How to Install and Configure Elasticsearch 8 on Rocky/Alma Linux 9

Elasticsearch is a distributed search and analytics engine built on Apache Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch has quickly become the most popular search engine and is commonly used for log analytics, full-text search, security intelligence, business analytics, and operational intelligence use cases.

In this guide, we will learn how to install and configure Elasticsearch on Rocky Linux 9. This guide will also work on other RHEL 9 based distrributions like Alma Linux 9 and Oracle Linux 9.

Related Content

Prerequisites

To follow along, ensure that you have:

  • An updated Rock Linux 9 server with at least 2 GB of RAM and 2 cores
  • Root access to the server or user with sudo access
  • Access to the internet from the server

Table of Content

  1. Ensure the server is up to date
  2. Installing Java on the server
  3. Import the elasticsearch gpg key
  4. Install Elasticsearch from the RPM Repo
  5. Start and enable the Elasticsearch service
  6. Verify Elasticsearch installation
  7. Performing simple operations with Elasticsearch

1. Ensuring that the server is up to date

Before proceeding, let us ensure that our server is up to date and all the packages are the latest version. Use these commands to achieve this:

sudo dnf -y update

If there are packages to upgrade, the above command may take a couple of minutes.

2. Install Java on the server

Elasticsearch depends on Java to run. Install java 11 runtime

sudo dnf install java-11-openjdk

Verify the installed version.

$ java -version
openjdk version "11.0.17" 2022-10-18 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.17.0.8-2.el9_0) (build 11.0.17+8-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.17.0.8-2.el9_0) (build 11.0.17+8-LTS, mixed mode, sharing)

3. Import the Elasticsearch GPG Key

Elasticsearch signs all of our packages with the Elasticsearch Signing Key (PGP key D88E42B4, available from https://pgp.mit.edu) with fingerprint:

4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4

Download and install the public signing key:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

4. Install Elasticsearch from the RPM repository

Create a file called elasticsearch.repo in the /etc/yum.repos.d/ . Use your text editor to open the file:

sudo vim /etc/yum.repos.d/elasticsearch.repo

Then add the following the content:

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

And your repository is ready for use. You can now install Elasticsearch.

Use this command to install elasticsearch

sudo dnf install --enablerepo=elasticsearch -y elasticsearch

Confirm

$ rpm -qi elasticsearch
Name        : elasticsearch
Epoch       : 0
Version     : 8.5.2
Release     : 1
Architecture: x86_64
Install Date: Mon 28 Nov 2022 12:58:00 PM UTC
Group       : Application/Internet
Size        : 1193883320
License     : Elastic License
Signature   : RSA/SHA512, Thu 17 Nov 2022 08:32:33 PM UTC, Key ID d27d666cd88e42b4
Source RPM  : elasticsearch-8.5.2-1-src.rpm
Build Date  : Thu 17 Nov 2022 07:04:47 PM UTC
Build Host  : packer-virtualbox-iso-1646848364
Relocations : /usr
Packager    : Elasticsearch
Vendor      : Elasticsearch
URL         : https://www.elastic.co/
Summary     : Distributed RESTful search engine built for the cloud
Description :
Reference documentation can be found at
  https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html
  and the 'Elasticsearch: The Definitive Guide' book can be found at
  https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html

5. Start and enable the Elasticsearch service

The Elasticsearch service won’t be started by default. Use this command to start:

sudo systemctl start elasticsearch

Confirm the service status using this command:

$ sudo systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2022-11-28 12:59:13 UTC; 1min 19s ago
       Docs: https://www.elastic.co
   Main PID: 210240 (java)
      Tasks: 82 (limit: 45121)
     Memory: 4.1G
        CPU: 55.837s
     CGroup: /system.slice/elasticsearch.service
             ├─210240 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsear>
             ├─210299 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.sec>
             └─210322 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Nov 28 12:58:41 fiddle-rockysrv systemd[1]: Starting Elasticsearch...
Nov 28 12:59:13 fiddle-rockysrv systemd[1]: Started Elasticsearch.

The above output shows that the service is up and running. Enable the service using this command:

sudo systemctl enable elasticsearch

If Elasticsearch fails to start for any reason, it will print the reason for failure to STDOUT. Log files can be found in /var/log/elasticsearch/.

By default the Elasticsearch service doesn’t log information in the systemd journal. To enable journalctl logging, the --quiet option must be removed from the ExecStart command line in the elasticsearch.service file.

When systemd logging is enabled, the logging information are available using the journalctl commands:

To tail the journal:

sudo journalctl -f

To list journal entries for the elasticsearch service:

sudo journalctl --unit elasticsearch

To list journal entries for the elasticsearch service starting from a given time:

sudo journalctl --unit elasticsearch --since  "2022-11-28 18:17:16"

6. Verify Elasticsearch Installation

At this point, ElasticSearch is started and listening on port 9200. You can check it with the following command:

ss -antpl | grep 9200

You should see the following output:

$ ss -antpl | grep 9200
LISTEN 0      128    [::ffff:127.0.0.1]:9200             *:*
LISTEN 0      128                 [::1]:9200          [::]:*

you can also verify ElasticSearch with the following command.

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

Ensure that you use https in your call, or the request will fail.

**--cacert**Path to the generated http_ca.crt certificate for the HTTP layer.

Enter the password for the elastic user that was generated during installation, which should return a response like this:

# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':

{
  "name" : "fiddle-rockysrv",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "rKwMbV7lQOibWfndbULHOw",
  "version" : {
    "number" : "8.5.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "a846182fa16b4ebfcc89aa3c11a11fd5adf3de04",
    "build_date" : "2022-11-17T18:56:17.538630285Z",
    "build_snapshot" : false,
    "lucene_version" : "9.4.1",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

7. Performing simple operations with Elasticsearch

You can use the Curl command to add data to the ElasticSearch as shown below:

curl -H 'Content-Type: application/json' -X POST 'http://localhost:9200/todo/task/1' -d '{ "name": "Go to the mall." }'

You should see the following output:

{"_index":"todo","_type":"task","_id":"1","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":0,"_primary_term":1}

You can now retrieve your data using the GET request:

curl -X GET 'http://localhost:9200/todo/task/1'

You should see the following output:

{"_index":"todo","_type":"task","_id":"1","_version":1,"_seq_no":0,"_primary_term":1,"found":true,"_source":{ "name": "Go to the mall." }}

To retrieve the data in human-readable format, run the following command:

curl -X GET 'http://localhost:9200/todo/task/1?pretty'

You should get the following output:

{
  "_index" : "todo",
  "_type" : "task",
  "_id" : "1",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "name" : "Go to the mall."
  }
}

Conclusion

That’s it. In this guide, you we learned how to install and use ElasticSearch on Rocky Linux 8 server. You can now easily add, read, delete, and update data in Elasticsearch.

comments powered by Disqus
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy