How to Install Elasticsearch 8 on Ubuntu 24.04, 22.04, or 20.04

In today’s rapidly evolving digital landscape, Elasticsearch 8 is a powerful tool for managing and analyzing vast data. Its significance in various fields, from data analytics to search engine optimization, cannot be overstated.

Elasticsearch 8 offers a suite of features that enhance its functionality:

  • Enhanced Security: Comes with improved security settings, ensuring data protection.
  • Scalability: Easily scales to handle petabytes of structured and unstructured data.
  • Speed: Offers real-time search and analytics capabilities.
  • Flexibility: Supports a wide range of data types and structures.
  • Improved Observability: Offers detailed insights into the health and performance of your clusters.
  • Machine Learning Integration: Provides advanced analytics and anomaly detection.

Now, on the central part, the following sections will guide you through each step, from preparing your system to configuring Elasticsearch for optimal performance.

Prerequisites for Installing Elasticsearch 8

To successfully install Elasticsearch 8 on Ubuntu, ensure you meet the following requirements:

Recommended Hardware and Supported Ubuntu Versions

ComponentRequirement
ProcessorSupports x86-64 instruction set
RAMMinimum to install: 8 GB RAM
Minimum recommended: 16 GB RAM
Small deployment: 32 GB RAM
Medium deployment: 32 GB RAM
Large deployment: 128 GB RAM
StorageSSD Storage required
Minimum to install: 10 GB (Coordinators, Directors, Allocators), 15 GB (Proxies)
Minimum recommended: 1:4 RAM-to-storage ratio
For example, a host with 256 GB of RAM requires 8192 GB of disk space.
Supported VersionsUbuntu 24.04 (Noble), Ubuntu 22.04 (Jammy), Ubuntu 20.04 (Focal)

Additional Requirements

RequirementDescription
Internet ConnectionRequired to download Elasticsearch and updates.
Terminal ConventionsAll terminal commands should be run as a regular user with sudo privileges.
CLI CommandsUse the Command Line Interface (CLI) for installation and setup.

Import Elasticsearch 8 APT Repository

Update Ubuntu System Packages

Begin by updating your Ubuntu system packages to ensure all components are current. Execute the command:

sudo apt update && sudo apt upgrade

This command refreshes and upgrades the package lists to their latest versions, maintaining system stability and security.

Install Initial Packages for Elasticsearch 8 Installation

To prepare for Elasticsearch 8 installation, specific packages are necessary. Install these prerequisite packages with the command:

sudo apt install dirmngr ca-certificates software-properties-common apt-transport-https lsb-core curl wget -y

This step is crucial as it installs utilities like dirmngr and ca-certificates for managing keyrings, software-properties-common for handling software repositories, apt-transport-https for secure package downloads, lsb_release for Linux Standard Base information, and curl for data transfers.

Import Elasticsearch 8 APT Repository

Since Elasticsearch 8 is unavailable in the default Ubuntu repository, it must be imported from the Elasticsearch APT repository.

Add Elasticsearch GPG Key

Start by importing the GPG key to ensure the integrity and authenticity of the packages. Run:

wget -q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O- | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

This command downloads the GPG key from Elasticsearch’s official website and adds it to your system’s keyring, securing future downloads from the repository.

Add Elasticsearch 8.x APT Repository

Following the GPG key addition, import the Elasticsearch repository with:

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

This command creates a new source list file for Elasticsearch, ensuring that your system recognizes and trusts the newly added repository for subsequent installation steps.

Install Elasticsearch 8.x via Terminal Commands

Update APT Index Cache After Elasticsearch 8 Import

Refresh the Repository List

After importing Elasticsearch 8, the next step is to refresh your system’s package list. This ensures that your system recognizes the newly added Elasticsearch repository. To proceed, Execute the command:

sudo apt update

This command updates the APT index cache, allowing you to install the latest version of Elasticsearch available in the repository.

Install Elasticsearch

With the repository list updated, proceed to install Elasticsearch by running:

sudo apt install elasticsearch

This command downloads and installs Elasticsearch onto your system. It ensures you have the latest stable version, crucial for maintaining optimal performance and security.

Configure and Start the Elasticsearch Service

Enable and Start the Service

By default, Elasticsearch does not start automatically upon system boot. To configure Elasticsearch to start at boot and immediately start the service, use:

sudo systemctl enable elasticsearch.service --now

The --now flag in the systemctl command is a convenient way to enable the service at boot and start it in the current session.

Verify Service Status

To confirm that Elasticsearch is running correctly, check its status with:

systemctl status elasticsearch

This command provides real-time status information about the Elasticsearch service, ensuring it is active and functioning correctly on your Ubuntu system.

