Elasticsearch6.3.2之x-pack

2022-08-12 21:15:51 浏览数 (3)

问题

代码语言:javascript复制
我们之前搭建的elk日志分析平台,使用es来做本博客首页的全文搜索功能,都体会到了es的强大。 
但是我们发现有一个致命的问题,就是当我们将es的设置成任何机器都可以访问的时候, 
就会出现安全问题(network.host: 0.0.0.0),网络上不缺乏使用es,数据被劫持,库被删的案例, 
所以我们要给es加上认证。 

方案

代码语言:javascript复制
给es加上认证一般来说有 
(1)nginx (这里就不弄了) 
https://mp.weixin.qq.com/s/EMWyHkMRGH1xGl9_E0Bo_g 
(2)使用x-pack插件 

使用x-pack

代码语言:javascript复制
es6.以上的版本都已经内置x-pack,不需要我们在手动安装 
x-pack是需要收费的,有30天的试用期(所以我们要破解) 
(1)开启试用 
curl -H "Content-Type:application/json" -XPOST http://localhost:9200/_xpack/license/start_trial?acknowledge=true 
如果不先开启试用到后面设置账号密码的时候会报错 
Unexpected response code [403] from calling GET http://127.0.0.1:9200/_xpack/security/_authenticate?pretty 
It doesn't look like the X-Pack security feature is available on this Elasticsearch node. 
Please check if you have installed a license that allows access to X-Pack Security feature. 
ERROR: X-Pack Security is not available. 
(2)创建LicenseVerifier.java 内容见下面,创建一个目录临时存放 
(3)创建XPackBuild.java 内容见下面,创建一个目录临时存放 
(4)分别编译 LicenseVerifier.java和XPackBuild.java 
javac -cp "/usr/local/elasticsearch-6.3.2/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch-6.3.2/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar" /root/xpack/LicenseVerifier.java 
javac -cp "/usr/local/elasticsearch-6.3.2/lib/elasticsearch-6.3.2.jar:/usr/local/elasticsearch-6.3.2/lib/lucene-core-7.3.1.jar:/usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar:/usr/local/elasticsearch-6.3.2/lib/elasticsearch-core-6.3.2.jar" XPackBuild.java 
编译完成后会生成LicenseVerifier.class和XPackBuild.class两个文件 
(5)覆盖之前的jar文件 
cd /root/xpack 
mkdir temp 
cp /usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar /root/temp/ 
cd temp 
jar -xf x-pack-core-6.3.2.jar 
cp ../LicenseVerifier.class org/elasticsearch/license/ 
cp ../XPackBuild.class org/elasticsearch/xpack/core/ 
rm x-pack-core-6.3.2.jar 
jar -cvf x-pack-core-6.3.2.jar * 
#覆盖之前的jar包 
cp x-pack-core-6.3.2.jar /usr/local/elasticsearch-6.3.2/modules/x-pack/x-pack-core/ 
(6)修改elasticsearch.yml配置文件,开启安全认证 
xpack.security.enabled: true #新增 
(7)生成用户名和密码 
cd /usr/local/elasticsearch/bin 
#自动生成(二选一) 
./elasticsearch-setup-passwords auto 
#手动生成(二选一) 
./elasticsearch-setup-passwords interactive 
手动生成会要求你输入elastic logstash kibanna等密码 
(8)重启es 
(9)kibanna要访问es要设置密码 同理logstash 也要 
vim kibana.yml 
elasticsearch.username: elastic 
elasticsearch.password: 123456789 
(10)启动kibana 
经过以上步骤我们已经差不多了,还有一步就是申请license,并破解,现在我们先看 
看这个时候es有什么差别 

访问kibana

直接在浏览器访问

使用postman访问(需要验证)

验证的话可以通过访问 http://54288.top:9200/获取Authorization

将获取的Authorization放在header里面即可

使用curl访问

代码语言:javascript复制
curl --user elastic: -XGET 'localhost:9200/blog/_search' 

使用java访问(参考手册)

代码语言:javascript复制
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); 
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "123456789"));//账号密码 
RestClientBuilder restClient = RestClient.builder( 
new HttpHost("54288.top", 9200, "http")); 
restClient.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() { 
@Override 
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) { 
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); 
} 
}); 
RestHighLevelClient client = new RestHighLevelClient(restClient); 
接下来我们来进行最后一步,申请license和破解 
查看当前license的状态信息 
[root@iZwz9278r1bks3b80puk6fZ ~]# curl -XGET -u elastic:123456789 'http://54288.top:9200/_license' 
{ 
"license" : { 
"status" : "active", 
"uid" : "957dd00d-c4cd-4eab-8b68-93775dc46ba7", 
"type" : "trial", 
"issue_date" : "2019-09-24T01:08:00.633Z", 
"issue_date_in_millis" : 1569287280633, 
"expiry_date" : "2019-10-24T01:08:00.633Z", 
"expiry_date_in_millis" : 1571879280633, 
"max_nodes" : 1000, 
"issued_to" : "elasticsearch", 
"issuer" : "elasticsearch", 
"start_date_in_millis" : -1 
} 
} 
上面type 说明现在试用,并且expiry_date告诉我们一个月后过期,max_nodes说明集群节点最多1000 
我们去官网申请一个license 
https://license.elastic.co/registration 
国家选china,邮箱不能乱写,其他可以随便,注册完登陆邮箱下载license 
d-f906c082-4565-4632-9f4b-e9c10bae0f74-v5.json 
{ 
"license": { 
"uid": "f906c082-4565-4632-9f4b-e9c10bae0f74", 
"type": "basic", 
"issue_date_in_millis": 1569283200000, 
"expiry_date_in_millis": 1600991999999, 
"max_nodes": 100, 
"issued_to": "? ?D (?D)", 
"issuer": "Web Form", 
"signature": "AAAAAwAAAA1YlPDg26Zo5FsSGbezAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBXdPOIHXQIlgK4ZgKzu223UNmUoLIr1L8HcS08g2ImPWyYTUl1KnchVdwpq4m7E3gRZJ2ndL9dYwAp33qal2fbIxZ6pvIHBzbm1msBrAjeELHBUGVCfFnOSgVV8fPetIKo79lnY66OxPpNEEQeigLDvEYG/8Ye12wJsbFOZqBkyVKLyXdoWXsGiKyviSE8M2aLSS8kFbirMliLkNt3AGlLFJ9HntxYfs5Ag2JVR6GoPoo9t60gIpQNIZJk1JxH8uiJeb3Z1cOjixVsJnxm33Dly8Ubtw2rbLnNa1UVrGzquthxYDhh JRtIi4mbjS0jEXrvlfGnQk VM5U7bCkAm2j", 
"start_date_in_millis": 1569283200000 
} 
} 
修改"type": "platinum",变成白金版 
修改elasticsearch.yml配置文件先关闭 xpack.security.enabled: false 不然报错如下图 
通过kibanna Management--License Management 上传修改过后的license 成功激活如下图 
我们可以看到下面的图激活成功了,但是1年就过期了,, 
我们可以修改license的过期时间,或者快过期了重新申请license 
"expiry_date_in_millis": 1600991999999, 
到期时间1600991999999 时间戳转成日期2020-09-25 07:59:59 
我们可以改成2547615064000 转成日期2050-09-24 14:51:04 
修改elasticsearch.yml配置文件 
开启 
xpack.security.enabled: true 
xpack.security.transport.ssl.enabled: true(不加这个会启动失败,日 
志有明确说要加这句话,并且kibanna不能输入账号密码) 

0 人点赞