Elasticsearch Dangerous Default Settings


Elasticsearch Dangerous Default Settings

Opster Team

Nov 2020


In addition to reading this guide, run the Elasticsearch Health Check-Up. Detect problems and improve performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and many more.
Free tool that requires no installation with +1000 users.

Cluster Name is Default ‘elasticsearch’

Bellow, you find a review of two dangerous default settings in Elasticsearch: Cluster Name and Data Path.

What Does it Mean?

It is important to change the name of the cluster in elasticsearch.yml to avoid Elasticsearch nodes joining the wrong cluster. This is particularly important when development, staging and production environments can find themselves on the same network. 

How to Prevent it from Happening

If you want to change the name of the cluster, then you need to modify the setting in elasticsearch.yml and perform a rolling restart:

cluster.name: myapp-prod

Remember that changing the cluster name will also change the default name of your Elasticsearch log files.

Data Path Should Not Be Default

What Does it Mean?

If you have installed Elasticsearch using zip or tar.gz files, then by default the data directory is a subdirectory of the Elasticsearch home directory. This creates a high risk of potentially deleting your data when upgrading Elasticsearch.

How to Prevent it from Happening

Make sure you set the data and logs directories in elasticsearch.yml to a path separated from your Elasticsearch program files:

path:
  logs: /var/log/elasticsearch
  data: /var/data/elasticsearch

These directories must be writable by the Elasticsearch user.

If you have already created data in the default path, and you want to move the directory, then you should follow the steps in the procedure below.

How to change the data path:

  1. Double check to ensure you have a recent snapshot of all indices on the node

  2. Temporarily stop shard relocation using:

    curl -XPUT localhost:9200/_cluster/settings -d ‘{
            “transient” : {
                “cluster.routing.allocation.enable” : “none”
            }
    }’

  3. Stop the Elasticsearch node.

  4. Move the entire data directory to its new location.

  5. Modify the path in elasticsearch.yml

  6. Start the Elasticsearch node.

Please be extra careful when taking the above steps and make sure they fit your system, as misusing them can lead to loss of production data.

It is recommended to use RPM or Debian packages to avoid this, and other installation issues. RPM and Debian packages by default store data separately from program files.





Improve Elasticsearch Performance

Run The Analysis