Skip to main content

Configuration

Primary Configuration File: elasticsearch.yml

yaml

# Cluster Configuration
cluster.name: production-cluster
node.name: node-1
node.roles: [ master, data, ingest ]
# Network Configuration
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
# Discovery Configuration
discovery.seed_hosts: ["node-1:9300", "node-2:9300", "node-3:9300"]
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
# Path Configuration
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
# Memory Configuration
bootstrap.memory_lock: true
# Security Configuration
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
# Monitoring Configuration
xpack.monitoring.collection.enabled: true

JVM Configuration: jvm.options

# Heap size (set to 50% of available RAM, max 32GB)
-Xms4g
-Xmx4g
# GC Configuration
-XX:+UseG1GC
-XX:G1HeapRegionSize=32m
-XX:+UnlockExperimentalVMOptions
-XX:+UseG1GC
-XX:MaxGCPauseMillis=50
# JVM Options
-Djava.io.tmpdir=${ES_TMPDIR}
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/lib/elasticsearch
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log

Cluster Setup

Multi-Node Cluster Configuration For a production 3-node cluster:

Node 1 (Master/Data):


yaml

cluster.name: production-cluster
node.name: es-master-1
node.roles: [ master, data, ingest ]
network.host: 10.0.1.10
discovery.seed_hosts: ["10.0.1.10:9300", "10.0.1.11:9300", "10.0.1.12:9300"]
cluster.initial_master_nodes: ["es-master-1", "es-master-2", "es-master-3"]

Node 2 (Master/Data):


yaml

cluster.name: production-cluster
node.name: es-master-2
node.roles: [ master, data, ingest ]
network.host: 10.0.1.11
discovery.seed_hosts: ["10.0.1.10:9300", "10.0.1.11:9300", "10.0.1.12:9300"]
cluster.initial_master_nodes: ["es-master-1", "es-master-2", "es-master-3"]

Node 3 (Master/Data):


yaml

cluster.name: production-cluster
node.name: es-master-3
node.roles: [ master, data, ingest ]
network.host: 10.0.1.12
discovery.seed_hosts: ["10.0.1.10:9300", "10.0.1.11:9300", "10.0.1.12:9300"]
cluster.initial_master_nodes: ["es-master-1", "es-master-2", "es-master-3"]

Security Configuration

Enable Security Features

yaml

# Enable security
xpack.security.enabled: true
# Configure authentication
xpack.security.authc.realms:
  native:
    native1:
      order: 0
  ldap:
    ldap1:
      order: 1
      url: "ldap://ldap.example.com:389"
      bind_dn: "cn=admin,dc=example,dc=com"
      user_search.base_dn: "ou=users,dc=example,dc=com"
      group_search.base_dn: "ou=groups,dc=example,dc=com"

SSL/TLS Configuration

yaml
# HTTP SSL
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /path/to/keystore.p12
xpack.security.http.ssl.truststore.path: /path/to/truststore.p12
# Transport SSL
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /path/to/keystore.p12
xpack.security.transport.ssl.truststore.path: /path/to/truststore.p12

User Management

bash
# Create built-in users
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
# Create custom user
curl -X POST "localhost:9200/_security/user/devops_user" \
  -H "Content-Type: application/json" \
  -d '{
    "password" : "securepassword123",
    "roles" : [ "superuser" ],
    "full_name" : "DevOps User",
    "email" : "devops@company.com"