Differences

This shows you the differences between two versions of the page.

--- elastic:installation_on_linux [2023/03/08 22:51] – created olaf
+++ elastic:installation_on_linux [2023/03/09 01:05] (current) – olaf
@@ Line 46: / Line 46: @@
 Install vim, tools for importing the elastic key ring, allow apt to download through https and for mounting SMB (CIFS) shares.
-Then get the elastic key ring, add the repository and install elasticsearch
+Then get the elastic key ring and add the repository
 <code bash>
 apt install -y vim gpg apt-transport-https cifs-utils
 wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
 echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list
+</code>
+Now is a good time to shutdown and clone the VM for the other two nodes.\\
+Remember that the clones will have the name and IP address of the first node.
+Therefore, start one after the other and adjust ''/etc/network/interfaces'', ''/etc/hostname'' and ''/etc/hosts''. Then shut it down.
+Start the first node again, login with ssh, change to root and install elasticsearch:
+<code bash>
 apt update && apt upgrade -y
 apt install elasticsearch -y
@@ Line 113: / Line 121: @@
 transport.host: 0.0.0.0
 </code>
-Now is a good time to shutdown and clone the VM for the other two nodes.\\
+Start the node (deb11-elk-01), install ES as service and start it:
-Remember that the clones will have the name and IP address of the first node.
-Therefore, start one after the other and adjust ''/etc/network/interfaces'', ''/etc/hostname'' and ''/etc/hosts''. Then shut it down.
-Start the first node (deb11-elk-01), install ES as service and start it:
 <code bash>
 systemctl daemon-reload
@@ Line 179: / Line 183: @@
 The other two nodes have almost all configuration needed.
-Start the second VM (deb11-elk-02) and logon with SSH.
+On the first node generate a node enrollment token
+<code bash>
+/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node
+eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTI6OTIwMCJdLCJmZ3IiOiI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5Ijoibm85cnc0WUIwdkRBWFhaMWpZTnA6MnZLbGs3VElTR09RZDRlS1FQV1NGQSJ9
+</code>
+Start the second VM (deb11-elk-02), logon with SSH and change to be root.\\
+Add the mount in ''/etc/fstab'', create the mount point and the credential file and mount the share - like on the first node.\\
+Install elasticsearch:
+<code bash>
+apt update && apt upgrade -y
+apt install elasticsearch -y
+</code>
+Its needed to remove the default configuration:
+<code bash>
+rm -rf /etc/elasticsearch/certs
+rm /etc/elasticsearch/elasticsearch.keystore
+</code>
+Generate a new /etc/elasticsearch/elasticsearch.yml:
+<code yaml>
+# ======================== Elasticsearch Configuration =========================
+#
+# NOTE: Elasticsearch comes with reasonable defaults for most settings.
+#       Before you set out to tweak and tune the configuration, make sure you
+#       understand what are you trying to accomplish and the consequences.
+#
+# The primary way of configuring a node is via this file. This template lists
+# the most important settings you may want to configure for a production cluster.
+#
+# Please consult the documentation for further information on configuration options:
+# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
+#
+# ---------------------------------- Cluster -----------------------------------
+#
+# Use a descriptive name for your cluster:
+#
+cluster.name: elastickenny
+#
+# ------------------------------------ Node ------------------------------------
+#
+# Use a descriptive name for the node:
+#
+#node.name: node-1
+#
+# Add custom attributes to the node:
+#
+#node.attr.rack: r1
+#
+# ----------------------------------- Paths ------------------------------------
+#
+# Path to directory where to store the data (separate multiple locations by comma):
+#
+path.data: /var/lib/elasticsearch
+#
+# Path to log files:
+#
+path.logs: /var/log/elasticsearch
+#
+# Path to snapshot repository
+#
+path.repo: /mnt/backup/ElasticBackup
+#
+# ----------------------------------- Memory -----------------------------------
+#
+# Lock the memory on startup:
+#
+#bootstrap.memory_lock: true
+#
+# Make sure that the heap size is set to about half the memory available
+# on the system and that the owner of the process is allowed to use this
+# limit.
+#
+# Elasticsearch performs poorly when the system is swapping the memory.
+#
+# ---------------------------------- Network -----------------------------------
+#
+# By default Elasticsearch is only accessible on localhost. Set a different
+# address here to expose this node on the network:
+#
+network.host: 10.0.0.13
+#
+# By default Elasticsearch listens for HTTP traffic on the first free port it
+# finds starting at 9200. Set a specific HTTP port here:
+#
+#http.port: 9200
+#
+# For more information, consult the network module documentation.
+#
+# --------------------------------- Discovery ----------------------------------
+#
+# Pass an initial list of hosts to perform discovery when this node is started:
+# The default list of hosts is ["127.0.0.1", "[::1]"]
+#
+#discovery.seed_hosts: ["host1", "host2"]
+#
+# Bootstrap the cluster using an initial set of master-eligible nodes:
+#
+#cluster.initial_master_nodes: ["node-1"]
+#
+# For more information, consult the discovery and cluster formation module documentation.
+#
+# --------------------------------- Readiness ----------------------------------
+#
+# Enable an unauthenticated TCP readiness endpoint on localhost
+#
+#readiness.port: 9399
+#
+# ---------------------------------- Various -----------------------------------
+#
+# Allow wildcard deletion of indices:
+#
+#action.destructive_requires_name: false
+#
+# Allow HTTP API connections from anywhere
+# Connections are encrypted and require user authentication
+http.host: 0.0.0.0
+# Allow other nodes to join the cluster from anywhere
+# Connections are encrypted and mutually authenticated
+transport.host: 0.0.0.0
+</code>
+Configure the second node:
+<code bash>
+/usr/share/elasticsearch/bin/elasticsearch --enrollment-token eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTI6OTIwMCJdLCJmZ3IiOiI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5Ijoibm85cnc0WUIwdkRBWFhaMWpZTnA6MnZLbGs3VElTR09RZDRlS1FQV1NGQSJ9
+</code>
+Elasticsearch cannot run as root. Therfore it won't start. However, it configures everything and then complaints about being started as root. We just need to adjust a couple of permissions that were set wrong because we tried to start it as root:
+<code bash>
+chown -R elasticsearch:elasticsearch /var/log/elasticsearch
+chown -R root:elasticsearch /etc/elasticsearch/
+</code>
+Install ES as service and start it:
+<code bash>
+systemctl daemon-reload
+systemctl enable elasticsearch.service
+systemctl start elasticsearch.service
+</code>
+The installation of the third node works like the second - just chage the IP address for network.host in elasticsearch.yml.
+Once the cluster is formed (all nodes are running in the same cluster), \\
+adjust discovery.seed_hosts in each nodes elasticsearch.yml:\\
+deb11-elk-01:<code yaml>
+discovery.seed_hosts: ["10.68.100.13:9300", "10.68.100.14:9300"]</code>
+deb11-elk-02:<code yaml>
+discovery.seed_hosts: ["10.68.100.12:9300", "10.68.100.14:9300"]</code>
+deb11-elk-03:<code yaml>
+discovery.seed_hosts: ["10.68.100.12:9300", "10.68.100.13:9300"]</code>
+and on deb11-elk-01 comment-out the line:<code yaml>
+#cluster.initial_master_nodes: ["deb11-elk-01"]</code>
+Next: **[[elastic:kibanaonlinux|Installation on Linux]]**

OOKB - Olaf's Own Knowledge Base

User Tools

Site Tools

Differences

Page Tools