解锁x-pack 8.x白金限制
解锁x-pack白金限制x-pack只给了30天的试用,可能我们摸清楚Elasticsearch怎么用就不止30天了。所以我们还是主动延长一下x-pack的使用期。接下来我们演示在8.0.1版本下延长x-pack的试用期限。获取elastic的源码首先先去elastic的github仓库获取源码,我们需要以下两个文件:elasticsearch-8.0.1\x-pack\plugin\core\s
·
解锁x-pack白金限制
x-pack只给了30天的试用,可能我们摸清楚Elasticsearch怎么用就不止30天了。所以我们还是主动延长一下x-pack的使用期。
接下来我们演示在8.0.1版本下延长x-pack的试用期限。
获取elastic的源码
首先先去elastic的github仓库获取源码,我们需要以下两个文件:
elasticsearch-8.0.1\x-pack\plugin\core\src\main\java\org\elasticsearch\license\LicenseVerifier.java
elasticsearch-8.0.1\x-pack\plugin\core\src\main\java\org\elasticsearch\xpack\core\XPackBuild.java
修改x-pack源码
首先注释掉LicenseVerifier.java的校验代码:
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
package org.elasticsearch.license;
import org.apache.lucene.util.BytesRef;
import org.apache.lucene.util.BytesRefIterator;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.core.internal.io.Streams;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentFactory;
import org.elasticsearch.xcontent.XContentType;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
/**
* Responsible for verifying signed licenses
*/
public class LicenseVerifier {
/**
* verifies the license content with the signature using the packaged
* public key
* @param license to verify
* @return true if valid, false otherwise
*/
public static boolean verifyLicense(final License license, PublicKey publicKey) {
/*
byte[] signedContent = null;
byte[] publicKeyFingerprint = null;
try {
byte[] signatureBytes = Base64.getDecoder().decode(license.signature());
ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);
@SuppressWarnings("unused")
int version = byteBuffer.getInt();
int magicLen = byteBuffer.getInt();
byte[] magic = new byte[magicLen];
byteBuffer.get(magic);
int hashLen = byteBuffer.getInt();
publicKeyFingerprint = new byte[hashLen];
byteBuffer.get(publicKeyFingerprint);
int signedContentLen = byteBuffer.getInt();
signedContent = new byte[signedContentLen];
byteBuffer.get(signedContent);
XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
license.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true")));
Signature rsa = Signature.getInstance("SHA512withRSA");
rsa.initVerify(publicKey);
BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();
BytesRef ref;
while ((ref = iterator.next()) != null) {
rsa.update(ref.bytes, ref.offset, ref.length);
}
return rsa.verify(signedContent);
} catch (IOException | NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
throw new IllegalStateException(e);
} finally {
if (signedContent != null) {
Arrays.fill(signedContent, (byte) 0);
}
}
*/
return true;
}
private static final PublicKey PUBLIC_KEY;
static {
try (InputStream is = LicenseVerifier.class.getResourceAsStream("/public.key")) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, out);
PUBLIC_KEY = CryptUtils.readPublicKey(out.toByteArray());
} catch (IOException e) {
throw new AssertionError("key file is part of the source and must deserialize correctly", e);
}
}
public static boolean verifyLicense(final License license) {
//return verifyLicense(license, PUBLIC_KEY);
return true;
}
}
然后修改XPackBuild.java
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
package org.elasticsearch.xpack.core;
import org.elasticsearch.core.PathUtils;
import org.elasticsearch.core.SuppressForbidden;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
/**
* Information about the built version of x-pack that is running.
*/
public class XPackBuild {
public static final XPackBuild CURRENT;
static {
final String shortHash;
final String date;
Path path = getElasticsearchCodebase();
/*
if (path.toString().endsWith(".jar")) {
try (JarInputStream jar = new JarInputStream(Files.newInputStream(path))) {
Manifest manifest = jar.getManifest();
shortHash = manifest.getMainAttributes().getValue("Change");
date = manifest.getMainAttributes().getValue("Build-Date");
} catch (IOException e) {
throw new RuntimeException(e);
}
} else {
// not running from a jar (unit tests, IDE)
shortHash = "Unknown";
date = "Unknown";
}
*/
shortHash = "Unknown";
date = "Unknown";
CURRENT = new XPackBuild(shortHash, date);
}
/**
* Returns path to xpack codebase path
*/
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
private String shortHash;
private String date;
XPackBuild(String shortHash, String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return shortHash;
