How to install Elasticsearch on CentOS, RHEL, or Fedora

Installing Elasticsearch on CentOS, RHEL, or Fedora provides a local search and analytics node for application data, logs, and metrics. A working RPM-based installation is a practical starting point for API development, pipeline testing, and single-node lab work before a larger cluster is introduced.

The official RPM packages install the systemd unit, bundle a supported JVM, place configuration under /etc/elasticsearch, and store data and logs under /var/lib/elasticsearch and /var/log/elasticsearch. Current packages also prepare security auto-configuration, including TLS assets under /etc/elasticsearch/certs for HTTPS access to port 9200.

Current Elastic RPM guidance uses a disabled 9.x repository and expects vm.max_map_count to be at least 1048576, even though package installs may try to raise it automatically on some hosts. Security is enabled by default, so initial validation should use https://localhost:9200 with the generated CA certificate and a current elastic password rather than unauthenticated HTTP.

Related: How to install Elasticsearch on Ubuntu or Debian

Steps to install Elasticsearch on CentOS, RHEL, or Fedora:

  1. Import the Elasticsearch signing key. 
    $ sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

    No output indicates the key was imported successfully.

  2. Create the Elasticsearch repository file at /etc/yum.repos.d/elasticsearch.repo. 
    [elasticsearch]
name=Elasticsearch repository for 9.x packages
baseurl=https://artifacts.elastic.co/packages/9.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
type=rpm-md

    The repository stays disabled by default, so installation commands explicitly enable it when needed.

  3. Install the Elasticsearch package from the repository. 
    $ sudo dnf install --assumeyes --enablerepo=elasticsearch elasticsearch
##### snipped #####
Complete!
$ rpm -q elasticsearch
elasticsearch-9.3.2-1.aarch64

    On CentOS 7 or RHEL 7, replace dnf with yum.

    Current RPM installs can print a one-time auto-generated elastic password during package setup, but resetting the password after startup is still a reliable way to get a known credential.

  4. Check the current vm.max_map_count value. 
    $ sysctl vm.max_map_count
vm.max_map_count = 262144

    Current Elastic virtual-memory guidance expects at least 1048576.

  5. Persist the recommended vm.max_map_count setting when the reported value is lower than 1048576. 
    $ echo "vm.max_map_count=1048576" | sudo tee /etc/sysctl.d/99-elasticsearch.conf
vm.max_map_count=1048576

    Packages try to configure this automatically on some hosts, but a local sysctl file keeps the setting explicit.

  6. Reload sysctl values and confirm the effective limit. 
    $ sudo sysctl --system
##### snipped #####
* Applying /etc/sysctl.d/99-elasticsearch.conf
$ sysctl vm.max_map_count
vm.max_map_count = 1048576
  7. Reload systemd units after the package install. 
    $ sudo systemctl daemon-reload
  8. Enable and start the Elasticsearch service. 
    $ sudo systemctl enable --now elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service -> /usr/lib/systemd/system/elasticsearch.service.

    First startup can take time while security auto-configuration finishes and certificates are prepared under /etc/elasticsearch/certs.

    Related: How to manage the Elasticsearch service with systemctl in Linux

  9. Verify the service reached a healthy running state. 
    $ sudo systemctl status elasticsearch --no-pager
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled)
     Active: active (running)
##### snipped #####

    The unit can remain activating for a while during the first start, so use recent logs if startup takes longer than expected.

    Related: How to manage the Elasticsearch service with systemctl in Linux

  10. Reset the built-in elastic password if the install transaction did not print a password to keep, or when a fresh password is preferred. 
    $ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
Please confirm that you would like to continue [y/N] y

Password for the [elastic] user successfully reset.
New value: Guoh2cbV+cCvWAx+n3Zu

    Store the generated password securely; the elastic user has full administrative access.

  11. Test the HTTPS endpoint with the local CA certificate and the current elastic password. 
    $ curl -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
  "name" : "es-rpm-node",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "n4fS7wJMR8K1mP2qYt6u9A",
  "version" : {
    "number" : "9.3.2",
    "build_flavor" : "default",
    "build_type" : "rpm"
  },
  "tagline" : "You Know, for Search"
}

    Use https in the URL; plain HTTP fails when the default security configuration is active.