This section applies to you if you want to install Elastic Cloud Enterprise on hosts without internet access and you do not have a private Docker registry server of your own.
Installing ECE on hosts without internet access is commonly referred to as an offline or air-gapped installation. Installing offline requires that you first download the installation images and installation script from Elastic and load them on your hosts before starting the installation process. If you plan to use one, you should also have set up your wildcard DNS record already.
If you plan to use your own private Docker registry server during offline installation, follow the instructions in Install ECE Without Internet Access instead. Installation on multiple hosts with your own registry server is simpler, because you do not have to load the Docker images on each host.
Before you beginedit
To run the installation script, a user must be part of the
docker group. You should not install Elastic Cloud Enterprise as the
Some additional requirements also apply to offline installations:
The Elasticsearch and Kibana images that you use during the installation process must be prepared to work with Elastic Cloud Enterprise. All images from
docker.elastic.co/cloud-enterpriseare suitable. You must not try to substitute other images, unless guided by someone from Elastic.
- The Elasticsearch and Kibana images you use must be compatible with each other. For versions before 5.0, refer to the Support Matrix to see which versions of can be used together. For version 5.0 and later, the versioning of Elasticsearch and Kibana is synchronized and versions where the major, minor, and patch levels match can be used together. Differences in build versions indicated by a dash do not affect compatibility. For example, Elasticsearch 5.1.2-2 can be used with Kibana 5.1.2.
Pull and load the Docker imagesedit
To pull and load the Docker images required for installation without a private Docker registry:
On an internet-connected host, pull the Docker images. For a list of images that are available, see Available Docker Images.
For example, for Elastic Cloud Enterprise 2.5.1 and the Elastic Stack versions it shipped with, you need:
- Elastic Cloud Enterprise 2.5.1
- Elasticsearch 7.7.0-0, Kibana 7.7.0-0, and APM 7.7.0-0
- Elasticsearch 6.8.9-0 and Kibana 6.8.9-0
To pull the Docker images:
docker pull docker.elastic.co/cloud-enterprise/elastic-cloud-enterprise:2.5.1 docker pull docker.elastic.co/cloud-assets/elasticsearch:7.7.0-0 docker pull docker.elastic.co/cloud-assets/kibana:7.7.0-0 docker pull docker.elastic.co/cloud-assets/apm:7.7.0-0 docker pull docker.elastic.co/cloud-assets/elasticsearch:6.8.9-0 docker pull docker.elastic.co/cloud-assets/kibana:6.8.9-0
Create .tar files of the images:
docker save -o ece.2.5.1.tar docker.elastic.co/cloud-enterprise/elastic-cloud-enterprise:2.5.1 docker save -o es.7.7.0-0.tar docker.elastic.co/cloud-assets/elasticsearch:7.7.0-0 docker save -o kibana.7.7.0-0.tar docker.elastic.co/cloud-assets/kibana:7.7.0-0 docker save -o apm:7.7.0-0.tar docker.elastic.co/cloud-assets/apm:7.7.0-0 docker save -o es.6.8.9-0.tar docker.elastic.co/cloud-assets/elasticsearch:6.8.9-0 docker save -o kibana.6.8.9-0.tar docker.elastic.co/cloud-assets/kibana:6.8.9-0
- Copy the .tar files to a location on your network where they are available to each host where you plan to install Elastic Cloud Enterprise. Alternatively, you can copy the .tar files to each host directly.
On each host, load the images into Docker, replacing
FILE_PATHwith the correct path to the .tar files:
docker load < FILE_PATH/ece.2.5.1.tar docker load < FILE_PATH/es.7.7.0-0.tar docker load < FILE_PATH/kibana.7.7.0-0.tar docker load < FILE_PATH/apm.7.7.0-0.tar docker load < FILE_PATH/es.6.8.9-0.tar docker load < FILE_PATH/kibana.6.8.9-0.tar
- Optional: Remove the .tar files after installation.
Perform the offline installationedit
You start setting up a new Elastic Cloud Enterprise installation by installing the software on your first host. This first host becomes the initial coordinator and provides access to the Cloud UI, where you can manage your installation. You then install Elastic Cloud Enterprise on additional hosts to add them as resources to an existing installation.
In an offline installation without a private Docker registry, the Elastic Cloud Enterprise installation script requires that you have loaded the installation images into Docker on each host already.
Setting up a production system? Don’t forget to take a look at the examples in our Playbook for Production. The playbook provides sample installation commands that are tailored to different deployment sizes and high availability.
To perform an offline installation without a private Docker registry:
On an internet-connected host, download the installation script:
curl -L -O https://download.elastic.co/cloud/elastic-cloud-enterprise.sh
- Copy the installation script to each host where you plan to install Elastic Cloud Enterprise or make it available on your network.
Invoke the installation script on each host:
On the first host:
bash elastic-cloud-enterprise.sh install
On additional hosts, include the
--roles-token 'TOKEN'parameters provided to you when you installed on the first host:
bash elastic-cloud-enterprise.sh install --coordinator-host HOST_IP --roles-token 'TOKEN'
If you are creating a larger Elastic Cloud Enterprise installation:
Make your installation fault tolerant or highly available by determining the failure domain for each host and using the
--availability-zone ZONE_NAMEparameter to specify the name of an availability zone. For production systems, hosts should go into three different availability zones. For example, including the parameter
--availability-zone ece-zone-1cwhen you install on additional hosts will assign each host to availability zone
To simplify the steps for assigning roles so that you do not have to change the roles in the Cloud UI later on, include the
--rolesparameter. For example, to bring up additional allocators to scale out your installation, specify the
--roles "allocator"parameter. You do need to generate a roles token that has the right permissions for this to work; the token generated during the installation on the first host will not suffice.
- Make your installation fault tolerant or highly available by determining the failure domain for each host and using the
After installation completes, additional hosts come online as runners with some roles assigned to them already. If you did not specify additional roles with the
--roles parameter, you can assign new roles to nodes in the Cloud UI later.