136822", "type": "platinum", "issue_date_in_millis": 1541462400000, "expiry_date_in_millis": 2855980923000, "max_nodes": 100, "issued_to": "li qq (dahe)", "issuer": "Web Form", "signature": "AAAAAwAAAA0ys5CCV21m9ZmWGtrlAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQAC/v5fLuwsjo419HowJT/4JK4a9/O0ejYR6gvwR2Ss0EgfGkLawQCiMyW6Z0hZtGRgWLZ4/kDL9JBRBD0Mc4KL+uHty8keBDLC+vzHmEEBezI/AWiRyDTt1yq7F9X8GsbgnzkjccnmnkSopHxa3AQfKPjNm4uFdV01d5ud3gZy+vRfY43RsB0QIyC9E/LTBb/+M6gTYWwzuck+InNK3XPK5zU1ouMnWCnFHb97pPNIA6MiNG2x4ekekTA5aJtd7q+9BGhP7srFK6Itywcrh2uJ1bn2yFF8QSRWmP7z3BD+ddBdp4y1Sn597ld61zh2G9rF1sct2nYKeWh4Ctm11tvu", "start_date_in_millis": 1541462400000 } }
10,重啟ES,驗證license,檢視步驟2的驗證方法:
[[email protected] elasticsearch]# curl -XGET 'http://192.168.28.10:9200/_xpack/license' { "license" : { "status" : "active", "uid" : "b5dccd00-b476-4b69-8763-cf22fc136822", "type" : "platinum", "issue_date" : "2018-11-06T00:00:00.000Z", "issue_date_in_millis" : 1541462400000, "expiry_date" : "2060-07-02T08:02:03.000Z", "expiry_date_in_millis" : 2855980923000, "max_nodes" : 100, "issued_to" : "li qq (dahe)", "issuer" : "Web Form", "start_date_in_millis" : 1541462400000 } }
注意:如果部署了ES叢集,每個ES節點都應該更新license。