Everyday Answers

    elastic/elasticsearch: Complete Installation, Run, and…

    Close-up of ripe grapes hanging on a vine in a sunny vineyard, perfect for wine production.

    Written by

    golosov070

    in

    Clean, Step-by-Step Elasticsearch Installation (No Guesswork)

    Prerequisites

    Ensure you have the following before you begin: Java 17+, curl, sudo access, and adequate RAM.

    Native Installation (Debian/Ubuntu)

    For Debian/Ubuntu systems, follow these steps:

    • Import the GPG key.
    • Add the Elastic APT source.
    • Run apt-get update.
    • Install Elasticsearch using apt-get install elasticsearch.

    Native Installation (RHEL/CentOS/Fedora)

    For RHEL-based systems (CentOS, Fedora), follow these steps:

    • Enable the Elastic YUM/DNF repository.
    • Install Elasticsearch using the package manager.

    Development Defaults (elasticsearch.yml)

    For development environments, configure your elasticsearch.yml file with the following settings:

    • cluster.name: Set a name for your cluster.
    • node.name: Assign a name to your node.
    • network.host: Set to 127.0.0.1 for local access.
    • http.port: Default is 9200.
    • discovery.type: Set to single-node for development.

    Memory and JVM Settings

    For optimal performance, especially on systems with 8GB+ RAM, set ES_HEAP_SIZE (or ES_JAVA_OPTS) to 4g. In production, avoid allocating more than half of the host’s RAM to the JVM.

    Enabling and Starting the Service

    After configuration, enable and start the Elasticsearch service:

    
systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch

    Verification

    Verify the installation and status of your Elasticsearch instance:

    
curl -u elastic:password -X GET http://localhost:9200/
curl -f http://localhost:9200/_cat/health?h=cluster_name,status,number_of_nodes

    Security Setup (Post-Install)

    It’s crucial to secure your Elasticsearch instance:

    • Run sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto -b to create initial passwords.
    • For production environments, enable TLS, Role-Based Access Control (RBAC), and restrict network exposure.

    E-E-A-T Note

    This guidance aligns with a security-first approach inspired by Elastic’s 2024 Global Threat Report context. Specific numeric data or direct quotes from the report are not reproduced here.

    Docker-Based Elasticsearch Installation

    Quickstart with Runnable Example

    Get Elasticsearch up and running in minutes with this single-node Docker setup, perfect for local development or testing.

    Pull the Official Image

    docker pull docker.elastic.co/elasticsearch/elasticsearch:8.x.y (replace 8.x.y with a current 8.x tag).

    Run a Single-Node Container

    
docker run -d --name es01 --net elastic -p 9200:9200 -p 9300:9300 -e discovery.type=single-node -e ES_JAVA_OPTS='-Xms2g -Xmx2g' --rm docker.elastic.co/elasticsearch/elasticsearch:8.x.y

    Set Up Basic Password

    After the container starts, use docker exec es01 to run elasticsearch-setup-passwords auto -b inside the container, or use the Docker-supplied credentials workflow.

    Verification

    
curl -u elastic:<password> -X GET http://localhost:9200/
curl -X GET 'http://localhost:9200/_cat/health?h=cluster_name,status,number_of_nodes'

    Docker Compose: Single-Node Elastic in a Compose Stack

    A clean, minimal setup for single-node Elasticsearch within your Docker Compose stack.

    docker-compose.yml Configuration

    Define a service named es01 using the official image, setting the environment variable discovery.type=single-node, and mapping ports 9200:9200 and 9300:9300. Add a volume for data persistence:

    
version: "3.8"

volumes:
  esdata1:

services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.x.y
    environment:
      - discovery.type=single-node
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - esdata1:/usr/share/elasticsearch/data

    Run and Verify

    
# Start the stack
docker compose up -d

# Verification (assuming you set a password for the elastic user; adjust as needed)
curl -u elastic:changeme -k https://localhost:9200/
curl -u elastic:changeme -k https://localhost:9200/_cluster/health?pretty

    Production: Scaling to Multi-Node with Docker Compose

    Extend your compose file to create a multi-node cluster. Configure seed hosts, node roles, and enable security.

    
version: "3.8"

volumes:
  esdata1:
  esdata2:
  esdata3:

services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.x.y
    environment:
      - node.name=es01
      - cluster.name=docker-elastic
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - node.roles=master,data,ingest
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=changeme
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - esdata1:/usr/share/elasticsearch/data

  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.x.y
    environment:
      - node.name=es02
      - cluster.name=docker-elastic
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - node.roles=master,data,ingest
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=changeme
    ports:
      - "9201:9200"
      - "9301:9300"
    volumes:
      - esdata2:/usr/share/elasticsearch/data

  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.x.y
    environment:
      - node.name=es03
      - cluster.name=docker-elastic
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - node.roles=master,data,ingest
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=changeme
    ports:
      - "9202:9200"
      - "9302:9300"
    volumes:
      - esdata3:/usr/share/elasticsearch/data

    Notes for Production (Docker)

    • Use dedicated data volumes per node and adjust memory settings (e.g., ES_JAVA_OPTS) to fit your host.
    • Ensure discovery.seed_hosts is up-to-date and reachable across containers.
    • Store credentials securely and rotate them as needed when xpack.security.enabled=true.

