How to install Elasticsearch on CentOS, RHEL, or Fedora

Installing Elasticsearch on CentOS, RHEL, or Fedora provides a local search and analytics node for application data, logs, and metrics. A working RPM-based installation is a practical starting point for API development, pipeline testing, and single-node lab work before a larger cluster is introduced.

The official RPM packages install the systemd unit, bundle a supported JVM, place configuration under /etc/elasticsearch, and store data and logs under /var/lib/elasticsearch and /var/log/elasticsearch. Current packages also prepare security auto-configuration, including TLS assets under /etc/elasticsearch/certs for HTTPS access to port 9200.

Current Elastic RPM guidance uses a disabled 9.x repository and expects vm.max_map_count to be at least 1048576, even though package installs may try to raise it automatically on some hosts. Security is enabled by default, so initial validation should use https://localhost:9200 with the generated CA certificate and a current elastic password rather than unauthenticated HTTP.

Steps to install Elasticsearch on CentOS, RHEL, or Fedora:

Import the Elasticsearch signing key.
```
$ sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
```
No output indicates the key was imported successfully.

Create the Elasticsearch repository file at /etc/yum.repos.d/elasticsearch.repo.

[elasticsearch]
name=Elasticsearch repository for 9.x packages
baseurl=https://artifacts.elastic.co/packages/9.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
type=rpm-md

The repository stays disabled by default, so installation commands explicitly enable it when needed.

Install the Elasticsearch package from the repository.
```
$ sudo dnf install --assumeyes --enablerepo=elasticsearch elasticsearch
##### snipped #####
Complete!
$ rpm -q elasticsearch
elasticsearch-9.3.2-1.aarch64
```
On CentOS 7 or RHEL 7, replace dnf with yum.

Current RPM installs can print a one-time auto-generated elastic password during package setup, but resetting the password after startup is still a reliable way to get a known credential.
Check the current vm.max_map_count value.
```
$ sysctl vm.max_map_count
vm.max_map_count = 262144
```
Current Elastic virtual-memory guidance expects at least 1048576.
Persist the recommended vm.max_map_count setting when the reported value is lower than 1048576.
```
$ echo "vm.max_map_count=1048576" | sudo tee /etc/sysctl.d/99-elasticsearch.conf
vm.max_map_count=1048576
```
Packages try to configure this automatically on some hosts, but a local sysctl file keeps the setting explicit.

Reload sysctl values and confirm the effective limit.

$ sudo sysctl --system
##### snipped #####
* Applying /etc/sysctl.d/99-elasticsearch.conf
$ sysctl vm.max_map_count
vm.max_map_count = 1048576

Reload systemd units after the package install.
```
$ sudo systemctl daemon-reload
```
Enable and start the Elasticsearch service.
```
$ sudo systemctl enable --now elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service -> /usr/lib/systemd/system/elasticsearch.service.
```
First startup can take time while security auto-configuration finishes and certificates are prepared under /etc/elasticsearch/certs.

Related: How to manage the Elasticsearch service with systemctl in Linux
Verify the service reached a healthy running state.
```
$ sudo systemctl status elasticsearch --no-pager
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled)
     Active: active (running)
##### snipped #####
```
The unit can remain activating for a while during the first start, so use recent logs if startup takes longer than expected.

Related: How to manage the Elasticsearch service with systemctl in Linux

Reset the built-in elastic password if the install transaction did not print a password to keep, or when a fresh password is preferred.

$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
Please confirm that you would like to continue [y/N] y

Password for the [elastic] user successfully reset.
New value: Guoh2cbV+cCvWAx+n3Zu

Store the generated password securely; the elastic user has full administrative access.

Test the HTTPS endpoint with the local CA certificate and the current elastic password.

$ curl -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
  "name" : "es-rpm-node",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "n4fS7wJMR8K1mP2qYt6u9A",
  "version" : {
    "number" : "9.3.2",
    "build_flavor" : "default",
    "build_type" : "rpm"
  },
  "tagline" : "You Know, for Search"
}

Use https in the URL; plain HTTP fails when the default security configuration is active.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.