Skip to main content
Version: 6.12.0

Elasticsearch Installation

Installation

We recommend downloading / installing through the relevant package management tool, example below.

Elasticsearch runs with its own bundled JDK and there is no requirement on the user to install Java specifically to run Elasticsearch.

Further Elasticsearch documentation can be found online at https://www.elastic.co/guide/en/elasticsearch/reference/current/setup.html (be sure to switch to the documentation for the correct version).

RHEL Installation

  1. Download package

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.2-x86_64.rpm

  2. Verify package signature (optional)

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.2-x86_64.rpm.sha512
    sha512sum -c elasticsearch-8.8.2-x86_64.rpm.sha512

  3. Install package

    sudo rpm --install elasticsearch-8.8.2-x86_64.rpm

  4. Reload systemd daemon

    sudo systemctl daemon-reload

  5. Start service on boot

    sudo systemctl enable elasticsearch.service

Ubuntu Installation

  1. Download package

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.2-amd64.deb

  2. Verify package signature (optional)

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.2-amd64.deb.sha512
    shasum -a 512 -c elasticsearch-8.8.2-amd64.deb.sha512

  3. Install package

    sudo dpkg -i elasticsearch-8.8.2-amd64.deb

  4. Reload systemd daemon

    sudo systemctl daemon-reload

  5. Start service on boot

    sudo systemctl enable elasticsearch.service

Configuration

For package distributions the Elasticsearch configuration files can be found in /etc/elasticsearch

Network Settings

By default, Elasticsearch is only accessible on localhost. To enable connections from any host, edit elasticsearch.yml configuration file, adding:

network.host: 0.0.0.0

Cluster Settings

For a simple one-node cluster, edit elasticsearch.yml configuration file, adding:

discovery.type: single-node

and commenting out or deleting:

#cluster.initial_master_nodes: ["..."]

Security Settings

Disable the xpack security, edit elasticsearch.yml configuration file, changing the following property to false:

xpack.security.enabled: false

See the Securing Elasticsearch section for enabling security.

Memory Settings

By default Elasticsearch will reserve 50% of the system memory. That is the recommended configuration if Elasticsearch is running as a service on a dedicated server.

However if Elasticsearch is running on the same server as the Portal Dedicated, Elasticsearch should be allocated 25% of the system memory.

To do this create a new file to configure the JVM settings:

sudo vi /etc/elasticsearch/jvm.options.d/jvm.options

with content:

-Xms2G
-Xmx2G

Note: This assumes a system with 8GB of memory. Adjust the 2G value to be 25% of the system memory.

Starting/stopping Elasticsearch

This assumes that Elasticsearch was installed as a systemd service, as described above.

Starting Elasticsearch

sudo systemctl start elasticsearch

Elasticsearch status

sudo systemctl status elasticsearch

Stopping Elasticsearch

sudo systemctl stop elasticsearch

Checking that Elasticsearch is running

You can verify Elasticsearch is running by sending a HTTP request to port 9200 on localhost. The server should also be accessible from the Portal Dedicated server and every Agent server.

curl http://localhost:9200

Which will produce a response similar to:

{
  "name": "osboxes",
  "cluster_name": "elasticsearch",
  "cluster_uuid": "Xw6o7k7LQdaHhh4T_KIUFg",
  "version": {
    "number": "8.8.2",
    "build_flavor": "default",
    "build_type": "deb",
    "build_hash": "98e1271edf932a480e4262a471281f1ee295ce6b",
    "build_date": "2023-06-26T05:16:16.196344851Z",
    "build_snapshot": false,
    "lucene_version": "9.6.0",
    "minimum_wire_compatibility_version": "7.17.0",
    "minimum_index_compatibility_version": "7.0.0"
  },
  "tagline": "You Know, for Search"
}

Customizing Elasticsearch data, log and tmp locations

warning

Perform these steps during initial installation before creating any Elasticsearch indices. If indices already exist, simply copying the data directory will not work correctly because Elasticsearch maintains internal references to the absolute data path.

In order to use different locations for Elasticsearch data, log and tmp locations other than the default Elasticsearch recommendations, these are the steps to follow(/waratek is the preferred location here):

  1. Stop Elasticsearch service
sudo systemctl stop elasticsearch
  1. Create the new directories and set permissions
sudo mkdir -p /waratek/{log,lib}
sudo chmod 777 /waratek/log /waratek/lib
sudo chown elasticsearch:elasticsearch /waratek/log /waratek/lib
sudo cp -r --preserve=all /var/log/elasticsearch /waratek/log
sudo cp -r --preserve=all /var/lib/elasticsearch /waratek/lib
  1. Edit /etc/elasticsearch/elasticsearch.yml to change both the log and data paths and update the following properties:
path.data: /waratek/lib/elasticsearch
path.logs: /waratek/log/elasticsearch
  1. Update garbage collection log paths in /etc/elasticsearch/jvm.options. Look for lines containing gc.log and update them to reference /waratek/log/elasticsearch/gc.log.
  2. Create the tmp directory for Elasticsearch to use the custom tmp location with appropriate permissions:
sudo mkdir -p /waratek/tmp
sudo chmod 755 /waratek/tmp
sudo chown elasticsearch:elasticsearch /waratek/tmp
  1. Configure Elasticsearch to use the custom tmp location. Edit /etc/elasticsearch/jvm.options and add:
-Djava.io.tmpdir=/waratek/tmp

Alternatively, use a systemd override:

sudo systemctl edit elasticsearch

Add the following line:

[Service]
Environment=ES_TMPDIR=/waratek/tmp
  1. Start Elasticsearch service
sudo systemctl start elasticsearch