Introduction

In a perfect world, a node or cluster would run flawlessly for as long as was needed; however, most users will occasionally need to shut down or restart Elasticsearch for maintenance or other purposes. It’s important to shut down Elastisearch in an orderly fashion to ensure that any outstanding resources are closed and that proper cleanup occurs. For example, during a clean shutdown, a node will perform certain tasks like removing itself from the cluster and syncing all translogs to disk. This article will explain several methods for performing a clean shutdown of Elasticsearch.

• Note: Some users may be accustomed to shutting down Elasticsearch using the _shutdown API. This API has been removed from Elasticsearch version 2.x and up.

For instances of Elasticsearch that are running as a service, the service management functionality included with the package’s installation can be used to shut the service down. For cases where Elasticsearch is running directly, the following methods can be used to shut it down:

Shutting Down Nodes

• If you’re running your node directly from the terminal, simply press CTRL + C to shut down Elastisearch.
• Another way to shut down a node is to “exclude” it from being allocated through a cURL:

• This cURL request directs Elasticsearch to move shards out of the node you want to shut down and allocate them to remaining nodes. Once all existing shards have been successfully moved to other nodes, you can shut down the node in question.
• This cURL “exclude” request also ensures a graceful shutdown by preventing the creation of any replicas of the node.
• IMPORTANT NOTE: Keep in mind that shutting down a cluster is quite different from shutting down a single node. When a cluster is shut down, all nodes on the cluster are stopped.

Linux Procedure

• When Elasticsearch is running as a daemon on a Linux server, shutting it down will require “killing” the process. This is accomplished by delivering a SIGTERM request to the process, which terminates it. Please see RedHat Homepage for additional information on SIGTERM.
• To begin the shutdown process, locate the process identifier (PID) of the Elasticsearch service that you’d like to terminate.
• One easy way to locate processes is to use the grep command. To locate all Java processes currently running on your Linux server, use the following command:

• Similarly, the following command can be used to locate all Elasticsearch-related processes running on the server:

• A search for active processes can be made even more precise, delivering only the PID of the Elasticsearch service itself. This can be accomplished using the jps command-line tool which looks for any JVMs on the server. Adding a grep command for “Elasticsearch” refines the search:

• If an Elasticsearch JVM is running, the grep command will return both the PID and the name of the service as terminal output (for example: 14335 Elasticsearch). If no output is returned, it can be assumed that no service is running.
• Once the correct PID has been identified, simply use the kill command plus the PID of the Elasticsearch process. Using the -9 option in the kill command forces the process to be killed so that the signal to terminate can’t be ignored; however, the -9 option is best used as a last resort.

NOTE: Users who encounter permission errors may need to use sudo in order to execute the kill command.

• If the kill command executed successfully, the Elasticsearch service should not be running. To check that it was successfully terminated, just make a simple cURL request to the cluster:

Windows Procedure

• If Elasticsearch is running on a Windows machine, the first step in the shutdown process is to open up a command prompt and switch your current directory to the bin directory associated with the Elasticsearch install: for example, c:/elasticsearch/bin.
• After navigating to the Elasticsearch directory, the next step is to execute the service.bat file. There are a number of parameters that can be used in conjunction with service.bat:

• To start up the Elasticsearch service on a Windows machine:

• To shut down the Elasticsearch service on Windows:

REST API

Note: __As noted in the introduction to this article, the _shutdown API has been removed from Elasticsearch version 2.x. and up.__ For additional information, please see Elastic’s Documentation – Elasticsearch Reference [1.4] » Cluster APIs » Nodes Shutdown

• A node’s shutdown API allows a user to shut down any number of nodes in the cluster, whether it’s a single node or even all nodes.
• The following cURL request is an example of using a node’s shutdown API to stop multiple nodes in a given cluster:

• Alternatively, the shutdown API can be used to shut down a specific node or nodes using the nodes’ IDs:

• The following cURL request will shut down the master node in a cluster:

Conclusion

It’s clear that there are a variety of ways to execute a clean and graceful shutdown for Elasticsearch. The key to success is to ensure that proper cleanup has taken place. If all outstanding resources are successfully closed and all necessary cleanup has occurred, you can prevent unwanted shard replicas, shard movements during cluster shutdown, and a host of other issues.