How to Install Elasticsearch 8 on Ubuntu 24.04, 22.04, or 20.04

Elasticsearch 8 is the latest version of the widely-used, open-source search and analytics engine, part of the Elastic Stack (ELK Stack). Elasticsearch 8 brings significant improvements in performance, scalability, and security, making it ideal for use cases like log and event data analysis, full-text search, and real-time analytics. Key features of Elasticsearch 8 include a simplified security model with built-in authentication, enhanced indexing and search capabilities, and improved integration with other Elastic Stack components like Kibana and Logstash.

On Ubuntu 24.04, 22.04, or 20.04, Elasticsearch 8 can be installed using the official Elasticsearch APT repository. This method ensures that you have access to the latest builds and future updates directly from Elastic, keeping your Elasticsearch instance up-to-date with the newest features and security patches. This guide will walk you through the process of adding the Elasticsearch APT repository to your system and installing Elasticsearch 8, enabling you to take full advantage of its powerful search and analytics capabilities.

Update Ubuntu System Packages

Begin by updating your Ubuntu system packages to ensure all components are current. Execute the command:

sudo apt update && sudo apt upgrade

This command refreshes and upgrades the package lists to their latest versions, maintaining system stability and security.

Install Initial Packages for Elasticsearch 8 Installation

To prepare for Elasticsearch 8 installation, specific packages are necessary. Install these prerequisite packages with the command:

sudo apt install dirmngr ca-certificates software-properties-common apt-transport-https lsb-core curl wget -y

This step is crucial as it installs utilities like dirmngr and ca-certificates for managing keyrings, software-properties-common for handling software repositories, apt-transport-https for secure package downloads, lsb_release for Linux Standard Base information, and curl for data transfers.

Import Elasticsearch 8 APT Repository

Since Elasticsearch 8 is unavailable in the default Ubuntu repository, it must be imported from the Elasticsearch APT repository.

Add Elasticsearch GPG Key

Start by importing the GPG key to ensure the integrity and authenticity of the packages. Run:

wget -q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O- | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

This command downloads the GPG key from Elasticsearch’s official website and adds it to your system’s keyring, securing future downloads from the repository.

Add Elasticsearch 8.x APT Repository

Following the GPG key addition, import the Elasticsearch repository with:

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

This command creates a new source list file for Elasticsearch, ensuring that your system recognizes and trusts the newly added repository for subsequent installation steps.

Update APT Index Cache After Elasticsearch 8 Import

After importing Elasticsearch 8, the next step is to refresh your system’s package list. This ensures that your system recognizes the newly added Elasticsearch repository. To proceed, Execute the command:

sudo apt update

This command updates the APT index cache, allowing you to install the latest version of Elasticsearch available in the repository.

Finalize Elasticsearch 8 Installation

With the repository list updated, proceed to install Elasticsearch by running:

sudo apt install elasticsearch

This command downloads and installs Elasticsearch onto your system. It ensures you have the latest stable version, which is crucial for maintaining optimal performance and security.

Start the Elasticsearch 8 Service

By default, Elasticsearch does not start automatically upon system boot. To configure Elasticsearch to start at boot and immediately start the service, use:

sudo systemctl enable elasticsearch.service --now

The –now flag in the systemctl command is a convenient way to enable the service at boot and start it in the current session.

Now, confirm that Elasticsearch is running correctly, check its status with:

systemctl status elasticsearch

This command provides real-time status information about the Elasticsearch service, ensuring it is active and functioning correctly on your Ubuntu system.

Understanding Elasticsearch Data and Configuration Directories

Default Data Directory

Elasticsearch utilizes /var/lib/elasticsearch for storing data. This directory holds indexed data and manages the cluster’s state.

Configuration File Locations

Configuration files are located in /etc/elasticsearch. Here, you control Elasticsearch’s behavior. Java start-up options are set in /etc/default/elasticsearch.

Default configurations work well for single-server operations. For clusters, alterations enable remote connections.

sudo nano /etc/elasticsearch/elasticsearch.yml

Set up Remote Access (Optional)

Networking Configuration in Elasticsearch

Adjust network settings in the configuration file to allow connections beyond localhost.

Open the configuration file using:

sudo nano /etc/elasticsearch/elasticsearch.yml

In the Network section, uncomment the relevant line for network binding and set it to your preferred IP address.

