Elasticsearch Cluster

Server IP	Host Role
192.168.10.10	Elasticsearch Node01
192.168.10.11	Elasticsearch Node02
192.168.10.12	Elasticsearch Node03

Elasticsearch Node01

1. Download the Elasticsearch installation package

   Internet-accessible server

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.19.8-linux-x86_64.tar.gz

   Non-Internet-accessible server

   # Elasticsearch installation package download link, upload to the deployment server after downloading
   https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.19.8-linux-x86_64.tar.gz

2. Download the elasticsearch-ik plugin package

   Internet-accessible server

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.19.8.zip

   Non-Internet-accessible server

   # elasticsearch-ik plugin package download link, upload to the deployment server after downloading
   https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.19.8.zip

3. Extract Elasticsearch to the installation directory

   tar xf elasticsearch-8.19.8-linux-x86_64.tar.gz
   mv elasticsearch-8.19.8 /usr/local/elasticsearch

4. Extract the elasticsearch-ik plugin to the installation directory

   mkdir /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik
   unzip elasticsearch-analysis-ik-8.19.8.zip -d /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/

5. Adjust system environment parameters

   echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
   echo 'vm.swappiness=1' >> /etc/sysctl.conf
   echo 'net.ipv4.tcp_retries2=5' >> /etc/sysctl.conf
   sysctl -p
   
   echo "* soft nofile 65536" >> /etc/security/limits.conf
   echo "* hard nofile 65536" >> /etc/security/limits.conf
   ulimit -n 65536

6. Modify the Elasticsearch configuration file

   cat > /usr/local/elasticsearch/config/elasticsearch.yml <<'EOF'
   cluster.name: md-elasticsearch-private
   node.name: elasticsearch-1
   node.roles:
   - master
   - data
   network.host: 0.0.0.0
   network.publish_host: 192.168.10.10
   http.port: 9200
   transport.port: 9300
   path.data: /data/elasticsearch/data
   path.logs: /data/elasticsearch/logs
   discovery.seed_hosts:
   - 192.168.10.10:9300
   - 192.168.10.11:9300
   - 192.168.10.12:9300
   cluster.initial_master_nodes:
   - elasticsearch-1
   - elasticsearch-2
   - elasticsearch-3
   xpack.security.enabled: true
   xpack.security.http.ssl.enabled: false
   xpack.security.transport.ssl.enabled: true
   xpack.security.transport.ssl.verification_mode: certificate 
   xpack.security.transport.ssl.keystore.path: cert/elastic-node-certificate.p12
   xpack.security.transport.ssl.truststore.path: cert/elastic-node-certificate.p12
   ingest.geoip.downloader.enabled: false
   cluster.max_shards_per_node: 20000
   EOF

   • Note that the node.name is different for each node
   • network.publish_host should be the local machine's IP
   • discovery.seed_hosts must be modified to strong passwords for the actual environment's IPs of each Elasticsearch node during actual deployment

7. Modify the Elasticsearch JVM memory limit to 4g

   sed -ri "s/##[, ]*(-Xm[s|x])[0-9]g/\14g/g" /usr/local/elasticsearch/config/jvm.options

8. Create data directories

   mkdir -p /data/elasticsearch/{data,logs}
   mkdir /usr/local/elasticsearch/config/cert

9. Generate certificate files

   /usr/local/elasticsearch/bin/elasticsearch-certutil ca --out /usr/local/elasticsearch/config/cert/elastic-ca.p12 --days 36500 --pass ""
   
   /usr/local/elasticsearch/bin/elasticsearch-certutil cert --ca /usr/local/elasticsearch/config/cert/elastic-ca.p12 --ca-pass "" --out /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 --days 36500 --pass ""

   • Later, the generated /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 certificate file will need to be copied to the other two nodes

10. Create the Elasticsearch user and grant directory permissions

    useradd -M -s /sbin/nologin elasticsearch
    chown -R elasticsearch:elasticsearch /data/elasticsearch /usr/local/elasticsearch

11. Configure systemd management

    cat > /etc/systemd/system/elasticsearch.service <<'EOF'
    [Unit]
    Description=Elasticsearch
    [Service]
    User=elasticsearch
    Group=elasticsearch
    LimitNOFILE=102400
    ExecStart=/usr/local/elasticsearch/bin/elasticsearch
    ExecStop=/usr/bin/kill  $MAINPID
    Restart=on-failure
    [Install]
    WantedBy=multi-user.target
    EOF

