RHEL BasedRocky Linux

How To Install Elasticsearch on Rocky Linux 10

r00t

Install Elasticsearch on Rocky Linux 10

Elasticsearch stands as one of the most powerful distributed search and analytics engines available today, offering real-time data processing capabilities that have revolutionized how organizations handle large-scale data operations. This comprehensive guide will walk you through the complete installation process of Elasticsearch on Rocky Linux 10, ensuring you have a production-ready search engine deployment.

Rocky Linux 10 provides an enterprise-grade foundation for Elasticsearch installations, combining stability with performance optimization features. The platform’s RHEL compatibility and community-driven development make it an ideal choice for hosting critical search infrastructure.

Prerequisites and System Requirements

Hardware Requirements

Before proceeding with the Elasticsearch installation, ensure your Rocky Linux 10 system meets the minimum hardware specifications. A minimum of 4GB RAM is required, though 8GB or more is strongly recommended for production environments. Adequate disk space allocation depends on your data storage requirements, but plan for at least 20GB of free space for the initial installation and basic operations.

CPU requirements vary based on workload intensity, but a dual-core processor serves as the baseline for small deployments. Network connectivity must support the default Elasticsearch ports 9200 for HTTP communication and 9300 for inter-node communication.

Software Prerequisites

Your Rocky Linux 10 system requires root or sudo privileges for the installation process. Ensure all system packages are current before beginning the installation. Basic Linux command-line knowledge is essential for successful configuration and troubleshooting.

Terminal access is mandatory throughout the installation process. Consider installing a user-friendly text editor like nano if you prefer it over the default vi editor.

Planning Considerations

Determine whether you need a single-node deployment or cluster configuration before installation. Single-node setups work well for development and testing environments, while production deployments typically require multi-node clusters for high availability.

Security requirements should be planned in advance, including access control policies and SSL/TLS implementation strategies. Data storage location and backup procedures need consideration before proceeding with the installation.

System Preparation and Updates

System Updates and Package Management

Begin by updating all system packages to ensure compatibility and security. Execute the following command to refresh package repositories and install available updates:

sudo dnf update -y

This command updates the package cache and installs any available system updates. The process may take several minutes depending on the number of packages requiring updates.

Clean the package cache and regenerate metadata to ensure optimal performance:

sudo dnf clean all
sudo dnf makecache

Verify your Rocky Linux 10 kernel version and system compatibility. This step ensures your system supports the Elasticsearch requirements and dependencies.

Firewall and Network Configuration

Configure firewalld to allow Elasticsearch traffic through the necessary ports. Open port 9200 for HTTP REST API access and port 9300 for node-to-node communication:

sudo firewall-cmd --permanent --zone=public --add-port=9200/tcp
sudo firewall-cmd --permanent --zone=public --add-port=9300/tcp
sudo firewall-cmd --reload

Verify the firewall rules are active:

sudo firewall-cmd --list-ports

Network interface configuration should accommodate your planned deployment architecture. For single-node installations, localhost configuration suffices, while cluster deployments require proper network interface binding.

Java Installation and Configuration

Installing OpenJDK 11

Elasticsearch requires Java Runtime Environment for operation. OpenJDK 11 provides optimal compatibility and performance for Elasticsearch deployments. Install OpenJDK 11 using the DNF package manager:

sudo dnf install java-11-openjdk java-11-openjdk-devel -y

The installation includes both the runtime environment and development tools. Development tools are useful for advanced configuration and troubleshooting scenarios.

Alternative JDK versions are supported, but OpenJDK 11 offers the best stability and performance characteristics. Avoid using older Java versions as they may cause compatibility issues with newer Elasticsearch releases.

Java Verification and Environment Setup

Confirm successful Java installation by checking the version:

java --version

Expected output should display OpenJDK version 11.x.x information. This verification ensures the Java runtime is properly installed and accessible.

Configure the JAVA_HOME environment variable for system-wide Java recognition:

echo 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk' >> ~/.bashrc
source ~/.bashrc

Verify the JAVA_HOME configuration:

echo $JAVA_HOME

Understanding JVM requirements helps optimize Elasticsearch performance. The Java Virtual Machine handles memory allocation, garbage collection, and thread management for Elasticsearch operations.

Elasticsearch Repository Setup

GPG Key Import

Import the official Elasticsearch GPG key to verify package authenticity. This security measure ensures downloaded packages originate from Elastic and haven’t been tampered with:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

The GPG key import process establishes a trust relationship between your system and the Elasticsearch package repository. This verification step is crucial for maintaining system security.

