Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Deploying Elasticsearch

Obtain the Elasticsearch 8.10.1 software package from the open source website, configure related files and SSL certificates, create an Elasticsearch user, and start Elasticsearch.

  1. Download Elasticsearch 8.10.1.
    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.10.1-linux-aarch64.tar.gz --no-check-certificate
  2. Upload the installation package to a server and extract the file. Assume that the code is stored in /path/to/.
    tar -zxvf elasticsearch-8.10.1-linux-aarch64.tar.gz
  3. Modify the elasticsearch.yml configuration file.
    1. Go to the directory where the configuration file is stored and open the elasticsearch.yml configuration file.
      cd /path/to/elasticsearch-8.10.1/config
vim elasticsearch.yml
    2. Press i to enter the insert mode and add the following configuration information.
      cluster.initial_master_nodes: ["localhost"]
node.name: localhost
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["localhost"]

xpack.security.enabled: false
xpack.security.enrollment.enabled: false

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elastic-certificates.p12
  truststore.path: certs/elastic-certificates.p12
    3. Press Esc, type :wq!, and press Enter to save the file and exit.
  4. Configure the SSL certificates.
    1. Go to the Elasticsearch installation directory.
      cd /path/to/elasticsearch-8.10.1
    2. Run the following command:
      ./bin/elasticsearch-certutil http
    3. Perform the following operations.
      Generate a CSR: Click N.
Use an existing CA: Click N.
Do you wish to change any of these options? Click N.
For how long should your certificate be valid: Enter 5Y.
Generate a certificate per node: Click N.
Enter all the hostnames that you need, one per line: Enter a server IP address.
Enter a server IP address.
If you do not need to configure the CA password, press Enter.
    4. Create the certs folder.
      mkdir /path/to/elasticsearch-8.10.1/config/certs
    5. Unzip the resulting elasticsearch-ssl-http.zip archive to obtain the http.p12 certificate from the elasticsearch folder, and copy the certificate to the /path/to/elasticsearch-8.10.1/config/certs folder.
      unzip elasticsearch-ssl-http.zip
cp ./elasticsearch/http.p12 /path/to/elasticsearch-8.10.1/config/certs
  5. Enable authentication via x-pack_xpack.security.transport.ssl.
    1. Go to the bin directory in the Elasticsearch installation directory.
      cd /path/to/elasticsearch-8.10.1/bin
    2. Run the following commands:
      echo 'export PATH=/path/to/elasticsearch-8.10.1/bin:$PATH' >> ~/.bashrc
source ~/.bashrc
elasticsearch-certutil ca
elasticsearch-certutil cert --ca elastic-stack-ca.p12
      Enter the following path when prompted with "Please enter the desired output file [elastic-certificates.p12]:".
      /path/to/elasticsearch-8.10.1/config/certs/elastic-certificates.p12
  6. Modify the limits.conf configuration file.
    1. Open the limits.conf file.
      vim /etc/security/limits.conf
    2. Press i to enter the insert mode and add the following four lines:
      * soft nofile 65536
* hard nofile 131072
* soft nproc 4096
* hard nproc 65536
    3. Press Esc, type :wq!, and press Enter to save the file and exit.
  7. Modify the sysctl.conf configuration file.
    1. Open the sysctl.conf file.
      vim /etc/sysctl.conf
    2. Press i to enter the insert mode and add the following configuration:
      vm.max_map_count=655360
    3. Press Esc, type :wq!, and press Enter to save the file and exit.
    4. Run the following command:
      sysctl -p
  8. Create an Elasticsearch user and grant permissions to the user.
    adduser elasticsearch
passwd elasticsearch
chown -R elasticsearch:elasticsearch /path/to/elasticsearch-8.10.1
  9. Switch to the Elasticsearch user.
    su - elasticsearch
  10. Start Elasticsearch.
    1. Go to the Elasticsearch installation directory.
      cd /path/to/elasticsearch-8.10.1
    2. Start Elasticsearch with 16 cores bound.
      numactl -C 0-15 -m 0 ./bin/elasticsearch -d