Add tabs to remaining Elasticsearch install content

yetanothertw · yetanothertw · commit 0fa0734ffcf7 · 2025-08-06T18:14:53.000+01:00
diff --git a/deploy-manage/deploy/self-managed/air-gapped-install.md b/deploy-manage/deploy/self-managed/air-gapped-install.md
@@ -87,10 +87,13 @@ Besides setting up the EPR service, you also need to [configure {{kib}}](/deploy
 
 ### Additional {{package-registry}} examples
 
-:::{dropdown} Script to generate a SystemD service file on a RHEL 8 system
+:::::{dropdown} Script to generate a SystemD service file on a RHEL 8 system
 
 The following script generates a SystemD service file on a RHEL 8 system in order to run EPR with Podman in a production environment.
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```sh subs=true
 #!/usr/bin/env bash
 
@@ -115,10 +118,42 @@ podman create \
 ```
 :::
 
-:::{dropdown} SystemD service file launched as a Podman service
+:::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+#!/usr/bin/env bash
+
+EPR_BIND_ADDRESS="0.0.0.0"
+EPR_BIND_PORT="8443"
+EPR_TLS_CERT="/etc/elastic/epr/epr.pem"
+EPR_TLS_KEY="/etc/elastic/epr/epr-key.pem"
+EPR_IMAGE="docker.elastic.co/package-registry/distribution:<specific.version>"
+
+podman create \
+  --name "elastic-epr" \
+  -p "$EPR_BIND_ADDRESS:$EPR_BIND_PORT:$EPR_BIND_PORT" \
+  -v "$EPR_TLS_CERT:/etc/ssl/epr.crt:ro" \
+  -v "$EPR_TLS_KEY:/etc/ssl/epr.key:ro" \
+  -e "EPR_ADDRESS=0.0.0.0:$EPR_BIND_PORT" \
+  -e "EPR_TLS_CERT=/etc/ssl/epr.crt" \
+  -e "EPR_TLS_KEY=/etc/ssl/epr.key" \
+  "$EPR_IMAGE"
+
+## creates service file in the root directory
+# podman generate systemd --new --files --name elastic-epr --restart-policy always
+```
+:::
+::::
+
+:::::
+
+:::::{dropdown} SystemD service file launched as a Podman service
 
 The following is an example of an actual SystemD service file for an EPR, launched as a Podman service.
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```ini subs=true
 # container-elastic-epr.service
 # autogenerated by Podman 4.1.1
@@ -160,6 +195,52 @@ WantedBy=default.target
 ```
 :::
 
+::::::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```ini subs=true
+# container-elastic-epr.service
+# autogenerated by Podman 4.1.1
+# Wed Oct 19 13:12:33 UTC 2022
+
+[Unit]
+Description=Podman container-elastic-epr.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+  --cidfile=%t/%n.ctr-id \
+  --cgroups=no-conmon \
+  --rm \
+  --sdnotify=conmon \
+  -d \
+  --replace \
+  --name elastic-epr \
+  -p 0.0.0.0:8443:8443 \
+  -v /etc/elastic/epr/epr.pem:/etc/ssl/epr.crt:ro \
+  -v /etc/elastic/epr/epr-key.pem:/etc/ssl/epr.key:ro \
+  -e EPR_ADDRESS=0.0.0.0:8443 \
+  -e EPR_TLS_CERT=/etc/ssl/epr.crt \
+  -e EPR_TLS_KEY=/etc/ssl/epr.key docker.elastic.co/package-registry/distribution:<specific.version>
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
+```
+:::
+::::
+
+:::::
+
 ## {{artifact-registry}} [air-gapped-elastic-artifact-registry]
 
 Air-gapped install of the {{artifact-registry}} is necessary in order to enable {{agent}} deployments to perform self-upgrades and install certain components which are needed for some of the data integrations (that is, in addition to what is also retrieved from the EPR). To learn more, refer to [Host your own artifact registry for binary downloads](/reference/fleet/air-gapped.md#host-artifact-registry) in the {{fleet}} and {{elastic-agent}} Guide.
@@ -170,10 +251,13 @@ When setting up own web server, such as NGINX, to function as the {{artifact-reg
 
 ### Additional {{artifact-registry}} examples
 
-:::{dropdown} Artifact download script
+:::::{dropdown} Artifact download script
 
