如何永久使用 ELK 白金段位

为啥要上白金段位

因为有些高级功能只有白金段位才会有，虽然一开始有30天的试用，但30天不够啊

如果不知道 ELK 是干啥的可以看看这个 搭建 ELK 7.x 日志分析平台

开始爆破，上白金

# 先把 x-pack 拷贝出来
sudo cp /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.0.1.jar ./
# 解压到x-pack-core目录
unzip x-pack-core-7.0.1.jar -d x-pack-core

下面我们需要一个 java 反编译工具，建议使用luyten（本人用过jd-gui和jad反编出来都有问题），找到 org/elasticsearch/license/LicenseVerifier.class 和 org/elasticsearch/xpack/core/XPackBuild.class

反编译得到 LicenseVerifier.java 后，将里面的verifyLicense和verifyLicense方法改为如下内容，让许可的验证都返回true

package org.elasticsearch.license;

import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
        return true;
    }
    
    public static boolean verifyLicense(final License license) {
        return true;
    }
}

反编译得到 XPackBuild.java 后，将里面的 if (path.toString().endsWith(".jar")) 那段语句注释或者删除掉，让程序检测不到jar包被修改过。

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;
    
    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }
    
    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }
    
    public String shortHash() {
        return this.shortHash;
    }
    
    public String date() {
        return this.date;
    }
    
    static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0109: {
            // if (path.toString().endsWith(".jar")) {
            //     try {
            //         final JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0]));
            //         try {
            //             final Manifest manifest = jar.getManifest();
            //             shortHash = manifest.getMainAttributes().getValue("Change");
            //             date = manifest.getMainAttributes().getValue("Build-Date");
            //             jar.close();
            //         }
            //         catch (Throwable t) {
            //             try {
            //                 jar.close();
            //             }
            //             catch (Throwable t2) {
            //                 t.addSuppressed(t2);
            //             }
            //             throw t;
            //         }
            //         break Label_0109;
            //     }
            //     catch (IOException e) {
            //         throw new RuntimeException(e);
            //     }
            // }
            shortHash = "Unknown";
            date = "Unknown";
        }
        CURRENT = new XPackBuild(shortHash, date);
    }
}

注意不要直接复制这些代码，修改仅供参考，有可能其他版本的代码会有点不一样，所以代码参考去改就好了

修改完后，把 LicenseVerifier.java 和 XPackBuild.java 重新编译

javac -cp "/usr/share/elasticsearch/lib/elasticsearch-7.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-8.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-7.0.1.jar" LicenseVerifier.java

javac -cp "/usr/share/elasticsearch/lib/elasticsearch-7.0.1.jar:/usr/share/elasticsearch/lib/lucene-core-8.0.0.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.0.1.jar:/usr/share/elasticsearch/lib/elasticsearch-core-7.0.1.jar" XPackBuild.java

注意编译需要依赖这些包，所以请根据自己安装的版本去选择这包

编译完成后，将得到的 LicenseVerifier.class 和 XPackBuild.class 覆盖到 org/elasticsearch/license/LicenseVerifier.class 和 org/elasticsearch/xpack/core/XPackBuild.class

最后重新打包jar

cd x-pack-core
# 打包当前目录
jar -cvf x-pack-core-7.0.1.jar ./

# 打包好之后 覆盖原来的jar包
sudo cp x-pack-core-7.0.1.jar /usr/share/elasticsearch/modules/x-pack-core/
# 重启
sudo service elasticsearch restart

去注册一个免费一年的License https://license.elastic.co/registration，注册完成后会给你发送下载地址

下载之后你会得到一个json文件

{
    "license": {
        "uid": "~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
        "type": "basic",
        "issue_date_in_millis": 1557705600000,
        "expiry_date_in_millis": 1589414399999,
        "max_nodes": 100,
        "issued_to": "~~~~~~~~~~~",
        "issuer": "Web Form",
        "signature": "~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
        "start_date_in_millis": 1557705600000
    }
}

• 将type的参数改为platinum(即：‘白金版’)
• 将expiry_date_in_millis 的参数改成你想要的过期时间（这里用的是毫秒）可以改为4070883661000过期时间都是到2099年~~~
• 其他参数尽量不要改

{
    "license": {
        "uid": "~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
        "type": "platinum",
        "issue_date_in_millis": 1557705600000,
        "expiry_date_in_millis": 4070883661000,
        "max_nodes": 100,
        "issued_to": "~~~~~~~~~~~",
        "issuer": "Web Form",
        "signature": "~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
        "start_date_in_millis": 1557705600000
    }
}

修改 /etc/elasticsearch/elasticsearch.yml 暂时先关闭 xpack (记得重启elasticsearch)

xpack.security.enabled: false

在 kibana 中 管理 → 许可管理 → 更新许可

修改 /etc/elasticsearch/elasticsearch.yml 重新打开 xpack (记得重启elasticsearch)

xpack.security.enabled: true

更新后显示这样就ok了