How To Install Elasticsearch on Rocky Linux 9

Elasticsearch is a powerful, open-source search and analytics engine built on top of Apache Lucene. It is a critical component of the Elastic Stack (also known as the ELK Stack), used for storing, searching, and managing large volumes of data in near real-time. Rocky Linux 9, known for its stability and enterprise-grade features, is one of the top choices for deploying Elasticsearch in a production-grade or development environment. This guide provides a comprehensive walkthrough on installing, configuring, and securing Elasticsearch on Rocky Linux 9. Follow the steps carefully to ensure smooth installation, and keep reading to discover best practices for optimizing and maintaining your Elasticsearch setup.

Introduction

Businesses, developers, and data analysts frequently turn to Elasticsearch to handle complex data processing and advanced analytics. With its distributed and scalable architecture, Elasticsearch is capable of indexing and searching extensive amounts of data rapidly. Deployed on Rocky Linux 9, Elasticsearch benefits from the OS’s robustness and enterprise-level support. By following this guide, you will learn how to install Elasticsearch, secure it against unauthorized access, and integrate it with optional tools like Kibana and Logstash if desired.

This article covers every step—starting from verifying your Rocky Linux 9 environment and ensuring you have Java installed, to configuring Elasticsearch for optimal performance. In the final sections, you will also find bonus tips on optional add-ons and maintenance steps for smooth operation.

Prerequisites

Before you begin, ensure you have the following:

• A Rocky Linux 9 server or virtual machine with sudo or root privileges.
• Basic familiarity with Linux commands and file editing (using nano or vim).
• Stable internet connection for downloading packages and repositories.

It is also considered good practice to keep your system up to date. Run the following command to update all packages:

sudo dnf update -y

This ensures that you have the latest security patches and bug fixes installed on Rocky Linux 9.

Step 1: Installing Java (OpenJDK)

Elasticsearch depends on Java to run since it is built in Java and utilizes Java-based libraries under the hood. On Rocky Linux 9, OpenJDK is the most straightforward way to meet this requirement. Follow these steps to install Java:

1. Use dnf to install OpenJDK:

   sudo dnf install java-11-openjdk-devel -y
   

2. Verify the installation by checking:

   java -version
   

If Java is installed correctly, you will see output resembling:

openjdk version "11.0.xx" ...

This confirms that your system can run Elasticsearch.

Step 2: Importing the Elasticsearch GPG Key

Package managers on Rocky Linux, such as dnf and rpm, can verify the integrity of packages using a GPG key. Importing the official Elasticsearch GPG key ensures the Elasticsearch binaries are authentic. Execute:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Once imported, your system treats packages signed by this key as trustworthy. This step is crucial in preventing package spoofing or tampering [1][2].

Step 3: Adding the Elasticsearch Repository

The default repositories on Rocky Linux 9 do not include Elasticsearch. Instead, Elastic provides its own repository for the latest stable versions. Create a new repository file as follows:

sudo nano /etc/yum.repos.d/elasticsearch.repo

Add the following content to the file:

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Save and exit. Next, refresh the package list:

sudo dnf makecache

This command tells your package manager to retrieve the latest metadata from the newly added Elasticsearch repository.

Step 4: Installing Elasticsearch

With the repository in place, you are now ready to install the Elasticsearch packages. Run:

sudo dnf install elasticsearch -y

This will fetch the latest version of Elasticsearch from the 8.x repository. Once installed, verify the package details with:

rpm -qi elasticsearch

You can see version information, release details, and more. After installation, enable Elasticsearch to automatically start during system boots:

sudo systemctl enable elasticsearch.service

Then, start Elasticsearch:

sudo systemctl start elasticsearch.service

In some cases, you may want to run:

sudo systemctl daemon-reload

to ensure systemd recognizes all the new services properly.

Step 5: Configuring Elasticsearch

Elasticsearch’s configuration files are located in the /etc/elasticsearch directory. The primary file you need to modify for basic setup is elasticsearch.yml.

Here are important configuration parameters:

• network.host: Specifies the address Elasticsearch listens on. By default, it is set to localhost for local queries only. This is good for a development machine or single-instance testing.
• cluster.name: Identifies your Elasticsearch cluster name.
• node.name: Identifies the Elasticsearch node name.

To edit the file, open:

sudo nano /etc/elasticsearch/elasticsearch.yml

Look for and update (or uncomment) the following lines, depending on your requirements:

network.host: localhost
cluster.name: my-rocky-linux-cluster
node.name: node-1

If you need to open Elasticsearch to remote connections, adjust network.host accordingly, but be sure to implement security measures described later. After making changes, save the file and restart Elasticsearch:

sudo systemctl restart elasticsearch.service

To confirm that your new settings are active:

curl -X GET "localhost:9200/"

You should see output containing version details and the cluster name you set.

