In this Linux tutorial, you will learn how to install Elasticsearch on Rocky Linux 9 or other Red Hat/CentOS based Linux OS.
Table of Contents:
What is Elasticsearch?:
Elasticsearch is an open-source, distributed search and analytics engine built on top of Apache Lucene. It's designed to handle large volumes of data and provide lightning-fast search capabilities along with advanced data analysis and visualization features. Elasticsearch is often used for various purposes, including full-text search, log and event data analysis, monitoring, and business intelligence.
Key Features of Elasticsearch:
- Full-Text Search: Elasticsearch excels at full-text search, allowing you to search through large volumes of text-based data quickly and accurately.
- Distributed and Scalable: Elasticsearch is designed to be distributed and horizontally scalable. This means that you can add more machines to your Elasticsearch cluster as your data grows, ensuring that performance remains consistent.
- Near Real-Time Search: Elasticsearch provides near real-time search capabilities. This means that data indexed into Elasticsearch is searchable almost immediately after it's added, making it suitable for applications that require up-to-date information.
- Document-Oriented: Elasticsearch stores data in JSON documents. Each document represents a piece of data, and these documents are organized within indices.
- RESTful API: Elasticsearch offers a RESTful API that allows you to interact with the engine using HTTP requests. This makes it easy to integrate Elasticsearch with various programming languages and frameworks.
- Powerful Query Language: Elasticsearch provides a rich query language that enables you to perform complex searches, aggregations, and filtering on your data.
- Aggregations and Analytics: Alongside search, Elasticsearch offers powerful aggregation capabilities. You can perform data summarization, statistical analysis, and other advanced analytics on your indexed data.
- Real-Time Monitoring and Analytics: Elasticsearch is often used to store and analyze log and event data for real-time monitoring and analysis of system and application behavior.
- Integration with Kibana and Logstash: Elasticsearch is commonly used in conjunction with other tools from the Elastic Stack, including Kibana (for data visualization and dashboard creation) and Logstash (for data ingestion and processing).
- Open Source and Active Community: Elasticsearch is open-source software with an active community of developers and users. This means there's a wealth of documentation, tutorials, and support available.
Due to its capabilities and versatility, Elasticsearch is used by a wide range of organizations to build applications that require powerful search and analytics functionality. It's used in domains such as e-commerce, content management, security information and event management (SIEM), monitoring, and more.
Environment Specification:
We are using a minimal installed Rocky Linux 9 virtual machine with following specifications.
- CPU - 3.4 Ghz (2 cores)
- Memory - 4 GB
- Storage - 40 GB
- Operating System - Rocky Linux release 9.2 (Blue Onyx)
- Hostname - elastic-01.centlinux.com
- IP Address - 192.168.116.84/24
Prepare your Linux Server:
By using ssh command login to your Rocky Linux server as root user.
Set a static IP address for your Linux machine.
# nmcli c m enp0s3 ipv4.method manual ipv4.addresses 192.168.18.84/24 ipv4.gateway 192.168.18.1 ipv4.dns 192.168.18.1 # nmcli c down enp0s3 ; nmcli c up enp0s3
Set a hostname for the Elasticsearch server.
# hostnamectl set-hostname elastic-01.centlinux.com # echo "192.168.18.84 elastic-01 elastic-01.centlinux.com" >> /etc/hosts
Update software packages in your Linux OS.
# dnf update -y
If the above command updates your Linux Kernel, then you should reboot your Linux OS before moving forward with this tutorial.
# reboot
Note down the Linux OS and Linux Kernel versions of the machine, that are being used in this tutorial.
# cat /etc/rocky-release Rocky Linux release 9.2 (Blue Onyx) # uname -r 5.14.0-284.25.1.el9_2.x86_64
Installing Elasticsearch Yum Repository:
Create a yum repository configuration file with the help of vim text editor.
# vi /etc/yum.repos.d/elasticsearch.repo
Add following lines in this file to define Elasticsearch yum repository.
[elasticsearch] name=Elasticsearch repository for 8.x packages baseurl=https://artifacts.elastic.co/packages/8.x/yum gpgcheck=0 enabled=0 autorefresh=1 type=rpm-md
Build yum cache for newly installed yum repositories.
# dnf makecache
Elasticsearch repository for 8.x packages 1.0 MB/s | 31 MB 00:30
Rocky Linux 9 - BaseOS 1.0 kB/s | 4.1 kB 00:03
Rocky Linux 9 - AppStream 2.5 kB/s | 4.5 kB 00:01
Rocky Linux 9 - Extras 1.1 kB/s | 2.9 kB 00:02
Metadata cache created.
Elasticsearch Official yum repository has been installed. Now you can easily install Elasticsearch software by executing dnf command.
Installing Elasticsearch:
Elasticsearch yum repository is not enabled by default. We did this to avoid the automatic update of Elasticsearch software.
Execute following command to enable Elasticsearch yum repositories and install open-source analytics software.
# dnf install --enablerepo=elasticsearch -y elasticsearch
Last metadata expiration check: 0:06:57 ago on Wed 09 Aug 2023 09:00:05 PM PKT.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
elasticsearch x86_64 8.9.0-1 elasticsearch 578 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 578 M
Installed size: 1.2 G
Downloading Packages:
elasticsearch-8.9.0-x86_64.rpm 858 kB/s | 578 MB 11:30
--------------------------------------------------------------------------------
Total 858 kB/s | 578 MB 11:30
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: elasticsearch-8.9.0-1.x86_64 1/1
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Installing : elasticsearch-8.9.0-1.x86_64 1/1
Running scriptlet: elasticsearch-8.9.0-1.x86_64 1/1
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : lp7rCo7ODq=yPdjj712a
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
/usr/lib/tmpfiles.d/elasticsearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.
Verifying : elasticsearch-8.9.0-1.x86_64 1/1
Installed:
elasticsearch-8.9.0-1.x86_64
Complete!
Note down the password of Elasticsearch superuser.
Enable and start Elasticsearch service.
# systemctl enable --now elasticsearch.service
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.
Reset the password of Elasticsearch superuser.
# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic This tool will reset the password of the [elastic] user to an autogenerated value. The password will be printed in the console. Please confirm that you would like to continue [y/N]y Password for the [elastic] user successfully reset. New value: 1SbPS44BMmhb+yaw1gCl
Configure Linux Firewall:
Elasticsearch service runs on default port 9200/tcp. So, you must allow this service port in linux firewall to make your Elasticsearch server accessible from the network.
# firewall-cmd --permanent --add-port=9200/tcp success # firewall-cmd --reload success
Testing Elasticsearch Server:
Query the Elasticsearch server by using following command syntax
# curl -X GET "https://elastic-01.centlinux.com:9200/_cluster/health?wait_for_status=yellow&timeout=50s&pretty" --key certificates/elasticsearch-ca.pem -k -u elastic
Enter host password for user 'elastic':
{
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 1,
"active_shards" : 1,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Your Elasticsearch server has been installed successfully.
Conclusion:
In this Linux tutorial, you have learned how to install Elasticsearch on Rocky Linux 9 or other Red Hat/CentOS based Linux OS. To build a strong foundation for Elasticsearch software, we recommend that you should attend online training ElasticSearch, LogStash, Kibana ELK #1 - Learn ElasticSearch
No comments:
Post a Comment