Update nodes
sudo apt-get update && sudo apt dist-upgrade -y && sudo apt-get install -y vim curl gnupg gpg
Download and install the public signing key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
Install elastic:
sudo apt-get install apt-transport-https
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/9.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-9.x.list
sudo apt-get update && sudo apt-get install elasticsearch
edit /etc/pam.d/su:
sudo nano /etc/pam.d/su
uncomment the following:
# session required pam_limits.so
edit /etc/security/limits.conf
sudo nano /etc/security/limits.conf
add this lines:
elasticsearch - nofile 65535
elasticsearch - nproc 4096
Ensure JNA temporary directory permits executables by editing the elasticsearch system configuration file
sudo systemctl edit elasticsearch.service
andd adding:
Environment=ES_TMPDIR=/usr/share/elasticsearch/tmp
reload
sudo systemctl daemon-reload
we assume that nodes are part of same network
we assume that nodes are named node1, node2,... nodeN
edit the hostname if needed:
sudo hostnamectl --set-hostname node1
open the configuration on the first node
sudo nano /etc/elasticsearch/elasticsearch.yml
uncomment and edit (ip should be reachable by other nodes):
cluster.name: elasticsearch-demo
network.host: 0.0.0.0
transport.host: 0.0.0.0
node.name: node1
reload and start
sudo systemctl enable elasticsearch;
sudo systemctl daemon-reload;
sudo systemctl start elasticsearch;
repeat for each node
in first node create enrollement token:
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node
copy output
in the new nodes:
sudo /usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <enrollment-token>
edit the elasticsearch conf in the new node:
sudo nano /etc/elasticsearch/elasticsearch.yml
uncomment and edit (ip should be reachable by other nodes):
cluster.name: elasticsearch-demo
network.host: 10.0.0.0
transport.host: 0.0.0.0
node.name: node2[or other]
reload and start
sudo systemctl enable elasticsearch;
sudo systemctl daemon-reload;
sudo systemctl start elasticsearch;
reset password if forgotten
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic
test from any node:
curl -k -u elastic:<password> https://10.0.0.2:9200/_cluster/health?pretty
you should see
{
"cluster_name" : "CLUSTERNAME",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 3,
"active_shards" : 6,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"unassigned_primary_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
go back to each node of the cluster and edit the discovery.seed_hosts value to contain all nodes ip adresses
Comment out or remove the cluster.initial_master_nodes setting, if present.
Optionally, restart the Elasticsearch service to validate your configuration changes.
install kibana on node1
sudo apt-get update && sudo apt-get install kibana;
open and update the /etc/kibana/kibana.yml
server.port: 5601
server.host: 0.0.0.0
server.publicBaseUrl: "https://kibana.X.net"
server.ssl.enabled: true
server.ssl.key: /etc/kibana/certs/kibana.x.net/priv1.key
server.ssl.certificate: /etc/kibana/certs/kibana.c.net/fullchain1.pem
elasticsearch.hosts: ["https://10.0.0.1:9200"]
elasticsearch.ssl.verificationMode: full
curl -X POST -u elastic:<password> https://10.0.0.1:9200/_security/service/elastic/kibana/credential/token/kibana_token