Elasticsearch 9.x.x Installation and Cluster Setup

Elasticsearch is a real-time, distributed search and analytics engine—a powerful open-source tool designed for efficiently storing, searching, and analyzing large volumes of data.

Elasticsearch Installation

Installation Environment and Elasticsearch Version

  • OS: Ubuntu 24.04 LTS

  • Elasticsearch: 9.1.0

For cluster configuration, prepare three virtual machines (VMs) as follows:

No.host nameIP
#1es-node1192.168.234.128
#2es-node2192.168.234.129
#3es-node3192.168.234.130

Download and Install Elasticsearch

The Debian package for Elasticsearch 9.1.0 can be downloaded from the website and installed as follows:

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.1.0-amd64.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.1.0-amd64.deb.sha512
shasum -a 512 -c elasticsearch-9.1.0-amd64.deb.sha512
sudo dpkg -i elasticsearch-9.1.0-amd64.deb

Elasticsearch Cluster Configuration

Generate & Deploy Certificates

To secure inter-node communication, generate a common SSL/TLS certificates and deploy them to each node:

sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

Copy the generated elastic-certificates.p12 file to the /etc/elasticsearch/certs/ directory on each node:

sudo scp elastic-certificates.p12 root@192.168.234.129:/etc/elasticsearch/certs
sudo scp elastic-certificates.p12 root@192.168.234.130:/etc/elasticsearch/certs

Configure elasticsearch.yml

Assign a unique node.name for each node and add the necessary cluster settings:

sudo vim /etc/elasticsearch/elasticsearch.yml

Configure on es-node1 / es-node2 / es-node3

cluster.name: es-cluster
node.name: node-1 #Change the name on each node
network.host: 0.0.0.0

path.data: /opt/elasticsearch/data #the path ur choosing
path.logs: /opt/elasticsearch/logs #the path ur choosing

# List of cluster node IPs
discovery.seed_hosts: ["192.168.234.128", "192.168.234.129","192.168.234.130"]

# Specify master-eligible nodes for initial cluster formation (remove or comment out after initial setup)
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]

# SSL/TLS settings
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Note: The cluster.initial_master_nodes setting is only necessary during the initial cluster formation. After the cluster is established, this setting should be removed or commented out. (Refer to Bootstrapping a cluster)

Start Cluster and Verify

Start the Elasticsearch service on each node and then verify the cluster status.

Start the service:

sudo systemctl start elasticsearch

Reset the password for the elastic account:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

Check the node status:

curl -u elastic:your_pass http://192.168.234.128:9200/_cat/nodes?v
==============================================================================
ip              heap.percent ram.percent cpu load_1m load_5m load_15m node.role   master name
192.168.234.130           19          89  88    1.30    0.80     0.37 cdfhilmrstw -      node-3
192.168.234.129           24          89   9    0.29    0.17     0.13 cdfhilmrstw -      node-2
192.168.234.128           10          90  17    0.00    0.00     0.00 cdfhilmrstw *      node-1

Check the cluster health:

curl -u elastic:your_pass http://192.168.234.128:9200/_cluster/health?pretty
==============================================================================
{
  "cluster_name" : "es-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 3,
  "active_shards" : 6,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "unassigned_primary_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Kibana Integration

For security reasons, the elastic account cannot be used with Kibana; instead, the built-in kibana_system account is utilized.

Reset the password for the kibana_system account:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system -i

Download and install Kibana

The Debian package for Kibana 9.1.0 can be downloaded from the website and installed as follows:

wget https://artifacts.elastic.co/downloads/kibana/kibana-9.1.0-amd64.deb
shasum -a 512 kibana-9.1.0-amd64.deb
sudo dpkg -i kibana-9.1.0-amd64.deb

Configure kibana.yml

kibana.yml

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.234.128:9200","http://192.168.234.129:9200","http://192.168.234.130:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "your_pass"

Kibana Startup

cd /opt/kibana
nohup bin/kibana &

Now, access http://192.168.234.128:5601 (or the IP address of the node where Kibana is installed) in a web browser and log in with the elastic account.

Conclusion

I introduced a simple way to install Elasticsearch and Kibana and set up a cluster.

The archive installation method is easy to install and manage, making it useful in various environments. Hope you find it helpful!

0
Subscribe to my newsletter

Read articles from Nguyen Duc Chinh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Nguyen Duc Chinh
Nguyen Duc Chinh