πŸ‘‰ This writeup is part of “Elasticsearch Deploy Docs” series.

Important Elasticsearch Configuration

πŸ“„ Official Docs

Mainly 3 configuration files

elasticsearch.yml - Elasticsearch config
jvm.options       - Elasticsearch JVM settings config
log4j2.properties - Elasticsearch logging config

Environment Variables

  • export the ES_PATH_CONF
  • etc/default/elasticsearch (Sourced environment variables from. Recommended)

Settings

πŸ“„ Official Docs

Before going to production, it is recommended go through be below elasticsearch configs. Refer sample_config directory for configuration

ConfigurationDescriptionConfiguration Reference
Path settingsLog and data configRefer here
Cluster nameCluster nameRefer here
Node nameNode nameRefer here
Network hostIP address that elasticsearch bind onRefer here
Discovery settingsCluster discovery and initial master configRefer here
Heap sizeJVM heap memory configurationRecommended heap size should be half of system memory. Make sure min and max heap memory same value. Refer here
Heap dump pathHeap dump location path configDefault config is sufficient. Refer here
GC loggingGarbage collection logging configurationDefault config is sufficient. Refer here
Temp directoryConfigure private temporary directory that Elasticsearch uses is excluded from periodic cleanup

Important System Configuration

πŸ“„ Offical Docs

  • Before going to production, it is recommended go through be blow system configs
ConfigurationDescriptionRemark
Disable swappingDisable swapping to prevent JVM heap or even its executable pages being swapped out to disk
File descriptorsIncrease file descriptors for the user running Elasticsearch
Virtual memoryIncrease mmap counts to prevent memory exceptions.
DNS cache settingsOveride JVM DNS positive/negetive cache settings (Leave default value)
Temporary directory not mounted with noexecAs the native library is mapped into the JVM virtual address space as executable, the underlying mount point of the location that this code is extracted to must not be mounted with noexec as this prevents the JVM process from being able to map this code as executable

Bootstrap Checks

πŸ“„ Offical Docs

Once you configured above configuration, elasticsearch performs some checks during bootstrap to verify configuration. If Elasticsearch is in development mode, any bootstrap checks that fail appear as warnings in the Elasticsearch log. If Elasticsearch is in production mode, any bootstrap checks(below) that fail will cause Elasticsearch to refuse to start.

Below are the boostrap checks.(In case, elasticsearch failed to start, below is the check list to verify)

Check NameDescription
Heap size checkEnforces to start the JVM with the initial heap size equal to the maximum heap size to avoid these resize pauses
File descriptor checksEnforces elasticsearch have good number of file descriptor
Memory lock checkEnforces JVM heap memory lock to avoid swapping pages to disk.
Maximum number of theard pool checksEnforces Elasticsearch process has the rights to create enough threads under normal use.
Max file size checkEnforces that the Elasticsearch process can create max file size is unlimited
Max size virtual memory checkEnforces that the Elasticsearch process has unlimited address space
Max map count checkEnforces that the kernel allows a process to have at least 262,144 memory-mapped areas
Client JVM checkEnforces that the Elasticsearch start with the server JVM. Refer doc
Use serial collector checkEnforces that the Elasticsearch is not configured to run with the “serial collector” type JVM
System call filter checkEnforces system call filters are enabled which is an ability to execute system calls related to forking against arbitrary code execution attacks on Elasticsearch
OnError and OnOutOfMemoryError checkEnforces JVM has options related to OnError or OnOutOfMemoryError enabled
Early-access checkEnforces to start Elasticsearch on a release build of the JVM. Nor early-access snapshots of upcoming releases which are not suitable for production
G1GC checkChecks versions of the HotSpot JVM, Refer docs
All permission checkEnforces security policy used during bootstrap does not grant the java.security.AllPermission to Elasticsearch
Discovery config checkEnforces discovery is not running with the default configuration

Docker Container Labeling

Useful to filter logs, events, etc at logstash and also at kibana dashboard

com.yourdomain.container.type:
"heartbeat"
"metricbeat"
"filebeat"
"application"

com.yourdomain.container.app.version: "1.2"

com.yourdomain.container.environment:
"stagging"
"production"

com.yourdomain.container.name:
"auditlog-1"
"odoo-1"

Index Life Cycle Management

Definitions