Skip to content

Adds instructions for installing other 9.x versions #2426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Aug 12, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion deploy-manage/deploy/self-managed/_snippets/wolfi.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,21 @@ To use the Wolfi image, append `-wolfi` to the image tag in the Docker command.

For example:

::::{tab-set}
:group: docker
:::{tab-item} Latest
:sync: latest
```sh subs=true
docker pull docker.elastic.co/elasticsearch/elasticsearch-wolfi:{{version.stack}}
```
```
:::

:::{tab-item} Specific version
:sync: specific
```sh subs=true
docker pull docker.elastic.co/elasticsearch/elasticsearch-wolfi:<SPECIFIC.VERSION.NUMBER>
```
You can download and install a specific version of the {{stack}} by replacing `<SPECIFIC.VERSION.NUMBER>` with the version number you want. For example, you can replace `<SPECIFIC.VERSION.NUMBER>` with {{version.stack.base}}.
:::

::::
161 changes: 158 additions & 3 deletions deploy-manage/deploy/self-managed/air-gapped-install.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,13 @@ Besides setting up the EPR service, you also need to [configure {{kib}}](/deploy

### Additional {{package-registry}} examples

:::{dropdown} Script to generate a SystemD service file on a RHEL 8 system
:::::{dropdown} Script to generate a SystemD service file on a RHEL 8 system

The following script generates a SystemD service file on a RHEL 8 system in order to run EPR with Podman in a production environment.

::::{tab-set}

:::{tab-item} Latest
```sh subs=true
#!/usr/bin/env bash

Expand All @@ -115,10 +118,42 @@ podman create \
```
:::

:::{dropdown} SystemD service file launched as a Podman service
:::{tab-item} Specific version
Replace `<SPECIFIC.VERSION.NUMBER>` with the {{stack}} version number you want. For example, you can replace `<SPECIFIC.VERSION.NUMBER>` with {{version.stack.base}}.
```sh subs=true
#!/usr/bin/env bash

EPR_BIND_ADDRESS="0.0.0.0"
EPR_BIND_PORT="8443"
EPR_TLS_CERT="/etc/elastic/epr/epr.pem"
EPR_TLS_KEY="/etc/elastic/epr/epr-key.pem"
EPR_IMAGE="docker.elastic.co/package-registry/distribution:<SPECIFIC.VERSION.NUMBER>"

podman create \
--name "elastic-epr" \
-p "$EPR_BIND_ADDRESS:$EPR_BIND_PORT:$EPR_BIND_PORT" \
-v "$EPR_TLS_CERT:/etc/ssl/epr.crt:ro" \
-v "$EPR_TLS_KEY:/etc/ssl/epr.key:ro" \
-e "EPR_ADDRESS=0.0.0.0:$EPR_BIND_PORT" \
-e "EPR_TLS_CERT=/etc/ssl/epr.crt" \
-e "EPR_TLS_KEY=/etc/ssl/epr.key" \
"$EPR_IMAGE"

## creates service file in the root directory
# podman generate systemd --new --files --name elastic-epr --restart-policy always
```
:::
::::

:::::

:::::{dropdown} SystemD service file launched as a Podman service

The following is an example of an actual SystemD service file for an EPR, launched as a Podman service.

::::{tab-set}

:::{tab-item} Latest
```ini subs=true
# container-elastic-epr.service
# autogenerated by Podman 4.1.1
Expand Down Expand Up @@ -160,6 +195,52 @@ WantedBy=default.target
```
:::

::::::{tab-item} Specific version
Replace `<SPECIFIC.VERSION.NUMBER>` with the {{stack}} version number you want. For example, you can replace `<SPECIFIC.VERSION.NUMBER>` with {{version.stack.base}}.
```ini subs=true
# container-elastic-epr.service
# autogenerated by Podman 4.1.1
# Wed Oct 19 13:12:33 UTC 2022

[Unit]
Description=Podman container-elastic-epr.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=always
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d \
--replace \
--name elastic-epr \
-p 0.0.0.0:8443:8443 \
-v /etc/elastic/epr/epr.pem:/etc/ssl/epr.crt:ro \
-v /etc/elastic/epr/epr-key.pem:/etc/ssl/epr.key:ro \
-e EPR_ADDRESS=0.0.0.0:8443 \
-e EPR_TLS_CERT=/etc/ssl/epr.crt \
-e EPR_TLS_KEY=/etc/ssl/epr.key docker.elastic.co/package-registry/distribution:<SPECIFIC.VERSION.NUMBER>
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all

