AlmaLinuxRHEL Based

How To Install Elasticsearch on AlmaLinux 10

r00t

Install Elasticsearch on AlmaLinux 10

Elasticsearch has become the cornerstone of modern data search and analytics infrastructure. As organizations increasingly rely on real-time data processing and full-text search capabilities, deploying Elasticsearch on a stable, enterprise-grade Linux distribution becomes crucial for maintaining robust systems.

AlmaLinux 10 provides the perfect foundation for Elasticsearch deployment, offering enterprise-level stability with long-term support that matches production requirements. This comprehensive guide walks you through every aspect of installing Elasticsearch on AlmaLinux 10, from initial system preparation to advanced security configuration and performance optimization.

Whether you’re setting up a development environment or preparing a production cluster, this tutorial ensures you’ll have a fully functional Elasticsearch instance running securely on your AlmaLinux system. The installation process includes essential security hardening, performance tuning, and troubleshooting techniques that experienced system administrators rely on for successful deployments.

Understanding Elasticsearch and AlmaLinux 10

What Makes Elasticsearch Essential

Elasticsearch serves as a distributed, RESTful search and analytics engine built on Apache Lucene. Its architecture excels at handling large volumes of structured and unstructured data, providing near real-time search capabilities that traditional databases cannot match.

The platform’s distributed nature allows horizontal scaling across multiple nodes, making it ideal for organizations dealing with growing data volumes. Common applications include log analysis, application performance monitoring, business intelligence dashboards, and e-commerce search functionality.

Key features that set Elasticsearch apart include its JSON-based document storage, powerful query DSL, built-in aggregation capabilities, and seamless integration with the broader Elastic Stack ecosystem including Kibana, Logstash, and Beats.

AlmaLinux 10 Advantages for Elasticsearch

AlmaLinux 10 emerges as an exceptional choice for hosting Elasticsearch due to its binary compatibility with Red Hat Enterprise Linux, ensuring enterprise-grade stability without licensing costs. The distribution maintains strict security standards and provides predictable release cycles that align with long-term deployment strategies.

The operating system’s robust package management through DNF, comprehensive SELinux integration, and systemd service management create an ideal environment for running mission-critical services like Elasticsearch. Additionally, AlmaLinux’s commitment to maintaining compatibility with RHEL ensures that enterprise tools and monitoring solutions integrate seamlessly.

Prerequisites and System Requirements

Hardware Specifications for Optimal Performance

Proper hardware planning directly impacts Elasticsearch performance and reliability. For development environments, allocate at least 2 CPU cores and 4 GB RAM, though production deployments typically require significantly more resources.

Minimum Development Requirements:

  • 2 CPU cores (64-bit architecture)
  • 4 GB RAM
  • 20 GB available disk space
  • Network connectivity for package downloads

Production Environment Recommendations:

  • 4+ CPU cores (preferably Intel Xeon or AMD EPYC)
  • 8-32 GB RAM (depends on data volume and query complexity)
  • SSD storage with at least 100 GB capacity
  • Dedicated network interface with 1 Gbps connectivity
  • RAID configuration for data redundancy

Memory allocation proves particularly critical since Elasticsearch relies heavily on JVM heap memory and system caches. Plan for 50% of available RAM for JVM heap, leaving the remainder for operating system caches and other processes.

Software Dependencies and Compatibility

AlmaLinux 10 installation requires specific software components before Elasticsearch deployment. Ensure your system runs the latest AlmaLinux 10 release with all security updates applied.

Java Runtime Environment compatibility remains crucial since Elasticsearch runs on the JVM. OpenJDK 11 or 17 provides optimal compatibility with current Elasticsearch versions, offering the best balance of performance and security features.

Network configuration must allow inbound connections on ports 9200 (HTTP REST API) and 9300 (inter-node communication) for proper operation. Firewall rules should be planned accordingly, especially in production environments where security restrictions are more stringent.

Security and Access Control Planning

Administrative access through either root privileges or sudo configuration is mandatory for system-level installations. Create a dedicated service account for Elasticsearch operations to follow security best practices and limit potential attack vectors.

SSL/TLS certificates should be prepared in advance if you plan to enable encryption, which is strongly recommended for production deployments. Consider obtaining certificates from a trusted Certificate Authority or prepare for self-signed certificate generation.