 The following example script downloads artifacts from the internet to be later served as a private Elastic Package Registry.
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```sh subs=true
 #!/usr/bin/env bash
 set -o nounset -o errexit -o pipefail
@@ -241,6 +325,77 @@ done
 ```
 :::
 
+::::::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+#!/usr/bin/env bash
+set -o nounset -o errexit -o pipefail
+
+STACK_VERSION=<specific.version>
+ARTIFACT_DOWNLOADS_BASE_URL=https://artifacts.elastic.co/downloads
+
+DOWNLOAD_BASE_DIR=${DOWNLOAD_BASE_DIR:?"Make sure to set DOWNLOAD_BASE_DIR when running this script"}
+
+COMMON_PACKAGE_PREFIXES="apm-server/apm-server beats/auditbeat/auditbeat beats/elastic-agent/elastic-agent beats/filebeat/filebeat beats/heartbeat/heartbeat beats/metricbeat/metricbeat beats/osquerybeat/osquerybeat beats/packetbeat/packetbeat cloudbeat/cloudbeat endpoint-dev/endpoint-security fleet-server/fleet-server"
+
+WIN_ONLY_PACKAGE_PREFIXES="beats/winlogbeat/winlogbeat"
+
+RPM_PACKAGES="beats/elastic-agent/elastic-agent"
+DEB_PACKAGES="beats/elastic-agent/elastic-agent"
+
+function download_packages() {
+  local url_suffix="$1"
+  local package_prefixes="$2"
+
+  local _url_suffixes="$url_suffix ${url_suffix}.sha512 ${url_suffix}.asc"
+  local _pkg_dir=""
+  local _dl_url=""
+
+  for _download_prefix in $package_prefixes; do
+    for _pkg_url_suffix in $_url_suffixes; do
+          _pkg_dir=$(dirname ${DOWNLOAD_BASE_DIR}/${_download_prefix})
+          _dl_url="${ARTIFACT_DOWNLOADS_BASE_URL}/${_download_prefix}-${_pkg_url_suffix}"
+          (mkdir -p $_pkg_dir && cd $_pkg_dir && curl -O "$_dl_url")
+    done
+  done
+}
+
+# and we download
+for _os in linux windows; do
+  case "$_os" in
+    linux)
+      PKG_URL_SUFFIX="${STACK_VERSION}-${_os}-x86_64.tar.gz"
+      ;;
+    windows)
+      PKG_URL_SUFFIX="${STACK_VERSION}-${_os}-x86_64.zip"
+      ;;
+    *)
+      echo "[ERROR] Something happened"
+      exit 1
+      ;;
+  esac
+
+  download_packages "$PKG_URL_SUFFIX" "$COMMON_PACKAGE_PREFIXES"
+
+  if [[ "$_os" = "windows" ]]; then
+    download_packages "$PKG_URL_SUFFIX" "$WIN_ONLY_PACKAGE_PREFIXES"
+  fi
+
+  if [[ "$_os" = "linux" ]]; then
+    download_packages "${STACK_VERSION}-x86_64.rpm" "$RPM_PACKAGES"
+    download_packages "${STACK_VERSION}-amd64.deb" "$DEB_PACKAGES"
+  fi
+done
+
+
+## selinux tweaks
+# semanage fcontext -a -t "httpd_sys_content_t" '/opt/elastic-packages(/.*)?'
+# restorecon -Rv /opt/elastic-packages
+```
+:::
+::::
+:::::
+
 :::{dropdown} NGINX config for private {{artifact-registry}} web server
 The following is an example NGINX configuration for running a web server for the {{artifact-registry}}.
 
diff --git a/deploy-manage/deploy/self-managed/install-elasticsearch-docker-compose.md b/deploy-manage/deploy/self-managed/install-elasticsearch-docker-compose.md
@@ -39,14 +39,29 @@ Use Docker Compose to start a three-node {{es}} cluster with {{kib}}. Docker Com
     ...
     ```
 
-5. In the `.env` file, set `STACK_VERSION` to the current {{stack}} version.
+5. Edit the `.env` file to set the `STACK_VERSION`:
 
+    ::::{tab-set}
+
+    :::{tab-item} Latest
+    Set the stack version to the current {{es}} {{version.stack}} version. 
     ```txt subs=true
     ...
     # Version of Elastic products
     STACK_VERSION={{version.stack}}
     ...
     ```
+    :::
+
+    :::{tab-item} Specific version
+    Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+    ```txt subs=true
+    ...
+    # Version of Elastic products
+    STACK_VERSION=<specific.version>
+    ...
+    :::
+    ::::
 
 6. By default, the Docker Compose configuration exposes port `9200` on all network interfaces.
 
diff --git a/deploy-manage/deploy/self-managed/install-elasticsearch-docker-configure.md b/deploy-manage/deploy/self-managed/install-elasticsearch-docker-configure.md
@@ -63,15 +63,33 @@ To encrypt your secure settings with a password and have them persist outside th
 
 For example:
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```sh subs=true
 docker run -it --rm \
 -v full_path_to/config:/usr/share/elasticsearch/config \
 docker.elastic.co/elasticsearch/elasticsearch:{{version.stack}} \
 bin/elasticsearch-keystore create -p
 ```
+:::
+
+:::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+docker run -it --rm \
+-v full_path_to/config:/usr/share/elasticsearch/config \
+docker.elastic.co/elasticsearch/elasticsearch:<specific.version> \
+bin/elasticsearch-keystore create -p
+```
+:::
+::::
 
