Default Install Configuration

I am in the process of rebuilding my ELK stack instances in all my office locations (28 locations). So tonight, after installing Ubuntu 16.04 on each server and patching, I start the install process for Elasticsearch.

After installing Java, I proceed to install Elasticsearch. Half the installs have one default config file and the other half, have an entirely different default config file. How is this possible? What do I need to do, to make sure my configs are the same?

We recommend the use of config management - Puppet, chef, ansible, salt, whatever.

However unless you purge previous installs, it'll keep config files around. That may be what you are seeing.

Yea I'm not paying for Puppet or Chef for base installs and some config files.

These were fresh installs. I deleted the disks in vSphere and installed from scratch. But this didnt answer my question, why the different config files?

I'm rebuilding one of my data center clusters which is an 8 server cluster and even those 8 servers have differing config files.

They're open source?

Can you show us? How are you installing them?

Open source doesn't mean free. Puppet charges 75 dollars per server for maintenance and support.

Again, I have my Logstash config files all centrally located, so aside from installing Ubuntu and ELK, nothing else gets done on these boxes.

These are my steps, as compiled off the Elasticsearch install guide (hopefully it makes sense):

	[ Install Java ]
  • sudo add-apt-repository -y ppa:webupd8team/java
  • sudo apt-get update
  • sudo apt-get -y install oracle-java8-installer
	[ Install Elasticsearch ]
  • sudo vi /etc/elasticsearch/elasticsearch.yml
=> ####ELK


=> bootstrap.memory_lock: true

=> localhost

* sudo vi /etc/default/elasticsearch

=> MAX_LOCKED_MEMORY=unlimited

* sudo vi /etc/elasticsearch/jvm.options

=> -Xms#g
=> -Xmx#g

* sudo vi /usr/lib/sysctl.d/elasticsearch.conf

=> m.max_map_count=262144

* sudo vi /usr/lib/systemd/system/elasticsearch.service

=> LimitNOFILE=131070

=> LimitMEMLOCK=infinity
  • sudo vi /etc/security/limits.conf
=> elasticsearch    -       nofile          65536
=> elasticsearch    -       nproc           2048

sudo sysctl vm.max_map_count=262144

That is my cheat sheet for lack of a better description when it comes to deploying Elasticsearch.

This is a bit on the ridiculous side...some of these installs are missing the jvm.options file.

I think I figured out what the deal was. Apparently several servers did NOT accept this command:

echo "deb stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list

As a result, some "other" version of Elasticsearch was installed, not 5.1.2.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.