Elasticsearch is a real-time, distributed search and analytics engine—a powerful open-source tool designed for efficiently storing, searching, and analyzing large volumes of data.

Elasticsearch Installation

Installation Environment and Elasticsearch Version

• OS: Ubuntu 24.04 LTS

• Elasticsearch: 9.1.0

For cluster configuration, prepare three virtual machines (VMs) as follows:

Download and Install Elasticsearch

The Debian package for Elasticsearch 9.1.0 can be downloaded from the website and installed as follows:

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.1.0-amd64.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.1.0-amd64.deb.sha512
shasum -a 512 -c elasticsearch-9.1.0-amd64.deb.sha512
sudo dpkg -i elasticsearch-9.1.0-amd64.deb

Elasticsearch Cluster Configuration

Generate & Deploy Certificates

To secure inter-node communication, generate a common SSL/TLS certificates and deploy them to each node:

sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

Copy the generated elastic-certificates.p12 file to the /etc/elasticsearch/certs/ directory on each node:

sudo scp elastic-certificates.p12 root@192.168.234.129:/etc/elasticsearch/certs
sudo scp elastic-certificates.p12 root@192.168.234.130:/etc/elasticsearch/certs

Configure elasticsearch.yml

Assign a unique node.name for each node and add the necessary cluster settings:

sudo vim /etc/elasticsearch/elasticsearch.yml

Configure on es-node1 / es-node2 / es-node3

cluster.name: es-cluster
node.name: node-1 #Change the name on each node
network.host: 0.0.0.0

path.data: /opt/elasticsearch/data #the path ur choosing
path.logs: /opt/elasticsearch/logs #the path ur choosing

# List of cluster node IPs
discovery.seed_hosts: ["192.168.234.128", "192.168.234.129","192.168.234.130"]

# Specify master-eligible nodes for initial cluster formation (remove or comment out after initial setup)
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]

# SSL/TLS settings
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Note: The cluster.initial_master_nodes setting is only necessary during the initial cluster formation. After the cluster is established, this setting should be removed or commented out. (Refer to Bootstrapping a cluster)

Start Cluster and Verify

Start the Elasticsearch service on each node and then verify the cluster status.

Start the service:

sudo systemctl start elasticsearch

Reset the password for the elastic account:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

Check the node status:

curl -u elastic:your_pass http://192.168.234.128:9200/_cat/nodes?v
==============================================================================
ip              heap.percent ram.percent cpu load_1m load_5m load_15m node.role   master name
192.168.234.130           19          89  88    1.30    0.80     0.37 cdfhilmrstw -      node-3
192.168.234.129           24          89   9    0.29    0.17     0.13 cdfhilmrstw -      node-2
192.168.234.128           10          90  17    0.00    0.00     0.00 cdfhilmrstw *      node-1

Check the cluster health:

curl -u elastic:your_pass http://192.168.234.128:9200/_cluster/health?pretty
==============================================================================
{
  "cluster_name" : "es-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 3,
  "active_shards" : 6,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "unassigned_primary_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Kibana Integration

For security reasons, the elastic account cannot be used with Kibana; instead, the built-in kibana_system account is utilized.

Reset the password for the kibana_system account:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system -i

Download and install Kibana

The Debian package for Kibana 9.1.0 can be downloaded from the website and installed as follows:

wget https://artifacts.elastic.co/downloads/kibana/kibana-9.1.0-amd64.deb
shasum -a 512 kibana-9.1.0-amd64.deb
sudo dpkg -i kibana-9.1.0-amd64.deb

Configure kibana.yml

kibana.yml

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.234.128:9200","http://192.168.234.129:9200","http://192.168.234.130:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "your_pass"

Kibana Startup

cd /opt/kibana
nohup bin/kibana &

Now, access http://192.168.234.128:5601 (or the IP address of the node where Kibana is installed) in a web browser and log in with the elastic account.

Troubleshoot common problem

When joining new node to cluster, you just need to copy the certificates elastic-stack-ca.p12 to your new node.

However, when initialize a node, elasticsearch already create an elasticsearch.keystore file and it will ask for previous keystore password.

Caused by: org.elasticsearch.common.ssl.SslConfigException: cannot read configured [PKCS12] keystore (as a truststore) [/etc/elasticsearch/certs/elastic-certificates.p12] - this is usually caused by an incorrect password; (a keystore password was provided)

        at org.elasticsearch.common.ssl.SslFileUtil.ioException(SslFileUtil.java:58) ~[?:?]

You need to recreate a new elasticsearch.keystore and tell it to use blank password.

# Remove the transport layer keystore
rm /etc/elasticsearch/elasticsearch.keystore

# Add the password for the transport layer keystore
/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
The elasticsearch keystore does not exist. Do you want to create it? [y/N]y
Enter value for xpack.security.transport.ssl.keystore.secure_password:

/usr/share/elasticsearch/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
Enter value for xpack.security.http.ssl.truststore.secure_password:

You will be prompted to enter the password for your .p12 file for each command. Enter the same password you created when you generated the certificate.

Or if you leave the password blank, just press Enter.

Conclusion

I introduced a simple way to install Elasticsearch and Kibana and set up a cluster.

The archive installation method is easy to install and manage, making it useful in various environments. Hope you find it helpful!