12. Start the Elasticsearch service and enable it to start on boot

    systemctl start elasticsearch
    systemctl enable elasticsearch

Elasticsearch Node02

1. Download the Elasticsearch installation package

   Internet-accessible server

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.19.8-linux-x86_64.tar.gz

   Non-Internet-accessible server

   # Elasticsearch installation package download link, upload to the deployment server after downloading
   https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.19.8-linux-x86_64.tar.gz

2. Download the elasticsearch-ik plugin package

   Internet-accessible server

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.19.8.zip

   Non-Internet-accessible server

   # elasticsearch-ik plugin package download link, upload to the deployment server after downloading
   https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.19.8.zip

3. Extract Elasticsearch to the installation directory

   tar xf elasticsearch-8.19.8-linux-x86_64.tar.gz
   mv elasticsearch-8.19.8 /usr/local/elasticsearch

4. Extract the elasticsearch-ik plugin to the installation directory

   mkdir /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik
   unzip elasticsearch-analysis-ik-8.19.8.zip -d /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/

5. Adjust system environment parameters

   echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
   echo 'vm.swappiness=1' >> /etc/sysctl.conf
   echo 'net.ipv4.tcp_retries2=5' >> /etc/sysctl.conf
   sysctl -p
   
   echo "* soft nofile 65536" >> /etc/security/limits.conf
   echo "* hard nofile 65536" >> /etc/security/limits.conf
   ulimit -n 65536

6. Modify the Elasticsearch configuration file

   cat > /usr/local/elasticsearch/config/elasticsearch.yml <<'EOF'
   cluster.name: md-elasticsearch-private
   node.name: elasticsearch-2
   node.roles:
   - master
   - data
   network.host: 0.0.0.0
   network.publish_host: 192.168.10.11
   http.port: 9200
   transport.port: 9300
   path.data: /data/elasticsearch/data
   path.logs: /data/elasticsearch/logs
   discovery.seed_hosts:
   - 192.168.10.10:9300
   - 192.168.10.11:9300
   - 192.168.10.12:9300
   cluster.initial_master_nodes:
   - elasticsearch-1
   - elasticsearch-2
   - elasticsearch-3
   xpack.security.enabled: true
   xpack.security.http.ssl.enabled: false
   xpack.security.transport.ssl.enabled: true
   xpack.security.transport.ssl.verification_mode: certificate 
   xpack.security.transport.ssl.keystore.path: cert/elastic-node-certificate.p12
   xpack.security.transport.ssl.truststore.path: cert/elastic-node-certificate.p12
   ingest.geoip.downloader.enabled: false
   cluster.max_shards_per_node: 20000
   EOF

   • Note that the node.name is different for each node
   • network.publish_host should be the local machine's IP
   • discovery.seed_hosts must be modified to strong passwords for the actual environment's IPs of each Elasticsearch node during actual deployment

7. Modify the Elasticsearch JVM memory limit to 4g

   sed -ri "s/##[, ]*(-Xm[s|x])[0-9]g/\14g/g" /usr/local/elasticsearch/config/jvm.options

8. Create data directories

   mkdir -p /data/elasticsearch/{data,logs}
   mkdir /usr/local/elasticsearch/config/cert

9. Copy the certificate file

   Copy the /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 certificate file generated on Elasticsearch 01 to this node's /usr/local/elasticsearch/config/cert/ directory

10. Create the Elasticsearch user and grant directory permissions

    useradd -M -s /sbin/nologin elasticsearch
    chown -R elasticsearch:elasticsearch /data/elasticsearch /usr/local/elasticsearch

11. Configure systemd management

    cat > /etc/systemd/system/elasticsearch.service <<'EOF'
    [Unit]
    Description=Elasticsearch
    [Service]
    User=elasticsearch
    Group=elasticsearch
    LimitNOFILE=102400
    ExecStart=/usr/local/elasticsearch/bin/elasticsearch
    ExecStop=/usr/bin/kill  $MAINPID
    Restart=on-failure
    [Install]
    WantedBy=multi-user.target
    EOF

12. Start the Elasticsearch service and enable it to start on boot

    systemctl start elasticsearch
    systemctl enable elasticsearch

Elasticsearch Node03

1. Download the Elasticsearch installation package

   Internet-accessible server

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.19.8-linux-x86_64.tar.gz

   Non-Internet-accessible server

   # Elasticsearch installation package download link, upload to the deployment server after downloading
   https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.19.8-linux-x86_64.tar.gz

