Elasticsearch 6.4.2 X-Pack破解及安装教程
Elastic宣布xpack开源,自6.3版本起,所有的es产品直接集成xpack,无需单独安装,但是依然需要不同级别的license来激活不同的功能
[TOC]
安装X-Pack
正常安装elasticsearch的6.2以上(不包含6.2)版本,安装完成后直接已经集成xpack所有功能,无需单独安装xpack,本文中以通过elastic官方apt源直接安装6.4.2版本为例
破解X-Pack
提取源码
在官网下载elasticsearch-6.4.2的linux版tar.gz包并解压到工作目录
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.2.tar.gz
在以下位置找到要操作的jar包
./elasticsearch/modules/x-pack-core/x-pack-core-6.4.2.jar
使用luyten工具对jar包进行反编译
luyten的git项目地址为: https://github.com/deathmarine/Luyten
打开jar包后找到两个class文件,分别为
org.elasticsearch.license.LicenseVerifier.class
org.elasticsearch.xpack.core.XPackBuild.class
创建工作目录,如/tmp/crack-xpack
将反编译后的java代码保存到工作目录中,创建同名.java文件
LicenseVerifier.java
XPackBuild.java
修改代码
LicenseVerifier.java中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回true 此外还需要删除一行依赖import org.elasticsearch.common.bytes.*;
package org.elasticsearch.license;
import java.nio.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
XPackBuild.java中最后一个静态代码块中的try部分全部删除,这部分会验证jar包是否被修改
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: {
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
编译
编译需要引入elasticsearch-6.4.2中lib目录下的jar包以及x-pack-core-6.4.2.jar本身
操作完成后执行以下命令进行将.java文件编译为.class文件
javac -cp ".:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/lucene-core-7.4.0.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-core-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-cli-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/modules/x-pack-core/x-pack-core-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-x-content-6.4.2.jar" LicenseVerifier.java XPackBuild.java
or #如果使用yum安装使用如下命令
javac -cp ".:/usr/share/elasticsearch/lib/elasticsearch-6.5.1.jar:/usr/share/elasticsearch/lib/lucene-core-7.5.0.jar:/usr/share/elasticsearch/lib/elasticsearch-core-6.5.1.jar:/usr/share/elasticsearch/lib/elasticsearch-cli-6.5.1.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-6.5.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-6.5.1.jar" LicenseVerifier.java XPackBuild.java
编译完成后,将得到的.class文件打包回x-pack-core-6.4.2.jar中
mkdir -p org/elasticsearch/license/
cp LicenseVerifier.class org/elasticsearch/license/
mkdir -p org/elasticsearch/xpack/core/
cp XPackBuild.class org/elasticsearch/xpack/core/
# cp /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-6.5.1.jar .
jar uvf elasticsearch-6.4.2/modules/x-pack-core/x-pack-core-6.4.2.jar org/elasticsearch/license/LicenseVerifier.class org/elasticsearch/xpack/core/XPackBuild.class
执行完毕后,elasticsearch-6.4.2/modules/x-pack-core/x-pack-core-6.4.2.jar即为破解的新包,此时可以再次使用luyten工具进行检查
安装
将破解好的x-pack-core-6.4.2.jar原路径替换到elasticsearch集群的每个节点中,重启集群中的每个接点上的服务
导入license
首先确认xpack.security功能为关闭状态 检查elasticsearch.yml中是否存在以下配置
xpack.security.enabled: false
将此选项设为false后重启集群既可关闭xpack.security功能
在任意一台client节点中,创建license.json文件,
{"license":{"uid":"c6570128-85c2-4f72-8d8f-b1425455b9ee","type":"platinum","issue_date_in_millis":1515369600000,"expiry_date_in_millis":2524579200999,"max_nodes":10000,"issued_to":"elastic","issuer":"elastic","signature":"AAAAAwAAAA07qIy5rp9i1qa5VS3vAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBXa2fLJmNxlfTsXWcKjk1Z7JdZF3wQmJwOTgVR306TV8IwvielPKIrF99El/ie0oaJqbMzH6Khz+aR4ugNc21j+AxK9PTJ6PupE4VYb4auHFGmwHJ9cst96xD4wH77XlSGkTKhm31ZwCQvL/j3+Qjr+PtGOPeiZM5F99AuLLNmYhHZLFHO+fI5feBWwppCVjFvygJf5jMsvbJQQwsGxjX26+PUy12+0eHD1wJWDfrTgaIQ//AaVxvv+bkwBWxgCvJcC7PLrHKdNgkuggU2+G2EXLqJX6stJAoH8R1NA0JAA5yDzdB8M4+shlgDckbcAdUsV6rjUlQwzjbsK/BPHY9A","start_date_in_millis":1515369600000}}
执行以下命令导入lisense
curl -XPUT -u elastic 'http://127.0.0.1:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
如果返回vaild,破解完成