Plan user authentication strategies early in the deployment process. Elasticsearch’s X-Pack security features provide robust authentication options including built-in users, LDAP integration, and Single Sign-On capabilities.

Pre-Installation System Setup

Comprehensive System Updates

Begin with a complete system update to ensure all packages reflect the latest security patches and compatibility improvements. This step prevents potential conflicts during Elasticsearch installation and establishes a solid foundation for the deployment.

sudo dnf update -y
sudo dnf autoremove -y
sudo dnf clean all

The update process may require a system reboot if kernel updates are included. Check for pending reboots and restart the system if necessary to ensure all updates take effect properly.

sudo needs-restarting -r

If the command indicates a reboot is required, restart the system before proceeding with the installation process.

Java Installation and Configuration

Elasticsearch requires a compatible Java Runtime Environment to function properly. OpenJDK 11 provides excellent compatibility and performance characteristics for current Elasticsearch versions.

Install OpenJDK 11 development package, which includes both runtime and development tools:

sudo dnf install java-11-openjdk-devel -y

Verify the Java installation by checking the version and ensuring the correct runtime is available:

java -version
javac -version

The output should display OpenJDK version 11.x.x with build information. If multiple Java versions exist on the system, configure the default version using the alternatives system:

sudo update-alternatives --config java

Set the JAVA_HOME environment variable to ensure Elasticsearch can locate the Java installation:

export JAVA_HOME=/usr/lib/jvm/java-11-openjdk
echo 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk' >> ~/.bashrc

User and Directory Structure Preparation

While Elasticsearch can run under its own service account created during package installation, preparing the directory structure and permissions in advance ensures smooth deployment.

Create the necessary directories with appropriate ownership and permissions:

sudo mkdir -p /var/lib/elasticsearch
sudo mkdir -p /var/log/elasticsearch
sudo mkdir -p /etc/elasticsearch

These directories will store Elasticsearch data files, log files, and configuration files respectively. The package installation process will set proper ownership automatically, but creating them beforehand prevents permission issues.

Adding Elasticsearch Official Repository

GPG Key Import and Verification

Security-conscious installations require GPG signature verification to ensure package authenticity. Import the official Elasticsearch GPG key before adding the repository:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Verify the key import succeeded by listing imported GPG keys:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

Look for the Elasticsearch signing key in the output to confirm proper import.

Repository Configuration Setup

Create the Elasticsearch repository configuration file to enable package installation through DNF:

sudo tee /etc/yum.repos.d/elasticsearch.repo > /dev/null <

This configuration enables automatic GPG checking and refresh capabilities while pointing to the official Elasticsearch 8.x package repository.

Repository Verification and Package Cache

Update the package cache to ensure the new repository is accessible and functional:

sudo dnf makecache --refresh

Verify that Elasticsearch packages are available through the repository:

dnf search elasticsearch

The command should return available Elasticsearch packages, confirming successful repository configuration.

Elasticsearch Installation Process

Package Installation and Dependencies

Install Elasticsearch using the DNF package manager, which automatically handles dependencies and service configuration:

sudo dnf install elasticsearch -y

The installation process downloads the package, creates the elasticsearch user and group, installs service files, and sets up default configuration files. Monitor the installation output for any errors or warnings that might require attention.

Verify the installation completed successfully by checking the package status:

rpm -qi elasticsearch

Understanding Installation Directory Structure

Elasticsearch installation creates a specific directory structure that organizes different components logically:

Configuration Directory (/etc/elasticsearch/):

  • elasticsearch.yml – Main configuration file
  • jvm.options – JVM memory and performance settings
  • log4j2.properties – Logging configuration

Data Directory (/var/lib/elasticsearch/):

  • Stores index data and cluster state information
  • Requires adequate disk space for data growth
  • Should be backed up regularly in production

Log Directory (/var/log/elasticsearch/):

  • Contains application and error logs
  • Essential for troubleshooting and monitoring
  • Configure log rotation to manage disk space

Binary Directory (/usr/share/elasticsearch/):

  • Contains Elasticsearch JAR files and libraries
  • Should not be modified manually
  • Includes plugin management tools

Initial Memory and JVM Configuration

Configure JVM memory settings to match your system resources and expected workload. Edit the JVM options file:

sudo nano /etc/elasticsearch/jvm.options

Set heap size to approximately 50% of available system RAM, but never exceed 32GB due to JVM limitations:

-Xms2g
-Xmx2g

For systems with 8GB RAM, use 4GB heap size. Adjust accordingly based on your hardware specifications and monitoring results.