2. Download the elasticsearch-ik plugin package

   Internet-accessible server

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.19.8.zip

   Non-Internet-accessible server

   # elasticsearch-ik plugin package download link, upload to the deployment server after downloading
   https://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.19.8.zip

3. Extract Elasticsearch to the installation directory

   tar xf elasticsearch-8.19.8-linux-x86_64.tar.gz
   mv elasticsearch-8.19.8 /usr/local/elasticsearch

4. Extract the elasticsearch-ik plugin to the installation directory

   mkdir /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik
   unzip elasticsearch-analysis-ik-8.19.8.zip -d /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/

5. Adjust system environment parameters

   echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
   echo 'vm.swappiness=1' >> /etc/sysctl.conf
   echo 'net.ipv4.tcp_retries2=5' >> /etc/sysctl.conf
   sysctl -p
   
   echo "* soft nofile 65536" >> /etc/security/limits.conf
   echo "* hard nofile 65536" >> /etc/security/limits.conf
   ulimit -n 65536

6. Modify the Elasticsearch configuration file

   cat > /usr/local/elasticsearch/config/elasticsearch.yml <<'EOF'
   cluster.name: md-elasticsearch-private
   node.name: elasticsearch-3
   node.roles:
   - master
   - data
   network.host: 0.0.0.0
   network.publish_host: 192.168.10.13
   http.port: 9200
   transport.port: 9300
   path.data: /data/elasticsearch/data
   path.logs: /data/elasticsearch/logs
   discovery.seed_hosts:
   - 192.168.10.10:9300
   - 192.168.10.11:9300
   - 192.168.10.12:9300
   cluster.initial_master_nodes:
   - elasticsearch-1
   - elasticsearch-2
   - elasticsearch-3
   xpack.security.enabled: true
   xpack.security.http.ssl.enabled: false
   xpack.security.transport.ssl.enabled: true
   xpack.security.transport.ssl.verification_mode: certificate 
   xpack.security.transport.ssl.keystore.path: cert/elastic-node-certificate.p12
   xpack.security.transport.ssl.truststore.path: cert/elastic-node-certificate.p12
   ingest.geoip.downloader.enabled: false
   cluster.max_shards_per_node: 20000
   EOF

   • Note that the node.name is different for each node
   • network.publish_host should be the local machine's IP
   • discovery.seed_hosts must be modified to strong passwords for the actual environment's IPs of each Elasticsearch node during actual deployment

7. Modify the Elasticsearch JVM memory limit to 4g

   sed -ri "s/##[, ]*(-Xm[s|x])[0-9]g/\14g/g" /usr/local/elasticsearch/config/jvm.options

8. Create data directories

   mkdir -p /data/elasticsearch/{data,logs}
   mkdir /usr/local/elasticsearch/config/cert

9. Copy the certificate file

   Copy the /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 certificate file generated on Elasticsearch 01 to this node's /usr/local/elasticsearch/config/cert/ directory

10. Create the Elasticsearch user and grant directory permissions

    useradd -M -s /sbin/nologin elasticsearch
    chown -R elasticsearch:elasticsearch /data/elasticsearch /usr/local/elasticsearch

11. Configure systemd management

    cat > /etc/systemd/system/elasticsearch.service <<'EOF'
    [Unit]
    Description=Elasticsearch
    [Service]
    User=elasticsearch
    Group=elasticsearch
    LimitNOFILE=102400
    ExecStart=/usr/local/elasticsearch/bin/elasticsearch
    ExecStop=/usr/bin/kill  $MAINPID
    Restart=on-failure
    [Install]
    WantedBy=multi-user.target
    EOF

12. Start the Elasticsearch service and enable it to start on boot

    systemctl start elasticsearch
    systemctl enable elasticsearch

Configure Authentication

Perform the following on any Elasticsearch node

/usr/local/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

# Password 123456, input will not be displayed in the terminal, you can paste or type it in
# Change to a strong password for actual deployment; If the password contains any special characters, only `-` or `_` are allowed, avoid `@ ! # &` etc. to prevent compatibility issues

# When resetting passwords non-interactively, ensure Elasticsearch service is running:
ss -lnt | grep 9200

elastic_pwd=123456
echo -e "y\n${elastic_pwd}\n${elastic_pwd}" | /usr/local/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

Cluster Verification

Check cluster health

curl -u elastic:123456 127.0.0.1:9200/_cat/health?v

Check node roles

curl -u elastic:123456 127.0.0.1:9200/_cat/nodes

Check installed plugins on nodes

curl -u elastic:123456 127.0.0.1:9200/_cat/plugins