How to install Elasticsearch on CentOS, RHEL, or Fedora

Installing Elasticsearch on CentOS, RHEL, or Fedora provides a local search and analytics engine with an HTTP API for indexing and querying large datasets.

The official RPM packages register an Elasticsearch systemd unit, place configuration under /etc/elasticsearch, and store data and logs under /var/lib/elasticsearch and /var/log/elasticsearch.

Kernel settings such as vm.max_map_count must be raised before running Elasticsearch under load, and recent releases enable TLS and authentication by default for the port 9200 API. Binding the service to a non-local address requires additional configuration and firewall review, so initial validation is typically performed on localhost.

Steps to install Elasticsearch on CentOS, RHEL, or Fedora:

Create the Elasticsearch repository file at /etc/yum.repos.d/elasticsearch.repo.

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1

Use yum instead of dnf on older CentOS releases.

Install the Elasticsearch package.

$ sudo dnf install --assumeyes elasticsearch
Installing:
  elasticsearch-8.19.9-1.aarch64

Persist the vm.max_map_count requirement for Elasticsearch.

$ echo "vm.max_map_count=262144" | sudo tee /etc/sysctl.d/99-elasticsearch.conf
vm.max_map_count=262144

Reload sysctl values.

$ sudo sysctl --system
* Applying /etc/sysctl.d/99-elasticsearch.conf

Enable the Elasticsearch service in systemd.

$ sudo systemctl enable --now elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service -> /usr/lib/systemd/system/elasticsearch.service.

The --now option starts the service immediately.

Verify the service is running.

$ sudo systemctl status elasticsearch --no-pager
* elasticsearch.service - Elasticsearch
     Active: active (running)
##### snipped #####

Reset the elastic user password for API authentication.

$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user.
Please confirm that you would like to continue [y/N] y
Password for the [elastic] user successfully reset.
New value: 9wqfXqP0K9r8n2uY5HcF

Store the generated password securely for authenticated API calls.

Test the HTTPS endpoint using the local CA certificate with the elastic password.

$ ES_PASS='9wqfXqP0K9r8n2uY5HcF'
$ curl -s --cacert /etc/elasticsearch/certs/http_ca.crt -u "elastic:${ES_PASS}" https://localhost:9200
{
  "name" : "es-1",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "8JwLw3ssQbS5W7w1j1LqPw",
  "version" : {
    "number" : "8.12.2"
  },
  "tagline" : "You Know, for Search"
}

The CA certificate installed by the RPM is located at /etc/elasticsearch/certs/http_ca.crt.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.