[Install]
WantedBy=default.target
```
:::
::::

:::::

## {{artifact-registry}} [air-gapped-elastic-artifact-registry]

Air-gapped install of the {{artifact-registry}} is necessary in order to enable {{agent}} deployments to perform self-upgrades and install certain components which are needed for some of the data integrations (that is, in addition to what is also retrieved from the EPR). To learn more, refer to [Host your own artifact registry for binary downloads](/reference/fleet/air-gapped.md#host-artifact-registry) in the {{fleet}} and {{elastic-agent}} Guide.
Expand All @@ -170,10 +251,13 @@ When setting up own web server, such as NGINX, to function as the {{artifact-reg

### Additional {{artifact-registry}} examples

:::{dropdown} Artifact download script
:::::{dropdown} Artifact download script

The following example script downloads artifacts from the internet to be later served as a private Elastic Package Registry.

::::{tab-set}

:::{tab-item} Latest
```sh subs=true
#!/usr/bin/env bash
set -o nounset -o errexit -o pipefail
Expand Down Expand Up @@ -241,6 +325,77 @@ done
```
:::

::::::{tab-item} Specific version
Replace `<SPECIFIC.VERSION.NUMBER>` with the {{stack}} version number you want. For example, you can replace `<SPECIFIC.VERSION.NUMBER>` with {{version.stack.base}}.
```sh subs=true
#!/usr/bin/env bash
set -o nounset -o errexit -o pipefail

STACK_VERSION=<SPECIFIC.VERSION.NUMBER>
ARTIFACT_DOWNLOADS_BASE_URL=https://artifacts.elastic.co/downloads

DOWNLOAD_BASE_DIR=${DOWNLOAD_BASE_DIR:?"Make sure to set DOWNLOAD_BASE_DIR when running this script"}

COMMON_PACKAGE_PREFIXES="apm-server/apm-server beats/auditbeat/auditbeat beats/elastic-agent/elastic-agent beats/filebeat/filebeat beats/heartbeat/heartbeat beats/metricbeat/metricbeat beats/osquerybeat/osquerybeat beats/packetbeat/packetbeat cloudbeat/cloudbeat endpoint-dev/endpoint-security fleet-server/fleet-server"

WIN_ONLY_PACKAGE_PREFIXES="beats/winlogbeat/winlogbeat"

RPM_PACKAGES="beats/elastic-agent/elastic-agent"
DEB_PACKAGES="beats/elastic-agent/elastic-agent"

function download_packages() {
local url_suffix="$1"
local package_prefixes="$2"

local _url_suffixes="$url_suffix ${url_suffix}.sha512 ${url_suffix}.asc"
local _pkg_dir=""
local _dl_url=""

for _download_prefix in $package_prefixes; do
for _pkg_url_suffix in $_url_suffixes; do
_pkg_dir=$(dirname ${DOWNLOAD_BASE_DIR}/${_download_prefix})
_dl_url="${ARTIFACT_DOWNLOADS_BASE_URL}/${_download_prefix}-${_pkg_url_suffix}"
(mkdir -p $_pkg_dir && cd $_pkg_dir && curl -O "$_dl_url")
done
done
}

# and we download
for _os in linux windows; do
case "$_os" in
linux)
PKG_URL_SUFFIX="${STACK_VERSION}-${_os}-x86_64.tar.gz"
;;
windows)
PKG_URL_SUFFIX="${STACK_VERSION}-${_os}-x86_64.zip"
;;
*)
echo "[ERROR] Something happened"
exit 1
;;
esac

download_packages "$PKG_URL_SUFFIX" "$COMMON_PACKAGE_PREFIXES"

if [[ "$_os" = "windows" ]]; then
download_packages "$PKG_URL_SUFFIX" "$WIN_ONLY_PACKAGE_PREFIXES"
fi

if [[ "$_os" = "linux" ]]; then
download_packages "${STACK_VERSION}-x86_64.rpm" "$RPM_PACKAGES"
download_packages "${STACK_VERSION}-amd64.deb" "$DEB_PACKAGES"
fi
done


## selinux tweaks
# semanage fcontext -a -t "httpd_sys_content_t" '/opt/elastic-packages(/.*)?'
# restorecon -Rv /opt/elastic-packages
```
:::
::::
:::::

:::{dropdown} NGINX config for private {{artifact-registry}} web server
The following is an example NGINX configuration for running a web server for the {{artifact-registry}}.

Expand Down
Loading
Loading