Verify successful key import by listing installed GPG keys:

rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

Repository Configuration

Create the Elasticsearch repository configuration file. This file instructs DNF where to find Elasticsearch packages:

sudo nano /etc/yum.repos.d/elasticsearch.repo

Add the following repository configuration:

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Save and close the file. The configuration enables automatic package updates and GPG signature verification for enhanced security.

Update the package cache to recognize the new repository:

sudo dnf makecache

Elasticsearch Installation Process

Package Installation

Install Elasticsearch using the DNF package manager. The installation process downloads and configures all necessary components:

sudo dnf install elasticsearch -y

The installation process displays progress information and post-installation messages. Pay attention to security autoconfiguration information, including auto-generated passwords for the elastic user.

Note the generated elastic user password from the installation output. This password is required for initial authentication and user management:

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : [PASSWORD]

Verify successful installation by querying package information:

rpm -qi elasticsearch

Service Configuration

Enable Elasticsearch to start automatically at boot time:

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service

The daemon-reload command refreshes systemd configuration to recognize the new Elasticsearch service. Enabling the service ensures automatic startup after system reboots.

Check the service status before starting:

sudo systemctl status elasticsearch.service

Initial service status should show “inactive (dead)” before manual startup. This status is normal for newly installed services.

Elasticsearch Configuration

Basic Configuration File Setup

Edit the main Elasticsearch configuration file to customize your installation:

sudo nano /etc/elasticsearch/elasticsearch.yml

Configure essential cluster and node settings. Start with basic configuration options:

cluster.name: my-elasticsearch-cluster
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

The cluster name identifies your Elasticsearch cluster. Node names help distinguish individual nodes in multi-node deployments.

Path configuration specifies data storage and log file locations. Default paths work well for most installations, but can be customized for specific requirements.

Network and Cluster Settings

Configure network access for your Elasticsearch instance. For local development, localhost binding suffices:

network.host: localhost
http.port: 9200
transport.port: 9300

For remote access, bind to all interfaces:

network.host: 0.0.0.0

Single-node cluster configuration prevents bootstrap checks and cluster formation requirements:

discovery.type: single-node

This setting is appropriate for development and testing environments. Production deployments typically require proper cluster discovery configuration.

JVM and Memory Configuration

JVM Heap Size Optimization

Configure JVM heap size for optimal performance. Edit the JVM options file:

sudo nano /etc/elasticsearch/jvm.options

Set heap size to approximately 50% of available system RAM. For systems with 8GB RAM, configure 4GB heap size:

-Xms4g
-Xmx4g

Consistent heap size values prevent memory fragmentation and improve garbage collection performance. Never exceed 50% of total system memory to leave resources for the operating system and file system cache.

Memory Lock and System Optimization

Enable memory locking to prevent swapping. Add the following to elasticsearch.yml:

bootstrap.memory_lock: true

Configure the vm.max_map_count kernel parameter:

echo 'vm.max_map_count=262144' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

This parameter increases the memory map limit for optimal Elasticsearch performance. The setting persists across system reboots.

Disable swap to prevent performance degradation:

sudo swapoff -a

Comment out swap entries in /etc/fstab to make the change permanent.

Security Configuration

Basic Security Setup

For initial testing and development, disable X-Pack security features. Add the following to elasticsearch.yml:

xpack.security.enabled: false

This configuration simplifies initial setup and testing. Production deployments should implement proper security measures including authentication and authorization.

Understanding X-Pack security features helps plan production security implementation. Features include role-based access control, SSL/TLS encryption, and audit logging.

SSL/TLS Configuration Planning

Production environments require SSL/TLS encryption for secure communication. Plan certificate generation and distribution strategies before enabling security features.

Certificate management involves generating Certificate Authority (CA) certificates, node certificates, and client certificates. Proper certificate management ensures secure cluster communication and client connections.

Transport layer security encrypts node-to-node communication. HTTP layer security protects client-to-node communication.

Starting and Testing Elasticsearch

Service Startup

Start the Elasticsearch service:

sudo systemctl start elasticsearch.service

Monitor service startup progress by checking the status:

sudo systemctl status elasticsearch.service

Successful startup displays “active (running)” status. Service startup may take 30-60 seconds depending on system resources and configuration complexity.

Check Elasticsearch logs for startup information and potential issues:

sudo journalctl -u elasticsearch.service -f

Log monitoring helps identify configuration problems and performance bottlenecks.

