Elasticsearch Role¶
Overview¶
This role manages the installation and configuration of Elasticsearch using rootless Podman containers. It includes optional TLS/SSL encryption, an Elasticvue GUI interface, systemd integration using Quadlets, configurable resource limits, and X-Pack security features.
Requirements¶
- Podman 4.x or later
- Systemd
- A user with sudo access
- SELinux if running on a RHEL/CentOS-based system (the role handles contexts).
Installation / Quick Start¶
Orchestrator¶
# Prepare system (one-time)
./manage-svc.sh elasticsearch prepare
# Deploy Elasticsearch
./manage-svc.sh elasticsearch deploy
# Verify deployment
./svc-exec.sh elasticsearch verify
Role Variables / Configuration¶
Installation Options¶
| Name | Description | Default |
|---|---|---|
elasticsearch_state |
present to install, absent to remove. |
present |
elasticsearch_force_reload |
Force a reload of the service. | false |
elasticsearch_delete_data |
Delete data during removal. | false |
Container Settings¶
| Name | Description | Default |
|---|---|---|
elasticsearch_image |
The Elasticsearch container image. | docker.io/elasticsearch:8.12.1 |
elasticsearch_elasticvue_image |
The Elasticvue container image. | docker.io/cars10/elasticvue:latest |
elasticsearch_port |
The port for the Elasticsearch API. | 9200 |
elasticsearch_gui_port |
The port for the Elasticvue GUI. | 8080 |
Security Settings¶
| Name | Description | Default |
|---|---|---|
elasticsearch_enable_security |
Enable X-Pack security features. | true |
elasticsearch_password |
The password for the elastic user. |
change_this_password |
TLS Configuration¶
| Name | Description | Default |
|---|---|---|
elasticsearch_enable_tls |
Enable TLS for the Elasticsearch API. | false |
elasticsearch_tls_cert_file |
Path to your TLS certificate. | "" |
elasticsearch_tls_key_file |
Path to your TLS private key. | "" |
elasticsearch_tls_min_version |
The minimum TLS version to use. | TLSv1.2 |
elasticsearch_tls_verify_client |
Whether to verify the client certificate. | optional |
Resource Settings¶
| Name | Description | Default |
|---|---|---|
elasticsearch_memory |
The JVM heap size. | 1g |
Usage¶
After deployment, the services are available at:
- Elasticsearch API: http://localhost:9200
- Elasticvue GUI: http://localhost:8080
Initial Setup¶
- Get the cluster status:
- Access the Elasticvue GUI by opening
http://localhost:8080in your browser and connecting tohttp://localhost:9200with theelasticuser and your password.
Service Management¶
# Check service status
systemctl --user status elasticsearch-pod
# View logs
podman logs elasticsearch-node
podman logs elasticsearch-gui
# Restart service
systemctl --user restart elasticsearch-pod
Troubleshooting¶
Container Won't Start¶
- Check the logs:
podman logs elasticsearch-node - Verify memory settings:
podman inspect elasticsearch-node | jq '.[0].HostConfig.Memory' - Check system requirements:
sysctl vm.max_map_count
Permission Denied Errors¶
On RHEL/CentOS, check SELinux contexts:
Role-Specific Sections¶
Security Considerations¶
Elasticvue provides a convenient dashboard but has no built-in authentication. It is recommended to use a reverse proxy with authentication, network access control, or SSH tunneling to secure access.
Resource Management¶
Elasticsearch requires proper memory settings. The role configures container-level ulimits and system-level limits. Ensure vm.max_map_count is at least 262144 on the host.
Backup and Restore¶
Manual backup and restore can be performed by stopping the service, creating a tarball of the data directory, and extracting it to restore.
Removal¶
# Remove but keep data
./manage-svc.sh elasticsearch remove
# Complete removal
./manage-svc.sh elasticsearch remove -e elasticsearch_delete_data=true
Reference¶
License¶
MIT
Author¶
Created by jackaltx and Claude.