Close this search box.

Elasticsearch 8.9 install/start with custom user process

Table of Contents

1. Introduction

When you install Elasticsearch from rpm package user called elasticsearch is created and used later on to start process. In enterprise environment you may encounter custom user to be required owner of elasticsearch process. Therefor it is necessary for you to understand how to deal with such requirement and adjust system settings to make it possible. To follow this tutorial you need to have one of virtual machine manager like VMWare, Parallels, VirtualBox or any other you are familiar with.


2. Install Rocky Linux

Download minimal ISO from Rocky Linux Download page

I have used Rocky Linux 9.2
Then use your virtual machine manager to create node with this OS.
During installation you can create already your future user for Elasticsearch process. In my example I created tomd user.

Once installation is done reboot of VM is needed. After that type command to obtain ip address.

					ip addr

Returned value can be used then to connect with SSH from your host machine.

3. Install Elasticsearch

All commands in this article I am running as root.

To use provided by Elastic team GPG-KEY-elasticsearch please update policy. Otherwise you will see error

Signature not supported. Hash algorithm SHA1 not available.
error: key 1 import failed.

To update crypto policies and install key run

					update-crypto-policies --set LEGACY
rpm --import

To install elastic yum repository run

					bash -c "cat <<EOF >/etc/yum.repos.d/elasticsearch.repo
name=Elasticsearch repository for 8.x packages

yum update

Finally run elasticsearch installation

					yum -y install --enablerepo=elasticsearch elasticsearch-8.9.1

It will take a while until it’s finished but not extra long 🙂

4. Set up Java Home

Elasticsearch comes with bundled OpenJDK so no need to install java explicitly. Recommended by elastic team is to use that version. Additionally it is worth to set JAVA_HOME environment variable in case of future 3rd party software integration.

bash -c "cat <<EOF >/etc/profile.d/

5. Disable SWAP

Swapping data into disk can drastically slow down performance. In order to maximize performance keep it disabled.

					sed -i 's/^[^#]*swap/#&/' /etc/fstab
mount -a

Then confirm swap usage – should be zero.

					free | awk '/Swap:/ {print $3}'

6. Set user process limits

Setup limits for user that going to run elasticsearch. “nproc” is for maximum number of processes equal to 64000. “as” is for maximum size virtual memory and “fsize” is for max file size.

					cat <<EOF >/etc/security/limits.d/elasticsearch.conf
tomd             soft    nproc           64000
tomd             hard    nproc           64000
tomd             soft    as           unlimited
tomd             hard    as           unlimited
tomd             soft    fsize           unlimited
tomd             hard    fsize           unlimited

7. Custom service settings

You can place data into custom catalog. For that create one and update paths in config files.

					mkdir /elkdata
sed -i 's/\/var\/lib\/elasticsearch/\/elkdata/gi' /etc/elasticsearch/elasticsearch.yml
grep data /etc/elasticsearch/elasticsearch.yml

Note “User” and “Group” in service config file and how ownership is changed for “/var/run/elasticsearch” catalog – over there file will be created containing PID number.

					mkdir -p /etc/systemd/system/elasticsearch.service.d/
bash -c "cat <<EOF >/etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
ExecStartPre=-/bin/mkdir -p /var/run/elasticsearch
ExecStartPre=/bin/chown tomd:tomd /var/run/elasticsearch

After system reboot ownership of /var/run/elasticsearch getting lost because /var/run being cleaned out. In order to fix that set additional config file

					bash -c "cat <<EOF >/usr/lib/tmpfiles.d/elasticsearch.conf
d    /var/run/elasticsearch   0755 tomd tomd - -


8. Update files ownership

Files ownership of default Elasticsearch installation will be assigned to “elasticsearch” user. Therefore you have to change this

					chown -R tomd:tomd /elkdata
chown -R tomd:tomd /var/run/elasticsearch
chown -R root:tomd /etc/elasticsearch
chown -R tomd:tomd /etc/sysconfig/elasticsearch
chown -R tomd:tomd /var/log/elasticsearch

9. Production mode

Elasticsearch will treat instance as production once parameter is set explicitly. There few more parameters worth to set. tomd-prod node01
bootstrap.memory_lock: true # your IP number from ip addr output
cluster.initial_master_nodes: ["node01"]

Once done with editing please save the file.

10. Start Elasticsearch

Three commands left to execute for successful startup. Daemon relaod because you touch /etc/systemd/system/elasticsearch.service.d/ , enable service so it is starting together with linux and start because you want to start it now.

					systemctl daemon-reload
systemctl enable elasticsearch.service

systemctl start elasticsearch.service

Check status of service to know if it started successfully.

					systemctl status elasticsearch.service
# or
service elasticsearch status

[root@localhost ~]# service elasticsearch status
Redirecting to /bin/systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/elasticsearch.service.d
     Active: active (running) since Sun 2023-09-03 22:52:41 CEST; 15s ago
    Process: 798 ExecStartPre=/bin/mkdir -p /var/run/elasticsearch (code=exited, status=0/SUCCESS)
    Process: 801 ExecStartPre=/bin/chown tomd:tomd /var/run/elasticsearch (code=exited, status=0/SUCCESS)
   Main PID: 804 (java)
      Tasks: 78 (limit: 22726)
     Memory: 2.4G
        CPU: 17.416s
     CGroup: /system.slice/elasticsearch.service
             ├─ 804 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.>
             ├─1361 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cac>
             └─1389 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-aarch64/bin/controller

Sep 03 22:52:31 localhost.localdomain systemd[1]: Starting Elasticsearch...
Sep 03 22:52:41 localhost.localdomain systemd[1]: Started Elasticsearch.


If you list processes you will also see that “tomd” user is running Elasticsearch.

					ps aux | grep elasticsearch

11. Connect with client

Before connecting to node please setup password for built-in user “elastic”
You can run creator elasticsearch-reset-password and follow steps

					cd /usr/share/elasticsearch/bin/
./elasticsearch-reset-password -u elastic -i

or if you are lazy, you can set password like 123456 but that’s not recommended of course – only for testing.

					(mkfifo pipe1);( (/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i < pipe1) & ( echo $'y\n123456\n123456'  > pipe1) ) ;rm -f pipe1

Then run curl command to connect to elastic and display cluster healthcheck

					curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cluster/health?pretty 

# or if you run just to play around

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:123456 https://localhost:9200/_cluster/health?pretty 

  "cluster_name" : "tomd-prod",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 1,
  "active_shards" : 1,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0


12. Summary

That’s it for now. You have learned how to setup one-node Elasticsearch cluster with custom user and custom data location. Do not hesitate to share your experience in comments below or on my youTube channel. I am looking forward to hear feedback.

Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

Share the Post:

Enjoy Free Useful Amazing Content

Related Posts