}
public String date() {
return date;
}
}
编译java文件
- 编译环境:Ubuntu
- Java版本:Openjdk17
- Elasticsearch版本:8.0.1
安装Elasticsearch
安装Elasitcsearch为了提供编译需要的jar包。
- 下载并安装PGP Key
$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
- 安装Elasticsearch Debain Package
apt-get update && sudo apt-get install elasticsearch
安装java环境
- 安装
openjdk17
$ apt install openjdk-17-jdk
- 测试是否安装成功
$ java --version
openjdk 17.0.1 2021-10-19
OpenJDK Runtime Environment (build 17.0.1+12-Ubuntu-120.04)
OpenJDK 64-Bit Server VM (build 17.0.1+12-Ubuntu-120.04, mixed mode, sharing)
将java源码编译为class文件
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-8.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-9.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-8.0.1.jar" /root/LicenseVerifier.java
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-8.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-9.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-8.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-8.0.1.jar" /root/XPackBuild.java
我们会得到LicenseVerifier.class和XPackBuild.class两个编译好的class文件
修改x-pack-core
文件位置:
/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar
- 把
x-pack-core-8.0.1.jar复制到任意位置,然后解包:
$ jar -xvf x-pack-core-8.0.1.jar
- 删除当前文件夹下的
x-pack-core-8.0.1.jar - 覆盖破解好的文件:
LicenseVerifier.class路径在/org/elasticsearch/license/LicenseVerifier.class
XPackBuild.class路径在/org/elasticsearch/xpack/core/XPackBuild.class - 重新打包
x-pack-core-8.0.1.jar
$ jar cvf x-pack-core-8.0.1.jar *
- 把破解好的文件覆盖到
/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.0.1.jar就完成破解。
制作Docker镜像
- 启动elasticsearch
$ docker run -d -p 9200:9200 --name=elasticsearch -e xpack.security.enabled=false -e discovery.type=single-node elasticsearch:8.0.1
- 用修改的
x-pack-core-8.0.1.jar替换镜像内的原版
$ docker cp .\x-pack-core-8.0.1.jar elasticsearch:/usr/share/elasticsearch/modules/x-pack-core
- 修改镜像内文件的权限
首先以root用户进入容器
$ docker exec -it -u root elasticsearch /bin/bash
然后修改x-pack-core-8.0.1.jar的权限
$ cd /usr/share/elasticsearch/modules/x-pack-core
$ chmod -R 444 x-pack-core-8.0.1.jar
$ chown -R root x-pack-core-8.0.1.jar
$ chgrp -R root x-pack-core-8.0.1.jar
$ exit
- 重启容器
$ docker restart elasticsearch
- 生成镜像
$ docker commit elasticsearch elasticsearch:8.0.1C
使用elasticsearch:8.0.1C这个镜像再导入证书就可以直接激活白金权限了
6. 导出/导入镜像
# 导出镜像为tar文件
$ docker save -o elastic.tar elasticsearch:8.0.1C
# 导入tar镜像
$ docker load -i elastic.tar
激活白金授权
申请Basic License
到这个网址申请授权,我们会得到一个license.json。文件内容大概是下面这个样子
{
"license": {
"uid": "13370dd7-23e4-4470-ad2a-ccacb620f60a",
"type": "basic",
"issue_date_in_millis": 1563235200000,
"expiry_date_in_millis": 2207746200000,
"max_nodes": 10000,
"issued_to": "netpro",
"issuer": "Web Form",
"signature": "AAAAAwAAAA3uiNJR7B8rdgnwFZItAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCyhef7hVFMq4orIbwULz0c1dX+Ng4sva5RTmWxKYLnJAyXmMRLp2Pvk9YE5G9JoI4gaSB4mIUtVyPzNGJpHLQCPS/kQ8y0B+mc0aXbBKZgbDTqE6p9E+kk1j8myN9GU+JR8QnYd8GiP4ziBUc2zOyx4hskiGE++Kx1KbD4862GbZwLCo9pIIHoxnpt44OytDB9lb7rYr2JBwc07flaR8ndkHlOL7AhuV2OMwDNw978l4OK/O4qxdthxc/XVo6l03IkVoy17coeJ9Oi4YIpOBXrIAYRgjPa68SvnnM8Ykb0KvNvJ7Y8GJ7x+l2q5qMu8QrBeJQ6U0fH/2ATgUy9EiwA",
"start_date_in_millis": 1563235200000
}
}
### 修改授权类型和过期时间
我们需要修改license.json的以下内容:
- 修改
type为platinum - 修改
expiry_date_in_millis为2524579200999(过期时间为2050年)
导入授权
这里我们直接用别人修改好的授权文件license.json
{
"license": {
"uid": "13370dd7-23e4-4470-ad2a-ccacb620f60a",
"type": "platinum",
"issue_date_in_millis": 1563235200000,
"expiry_date_in_millis": 3207746200000,
"max_nodes": 10000,
"issued_to": "bibi",
"issuer": "Web Form",
"signature": "AAAAAwAAAA3uiNJR7B8rdgnwFZItAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCyhef7hVFMq4orIbwULz0c1dX+Ng4sva5RTmWxKYLnJAyXmMRLp2Pvk9YE5G9JoI4gaSB4mIUtVyPzNGJpHLQCPS/kQ8y0B+mc0aXbBKZgbDTqE6p9E+kk1j8myN9GU+JR8QnYd8GiP4ziBUc2zOyx4hskiGE++Kx1KbD4862GbZwLCo9pIIHoxnpt44OytDB9lb7rYr2JBwc07flaR8ndkHlOL7AhuV2OMwDNw978l4OK/O4qxdthxc/XVo6l03IkVoy17coeJ9Oi4YIpOBXrIAYRgjPa68SvnnM8Ykb0KvNvJ7Y8GJ7x+l2q5qMu8QrBeJQ6U0fH/2ATgUy9EiwA",
"start_date_in_millis": 1563235200000
}
}
导入授权:
curl -XPUT -u elastic 'http://192.168.0.106:9200/_license' -H "Content-Type: application/json" -d @license.json
在kibana里能看到授权成功
为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。
更多推荐
1
0- 0
已为社区贡献1条内容
所有评论(0)