Networking/Firewall

Prerequisites - Fedora Server with 64GB RAM and 4 CPU cores - Recommendations for Hardware

Create a new Service named elasticsearch

Create the file vim /etc/firewalld/services/elasticsearch.xml

Add the following to define the service to elasticsearch.xml and save:

<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>elasticsearch</short>
    <description>Elasticsearch is a real-time distributed and open source full-text search and analytics engine.</description>
    <port protocol="tcp" port=9200/>
</service>

Reload the firewall to access the new service firewall-cmd --reload
Check the existing Firewall Zones firewall-cmd --get-zones
Add a new zone for localhost only configs firewall-cmd --permanent --new-zone=localhost `
Add the elasticsearch service to the localhost zone firewall-cmd --zone=localhost --add-service=elasticsearch --permanent
List elasticsearch zone services to confirm the new service was added firewall-cmd --zone=localhost --list-services
Reload the firewall again to ensure new settings take effect firewall-cmd --reload

Installation

Install Elastic Search

Import the Elasticsearch GPG key rpm --import [https://artifacts.elastic.co/GPG-KEY-elasticsearch](https://artifacts.elastic.co/GPG-KEY-elasticsearch)
Add the Elasticsearch repository by editing /etc/yum.repos.d/elasticsearch.repo and adding the following lines:

[elasticsearch] 
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

Now install elasticsearch dnf install --enablerepo=elasticsearch elasticsearch
Now time to configure elasticsearch: vim /etc/elasticsearch/elasticsearch.yml
- Elasticsearch listens for traffic from everywhere on port 9200. You will want to restrict outside access to your Elasticsearch instance to prevent outsiders from reading your data or shutting down your Elasticsearch cluster through the REST API. Find the line that specifies network.host, uncomment it, and replace its value with localhost so it looks like this: network.host: localhost
- Save and close elasticsearch.yml.
Enable and start the Elasticsearch service: systemctl enable --now elasticsearch
Test that Elasticsearch is working: curl "https://localhost:9200" --insecure Which should show the output that looks like this. The error is to be expected as we have not yet set up REST API authentication. But the access denied error confirms that the service is now active and the port open in the firewall.

{
    "error": {
        "root_cause": [{
            "type": "security_exception",
            "reason": "missing authentication credentials for REST request [/]",
            "header": {
                "WWW-Authenticate": ["Basic realm=\"security\" charset=\"UTF-8\"", "Bearer realm=\"security\"", "ApiKey"]
            }
        }],
        "type": "security_exception",
        "reason": "missing authentication credentials for REST request [/]",
        "header": {
            "WWW-Authenticate": ["Basic realm=\"security\" charset=\"UTF-8\"", "Bearer realm=\"security\"", "ApiKey"]
        }
    },
    "status": 401
}

Install Kibana

Install Kibana using a package mananger:
- dnf install kibana
Enable and start the Kibana service:
- systemctl enable --now kibana