 You can also use a `docker run` command to add or update secure settings in the keystore. You’ll be prompted to enter the setting values. If the keystore is encrypted, you’ll also be prompted to enter the keystore password.
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```sh subs=true
 docker run -it --rm \
 -v full_path_to/config:/usr/share/elasticsearch/config \
@@ -80,6 +98,20 @@ bin/elasticsearch-keystore \
 add my.secure.setting \
 my.other.secure.setting
 ```
+:::
+
+:::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+docker run -it --rm \
+-v full_path_to/config:/usr/share/elasticsearch/config \
+docker.elastic.co/elasticsearch/elasticsearch:<specific.version> \
+bin/elasticsearch-keystore \
+add my.secure.setting \
+my.other.secure.setting
+```
+:::
+::::
 
 If you’ve already created the keystore and don’t need to update it, you can bind-mount the `elasticsearch.keystore` file directly. You can use the `KEYSTORE_PASSWORD` environment variable to provide the keystore password to the container at startup. For example, a `docker run` command might have the following options:
 
@@ -93,10 +125,23 @@ If you’ve already created the keystore and don’t need to update it, you can
 
 In some environments, it might make more sense to prepare a custom image that contains your configuration. A `Dockerfile` to achieve this might be as simple as:
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```sh subs=true
 FROM docker.elastic.co/elasticsearch/elasticsearch:{{version.stack}}
 COPY --chown=elasticsearch:elasticsearch elasticsearch.yml /usr/share/elasticsearch/config/
 ```
+:::
+
+:::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+FROM docker.elastic.co/elasticsearch/elasticsearch:<specific.version>
+COPY --chown=elasticsearch:elasticsearch elasticsearch.yml /usr/share/elasticsearch/config/
+```
+:::
+::::
 
 You could then build and run the image with:
 
diff --git a/deploy-manage/deploy/self-managed/install-elasticsearch-docker-prod.md b/deploy-manage/deploy/self-managed/install-elasticsearch-docker-prod.md
@@ -131,9 +131,21 @@ Increased ulimits for [nofile](setting-system-settings.md) and [nproc](/deploy-m
 
 To check the Docker daemon defaults for ulimits, run:
 
+::::{tab-set}
+
+    :::{tab-item} Latest
 ```sh subs=true
 docker run --rm docker.elastic.co/elasticsearch/elasticsearch:{{version.stack}} /bin/bash -c 'ulimit -Hn && ulimit -Sn && ulimit -Hu && ulimit -Su'
 ```
+:::
+
+:::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+docker run --rm docker.elastic.co/elasticsearch/elasticsearch:<specific.version> /bin/bash -c 'ulimit -Hn && ulimit -Sn && ulimit -Hu && ulimit -Su'
+```
+:::
+::::
 
 If needed, adjust them in the Daemon or override them per container. For example, when using `docker run`, set:
 
@@ -166,9 +178,21 @@ To manually set the heap size in production, bind mount a [JVM options](elastics
 
 For testing, you can also manually set the heap size using the `ES_JAVA_OPTS` environment variable. For example, to use 1GB, use the following command.
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```sh subs=true
 docker run -e ES_JAVA_OPTS="-Xms1g -Xmx1g" -e ENROLLMENT_TOKEN="<token>" --name es01 -p 9200:9200 --net elastic -it docker.elastic.co/elasticsearch/elasticsearch:{{version.stack}}
 ```
+:::
+
+:::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+docker run -e ES_JAVA_OPTS="-Xms1g -Xmx1g" -e ENROLLMENT_TOKEN="<token>" --name es01 -p 9200:9200 --net elastic -it docker.elastic.co/elasticsearch/elasticsearch:<specific.version>
+```
+:::
+::::
 
 The `ES_JAVA_OPTS` variable overrides all other JVM options. We do not recommend using `ES_JAVA_OPTS` in production.
 
@@ -177,9 +201,21 @@ The `ES_JAVA_OPTS` variable overrides all other JVM options. We do not recommend
 
 Pin your deployments to a specific version of the {{es}} Docker image. For example:
 
+::::{tab-set}
+
+:::{tab-item} Latest
 ```sh subs=true
 docker.elastic.co/elasticsearch/elasticsearch:{{version.stack}}
 ```
+:::
+
+:::{tab-item} Specific version
+Replace `<specific.version>` with the {{es}} version number you want. For example, you can replace `<specific.version>` with {{version.stack.base}}.
+```sh subs=true
+docker.elastic.co/elasticsearch/elasticsearch:<specific.version>
+```
+:::
+::::
 
 
 ## Always bind data volumes [_always_bind_data_volumes]