Configuration and Customization

Essential Elasticsearch Configuration

The primary configuration file controls Elasticsearch behavior and cluster settings. Edit the main configuration file:

sudo nano /etc/elasticsearch/elasticsearch.yml

Configure essential parameters for single-node operation:

# Cluster configuration
cluster.name: my-elasticsearch-cluster
node.name: node-1

# Network settings
network.host: localhost
http.port: 9200

# Path settings
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

# Discovery settings for single node
discovery.type: single-node

# Memory settings
bootstrap.memory_lock: true

These settings establish a functional single-node cluster suitable for development or small production deployments.

Network and Security Configuration

For production deployments requiring external access, configure network binding carefully:

# Allow external connections (use with caution)
network.host: 0.0.0.0

# CORS settings for web applications
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "X-Requested-With,Content-Type,Content-Length,Authorization"

Security Warning: Binding to 0.0.0.0 allows connections from any IP address. Implement proper firewall rules and authentication to prevent unauthorized access.

X-Pack Security Features

Enable X-Pack security for authentication and authorization capabilities:

# Enable security features
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: false

# Authentication settings
xpack.security.authc:
  realms:
    native:
      native1:
        order: 0

Setting xpack.security.http.ssl.enabled: false initially simplifies testing, but enable HTTPS in production environments.

Starting and Managing Elasticsearch Service

SystemD Service Configuration

Reload the system daemon to recognize the new Elasticsearch service configuration:

sudo systemctl daemon-reload

Enable automatic startup on system boot and start the service:

sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch

The enable command ensures Elasticsearch starts automatically after system reboots, while the start command begins immediate operation.

Service Status Verification

Monitor service status to confirm successful startup:

sudo systemctl status elasticsearch

A healthy service displays “active (running)” status with recent log entries indicating successful startup. Pay attention to memory allocation messages and any error indicators in the output.

Check service logs for detailed startup information:

sudo journalctl -u elasticsearch -f

The -f flag provides real-time log monitoring, helping identify startup issues or configuration problems.

Boot Configuration Testing

Test automatic startup functionality by rebooting the system and verifying service status:

sudo systemctl reboot

After reboot, confirm Elasticsearch started automatically:

sudo systemctl is-active elasticsearch
sudo systemctl is-enabled elasticsearch

Both commands should return “active” and “enabled” respectively, confirming proper boot configuration.

Testing and Verification

Basic Connectivity and API Testing

Verify Elasticsearch responds to HTTP requests using curl:

curl -X GET "localhost:9200/?pretty"

A successful response includes cluster information in JSON format:

{
  "name" : "node-1",
  "cluster_name" : "my-elasticsearch-cluster",
  "cluster_uuid" : "unique-cluster-identifier",
  "version" : {
    "number" : "8.x.x",
    "build_flavor" : "default",
    "build_type" : "rpm"
  },
  "tagline" : "You Know, for Search"
}

This response confirms successful installation and basic connectivity.

Cluster Health Assessment

Check cluster health status to ensure proper operation:

curl -X GET "localhost:9200/_cluster/health?pretty"

Healthy clusters display:

  • Green status: All primary and replica shards are active
  • Yellow status: All primary shards are active, but some replicas are missing
  • Red status: Some primary shards are inactive

Single-node clusters typically show yellow status since replicas cannot be allocated without additional nodes.

Node and Index Information

Retrieve detailed node information:

curl -X GET "localhost:9200/_nodes/stats?pretty"

List available indices (empty for new installations):

curl -X GET "localhost:9200/_cat/indices?v"

Create a test index to verify write capabilities:

curl -X PUT "localhost:9200/test-index" -H 'Content-Type: application/json' -d'
{
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 0
  }
}'

Firewall Configuration and Security Hardening

Firewall Rules for Elasticsearch

Configure firewall rules to allow necessary traffic while maintaining security:

