Install Elasticsearch 8 on Rocky Linux 10 / AlmaLinux 10

Elasticsearch is a distributed search and analytics engine built on Apache Lucene. It handles full-text search, log analytics, application monitoring, and real-time data analysis at scale. This guide walks through installing and configuring Elasticsearch 8 on Rocky Linux 10 and AlmaLinux 10.

Original content from computingforgeeks.com - post 64673

We cover the official Elastic repository setup, JVM heap tuning, cluster configuration, X-Pack security with password generation, firewall rules, SELinux, and verification. By the end you will have a working single-node Elasticsearch instance ready for development or production use.

Prerequisites

• A server running Rocky Linux 10 or AlmaLinux 10 with root or sudo access
• At least 2 GB RAM (4 GB recommended for production)
• Ports 9200 (HTTP API) and 9300 (cluster transport) available
• Internet access to reach the Elastic package repository

Step 1: Import the Elasticsearch GPG Key

All packages from Elastic are signed. Import the GPG key so dnf can verify package integrity during installation.

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Step 2: Add the Elastic 8.x Yum Repository

Create a repository file that points to the official Elastic 8.x packages.

sudo vi /etc/yum.repos.d/elasticsearch.repo

Add the following repository configuration:

[elastic-8.x]
name=Elastic repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Step 3: Install Elasticsearch 8 on Rocky Linux 10 / AlmaLinux 10

Install Elasticsearch from the repository you just added. Elasticsearch 8 ships with a bundled JDK, so you do not need to install Java separately.

sudo dnf install elasticsearch -y

During installation, Elasticsearch 8 generates a random password for the built-in elastic superuser and prints it to the terminal. Save this password – you will need it to authenticate. The output looks similar to this:

--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : <RANDOM_PASSWORD>

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'

--------------------------------------------------------------------------------------------------

If you missed the password, you can reset it later with the elasticsearch-reset-password tool (covered in Step 6).

Step 4: Configure Elasticsearch

The main configuration file is /etc/elasticsearch/elasticsearch.yml. Open it for editing.

sudo vi /etc/elasticsearch/elasticsearch.yml

Set the cluster name, node name, data path, network binding, and discovery settings. Uncomment and update these lines:

# Cluster name - all nodes in the same cluster must share this name
cluster.name: my-cluster

# Human-readable node identifier
node.name: node-1

# Where Elasticsearch stores index data
path.data: /var/lib/elasticsearch

# Where Elasticsearch writes logs
path.logs: /var/log/elasticsearch

# Bind to localhost only (change to 0.0.0.0 or a specific IP for remote access)
network.host: 127.0.0.1

# Discovery setting for a single-node setup
discovery.type: single-node

For a multi-node cluster, replace discovery.type: single-node with a seed hosts list. See our guide on deploying an Elasticsearch cluster on Rocky Linux with Ansible for that setup.

Tune JVM Heap Size

Elasticsearch runs on the JVM and allocates half the available memory by default (capped at 31 GB). For a dedicated server, set the heap to half of total RAM but never more than 31 GB. Edit the JVM options file.

sudo vi /etc/elasticsearch/jvm.options.d/heap.options

Add two lines setting the minimum and maximum heap size to the same value. For a server with 4 GB RAM, use 2 GB:

-Xms2g
-Xmx2g

Setting -Xms and -Xmx to equal values prevents the JVM from resizing the heap at runtime, which avoids pauses during garbage collection.

Step 5: Start and Enable Elasticsearch

Reload the systemd daemon to pick up the new service, then enable and start Elasticsearch.

sudo systemctl daemon-reload
sudo systemctl enable --now elasticsearch

Verify the service is running:

systemctl status elasticsearch

The output should show active (running):

● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; preset: disabled)
     Active: active (running) since ...
   Main PID: 12345 (java)
     Memory: 1.2G
        CPU: 30s
     CGroup: /system.slice/elasticsearch.service

Step 6: Configure X-Pack Security and Generate Passwords

Elasticsearch 8 enables X-Pack security by default with TLS on both the transport and HTTP layers. If you lost the initial elastic superuser password printed during installation, reset it.

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

The tool generates a new random password and prints it to the terminal. Save it securely.

To set passwords for all built-in users (elastic, kibana_system, logstash_system, beats_system, apm_system, remote_monitoring_user), use the setup-passwords tool:

sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

This generates random passwords for every built-in user. Record all of them – you will need the kibana_system password if you install Kibana alongside Elasticsearch.

Step 7: Configure Firewall for Elasticsearch

If you plan to access Elasticsearch from other servers, open the required ports in firewalld. Port 9200 is the REST API port and 9300 is the inter-node transport port used in clusters.

sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=9300/tcp
sudo firewall-cmd --reload

Confirm the ports are open:

sudo firewall-cmd --list-ports

You should see 9200/tcp 9300/tcp in the output.

Step 8: SELinux Configuration

Rocky Linux 10 and AlmaLinux 10 ship with SELinux in enforcing mode. The Elasticsearch RPM package installs the correct SELinux contexts for its data and log directories, so it runs without issues under the default policy.

If you changed path.data to a custom directory, update the SELinux context to match:

sudo semanage fcontext -a -t elasticsearch_var_lib_t "/custom/data/path(/.*)?"
sudo restorecon -Rv /custom/data/path

Verify SELinux is not blocking Elasticsearch by checking for denials:

sudo ausearch -m avc -ts recent | grep elasticsearch

No output means there are no SELinux denials – Elasticsearch is running cleanly under the policy.

Step 9: Verify Elasticsearch Installation

Test that Elasticsearch responds on port 9200. Since TLS is enabled by default in version 8, use the CA certificate for verification.

sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

Enter the elastic user password when prompted. A successful response returns cluster information in JSON format:

{
  "name" : "node-1",
  "cluster_name" : "my-cluster",
  "cluster_uuid" : "abc123...",
  "version" : {
    "number" : "8.19.13",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "...",
    "build_date" : "...",
    "build_snapshot" : false,
    "lucene_version" : "9.12.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

Check cluster health to confirm the node is operational:

sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cluster/health?pretty

A single-node cluster shows green status with one node:

{
  "cluster_name" : "my-cluster",
  "status" : "green",
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0
}

Step 10: Install Kibana (Optional)

Kibana provides a web interface for visualizing and querying data stored in Elasticsearch. Since you already added the Elastic 8.x repository, install Kibana directly.

sudo dnf install kibana -y

Generate an enrollment token from Elasticsearch for Kibana to connect securely:

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Copy the token output. Then configure Kibana to use it:

sudo /usr/share/kibana/bin/kibana-setup --enrollment-token <paste-token-here>

If you need Kibana accessible from other machines, edit /etc/kibana/kibana.yml and set server.host to 0.0.0.0 or the server IP. Then enable and start the service.

sudo systemctl enable --now kibana

Open port 5601 for the Kibana web interface:

sudo firewall-cmd --permanent --add-port=5601/tcp
sudo firewall-cmd --reload

Access Kibana at http://server-ip:5601 and log in with the elastic user credentials. For a full Elasticsearch and Kibana setup guide on RHEL/Rocky/AlmaLinux, see our dedicated article.

Conclusion

You now have Elasticsearch 8 running on Rocky Linux 10 or AlmaLinux 10 with X-Pack security enabled, TLS configured, and firewall rules in place. The official Elasticsearch documentation covers additional settings for production tuning including shard allocation, snapshot repositories, and index lifecycle management. For production deployments, consider setting up a multi-node cluster, configuring automated snapshots for backup, and placing a reverse proxy with SSL termination in front of the API.