Common Configuration Examples

Setting Network Host

To configure an internal private IP:

network.host: [Internal Private IP]

This setting is essential for cluster communication.

Configuring Cluster Name

Define your cluster name for identification:

cluster.name: my-cluster

This name helps in cluster management and monitoring.

Node Identification

Set a unique name for each node:

node.name: node-1

Unique node names simplify cluster management.

Discovery Settings

Configure node discovery for cluster formation:

discovery.seed_hosts: ["host1", "host2"]

These settings are vital for nodes to discover each other in a cluster.

Memory Allocation

Allocate memory for Elasticsearch:

-Xms1g
-Xmx1g

These settings in /etc/default/elasticsearch control the JVM heap size, which is crucial for performance.

Enabling CORS

For web-based Elasticsearch tools:

http.cors.enabled: true
http.cors.allow-origin: "/.*/"

CORS settings in elasticsearch.yml enable interactions with web applications.

After making changes, save and exit the editor. Then, restart Elasticsearch to apply new configurations:

sudo systemctl restart elasticsearch

Restarting ensures Elasticsearch operates with the updated settings.

Configure UFW Firewall for Elasticsearch 8

Setting Up Firewall Rules for Elasticsearch

Allowing Specific IP Addresses

To enable remote connections to Elasticsearch, it’s essential to configure the firewall to allow these specific connections. Use this command to permit an individual IP address:

sudo ufw allow from [IP Address] to any port 9200

Replace [IP Address] with the desired external IP address. This setup allows traffic from this address to access Elasticsearch on port 9200, which is crucial for remote access or cluster communication.

Allowing a Range of IP Addresses

If you need to allow a range of IP addresses, modify the UFW rule accordingly:

sudo ufw allow from [IP Address Range] to any port 9200

Here, [IP Address Range] could be a subnet, allowing multiple IPs within that subnet to access your Elasticsearch instance.

Allowing All Traffic on Port 9200

In some environments, you might need to allow all traffic to the Elasticsearch port. Use caution with this command, as it opens up port 9200 to all incoming traffic:

sudo ufw allow 9200

This command is generally used in controlled environments or for initial setup and testing.

Restricting Access to Local Network

Access to the local network must be restricted for added security, especially in production environments. This command allows only local network connections to Elasticsearch:

sudo ufw allow from 192.168.1.0/24 to any port 9200

Adjust 192.168.1.0/24 to match your local network’s IP range. This setting ensures that only devices on your local network can access Elasticsearch, adding a layer of security against external threats.

Applying the Firewall Rules

After setting up the rules, activate them by reloading UFW:

sudo ufw reload

This command enforces the new rules without interrupting current connections. It’s a crucial step to ensure that your Elasticsearch server is protected while allowing necessary traffic.

Managing Elasticsearch 8

Uninstalling Elasticsearch 8

Removing Elasticsearch Software

In scenarios where Elasticsearch is no longer needed, it can be uninstalled efficiently. To remove Elasticsearch from your system, use:

sudo apt remove elasticsearch

This command not only uninstalls Elasticsearch but also removes any packages installed alongside it that are no longer needed, ensuring a clean removal.

Deleting the APT Repository

After uninstalling the software, removing the Elasticsearch repository from your system’s sources list is important. Execute:

sudo rm /etc/apt/sources.list.d/elastic-8.x.list

This command deletes the Elasticsearch repository configuration file, preventing your system from accessing outdated or unnecessary Elasticsearch packages in future updates or installations.

Conclusion

Installing Elasticsearch 8 on your Ubuntu system via the official Elasticsearch APT repository provides a reliable and straightforward way to access the latest features and updates. This method ensures that your Elasticsearch installation remains current, secure, and optimized for performance. By regularly updating Elasticsearch through the APT repository, you can continue to leverage its powerful search and analytics tools to meet your organization’s needs effectively on Ubuntu.

Useful Links

Here are some helpful links related to installing Elasticsearch 8:

• Elasticsearch Release Highlights: Check out the latest release highlights for Elasticsearch 8, including new features and improvements.
• What’s New in Elasticsearch 8.0.0: Read the blog post detailing the new features, changes, and enhancements introduced in Elasticsearch 8.0.0.
• Elasticsearch Documentation: Access the comprehensive Elasticsearch documentation covering installation, configuration, and usage guides.