EElasticsearch Handbook

UZMAN

Production Checklist

Production'a deploy etmeden önce kontrol edilmesi gereken kritik maddeler.

Kod örneği tercihiBu sayfadaki istemci örneklerini birlikte değiştirir.

Seviye: Uzman — Bu bölüm production deneyimi gerektirir.

Infrastructure ☐ 3+ master nodes ☐ SSD hot tier ☐ Swap disabled ☐ Heap ≤ 30GB ☐ AZ awareness ☐ Disk watermarks ☐ Dedicated network ☐ File descriptors Security ☐ TLS transport+HTTP ☐ API keys per svc ☐ No elastic user ☐ Audit logging ☐ RBAC roles ☐ Key rotation ☐ Network policy Data ☐ Explicit mapping ☐ dynamic: strict ☐ ILM policies ☐ Rollover config ☐ Shard sizing ☐ Index templates ☐ Alias strategy Operations ☐ Daily snapshots ☐ Restore tested ☐ Monitoring cluster ☐ Alerting rules ☐ Slow log enabled ☐ Runbook written ☐ DR plan tested Client ☐ Singleton client ☐ Retry + timeout ☐ Circuit breaker ☐ Bulk batching ☐ Health check ☐ Error logging ☐ Connection pool

Pre-Production Checklist

Kategori Kontrol Durum
Cluster Min 3 dedicated master node
Cluster Rack/AZ awareness aktif
Memory JVM heap = min(30GB, RAM/2)
Memory Swap disabled (bootstrap.memory_lock)
Disk SSD for hot tier
Disk Disk watermark alerts (85%/90%/95%)
Network Dedicated network for transport
Security TLS on transport + HTTP
Security API keys per service (no elastic superuser)
Security Audit logging enabled
Mapping dynamic: strict on all production indices
Mapping No dynamic mapping in prod
ILM Policy per index pattern
ILM Rollover configured
Backup Snapshot repository configured
Backup Daily snapshot + retention
Monitoring Cluster metrics to separate cluster
Monitoring Slow log enabled
Monitoring Alert rules for RED status
Client Connection pool (singleton client)
Client Retry logic + circuit breaker
Client Timeout configured (<30s) 
# Production elasticsearch.yml önerileri
# --- Cluster ---
# cluster.name: prod-search
# node.name: es-data-01
# node.roles: [data_hot, data_content]

# --- Memory ---
# bootstrap.memory_lock: true  (+ systemd LimitMEMLOCK=infinity)
# ES_JAVA_OPTS: -Xms16g -Xmx16g  (heap <= 30GB, <= RAM/2)

# --- Network ---
# network.host: _site_
# discovery.seed_hosts: ["master-01", "master-02", "master-03"]
# cluster.initial_master_nodes: ["master-01", "master-02", "master-03"]

# --- Paths ---
# path.data: /var/data/elasticsearch
# path.logs: /var/log/elasticsearch

# Verify settings
curl -s "http://localhost:9200/_nodes/stats/jvm?pretty" | grep -A5 "heap"
curl -s "http://localhost:9200/_cluster/settings?include_defaults&flat_settings&pretty" | grep "memory_lock"

JVM Heap asla 30GB'ı geçmesin! 30GB üzerinde JVM compressed oops devre dışı kalır ve memory efficiency dramatik düşer. 64GB RAM'li makinede: 30GB heap + 34GB filesystem cache (Lucene segments için) ideal.

Production Docker Compose (3-Node Cluster)

docker-compose.prod.yml (3 master-eligible data nodes) 
# docker-compose.prod.yml — 3-node ES cluster (staging/small-prod)
# ⚠️ Aşağıdaki ELASTIC_PASSWORD değerlerini MUTLAKA değiştirin!
# Production'da: Docker secrets, HashiCorp Vault, veya CI/CD env injection kullanın.
# Örnek: docker secret create es_password ./password.txt
#         environment: ELASTIC_PASSWORD_FILE=/run/secrets/es_password
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:9.4.2
    container_name: es01
    environment:
      - node.name=es01
      - node.roles=master,data_hot,data_content
      - cluster.name=prod-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - ES_JAVA_OPTS=-Xms16g -Xmx16g
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=changeme-strong-password
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
    ulimits:
      memlock: { soft: -1, hard: -1 }
      nofile: { soft: 65536, hard: 65536 }
    volumes:
      - es01-data:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"
    mem_limit: 34g
    healthcheck:
      test: ["CMD-SHELL", "curl -s -u elastic:changeme-strong-password http://localhost:9200/_cluster/health | grep -q green"]
      interval: 30s
      timeout: 10s
      retries: 5
    networks:
      - elastic

  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:9.4.2
    container_name: es02
    environment:
      - node.name=es02
      - node.roles=master,data_hot,data_content
      - cluster.name=prod-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - ES_JAVA_OPTS=-Xms16g -Xmx16g
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=changeme-strong-password
      - xpack.security.transport.ssl.enabled=true
    ulimits:
      memlock: { soft: -1, hard: -1 }
      nofile: { soft: 65536, hard: 65536 }
    volumes:
      - es02-data:/usr/share/elasticsearch/data
    mem_limit: 34g
    networks:
      - elastic

  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:9.4.2
    container_name: es03
    environment:
      - node.name=es03
      - node.roles=master,data_hot,data_content
      - cluster.name=prod-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - ES_JAVA_OPTS=-Xms16g -Xmx16g
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=changeme-strong-password
      - xpack.security.transport.ssl.enabled=true
    ulimits:
      memlock: { soft: -1, hard: -1 }
      nofile: { soft: 65536, hard: 65536 }
    volumes:
      - es03-data:/usr/share/elasticsearch/data
    mem_limit: 34g
    networks:
      - elastic

  kibana:
    image: docker.elastic.co/kibana/kibana:9.4.2
    container_name: kibana
    environment:
      - ELASTICSEARCH_HOSTS=http://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=changeme-strong-password
    ports:
      - "5601:5601"
    depends_on:
      es01: { condition: service_healthy }
    networks:
      - elastic

volumes:
  es01-data:
  es02-data:
  es03-data:

networks:
  elastic:
    driver: bridge