解锁x-pack 8.x白金限制

解锁x-pack白金限制

x-pack只给了30天的试用，可能我们摸清楚Elasticsearch怎么用就不止30天了。所以我们还是主动延长一下x-pack的使用期。
接下来我们演示在8.0.1版本下延长x-pack的试用期限。

获取elastic的源码

首先先去elastic的github仓库获取源码，我们需要以下两个文件：

elasticsearch-8.0.1\x-pack\plugin\core\src\main\java\org\elasticsearch\license\LicenseVerifier.java
elasticsearch-8.0.1\x-pack\plugin\core\src\main\java\org\elasticsearch\xpack\core\XPackBuild.java

修改x-pack源码

首先注释掉LicenseVerifier.java的校验代码：

/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
package org.elasticsearch.license;

import org.apache.lucene.util.BytesRef;
import org.apache.lucene.util.BytesRefIterator;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.core.internal.io.Streams;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentFactory;
import org.elasticsearch.xcontent.XContentType;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;

/**
 * Responsible for verifying signed licenses
 */
public class LicenseVerifier {

    /**
     * verifies the license content with the signature using the packaged
     * public key
     * @param license to verify
     * @return true if valid, false otherwise
     */
    public static boolean verifyLicense(final License license, PublicKey publicKey) {
        /*
		byte[] signedContent = null;
        byte[] publicKeyFingerprint = null;
        try {
            byte[] signatureBytes = Base64.getDecoder().decode(license.signature());
            ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);
            @SuppressWarnings("unused")
            int version = byteBuffer.getInt();
            int magicLen = byteBuffer.getInt();
            byte[] magic = new byte[magicLen];
            byteBuffer.get(magic);
            int hashLen = byteBuffer.getInt();
            publicKeyFingerprint = new byte[hashLen];
            byteBuffer.get(publicKeyFingerprint);
            int signedContentLen = byteBuffer.getInt();
            signedContent = new byte[signedContentLen];
            byteBuffer.get(signedContent);
            XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
            license.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true")));
            Signature rsa = Signature.getInstance("SHA512withRSA");
            rsa.initVerify(publicKey);
            BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();
            BytesRef ref;
            while ((ref = iterator.next()) != null) {
                rsa.update(ref.bytes, ref.offset, ref.length);
            }
            return rsa.verify(signedContent);
        } catch (IOException | NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
            throw new IllegalStateException(e);
        } finally {
            if (signedContent != null) {
                Arrays.fill(signedContent, (byte) 0);
            }
        }
		*/
		return true;
    }

    private static final PublicKey PUBLIC_KEY;

    static {
        try (InputStream is = LicenseVerifier.class.getResourceAsStream("/public.key")) {
            ByteArrayOutputStream out = new ByteArrayOutputStream();
            Streams.copy(is, out);
            PUBLIC_KEY = CryptUtils.readPublicKey(out.toByteArray());
        } catch (IOException e) {
            throw new AssertionError("key file is part of the source and must deserialize correctly", e);
        }
    }

    public static boolean verifyLicense(final License license) {
        //return verifyLicense(license, PUBLIC_KEY);
		return true;
    }
}

然后修改XPackBuild.java

/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
package org.elasticsearch.xpack.core;

import org.elasticsearch.core.PathUtils;
import org.elasticsearch.core.SuppressForbidden;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;

/**
 * Information about the built version of x-pack that is running.
 */
public class XPackBuild {

    public static final XPackBuild CURRENT;

    static {
        final String shortHash;
        final String date;

        Path path = getElasticsearchCodebase();
		/*
        if (path.toString().endsWith(".jar")) {
            try (JarInputStream jar = new JarInputStream(Files.newInputStream(path))) {
                Manifest manifest = jar.getManifest();
                shortHash = manifest.getMainAttributes().getValue("Change");
                date = manifest.getMainAttributes().getValue("Build-Date");
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } else {
            // not running from a jar (unit tests, IDE)
            shortHash = "Unknown";
			date = "Unknown";
        }
		*/
		shortHash = "Unknown";
        date = "Unknown";
        CURRENT = new XPackBuild(shortHash, date);
    }

    /**
     * Returns path to xpack codebase path
     */
    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        } catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }

    private String shortHash;
    private String date;

    XPackBuild(String shortHash, String date) {
        this.shortHash = shortHash;
        this.date = date;
    }

    public String shortHash() {
        return shortHash;
    }

    public String date() {
        return date;
    }
}

编译java文件

• 编译环境：Ubuntu
• Java版本：Openjdk17
• Elasticsearch版本：8.0.1

安装Elasticsearch

安装Elasitcsearch为了提供编译需要的jar包。

1. 下载并安装PGP Key

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

2. 安装Elasticsearch Debain Package

apt-get update && sudo apt-get install elasticsearch

安装java环境

1. 安装openjdk17

$ apt install openjdk-17-jdk

2. 测试是否安装成功

$ java --version
openjdk 17.0.1 2021-10-19
OpenJDK Runtime Environment (build 17.0.1+12-Ubuntu-120.04)
OpenJDK 64-Bit Server VM (build 17.0.1+12-Ubuntu-120.04, mixed mode, sharing)

将java源码编译为class文件

javac -cp "/usr/share/elasticsearch/lib/elasticsearch-8.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-9.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-8.0.1.jar" /root/LicenseVerifier.java
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-8.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-9.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-8.0.1.jar" /root/XPackBuild.java

