The following steps describe how to create an instance group with virtual machines on Google Compute Engine in preparation for installing Elastic Cloud Enterprise.
To learn more about the concepts used in this section, check Google Cloud Platform Documentation.
To set up your GCP instance group with virtual machines:
- Log into the Google Cloud Platform console.
Create an instance template:
- Under Instance Templates, select CREATE INSTANCE TEMPLATE and name your template.
- Select a machine type, one of the supported Linux distributions as the boot disk, and specify enough storage. Make sure that the template meets the prerequisites for Elastic Cloud Enterprise.
- Set the Firewall to allow both HTTP and HTTPS access.
- On the Networking tab, set IP forwarding to on.
- On the SSH keys tab, add your public SSH key.
- Select Create:
Add a firewall rule:
- Under Instance Templates, select the name of the new template and under Network, select default.
Select Add firewall rule, then Allow from any source (0.0.0.0/0). Enter the following allowed protocols and ports:
tcp:7000; tcp:12375; tcp:12400; tcp:12443; tcp:22191-22195; tcp:12191-12301; tcp:12898-12908; tcp:13898-13908; tcp:2112; tcp:18000-20000; tcp:9200; tcp:9243; tcp:9300; tcp:9343; tcp:9400;
- Select Create:
- NOTE: While these firewall rules make it easy for you to get started with your deployment, we recommend locking down your production infrastructure. Firewall rules need to be adapted to your environment. While all of the ports of the preceding list need to be open for internal communication, only ports 12443 (ECE Cloud UI) and 9243 (Elasticsearch) need to be exposed to the outside world.
Create an instance group:
- Return to the Compute Engine panel through the Products & services menu.
- Select the Instance groups panel, then Create instance group, and name your group.
- Under Location, select Multi-zone and select a region.
Select Specify port name mapping and add port 9243, which is the port used by Kibana and Elasticsearch for HTTPS access.
If you are using a load balancer or firewall, consider adding port 443. To add a port, select Add item. On each host in the Elastic Cloud Enterprise cluster, run
sudo iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 9243.
- Select the instance template you created earlier.
- Specify the number of instances to create. For high availability, select at least three instances. These instances are placed into separate zones. Check the various deployment options for how many instances you might need to bring up a production Elastic Cloud Enterprise installation.
Creating the instance group can take a few minutes. After the instances have been created, they appear under VM instances.
Add a disk to use with XFS to each instance:
We recommend that you add disks with a minimum of 100GB of storage each to avoid performance bottlenecks due to GCP IOPS provisioning. To learn more about how increasing your persistent disk size on GCP also increases IOPS and throughput, check Optimizing Persistent Disk and Local SSD Performance. If you use XFS, you must use XFS on all allocators.
- Under VM instances, select one of the instances and choose EDIT.
- Under Additional disk, select to add an item and then select the Name dropdown to create a new disk.
Name your disk. If you plan to use the configuration script in a subsequent step, make sure that the additional disks are named
esdata-2, and so forth.
- Specify the storage type you need for your type of workload.
- Create a blank disk by selecting None (blank disk) for the source type.
- Select Create to create the new disks.
Select Save to add the new disk to your instance.
Don’t forget to save your updated instance after adding the disk to make sure it is available for use. You will set up XFS when you configure the instances.
- Repeat these steps until you have added disks to all instances.
- Configure the new instances with a user ID that has sudo permission.
When your Google Compute Engine virtual machines are up and running, you can connect to them and install Elastic Cloud Enterprise. Afterwards, add your load balancer. To learn more about load balancing that is available with GCP, check Google Cloud Load Balancing.
GCP load balanceredit
The following steps show you how to configure HTTPS load balancing for your instance group on GCP. Elastic Cloud Enterprise is designed to be used in conjunction with at least one load balancer.
These steps require that you already have a signed SSL certificate that you can use with a wildcard DNS certificate.
To set up a load balancer with GCP:
- Log into the Google Cloud Platform console.
- Go to the Networking panel through the Products & services menu and select Load balancing.
- Select Create load balancer and select Start configuration under HTTP(S) Load Balancing.
- Name your new load balancer.
Configure the backend service:
- Select Backend Configuration and then select Create a new backend service.
- Name the new service and under New Backend select the instance group you created earlier.
- When prompted, select USE EXISTING PORT NAME.
- Under Health Check, select the dropdown menu to create a health check:
- Set the port to 9200 and leave the other fields at their defaults.
- Select Save and continue.
Set the host and path rules:
- Under Backends, select the backend you just configured.
Configure the frontend:
- Select Frontend Configuration, set the protocol to HTTTPS, and for the IP select to Create IP address.
- When prompted, name the new static IP address and select RESERVE.
- Under Certificate, select Create a new certificate.
- Name the new certificate and upload your wild card certificate details, then select Create.
Select Create to create the new load balancer:
Creating the load balancer takes a few moments.
Next steps: If you use a wildcard DNS record, update the record to point to the IP address of the load balancer. The IP address can be found on the Load balancing tab when you select the load balancer you just created.
With a load balancer, connecting to your Elasticsearch and Kibana endpoints might require you to omit the port number from the endpoint URL. For example, if the endpoint shown for Elasticsearch is
https://32807b51a8f34832935d52393.mydomain.com:9243, you might need to connect to the cluster at