Elasticsearch Installation

This guide covers the installation and configuration of Elasticsearch 8 for SAMO platform.

Elasticsearch 8 docker deployment (Linux)

Elasticsearch 8 can be run as a docker container. Using the docker-compose file is the recommended way to start ES 8 for SAMO platform. Below is a sample configuration for ES 8 in the docker-compose.yml file:

# **TODO** simplify this example - only relevant settings and remove comments/placeholders

elasticsearch8:
    image: docker.asseco-ce.com/samo/server/samo-elasticsearch:8.17.4
    restart: always
    deploy:
      resources:
        limits:
          memory: 6G
    environment:
      - discovery.type=single-node
      - cluster.routing.allocation.disk.threshold_enabled=false
      - xpack.security.enabled=true
      - action.auto_create_index=.security*,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,metricbeat-*,.kibana,apm-*,audit*,logs*
      - ES_JAVA_OPTS=-Xms1g -Xmx6g
      - bootstrap.memory_lock=true
      - http.max_initial_line_length=${es_max_initial_line_length:-16kb}
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-}
    ports:
      - "9200:9200"
      - "9300:9300"
    privileged: true
    volumes:
      - ${data_dir}/elasticsearch8:/usr/share/elasticsearch/data

  elasticsearch-setup:
    image: docker.asseco-ce.com/samo/server/elasticsearch-setup:1.0
    depends_on:
      - elasticsearch8
    environment:
      - ELASTICSEARCH_HOST=elasticsearch8
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-}
      - ELASTIC_LOGSTASH_PASSWORD=${ELASTIC_LOGSTASH_PASSWORD:-}
      - ELASTIC_KIBANA_PASSWORD=${ELASTIC_KIBANA_PASSWORD:-}

Enable Elasticsearch Security

In the docker-compose.yml configuration above, security is enabled with these settings:

xpack.security.enabled=true
ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-}

This enables security and sets the password for the root user (username: elastic).

Connecting LIDS AS to Elasticsearch

In environment.properties, add these properties:

lids.search.username=elastic
lids.search.password=your_elastic_password

warning

Replace your_elastic_password with the actual value of ELASTIC_PASSWORD. Never commit passwords to version control.

Creating a Custom Role Using Security API

curl -X POST "http://localhost:9200/_security/role/custom_role" \
  -H "Content-Type: application/json" \
  -u elastic:your_password \
  -d '{
    "cluster": ["all"],
    "indices": [
      {
        "names": [ "my-index-*" ],
        "privileges": ["read", "write"]
      }
    ],
    "applications": [
      {
        "application": "kibana-.kibana",
        "privileges": ["read"],
        "resources": ["*"]
      }
    ]
  }'

This creates a role named custom_role with:

Cluster privilege: all
Index privileges: read and write on indices matching my-index-*
Application privilege (optional, e.g., Kibana)

Creating a New User with Custom Role

curl -X POST "http://localhost:9200/_security/user/my_user" \
  -H "Content-Type: application/json" \
  -u elastic:your_password \
  -d '{
    "password" : "StrongPassword123!",
    "roles" : [ "custom_role" ],
    "full_name" : "Full Name",
    "email" : "name@example.com",
    "enabled": true
  }'

This creates a new user (my_user) with the role custom_role.

Elasticsearch 8 on premise (Windows Server)

ES 8 is deliverd as a .zip file and just needs to be unzipped on desired location. Inlcuded is already the /config subfolder with elasticsearch.yml and jvm.options for further configuration. Data Folder needs to be defined individually and needs referencing in elasticsearch.yml. Also the other configuration parameters like in ES 6 are included there. Memory settings are done in jvm.options.

Run ES as a service

You can configure it as a service with the following steps:

Open a command prompt and go to "ElasticSearch installation directory"/bin.
Run the following command: elasticsearch-service.bat install [ServiceID] (ServiceID is an optional id that you can specify to identify the service)

Configuration of ES 8

warning

The configuration from ES 6 can't be copied directly to the newer version. Some parameters are not supported anymore, some are changed, and some are newly required.

Here is a simplified, running configuration for a single-node, development solution:

caution

This configuration is not recommended for production environments.

cluster.name: samo_elasticsearch
node.name: <name of the server>
path.data: E:\elasticsearch-8.13.4\data
path.logs: E:\elasticsearch-8.13.4\logs
bootstrap.memory_lock: false
network.host: 0.0.0.0
network.publish_host: <name of the server>
http.port: 9200
transport.port: 9300
discovery.type: single-node
http.max_initial_line_length: 16kb

action.auto_create_index: .security*,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,.kibana* 
xpack.license.self_generated.type: basic
xpack.security.enabled: false

info

The Elasticsearch plugin analysis-icu must be installed. Run:

elasticsearch-plugin install --batch analysis-icu

Important Change of ES Endpoint

Because there is a change in call ES API, LAS doesn't call https port no more. Instead of it uses http port. When you upgrade to ES 8.x, you need to change lids.search.transportAddress property. This manual counts with standard use of ports (9200/9300 and 11920/11930).

For docker installation (LINUX):

lids.search.transportAddress=elasticsearch:9200 for server properties
lids.search.transportAddress=http://server-xxx.domain:11920 for local properties

For native installation (WINDOWS):

lids.search.transportAddress=server-xxx.domain:9200 for server properties
lids.search.transportAddress=server-xxx.domain:9200 for local properties

Elasticsearch 8 docker deployment (Linux)​

Enable Elasticsearch Security​

Connecting LIDS AS to Elasticsearch​

Creating a Custom Role Using Security API​

Creating a New User with Custom Role​

Elasticsearch 8 on premise (Windows Server)​

Run ES as a service​

Configuration of ES 8​

Important Change of ES Endpoint​

For docker installation (LINUX):​

For native installation (WINDOWS):​