Installation, configuration and security Flashcards
How to set up number of open file limits for elastic?
- Edit /etc/security/limits.conf
- Add “elastic - nofile 65536
It will complain when running if not setup correctly
How to setup vm max size for elastic?
- edit /etc/sysctl.conf
- Add “vm.max_map_count = 262144”
This comes from the documentation and should be verified by elastic on startup
Where to install the archive package?
elastic user home (/home/elastic)
How to fetch/install elastic?
- Download from the artifacts with curl.
- Unpack inside the home directory
- Clean it up
- Rename the directory to just “elasticsearch”
Which version of elastic comes with JDK prepackaged?
From version 7.
What are the essential configuration options for each node?
For every node
- cluster.name
- node.name
- network.host: [local, site]
- cluster.initial_master_nodes: [….]. # the name of the initial master nodes (for security and also prevent split brain)
# node roles master, data, ingest (set true by default) - node.master = true - node.data = true - node.ingest = false
# For non-masters - discovery.seed_hosts:
Custom attributes:
- node.attr.zone
What’s the difference between local, site and global?
Matches configured network addresses.
local -> loopback: 127.0.0.1
site -> local network eg: 192.168…
global: external network like 200.x.y… etc
How do you make a coordinator only node?
Set all data roles to false (node.master: false, node.data: false, node.ingest: false)
How to setup java VM heap size for the nodes?
- Edit “config/jvm.options”
- Edit “-Xms” and “-Xmx” options
How to start elastic node in the foreground?
./bin/elasticsearch
What are the default elastic search ports?
- 9200 (HTTP Rest API)
- 9300 (Transport) binary inter node protocol
-
Where to put the the certificate files?
You can put it inside “config/certs”
How do you create a certificate authority?
- bin/elasticsearch-certutil ca –out config/certs/ca –pass
- relative paths will be relative to “elasticsearch” directory
- best practice is to create a password for the CA
How many certificates do I need?
Create one certificate for each node.
How to create the node certificates?
- bin/elasticsearch-certutil cert –ca config/certs/ca –ca-pass –name –out config/certs/ –pass