Configure Elasticsearch 8

Understanding Elasticsearch Data and Configuration Directories

Default Data Directory

Elasticsearch utilizes /var/lib/elasticsearch for storing data. This directory holds indexed data and manages the cluster’s state.

Configuration File Locations

Configuration files are located in /etc/elasticsearch. Here, you control Elasticsearch’s behavior. Java start-up options are set in /etc/default/elasticsearch.

Default configurations work well for single-server operations. For clusters, alterations enable remote connections.

sudo nano /etc/elasticsearch/elasticsearch.yml

Set up Remote Access (Optional)

Networking Configuration in Elasticsearch

Adjust network settings in the configuration file to allow connections beyond localhost.

Open the configuration file using:

sudo nano /etc/elasticsearch/elasticsearch.yml

In the Network section, uncomment the relevant line for network binding and set it to your preferred IP address.

Common Configuration Examples

Setting Network Host

To configure an internal private IP:

network.host: [Internal Private IP]

This setting is essential for cluster communication.

Configuring Cluster Name

Define your cluster name for identification:

cluster.name: my-cluster

This name helps in cluster management and monitoring.

Node Identification

Set a unique name for each node:

node.name: node-1

Unique node names simplify cluster management.

Discovery Settings

Configure node discovery for cluster formation:

discovery.seed_hosts: ["host1", "host2"]

These settings are vital for nodes to discover each other in a cluster.

Memory Allocation

Allocate memory for Elasticsearch:

-Xms1g
-Xmx1g

These settings in /etc/default/elasticsearch control the JVM heap size, which is crucial for performance.

Enabling CORS

For web-based Elasticsearch tools:

http.cors.enabled: true
http.cors.allow-origin: "/.*/"

CORS settings in elasticsearch.yml enable interactions with web applications.

After making changes, save and exit the editor. Then, restart Elasticsearch to apply new configurations:

sudo systemctl restart elasticsearch

Restarting ensures Elasticsearch operates with the updated settings.

Configure UFW Firewall for Elasticsearch 8

Setting Up Firewall Rules for Elasticsearch

Allowing Specific IP Addresses

To enable remote connections to Elasticsearch, it’s essential to configure the firewall to allow these specific connections. Use this command to permit an individual IP address:

sudo ufw allow from [IP Address] to any port 9200

Replace [IP Address] with the desired external IP address. This setup allows traffic from this address to access Elasticsearch on port 9200, which is crucial for remote access or cluster communication.

Allowing a Range of IP Addresses

If you need to allow a range of IP addresses, modify the UFW rule accordingly:

sudo ufw allow from [IP Address Range] to any port 9200

Here, [IP Address Range] could be a subnet, allowing multiple IPs within that subnet to access your Elasticsearch instance.

Allowing All Traffic on Port 9200

In some environments, you might need to allow all traffic to the Elasticsearch port. Use caution with this command, as it opens up port 9200 to all incoming traffic:

sudo ufw allow 9200

This command is generally used in controlled environments or for initial setup and testing.

Restricting Access to Local Network

Access to the local network must be restricted for added security, especially in production environments. This command allows only local network connections to Elasticsearch:

sudo ufw allow from 192.168.1.0/24 to any port 9200

Adjust 192.168.1.0/24 to match your local network’s IP range. This setting ensures that only devices on your local network can access Elasticsearch, adding a layer of security against external threats.

Applying the Firewall Rules

After setting up the rules, activate them by reloading UFW:

sudo ufw reload

This command enforces the new rules without interrupting current connections. It’s a crucial step to ensure that your Elasticsearch server is protected while allowing necessary traffic.

Managing Elasticsearch 8

Uninstalling Elasticsearch 8

Removing Elasticsearch Software

In scenarios where Elasticsearch is no longer needed, it can be uninstalled efficiently. To remove Elasticsearch from your system, use:

sudo apt remove elasticsearch

This command not only uninstalls Elasticsearch but also removes any packages installed alongside it that are no longer needed, ensuring a clean removal.

Deleting the APT Repository

After uninstalling the software, removing the Elasticsearch repository from your system’s sources list is important. Execute:

sudo rm /etc/apt/sources.list.d/elastic-8.x.list

This command deletes the Elasticsearch repository configuration file, preventing your system from accessing outdated or unnecessary Elasticsearch packages in future updates or installations.

Conclusion

In this guide, we navigated the essentials of managing Elasticsearch 8 on Ubuntu, covering everything from installation and configuration to advanced querying and secure data handling. Regular updates and proper configuration are key to leveraging Elasticsearch’s full potential.

Useful Links

Here are some helpful links related to installing Elasticsearch 8 on Ubuntu Linux:

Joshua James
Follow me

en_USEN
TOC Index
Your Mastodon Instance
Share to...