Elastic Lab (part 3) - Install Elastic

In Part 2 of this project, you've installed Debian as the Operating System on a Virtual Machine in VMWare Workstation Pro.

Now time to dig in to Elasticsearch! This Part will make it through much of the install, and will take much time and bandwidth!

There is lots and lots and lots of documentation and help on Elastic. That's a good thing! Yet too much of a good thing can be a bad thing... Just like sifting through cyber events to find the truly important artifacts, it can be difficult to find the truly relevant Elastic documentation.

Many of the "try Elastic Free!!!!" links out there are to coax the auspicious reader into a cloud instance, which after 30days would hopefully turn into a revenue stream for Elastic. Instead we're looking to work on a "self managed" iteration of Elasticsearch and accompanying glory.

This Guide is fantastic for getting Elastic running on Debian, but has extra unnecessary information and is also kind of difficult. I recommend reading through it entirely as well as the steps on this page before getting started.

Note that the Debian install in VMWare automatically installed "VMWare tools", so you can copy/paste between your HOST computer (laptop or desktop or whatever hardware) and the GUEST (Debian VM). In the Guide above, you will see black boxes with commands and a tiny clipboard icon in the right of them. You can click that icon to copy text and use "right-click/ Paste" then hit Enter in Debian to paste the commands. Make sure you get the whole command and no extra characters!!

1- First is installing the Elasticsearch PGP key, so the OS will accept files as coming from a legitimate source.

2- Next is making sure that your Debian has the software to communicate via encrypted https:

3- Then, we're telling Debian where the key and Elastic package are found:

4- Then finally, the command to install Elasticsearch:

This WILL take some time- there's a bunch of software to download, unpack, and install.

5- After following these steps there is no reason to Download the package manually.

IF you were working in an environment which already has Elastic running and you're adding node(s) or cluster(s), you would follow the node and system indices instructions. But for now, skip all that.

6- To make sure that Elasticsearch starts automatically when you turn on the VM, you will run the following commands:

Later on, those start and stop commands will not only remain important, but maybe become second nature! (I know I've typed them a lot this week).

7- Now and later, to modify the Elasticsearch settings, you can type “sudo nano /etc/elasticsearch/elasticsearch.yml”. You could substitute any other capable text editor instead of nano. To escape Nano, type CTRL-X then "y" to overwrite changes, hit Enter to save the file in the same location. You can use the mouse to scroll up and down in Nano but must use arrow keys to get to the character you want to edit.

Anything which starts with “#” is a “comment” and not used. If you want to enable a setting, delete the “#” before the text on that line.

8- Edit the elasticsearch.yml file to change "network.host" to the IP address of the system (no brackets or quotes). Stop and start the Elasticsearch service (you can actually shorten it to "sudo systemctl stop elastic" etc...).

9- The curl command in the Guide will not work until a few more steps are complete. First, install curl by typing "sudo apt-get install curl".

10- Next you need an Elastic user besides the default one setup. Type "sudo -s" to change to the Root account.

Navigate to the directory where Elastic utilities are located by typing "cd /usr/share/elasticsearch/bin".

Type "./elasticsearch-users useradd [name]" and hit enter- you will be prompted for a password (twice!)

Now you need to elevate the privileges of this account, type "./elasticsearch-users roles [name] -a superuser". Then exit the root account.

NOTE that Elastic must be running for the Elastic utilities to work!

11- The curl command depends on the certificates installed with Elasticsearch. For some reason they're not always given the properties the system needs to access them. A fix is found in this discussion link:

Enter the command "sudo chmod a+rx /etc/elasticsearch/ /etc/elasticsearch/certs"

and then "sudo chmod a+r /etc/elasticsearch/certs/http_ca.crt".

12- NOW we are ready to test that Elasticsearch is operational on our VM-

When the Curl command works you should see:

?

Where “will” is my username in Debian, my host is “debian3”, and “will” is my username in Elastic. The red box is my elastic username setup in step in step#10 above.

If Elastic is working properly, Take a snapshot before moving on with installing Kibana!

NEXT will be the Kibana install.