Compilation and Installation

Obtain the Elasticsearch 8.10.1 software package from the open-source website, and configure related files and SSL certificates.

1. Download Elasticsearch 8.10.1.

   wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.10.1-linux-aarch64.tar.gz --no-check-certificate

2. Upload the installation package to a server and extract the file. Assume that the code is stored in /path/to/.

   tar -zxvf elasticsearch-8.10.1-linux-aarch64.tar.gz

3. Modify the elasticsearch.yml configuration file.
   1. Go to the directory where the configuration file is stored and open the elasticsearch.yml configuration file.

      cd /path/to/elasticsearch-8.10.1/config
      vim elasticsearch.yml

   2. Press i to enter the insert mode and add the following configuration information.

      cluster.initial_master_nodes: ["localhost"]
      node.name: localhost
      network.host: 0.0.0.0
      http.port: 9200
      http.cors.enabled: true
      http.cors.allow-origin: "*"
      discovery.seed_hosts: ["localhost"]
      
      xpack.security.enabled: false
      xpack.security.enrollment.enabled: false
      
      xpack.security.http.ssl:
        enabled: true
        keystore.path: certs/http.p12
      
      xpack.security.transport.ssl:
        enabled: true
        verification_mode: certificate
        keystore.path: certs/elastic-certificates.p12
        truststore.path: certs/elastic-certificates.p12

   3. Press Esc, type :wq!, and press Enter to save the file and exit.
4. Configure the SSL certificates.
   1. Go to the Elasticsearch installation directory.

      cd /path/to/elasticsearch-8.10.1

   2. Run the following command:

      ./bin/elasticsearch-certutil http

   3. Perform the following operations.

      Generate a CSR: Click N.
      Use an existing CA: Click N.
      Do you wish to change any of these options? Click N.
      For how long should your certificate be valid: Enter 5Y.
      Generate a certificate per node: Click N.
      Enter all the hostnames that you need, one per line: Enter a server IP address.
      Enter a server IP address.
      If you do not need to configure the CA password, press Enter.

   4. Create the certs folder.

      mkdir /path/to/elasticsearch-8.10.1/config/certs

   5. Unzip the resulting elasticsearch-ssl-http.zip archive to obtain the http.p12 certificate from the elasticsearch folder, and copy the certificate to the /path/to/elasticsearch-8.10.1/config/certs folder.

      unzip elasticsearch-ssl-http.zip
      cp ./elasticsearch/http.p12 /path/to/elasticsearch-8.10.1/config/certs

5. Enable authentication via x-pack_xpack.security.transport.ssl.
   1. Go to the bin directory in the Elasticsearch installation directory.

      cd /path/to/elasticsearch-8.10.1/bin

   2. Run the following commands:

      echo 'export PATH=/path/to/elasticsearch-8.10.1/bin:$PATH' >> ~/.bashrc
      source ~/.bashrc
      elasticsearch-certutil ca
      elasticsearch-certutil cert --ca elastic-stack-ca.p12

      Enter the following path when prompted with "Please enter the desired output file [elastic-certificates.p12]:".

      /path/to/elasticsearch-8.10.1/config/certs/elastic-certificates.p12

6. Modify the limits.conf configuration file.
   1. Open the limits.conf file.

      vim /etc/security/limits.conf

   2. Press i to enter the insert mode and add the following four lines:

      * soft nofile 65536
      * hard nofile 131072
      * soft nproc 4096
      * hard nproc 65536

   3. Press Esc, type :wq!, and press Enter to save the file and exit.
7. Modify the sysctl.conf configuration file.
   1. Open the sysctl.conf file.

      vim /etc/sysctl.conf

   2. Press i to enter the insert mode and add the following configuration:

      vm.max_map_count=655360

   3. Press Esc, type :wq!, and press Enter to save the file and exit.
   4. Run the following command:

      sysctl -p