我们会得到LicenseVerifier.class和XPackBuild.class两个编译好的class文件

修改x-pack-core

文件位置:

/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar

1. 把x-pack-core-8.0.1.jar复制到任意位置，然后解包：

$ jar -xvf x-pack-core-8.0.1.jar

2. 删除当前文件夹下的x-pack-core-8.0.1.jar
3. 覆盖破解好的文件：
   LicenseVerifier.class 路径在 /org/elasticsearch/license/LicenseVerifier.class
XPackBuild.class 路径在 /org/elasticsearch/xpack/core/XPackBuild.class
4. 重新打包x-pack-core-8.0.1.jar

$ jar cvf x-pack-core-8.0.1.jar *

5. 把破解好的文件覆盖到/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar就完成破解。

制作Docker镜像

1. 启动elasticsearch

$ docker run -d -p 9200:9200 --name=elasticsearch -e xpack.security.enabled=false -e discovery.type=single-node elasticsearch:8.0.1

2. 用修改的x-pack-core-8.0.1.jar替换镜像内的原版

$ docker cp .\x-pack-core-8.0.1.jar elasticsearch:/usr/share/elasticsearch/modules/x-pack-core

3. 修改镜像内文件的权限
   首先以root用户进入容器

$ docker exec -it -u root elasticsearch /bin/bash

然后修改x-pack-core-8.0.1.jar的权限

$ cd /usr/share/elasticsearch/modules/x-pack-core
$ chmod -R 444 x-pack-core-8.0.1.jar
$ chown -R root x-pack-core-8.0.1.jar
$ chgrp -R root x-pack-core-8.0.1.jar
$ exit

4. 重启容器

$ docker restart elasticsearch

5. 生成镜像

$ docker commit elasticsearch elasticsearch:8.0.1C

使用elasticsearch:8.0.1C这个镜像再导入证书就可以直接激活白金权限了
6. 导出/导入镜像

# 导出镜像为tar文件
$ docker save -o elastic.tar elasticsearch：8.0.1C
# 导入tar镜像
$ docker load -i elastic.tar

激活白金授权

申请Basic License

到这个网址申请授权，我们会得到一个license.json。文件内容大概是下面这个样子

{
    "license": {
        "uid": "13370dd7-23e4-4470-ad2a-ccacb620f60a",
        "type": "basic",
        "issue_date_in_millis": 1563235200000,
        "expiry_date_in_millis": 2207746200000,
        "max_nodes": 10000,
        "issued_to": "netpro",
        "issuer": "Web Form",
        "signature": "AAAAAwAAAA3uiNJR7B8rdgnwFZItAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCyhef7hVFMq4orIbwULz0c1dX+Ng4sva5RTmWxKYLnJAyXmMRLp2Pvk9YE5G9JoI4gaSB4mIUtVyPzNGJpHLQCPS/kQ8y0B+mc0aXbBKZgbDTqE6p9E+kk1j8myN9GU+JR8QnYd8GiP4ziBUc2zOyx4hskiGE++Kx1KbD4862GbZwLCo9pIIHoxnpt44OytDB9lb7rYr2JBwc07flaR8ndkHlOL7AhuV2OMwDNw978l4OK/O4qxdthxc/XVo6l03IkVoy17coeJ9Oi4YIpOBXrIAYRgjPa68SvnnM8Ykb0KvNvJ7Y8GJ7x+l2q5qMu8QrBeJQ6U0fH/2ATgUy9EiwA",
        "start_date_in_millis": 1563235200000
    }
}
### 修改授权类型和过期时间

我们需要修改license.json的以下内容：

• 修改type为platinum
• 修改expiry_date_in_millis为2524579200999(过期时间为2050年)

导入授权

这里我们直接用别人修改好的授权文件license.json

{
    "license": {
        "uid": "13370dd7-23e4-4470-ad2a-ccacb620f60a",
        "type": "platinum",
        "issue_date_in_millis": 1563235200000,
        "expiry_date_in_millis": 3207746200000,
        "max_nodes": 10000,
        "issued_to": "bibi",
        "issuer": "Web Form",
        "signature": "AAAAAwAAAA3uiNJR7B8rdgnwFZItAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCyhef7hVFMq4orIbwULz0c1dX+Ng4sva5RTmWxKYLnJAyXmMRLp2Pvk9YE5G9JoI4gaSB4mIUtVyPzNGJpHLQCPS/kQ8y0B+mc0aXbBKZgbDTqE6p9E+kk1j8myN9GU+JR8QnYd8GiP4ziBUc2zOyx4hskiGE++Kx1KbD4862GbZwLCo9pIIHoxnpt44OytDB9lb7rYr2JBwc07flaR8ndkHlOL7AhuV2OMwDNw978l4OK/O4qxdthxc/XVo6l03IkVoy17coeJ9Oi4YIpOBXrIAYRgjPa68SvnnM8Ykb0KvNvJ7Y8GJ7x+l2q5qMu8QrBeJQ6U0fH/2ATgUy9EiwA",
        "start_date_in_millis": 1563235200000
    }
}

导入授权：

curl -XPUT -u elastic 'http://192.168.0.106:9200/_license' -H "Content-Type: application/json" -d @license.json

在kibana里能看到授权成功文章来源地址https://www.toymoban.com/news/detail-403745.html

到了这里，关于解锁x-pack 8.x白金限制的文章就介绍完了。如果您还想了解更多内容，请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章，希望大家以后多多支持TOY模板网！