# Open HTTP port for API access
sudo firewall-cmd --permanent --add-port=9200/tcp

# Open transport port for multi-node clusters
sudo firewall-cmd --permanent --add-port=9300/tcp

# Reload firewall configuration
sudo firewall-cmd --reload

For enhanced security, restrict access to specific IP addresses or subnets:

# Allow access only from specific subnet
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="9200" accept'

Security Best Practices Implementation

Implement defense-in-depth security measures:

1. Disable unnecessary features:

# Disable scripting for security
script.allowed_types: none
script.allowed_contexts: none

2. Configure authentication:

# Set passwords for built-in users
sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

3. Enable audit logging:

xpack.security.audit.enabled: true
xpack.security.audit.logfile.events.include: ["access_denied", "access_granted", "anonymous_access_denied"]

SSL/TLS Configuration

Generate self-signed certificates for development environments:

sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

Configure HTTPS in elasticsearch.yml:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12

Troubleshooting Common Issues

Installation and Repository Problems

Issue: GPG key verification failures
Solution: Manually download and import the GPG key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Issue: Repository connection timeouts
Solution: Configure DNF timeout settings:

echo "timeout=300" | sudo tee -a /etc/dnf/dnf.conf

Issue: Package dependency conflicts
Solution: Clear package cache and retry:

sudo dnf clean all
sudo dnf makecache
sudo dnf install elasticsearch -y

Service Startup and Configuration Issues

Issue: Service fails to start with memory allocation errors
Solution: Adjust JVM heap size in /etc/elasticsearch/jvm.options:

-Xms1g
-Xmx1g

Issue: Port binding failures
Solution: Check for port conflicts and stop conflicting services:

sudo netstat -tulpn | grep :9200
sudo systemctl stop conflicting-service

Issue: Permission denied errors
Solution: Verify elasticsearch user owns data directories:

sudo chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
sudo chown -R elasticsearch:elasticsearch /var/log/elasticsearch

Performance and Connectivity Problems

Issue: Slow query performance
Solution: Monitor JVM heap usage and adjust settings:

curl -X GET "localhost:9200/_nodes/stats/jvm?pretty"

Issue: Connection timeouts from remote clients
Solution: Increase timeout values and check network connectivity:

http.max_content_length: 100mb
network.tcp.keep_alive: true

Issue: High memory usage
Solution: Configure memory locking and monitor usage:

sudo sysctl vm.max_map_count=262144
echo 'vm.max_map_count=262144' | sudo tee -a /etc/sysctl.conf

Performance Optimization and Maintenance

System-Level Optimizations

Configure system parameters for optimal Elasticsearch performance:

# Increase virtual memory map areas
echo 'vm.max_map_count=262144' | sudo tee -a /etc/sysctl.conf
echo 'vm.swappiness=1' | sudo tee -a /etc/sysctl.conf

# Apply settings immediately
sudo sysctl -p

Disable swap to prevent performance degradation:

sudo swapoff -a
# Comment out swap entries in /etc/fstab

Regular Maintenance Tasks

Implement routine maintenance procedures:

Log Rotation Configuration:

sudo tee /etc/logrotate.d/elasticsearch > /dev/null <

Index Template Management:

# Monitor index sizes
curl -X GET "localhost:9200/_cat/indices?v&s=store.size:desc"

# Delete old indices
curl -X DELETE "localhost:9200/old-index-name"

Backup Procedures:

# Create repository for snapshots
curl -X PUT "localhost:9200/_snapshot/backup_repository" -H 'Content-Type: application/json' -d'
{
  "type": "fs",
  "settings": {
    "location": "/var/backups/elasticsearch"
  }
}'

Production Deployment Considerations

Plan for scalability and high availability:

Multi-Node Cluster Configuration:

# Master node configuration
node.roles: ["master", "data"]
discovery.seed_hosts: ["node1.example.com", "node2.example.com"]
cluster.initial_master_nodes: ["node1", "node2", "node3"]

Load Balancer Integration:

  • Configure health checks on port 9200
  • Implement connection pooling
  • Monitor response times and error rates

Monitoring and Alerting Setup:

  • Deploy Elastic Stack monitoring
  • Configure Prometheus exporters
  • Set up alerting for cluster health

Congratulations! You have successfully installed Elasticsearch. Thanks for using this tutorial for installing Elasticsearch on your AlmaLinux OS 10 system. For additional help or useful information, we recommend you check the official Elasticsearch website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button