    Production-Grade Elasticsearch: Production Readiness Checklist

    Security and Access Control

    Security is fundamental. Implement these practices for hardening Elasticsearch and Kibana:

    • Enable built-in security: Set xpack.security.enabled: true in elasticsearch.yml and create initial user passwords using elasticsearch-setup-passwords.
    • Configure TLS: Encrypt Elasticsearch HTTP traffic with http.ssl.enabled: true, pointing to your keystore and truststore paths. Ensure Kibana also uses TLS.
    • Define roles and privileges (RBAC): Grant least privilege necessary to users and service accounts. Avoid broad access.
    • Limit network exposure: Bind to private interfaces by setting network.host appropriately. Place Elasticsearch behind a firewall or VPN.
    • Follow security guidance: Prioritize encryption in transit, strong identity management, precise access controls, and auditability. Apply defense-in-depth practices.

    Performance and System Tuning

    Ensure your cluster remains fast and stable:

    • Heap size: Allocate roughly 50% of RAM to the JVM heap, with a practical cap around 32GB per node.
    • bootstrap.memory_lock: Set to true to prevent OS swapping. Ensure system limits are configured correctly.
    • vm.max_map_count: Set to at least 262,144 on Linux hosts to prevent map-count exhaustion. Persist this setting.
    • Index and shard planning: Start with 1 primary shard and 1 replica for small workloads. Use index templates and consider ILM for managing data over time. Mindful shard count relative to node count is key.
    • Discovery and cluster formation: Use multi-node discovery with discovery.seed_hosts and node.roles. Run at least three master-eligible nodes for fault tolerance.

    Observability and Backups

    Monitoring

    Gain visibility into your cluster’s health and performance:

    • Enable Elastic Monitoring (or deploy Metricbeat/Filebeat) to observe health, heap usage, and GC activity.
    • Use Kibana dashboards to track key metrics and set alerts for critical thresholds.

    Snapshots and Repository

    Implement a robust backup strategy:

    • Configure a snapshot repository (S3, GCS, Azure, or local).
    • Automate daily and weekly snapshots using Snapshot Lifecycle Management (SLM) or similar, with defined retention policies.
    • Regularly test restores to ensure backup integrity.

    Slow Logs and Performance Tuning

    Identify and resolve performance bottlenecks:

    • Enable slow logs for searches and indexing and set appropriate thresholds.
    • Tune index settings (e.g., refresh_interval, shard sizing) and refine the Query DSL for efficiency.
    • Iterate on changes and monitor performance gains.

    Elasticsearch vs. Alternatives: Quick Comparison

    A comparison of Elasticsearch with OpenSearch, MeiliSearch, and Typesense:

    Item Core Characteristics Ecosystem & Integrations Strengths Limitations / Trade-offs Licensing / Open Source Status Ideal Use Case
    Elasticsearch Renowned, mature distributed search engine built on Lucene; robust security features. Kibana for visualization; Beats and Logstash for ingestion; extensive plugins. Mature, feature-rich, enterprise-ready; broad ecosystem. Higher complexity and licensing considerations. Licensing considerations (not OSS-only for certain features). Large-scale production search workloads needing breadth of features and ecosystem maturity.
    OpenSearch Open-source fork of Elasticsearch 7.10; strong community and OSS-first licensing. Community-driven with OSS tooling. OSS-first, active community; easier adoption for fully open-source stacks. Fewer official features for latest security/ML tooling; may lag behind Elastic. OSS-first, fully open-source licensing. Fully open-source stacks avoiding proprietary licensing.
    MeiliSearch Extremely fast, easy-to-use full-text search engine. Simpler to operate with a focused feature set. Outstanding speed and simplicity; quick setup. Lacks breadth of distributed search features, RBAC, and deep observability. Open-source. Small to mid-sized projects needing fast, straightforward search.
    Typesense Easy-to-use, developer-friendly search engine with strong relevance. Developer-focused with a simpler setup. Developer-friendly; strong relevance; quick to adopt. Not as feature-rich for large Elasticsearch workloads. Open-source. Small to mid-sized projects seeking easy integration and reliable relevance.

    Local Development vs. Production: Pros and Cons

    • Local development pros: Quick iteration, no network latency, easy experimentation, low upfront cost.
    • Local development cons: Single-node limitations, no realistic clustering, potential divergence from production, security not enforced by default.
    • Production pros: Multi-node cluster, fault tolerance, robust security, observability, official upgrade paths, snapshots.
    • Production cons: Higher complexity, operational burden, need for strong backup/restore, performance tuning, potential licensing considerations.

    Watch the Official Trailer

    Comments

    Leave a Reply

    More posts

    Discover more from Everyday Answers

    Subscribe now to keep reading and get access to the full archive.

    Continue reading