CentLinux | Learn How to Install CentOS/Rocky Linux Servers

Friday, August 11, 2023

How to install Elasticsearch on CentOS/Rocky Linux 9

How to install Elasticsearch on CentOS/Rocky Linux 9

In this Linux tutorial, you will learn how to install Elasticsearch on Rocky Linux 9 or other Red Hat/CentOS based Linux OS.


Table of Contents:


    What is Elasticsearch?:

    Elasticsearch is an open-source, distributed search and analytics engine built on top of Apache Lucene. It's designed to handle large volumes of data and provide lightning-fast search capabilities along with advanced data analysis and visualization features. Elasticsearch is often used for various purposes, including full-text search, log and event data analysis, monitoring, and business intelligence.

    How to install Elasticsearch on CentOS/Rocky Linux 9


    Key Features of Elasticsearch:

    • Full-Text Search: Elasticsearch excels at full-text search, allowing you to search through large volumes of text-based data quickly and accurately.
    • Distributed and Scalable: Elasticsearch is designed to be distributed and horizontally scalable. This means that you can add more machines to your Elasticsearch cluster as your data grows, ensuring that performance remains consistent.
    • Near Real-Time Search: Elasticsearch provides near real-time search capabilities. This means that data indexed into Elasticsearch is searchable almost immediately after it's added, making it suitable for applications that require up-to-date information.
    • Document-Oriented: Elasticsearch stores data in JSON documents. Each document represents a piece of data, and these documents are organized within indices.
    • RESTful API: Elasticsearch offers a RESTful API that allows you to interact with the engine using HTTP requests. This makes it easy to integrate Elasticsearch with various programming languages and frameworks.
    • Powerful Query Language: Elasticsearch provides a rich query language that enables you to perform complex searches, aggregations, and filtering on your data.
    • Aggregations and Analytics: Alongside search, Elasticsearch offers powerful aggregation capabilities. You can perform data summarization, statistical analysis, and other advanced analytics on your indexed data.
    • Real-Time Monitoring and Analytics: Elasticsearch is often used to store and analyze log and event data for real-time monitoring and analysis of system and application behavior.
    • Integration with Kibana and Logstash: Elasticsearch is commonly used in conjunction with other tools from the Elastic Stack, including Kibana (for data visualization and dashboard creation) and Logstash (for data ingestion and processing).
    • Open Source and Active Community: Elasticsearch is open-source software with an active community of developers and users. This means there's a wealth of documentation, tutorials, and support available.

    Due to its capabilities and versatility, Elasticsearch is used by a wide range of organizations to build applications that require powerful search and analytics functionality. It's used in domains such as e-commerce, content management, security information and event management (SIEM), monitoring, and more.


    Environment Specification:

    We are using a minimal installed Rocky Linux 9 virtual machine with following specifications.

    • CPU - 3.4 Ghz (2 cores)
    • Memory - 4 GB
    • Storage - 40 GB
    • Operating System - Rocky Linux release 9.2 (Blue Onyx)
    • Hostname - elastic-01.centlinux.com
    • IP Address -


    Prepare your Linux Server:

    By using ssh command login to your Rocky Linux server as root user.

    Set a static IP address for your Linux machine.

    # nmcli c m enp0s3 ipv4.method manual ipv4.addresses ipv4.gateway ipv4.dns
    # nmcli c down enp0s3 ; nmcli c up enp0s3

    Set a hostname for the Elasticsearch server.

    # hostnamectl set-hostname elastic-01.centlinux.com
    # echo " elastic-01 elastic-01.centlinux.com" >> /etc/hosts

    Update software packages in your Linux OS.

    # dnf update -y

    If the above command updates your Linux Kernel, then you should reboot your Linux OS before moving forward with this tutorial.

    # reboot

    Note down the Linux OS and Linux Kernel versions of the machine, that are being used in this tutorial.

    # cat /etc/rocky-release
    Rocky Linux release 9.2 (Blue Onyx)
    # uname -r


    Installing Elasticsearch Yum Repository:

    Create a yum repository configuration file with the help of vim text editor.

    # vi /etc/yum.repos.d/elasticsearch.repo

    Add following lines in this file to define Elasticsearch yum repository.

    name=Elasticsearch repository for 8.x packages

    Build yum cache for newly installed yum repositories.

    # dnf makecache
    Elasticsearch repository for 8.x packages       1.0 MB/s |  31 MB     00:30
    Rocky Linux 9 - BaseOS                          1.0 kB/s | 4.1 kB     00:03
    Rocky Linux 9 - AppStream                       2.5 kB/s | 4.5 kB     00:01
    Rocky Linux 9 - Extras                          1.1 kB/s | 2.9 kB     00:02
    Metadata cache created.