Functionality Testing

Test Elasticsearch connectivity using curl:

curl -X GET "localhost:9200/"

Successful response includes cluster name, node name, and version information:

{
  "name" : "node-1",
  "cluster_name" : "my-elasticsearch-cluster",
  "version" : {
    "number" : "8.x.x"
  }
}

Test cluster health endpoint:

curl -X GET "localhost:9200/_cluster/health"

Green cluster status indicates healthy operation. Yellow status suggests missing replicas, while red status indicates serious problems requiring immediate attention.

Create a test index to verify functionality:

curl -X PUT "localhost:9200/test-index" -H 'Content-Type: application/json' -d'
{
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 0
  }
}'

Performance Optimization

Index and Query Optimization

Configure refresh intervals for better indexing performance. Reduce refresh frequency for bulk indexing operations:

curl -X PUT "localhost:9200/my-index/_settings" -H 'Content-Type: application/json' -d'
{
  "refresh_interval": "30s"
}'

Implement bulk indexing strategies for large data volumes. Bulk operations significantly improve indexing throughput compared to individual document indexing.

Optimize field mappings for your specific use case. Proper mapping configuration improves query performance and reduces storage requirements:

curl -X PUT "localhost:9200/my-index" -H 'Content-Type: application/json' -d'
{
  "mappings": {
    "properties": {
      "timestamp": {"type": "date"},
      "message": {"type": "text"},
      "level": {"type": "keyword"}
    }
  }
}'

System-Level Optimizations

Configure file system cache utilization for optimal search performance. Leave sufficient RAM for the operating system to cache frequently accessed files.

Optimize I/O operations by configuring appropriate readahead settings:

sudo blockdev --setra 32768 /dev/sda

Consider SSD storage for improved I/O performance. Solid-state drives significantly reduce query latency and improve indexing throughput.

Load balancing becomes important as your cluster grows. Plan for horizontal scaling and proper shard distribution across nodes.

Common Issues and Troubleshooting

Installation and Startup Problems

Java version compatibility issues can prevent Elasticsearch startup. Verify Java version compatibility and update if necessary.

Port conflicts occur when other services use ports 9200 or 9300. Check for conflicting services:

sudo ss -tlnp | grep :9200

Permission and ownership issues affect service startup. Ensure proper ownership of Elasticsearch directories:

sudo chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
sudo chown -R elasticsearch:elasticsearch /var/log/elasticsearch

Firewall configuration problems prevent remote access. Verify firewall rules allow necessary traffic through configured ports.

Performance and Memory Issues

High CPU and memory usage indicate resource constraints or configuration problems. Monitor system resources and adjust JVM heap size accordingly.

Query performance optimization requires analyzing slow queries and optimizing mappings. Enable slow query logging to identify problematic queries:

index.search.slowlog.threshold.query.warn: 10s
index.search.slowlog.threshold.query.info: 5s

Cluster health issues require immediate attention. Red cluster status indicates data loss risk and requires troubleshooting unallocated shards.

Memory pressure can cause performance degradation. Monitor heap usage and adjust configuration based on workload requirements.

Maintenance and Best Practices

Regular Maintenance Tasks

Implement log rotation to prevent disk space exhaustion. Configure logrotate for Elasticsearch log files:

sudo nano /etc/logrotate.d/elasticsearch

Index lifecycle management helps control storage costs and performance. Configure automatic index rollover and deletion based on age or size criteria.

Backup and recovery procedures are essential for data protection. Implement regular snapshot policies to protect against data loss:

curl -X PUT "localhost:9200/_snapshot/backup-repo" -H 'Content-Type: application/json' -d'
{
  "type": "fs",
  "settings": {
    "location": "/var/backups/elasticsearch"
  }
}'

Production Deployment Considerations

Multi-node cluster setup requires careful planning. Consider master nodes, data nodes, and coordinating nodes based on your requirements.

Monitoring and alerting implementation helps maintain system health. Configure monitoring for cluster health, resource usage, and query performance.

Scaling strategies should accommodate future growth. Plan for horizontal scaling by adding nodes and vertical scaling by upgrading hardware resources.

Security implementation becomes critical in production environments. Enable authentication, authorization, and encryption features for comprehensive security.

Congratulations! You have successfully installed Elasticsearch. Thanks for using this tutorial for installing Elasticsearch distributed search and analytics engine on Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Elasticsearch website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button