How to Install Elasticsearch on RHEL 7

How to Install Elasticsearch on RHEL 7

Elasticsearch is a distributed, RESTful search and analytics engine built on Apache Lucene. It is widely used for full-text search, log aggregation, and real-time data analysis. This guide walks you through installing and configuring Elasticsearch on Red Hat Enterprise Linux 7, including repository setup, basic cluster configuration, JVM tuning, and verifying the installation with live index operations.

Prerequisites

• A running RHEL 7 system with root or sudo access
• At least 2 GB of RAM (4 GB or more recommended for production)
• Java is not required separately — Elasticsearch 7.x bundles its own JDK
• Firewalld or iptables configured to allow port 9200 (HTTP) and 9300 (transport) if needed
• An active internet connection or access to a local mirror

Step 1: Add the Elastic YUM Repository

Elastic provides an official RPM repository for RHEL-based systems. Create the repository definition file so that yum knows where to fetch packages.

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

sudo tee /etc/yum.repos.d/elasticsearch.repo <<'EOF'
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

Verify the repository is recognized by yum:

sudo yum repolist | grep elasticsearch

You should see the elasticsearch-7.x entry listed in the output.

Step 2: Install Elasticsearch

Install Elasticsearch using yum. The package manager will resolve all dependencies automatically.

sudo yum install -y elasticsearch

This installs the Elasticsearch binaries, configuration files under /etc/elasticsearch/, and a systemd unit file. The data directory defaults to /var/lib/elasticsearch and logs go to /var/log/elasticsearch.

Step 3: Configure elasticsearch.yml

The primary configuration file is /etc/elasticsearch/elasticsearch.yml. Open it with your preferred editor and set the core options for a single-node or multi-node deployment.

sudo vi /etc/elasticsearch/elasticsearch.yml

Set the following key parameters:

# Cluster and node identity
cluster.name: my-application
node.name: node-1

# Network binding — use the server's actual IP or 0.0.0.0 for all interfaces
network.host: 192.168.1.10

# Discovery for single-node mode (avoids split-brain waiting)
discovery.type: single-node

# Data and log paths (defaults are fine for most installs)
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

For a multi-node cluster, replace discovery.type: single-node with seed hosts:

discovery.seed_hosts:
  - 192.168.1.10
  - 192.168.1.11
  - 192.168.1.12

cluster.initial_master_nodes:
  - node-1
  - node-2
  - node-3

Step 4: Tune JVM Heap Settings

Elasticsearch bundles a JDK and reads heap size from /etc/elasticsearch/jvm.options. Incorrect heap settings are the most common cause of performance problems. The general rule is to allocate no more than 50% of available RAM, and never exceed 30 GB.

sudo vi /etc/elasticsearch/jvm.options

Find and edit the Xms and Xmx lines. For a server with 8 GB of RAM, set both to 4 GB:

-Xms4g
-Xmx4g

Setting both values to the same amount prevents the JVM from dynamically resizing the heap, which avoids garbage collection pauses caused by heap expansion.

Step 5: Configure System Limits

Elasticsearch requires a high number of open file descriptors and virtual memory map areas. Set these system-level limits to prevent startup failures.

sudo tee /etc/security/limits.d/elasticsearch.conf <<'EOF'
elasticsearch  -  nofile  65536
EOF

# Increase virtual memory map count
sudo sysctl -w vm.max_map_count=262144

# Make the vm.max_map_count setting persistent across reboots
echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf

Step 6: Enable and Start Elasticsearch

Use systemctl to enable Elasticsearch so it starts at boot, then start the service.

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch

Check the service status to confirm it started successfully:

sudo systemctl status elasticsearch

The output should show active (running). If there are errors, check the log:

sudo journalctl -u elasticsearch -n 50 --no-pager

Step 7: Test the Elasticsearch API

Elasticsearch exposes a RESTful HTTP API on port 9200. Use curl to verify the node is responding.

curl -s http://localhost:9200 | python -m json.tool

Expected output will look similar to:

{
  "name" : "node-1",
  "cluster_name" : "my-application",
  "cluster_uuid" : "abcDEF123xyz",
  "version" : {
    "number" : "7.17.10",
    "build_flavor" : "default",
    "lucene_version" : "8.11.1"
  },
  "tagline" : "You Know, for Search"
}

Check cluster health:

curl -s http://localhost:9200/_cluster/health | python -m json.tool

Step 8: Basic Index Operations

Create an index, insert a document, and run a search to confirm Elasticsearch is functioning correctly.

Create an index named products:

curl -X PUT "http://localhost:9200/products" 
  -H "Content-Type: application/json" 
  -d '{
    "settings": {
      "number_of_shards": 1,
      "number_of_replicas": 0
    }
  }'

Insert a document:

curl -X POST "http://localhost:9200/products/_doc/1" 
  -H "Content-Type: application/json" 
  -d '{
    "name": "Widget Pro",
    "price": 29.99,
    "category": "hardware",
    "in_stock": true
  }'

Search for the document:

curl -s "http://localhost:9200/products/_search?q=name:Widget" | python -m json.tool

List all indices:

curl -s "http://localhost:9200/_cat/indices?v"

Step 9: Open Firewall Ports (If Required)

If the server uses firewalld and you need to expose Elasticsearch to other hosts on the network, open the required ports.

# HTTP API port
sudo firewall-cmd --permanent --add-port=9200/tcp

# Transport port (node-to-node communication in a cluster)
sudo firewall-cmd --permanent --add-port=9300/tcp

sudo firewall-cmd --reload

Security note: Never expose port 9200 directly to the internet without authentication. Consider using X-Pack security or placing Elasticsearch behind a reverse proxy with authentication for any production deployment.

Conclusion

You have successfully installed and configured Elasticsearch on RHEL 7. The installation covered adding the official Elastic repository, tuning JVM heap settings for stable performance, configuring the cluster identity and network binding in elasticsearch.yml, setting required system limits, and verifying the setup with live index and search operations. From here you can add Kibana for visualization, Logstash for data ingestion, or integrate Elasticsearch directly with your application using one of the many official client libraries available for Python, Java, Go, and other languages.