Step 6: Securing Elasticsearch

Security is crucial for any Elasticsearch deployment because, by default, Elasticsearch listens for incoming connections and can be susceptible to unauthorized access if left open to the internet [1][6][8]. Follow these best practices to safeguard your data and configuration:

1. Enable Built-in Security Features

Elasticsearch includes native security features such as user authentication, role-based access control, and TLS/SSL encryption. Starting in the 8.x releases, Elasticsearch security features are enabled by default. If you need to explicitly set them:

sudo nano /etc/elasticsearch/elasticsearch.yml

Uncomment or add:

xpack.security.enabled: true

Save and exit the file, then run:

sudo systemctl restart elasticsearch.service

2. Set Up User Authentication

Generate passwords for built-in users using the built-in setup tool:

sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

Answer prompts to create or reset passwords for users like elastic, kibana, and logstash_system. Keep these credentials secure.

3. Configure Firewall (if necessary)

Rocky Linux 9 typically uses firewalld. If you need external access only from a specific IP range, you can add a “rich rule”:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4"
 source address="XXX.XXX.XXX.XXX/32" port protocol="tcp" port="9200" accept' --permanent

sudo firewall-cmd --reload

Adjust the IP address and subnet mask as needed. If you do not want to allow any external access, you can skip opening port 9200.

4. Enable TLS/SSL Encryption (Optional)

For production environments, it is highly recommended to encrypt data in transit using TLS/SSL. Elasticsearch provides elasticsearch-certutil for generating certificates:

sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

After generating certificates, configure Elasticsearch to use them in elasticsearch.yml:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "/path/to/your/cert.p12"
xpack.security.http.ssl.keystore.password: "yourpassword"

You must also configure your transport layer for secure node-to-node communication if you run a cluster.

Step 7: Testing and Verifying Installation

Once configuration and security measures are in place, verify that Elasticsearch is fully functional. Run:

systemctl status elasticsearch.service

This shows if the service is active (running), dead, or in an error state. For a deeper look into logs, check:

sudo journalctl -u elasticsearch.service

You can also use:

curl -X GET -u elastic 'localhost:9200/_cluster/health?pretty' --cacert /path/to/http_ca.crt

Replace elastic with any username you created during the setup process, and enter the corresponding password at the prompt. This returns a JSON with cluster health details, node counts, and more. If anything looks off or you see red/yellow statuses, dive into logs at /var/log/elasticsearch/ for troubleshooting.

Common issues include:

• Java heap space misconfigurations.
• Network access blocked by a firewall.
• Incorrect file permissions on /etc/elasticsearch/ directory.

Optional Add-ons and Tools for Elasticsearch

Elasticsearch works seamlessly with other components in the Elastic Stack. Although not strictly required for a basic deployment, these tools can greatly enhance functionality:

1. Kibana

Kibana is the default visualization and dashboard tool for Elasticsearch. It provides a web-based interface for visualizing data, creating dashboards, and managing various aspects of the Elastic Stack. Install Kibana (from the same repository) with:

sudo dnf install kibana -y

Enable and start Kibana automatically:

sudo systemctl enable kibana.service
sudo systemctl start kibana.service

Then, open kibana.yml (located in /etc/kibana/) to configure its connection to Elasticsearch. Typically, you set server.host to localhost or a valid IP if you want remote access. Restart the service for changes to take effect.

2. Logstash

Logstash is a data processing pipeline that collects, processes, and outputs logs or other data to Elasticsearch. Install Logstash similarly:

sudo dnf install logstash -y
sudo systemctl enable logstash.service
sudo systemctl start logstash.service

Logstash uses configuration files usually placed in /etc/logstash/conf.d/. By creating pipelines, you can define input (e.g., log files), filtering (e.g., parsing or transformations), and output (e.g., Elasticsearch).

3. Beats

Beats are lightweight data shippers that can send logs, metrics, or network data to Logstash or directly to Elasticsearch. Common Beats include Filebeat, Metricbeat, and Packetbeat. They simplify data collection from various sources across your infrastructure.

Maintenance Tips

Keeping Elasticsearch well-maintained is key to a stable and performant cluster on Rocky Linux 9. Below are some top recommendations:

• Regular Updates:

  sudo dnf update elasticsearch
  

  This command pulls new versions from the Elastic repository, ensuring you stay on top of bug fixes and security patches.

• Monitor Logs: Check /var/log/elasticsearch/ for any anomalies or frequent errors. Monitoring logs can help you preempt problems such as cluster instability or plugin conflicts.
• Heap Memory Management: Elasticsearch performance is heavily dependent on JVM heap configuration. You can adjust it in
  /etc/elasticsearch/jvm.options using -Xms and -Xmx settings. Usually, the recommended approach is 50% of your system memory, or a maximum of about 32GB for each node.
• Snapshots & Backups: Use Elasticsearch’s snapshot and restore functionality to back up your data to a reliable repository such as an NFS share or cloud-based storage.
• Scaling & Sharding: For large datasets, consider adjusting the number of primary and replica shards for each index. This allows you to handle more data and better distribute it across multiple nodes in your cluster.

Congratulations! You have successfully installed Elasticsearch. Thanks for using this tutorial for installing Elasticsearch on Rocky Linux 8 system. For additional help or useful information, we recommend you check the official Elasticsearch website.