    Elasticsearch Official yum repository has been installed. Now you can easily install Elasticsearch software by executing dnf command.


    Installing Elasticsearch:

    Elasticsearch yum repository is not enabled by default. We did this to avoid the automatic update of Elasticsearch software.

    Execute following command to enable Elasticsearch yum repositories and install open-source analytics software.

    # dnf install --enablerepo=elasticsearch -y elasticsearch
    Last metadata expiration check: 0:06:57 ago on Wed 09 Aug 2023 09:00:05 PM PKT.
    Dependencies resolved.
     Package              Architecture  Version          Repository            Size
     elasticsearch        x86_64        8.9.0-1          elasticsearch        578 M
    Transaction Summary
    Install  1 Package
    Total download size: 578 M
    Installed size: 1.2 G
    Downloading Packages:
    elasticsearch-8.9.0-x86_64.rpm                  858 kB/s | 578 MB     11:30
    Total                                           858 kB/s | 578 MB     11:30
    Running transaction check
    Transaction check succeeded.
    Running transaction test
    Transaction test succeeded.
    Running transaction
      Preparing        :                                                        1/1
      Running scriptlet: elasticsearch-8.9.0-1.x86_64                           1/1
    Creating elasticsearch group... OK
    Creating elasticsearch user... OK
      Installing       : elasticsearch-8.9.0-1.x86_64                           1/1
      Running scriptlet: elasticsearch-8.9.0-1.x86_64                           1/1
    --------------------------- Security autoconfiguration information ------------------------------
    Authentication and authorization are enabled.
    TLS for the transport and HTTP layers is enabled and configured.
    The generated password for the elastic built-in superuser is : lp7rCo7ODq=yPdjj712a
    If this node should join an existing cluster, you can reconfigure this with
    '/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
    after creating an enrollment token on your existing cluster.
    You can complete the following actions at any time:
    Reset the password of the elastic built-in superuser with
    '/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
    Generate an enrollment token for Kibana instances with
     '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
    Generate an enrollment token for Elasticsearch nodes with
    '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
    ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
     sudo systemctl daemon-reload
     sudo systemctl enable elasticsearch.service
    ### You can start elasticsearch service by executing
     sudo systemctl start elasticsearch.service
    /usr/lib/tmpfiles.d/elasticsearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.
      Verifying        : elasticsearch-8.9.0-1.x86_64                           1/1

    Note down the password of Elasticsearch superuser.

    Enable and start Elasticsearch service.

    # systemctl enable --now elasticsearch.service
    Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.

    Reset the password of Elasticsearch superuser.

    # /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
    This tool will reset the password of the [elastic] user to an autogenerated value.
    The password will be printed in the console.
    Please confirm that you would like to continue [y/N]y
    Password for the [elastic] user successfully reset.
    New value: 1SbPS44BMmhb+yaw1gCl


    Configure Linux Firewall:

    Elasticsearch service runs on default port 9200/tcp. So, you must allow this service port in linux firewall to make your Elasticsearch server accessible from the network.

    # firewall-cmd --permanent --add-port=9200/tcp
    # firewall-cmd --reload


    Testing Elasticsearch Server:

    Query the Elasticsearch server by using following command syntax

    # curl -X GET "https://elastic-01.centlinux.com:9200/_cluster/health?wait_for_status=yellow&timeout=50s&pretty" --key certificates/elasticsearch-ca.pem  -k -u elastic
    Enter host password for user 'elastic':
      "cluster_name" : "elasticsearch",
      "status" : "green",
      "timed_out" : false,
      "number_of_nodes" : 1,
      "number_of_data_nodes" : 1,
      "active_primary_shards" : 1,
      "active_shards" : 1,
      "relocating_shards" : 0,
      "initializing_shards" : 0,
      "unassigned_shards" : 0,
      "delayed_unassigned_shards" : 0,
      "number_of_pending_tasks" : 0,
      "number_of_in_flight_fetch" : 0,
      "task_max_waiting_in_queue_millis" : 0,
      "active_shards_percent_as_number" : 100.0

    Your Elasticsearch server has been installed successfully.



    In this Linux tutorial, you have learned how to install Elasticsearch on Rocky Linux 9 or other Red Hat/CentOS based Linux OS. To build a strong foundation for Elasticsearch software, we recommend that you should attend online training ElasticSearch, LogStash, Kibana ELK #1 - Learn ElasticSearch

    If you find this article useful? Consider supporting us by Buy Me A Coffee

    No comments:

    Post a Comment

    © 2023 CentLinux. All Rights Reserved.