User Tools
Sidebar
This is an old revision of the document!
Install Elasticsearch on Linux
Install Debian with basic function, only add SSH server.
Login as root
Modify /etc/network/interfaces
auto enp8s0 iface enp8s0 inet static address 10.0.0.12 netmask 255.255.0.0 gateway 10.0.0.1 dns-nameservers 10.0.0.1
Set the name of the machine in /etc/hostname and the IP addresses in /etc/hosts
Register it with your DNS server or add it to /etc/hosts on the host system
Update the system
apt update && apt upgrade -y apt autoremove -y
Create another user and set the password
useradd kenny
passwd kenny
Reboot
reboot now
Login through ssh
ssh kenny@deb11-elk-01
Become root
su -
Install vim, tools for importing the elastic key ring, allow apt to download through https and for mounting SMB (CIFS) shares. Then get the elastic key ring, add the repository and install elasticsearch
apt install -y vim gpg apt-transport-https cifs-utils wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list apt update && apt upgrade -y apt install elasticsearch -y
root@deb11-elk-01:~# apt install elasticsearch -y Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: elasticsearch 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 582 MB of archives. After this operation, 1,195 MB of additional disk space will be used. Get:1 https://artifacts.elastic.co/packages/8.x/apt stable/main amd64 elasticsearch amd64 8.6.2 [582 MB] Fetched 582 MB in 53s (11.0 MB/s) Selecting previously unselected package elasticsearch. (Reading database ... 35064 files and directories currently installed.) Preparing to unpack .../elasticsearch_8.6.2_amd64.deb ... Creating elasticsearch group... OK Creating elasticsearch user... OK Unpacking elasticsearch (8.6.2) ... Setting up elasticsearch (8.6.2) ... --------------------------- Security autoconfiguration information ------------------------------ Authentication and authorization are enabled. TLS for the transport and HTTP layers is enabled and configured. The generated password for the elastic built-in superuser is : vOzEV_QT*vV-mOuRa-9q If this node should join an existing cluster, you can reconfigure this with '/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>' after creating an enrollment token on your existing cluster. You can complete the following actions at any time: Reset the password of the elastic built-in superuser with '/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'. Generate an enrollment token for Kibana instances with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'. Generate an enrollment token for Elasticsearch nodes with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'. ------------------------------------------------------------------------------------------------- ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service
DO NOT START IT YET!!
Modify /etc/elasticsearch/elasticsearch.yml:
cluster.name: elastickenny network.host: 10.68.100.12 cluster.initial_master_nodes: ["deb11-elk-01"] transport.host: 0.0.0.0
Now is a good time to shutdown and clone the VM for the other two nodes.
Remember that the clones will have the name and IP address of the first node.
Therefore, start one after the other and adjust /etc/network/interfaces, /etc/hostname and /etc/hosts. Then shut it down.
Start the first node (deb11-elk-01), install ES as service and start it:
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
Check if the start was successful with:
systemctl status elasticsearch.service
Or check /var/log/elasticsearch/elastickenny.log
Congratulations: the first node is running.
Let's add the backup repository. If you are using a Linux share, just specify the location in /etc/elasticsearch/elasticsearch.yml (see below ).
But, I am using a Windows share. Windows is using the SMB (Simple Message Block) protocol. SMB started as Common Internet File System (CIFS). In Linux the tools required to mount SMB shares are still referring to CIFS: the package is called cifs-utils.
I assume the Windows machine has the IP address 10.0.1.10 and the share name is ES.
Create a file containing the credentials for the share in the root user directory:
cat > /root/backup.crd username=kenny password=kennyspassword <ctrl-d>
To mount the share for the snapshot repository with the correct permissions for the elasticsearch user, we need to know the user id (uid) of the elasticsearch user:
id -u elasticsearch
106
Create the mount directory
mkdir /mnt/backup
Add the share used for repository in /etc/fstab
//10.0.1.10/ES /mnt/backup cifs vers=3.0,credentials=/root/backup.crd,uid=106 0 0
Mount the share
mount //10.0.0.10/ES
In /etc/elasticsearch/elasticsearch.yml add
path.repo: /mnt/backup/ElasticBackup
Restart ES:
systemctl restart elasticsearch
Note: if the share is not reachable when elasticsearch starts - it will not.
Add the other two nodes to the cluster
The other two nodes have almost all configuration needed. Start the second VM (deb11-elk-02) and logon with SSH.