Elasticsearch Dangerous Default Settings

Elasticsearch Dangerous Default Settings

Last Update: July 2020

Have you tried our Elasticsearch Check-Up ? (no installation required) get personalized recommendations that can prevent errors and improve your search and indexing speed

A review of two dangerous default settings in Elasticsearch: Cluster Name and Data Path.

Cluster Name is Default ‘elasticsearch’

What Does it Mean?

It is important to change the name of the cluster in elasticsearch.yml to avoid Elasticsearch nodes joining the wrong cluster. This is particularly important when development, staging and production environments can find themselves on the same network. 

How to Prevent it from Happening

If you want to change the name of the cluster, then you need to modify the setting in elasticsearch.yml and perform a rolling restart:

cluster.name: myapp-prod

Remember that changing the cluster name will also change the default name of your Elasticsearch log files.

Data Path Should Not Be Default

What Does it Mean?

If you have installed Elasticsearch using zip or tar.gz files, then by default the data directory is a subdirectory of the Elasticsearch home directory. This creates a high risk of potentially deleting your data when upgrading Elasticsearch.

How to Prevent it from Happening

Make sure you set the data and logs directories in elasticsearch.yml to a path separated from your Elasticsearch program files:

path:
  logs: /var/log/elasticsearch
  data: /var/data/elasticsearch

These directories must be writable by the Elasticsearch user.

If you have already created data in the default path, and you want to move the directory, then you should follow the steps in the procedure below.

How to change the data path:

  1. Double check to ensure you have a recent snapshot of all indices on the node

  2. Temporarily stop shard relocation using:

    curl -XPUT localhost:9200/_cluster/settings -d ‘{
            “transient” : {
                “cluster.routing.allocation.enable” : “none”
            }
    }’

  3. Stop the Elasticsearch node.

  4. Move the entire data directory to its new location.

  5. Modify the path in elasticsearch.yml

  6. Start the Elasticsearch node.

Please be extra careful when taking the above steps and make sure they fit your system, as misusing them can lead to loss of production data.

It is recommended to use RPM or Debian packages to avoid this, and other installation issues. RPM and Debian packages by default store data separately from program files.


About Opster

Opster takes a different approach to Elasticsearch operation - Opster pro-actively troubleshoots, optimizes, automates and assists in what's needed to run Elasticsearch smoothly in production.


« Back to Index