Search
Close this search box.

Elasticsearch 8.9 install/start with custom user process

Table of Contents

1. Introduction

When you install Elasticsearch from rpm package user called elasticsearch is created and used later on to start process. In enterprise environment you may encounter custom user to be required owner of elasticsearch process. Therefor it is necessary for you to understand how to deal with such requirement and adjust system settings to make it possible. To follow this tutorial you need to have one of virtual machine manager like VMWare, Parallels, VirtualBox or any other you are familiar with.

 

2. Install Rocky Linux

Download minimal ISO from Rocky Linux Download page

I have used Rocky Linux 9.2
Then use your virtual machine manager to create node with this OS.
During installation you can create already your future user for Elasticsearch process. In my example I created tomd user.

Once installation is done reboot of VM is needed. After that type command to obtain ip address.

 
				
					ip addr
				
			

Returned value can be used then to connect with SSH from your host machine.

3. Install Elasticsearch

All commands in this article I am running as root.

To use provided by Elastic team GPG-KEY-elasticsearch please update policy. Otherwise you will see error

Signature not supported. Hash algorithm SHA1 not available.
error: https://artifacts.elastic.co/GPG-KEY-elasticsearch: key 1 import failed.

To update crypto policies and install key run

				
					update-crypto-policies --set LEGACY
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
				
			

To install elastic yum repository run

				
					bash -c "cat <<EOF >/etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
EOF"

yum update
				
			

Finally run elasticsearch installation

				
					yum -y install --enablerepo=elasticsearch elasticsearch-8.9.1
				
			

It will take a while until it’s finished but not extra long 🙂

4. Set up Java Home

Elasticsearch comes with bundled OpenJDK so no need to install java explicitly. Recommended by elastic team is to use that version. Additionally it is worth to set JAVA_HOME environment variable in case of future 3rd party software integration.

				
					JAVA_HOME_DIR=/usr/share/elasticsearch/jdk
bash -c "cat <<EOF >/etc/profile.d/jdk_home.sh
export JAVA_HOME=$JAVA_HOME_DIR
export PATH=$PATH:$JAVA_HOME_DIR/bin
EOF"
				
			

5. Disable SWAP

Swapping data into disk can drastically slow down performance. In order to maximize performance keep it disabled.

				
					sed -i 's/^[^#]*swap/#&/' /etc/fstab
mount -a
				
			

Then confirm swap usage – should be zero.

				
					free | awk '/Swap:/ {print $3}'
				
			

6. Set user process limits

Setup limits for user that going to run elasticsearch. “nproc” is for maximum number of processes equal to 64000. “as” is for maximum size virtual memory and “fsize” is for max file size.

				
					cat <<EOF >/etc/security/limits.d/elasticsearch.conf
tomd             soft    nproc           64000
tomd             hard    nproc           64000
tomd             soft    as           unlimited
tomd             hard    as           unlimited
tomd             soft    fsize           unlimited
tomd             hard    fsize           unlimited
EOF
				
			

7. Custom service settings

You can place data into custom catalog. For that create one and update paths in config files.

				
					mkdir /elkdata
sed -i 's/\/var\/lib\/elasticsearch/\/elkdata/gi' /etc/elasticsearch/elasticsearch.yml
grep data /etc/elasticsearch/elasticsearch.yml
				
			

Note “User” and “Group” in service config file and how ownership is changed for “/var/run/elasticsearch” catalog – over there elasticsearch.pid file will be created containing PID number.

				
					mkdir -p /etc/systemd/system/elasticsearch.service.d/
bash -c "cat <<EOF >/etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
[Service]
LimitMEMLOCK=infinity
LimitNPROC=64000
User=tomd
Group=tomd
Environment=DATA_DIR=/elkdata
ExecStartPre=-/bin/mkdir -p /var/run/elasticsearch
ExecStartPre=/bin/chown tomd:tomd /var/run/elasticsearch
PermissionsStartOnly=true
EOF"
				
			

After system reboot ownership of /var/run/elasticsearch getting lost because /var/run being cleaned out. In order to fix that set additional config file

				
					bash -c "cat <<EOF >/usr/lib/tmpfiles.d/elasticsearch.conf
d    /var/run/elasticsearch   0755 tomd tomd - -
EOF"

				
			

8. Update files ownership

Files ownership of default Elasticsearch installation will be assigned to “elasticsearch” user. Therefore you have to change this

				
					chown -R tomd:tomd /elkdata
chown -R tomd:tomd /var/run/elasticsearch
chown -R root:tomd /etc/elasticsearch
chown -R tomd:tomd /etc/sysconfig/elasticsearch
chown -R tomd:tomd /var/log/elasticsearch
				
			

9. Production mode

Elasticsearch will treat instance as production once network.host parameter is set explicitly. There few more parameters worth to set.

cluster.name: tomd-prod
node.name: node01
bootstrap.memory_lock: true
network.host: # your IP number from ip addr output
cluster.initial_master_nodes: ["node01"]

Once done with editing please save the file.

10. Start Elasticsearch

Three commands left to execute for successful startup. Daemon relaod because you touch /etc/systemd/system/elasticsearch.service.d/ , enable service so it is starting together with linux and start because you want to start it now.

				
					systemctl daemon-reload
systemctl enable elasticsearch.service

systemctl start elasticsearch.service
				
			

Check status of service to know if it started successfully.

				
					systemctl status elasticsearch.service
# or
service elasticsearch status

[root@localhost ~]# service elasticsearch status
Redirecting to /bin/systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/elasticsearch.service.d
             └─elasticsearch.conf
     Active: active (running) since Sun 2023-09-03 22:52:41 CEST; 15s ago
       Docs: https://www.elastic.co
    Process: 798 ExecStartPre=/bin/mkdir -p /var/run/elasticsearch (code=exited, status=0/SUCCESS)
    Process: 801 ExecStartPre=/bin/chown tomd:tomd /var/run/elasticsearch (code=exited, status=0/SUCCESS)
   Main PID: 804 (java)
      Tasks: 78 (limit: 22726)
     Memory: 2.4G
        CPU: 17.416s
     CGroup: /system.slice/elasticsearch.service
             ├─ 804 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.>
             ├─1361 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cac>
             └─1389 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-aarch64/bin/controller

Sep 03 22:52:31 localhost.localdomain systemd[1]: Starting Elasticsearch...
Sep 03 22:52:41 localhost.localdomain systemd[1]: Started Elasticsearch.

				
			

If you list processes you will also see that “tomd” user is running Elasticsearch.

				
					ps aux | grep elasticsearch
				
			

11. Connect with client

Before connecting to node please setup password for built-in user “elastic”
You can run creator elasticsearch-reset-password and follow steps

				
					cd /usr/share/elasticsearch/bin/
./elasticsearch-reset-password -u elastic -i
				
			

or if you are lazy, you can set password like 123456 but that’s not recommended of course – only for testing.

				
					(mkfifo pipe1);( (/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i < pipe1) & ( echo $'y\n123456\n123456'  > pipe1) ) ;rm -f pipe1
				
			

Then run curl command to connect to elastic and display cluster healthcheck

				
					curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cluster/health?pretty 

# or if you run just to play around

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:123456 https://localhost:9200/_cluster/health?pretty 

{
  "cluster_name" : "tomd-prod",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 1,
  "active_shards" : 1,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

				
			

12. Summary

That’s it for now. You have learned how to setup one-node Elasticsearch cluster with custom user and custom data location. Do not hesitate to share your experience in comments below or on my youTube channel. I am looking forward to hear feedback.

 
Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

Share the Post:

Enjoy Free Useful Amazing Content

Related Posts