elk with podman and podman-compose, for RHEL8 based images.
Install podman, python and git.
sudo dnf install -y podman python3 gitCreate a regular OS user to avoid bugs with podman userids, also assign wheel group privileges for sudo.
sudo useradd -m -d /home/elk elk && \
sudo usermod -a -G wheel elk && \
sudo su - elkInstall podman-compose for regular user.
python3 -m pip install --user podman-composeClone the repo and CD into it.
git clone https://github.com/aldenso/elk-podman && cd elk-podmanCreate a Data directory for elastic and disable SELinux (yes... I know, but fuc** it, this is a lab).
mkdir -p /tmp/elk/data
sudo setenforce 0Export the desired ELK version and build the images.
export ELK_VERSION=7.9.2
podman-compose -f podman-compose.yml buildEnable the followin ports for testing.
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --add-port=5601/tcp --permanent
sudo firewall-cmd --add-port=9200/tcp --permanent
sudo firewall-cmd --reloadRemember to enable the same ports in case you are testing in your cloud and not your local machine.
podman-compose -f podman-compose.yml upExport the PUBLIC IP (your external cloud IP, assigned to your VM), in case you are using your local machine use 'localhost'.
export PUBLICIP=X.X.X.XCreate 2 indices.
curl -XPOST -D- "http://$PUBLICIP:5601/api/saved_objects/index-pattern" \
-H 'Content-Type: application/json' \
-H 'kbn-version: 7.9.2' \
-u elastic:changeme \
-d '{"attributes":{"title":"http-groupa-*","timeFieldName":"@timestamp"}}'curl -XPOST -D- "http://$PUBLICIP:5601/api/saved_objects/index-pattern" \
-H 'Content-Type: application/json' \
-H 'kbn-version: 7.9.2' \
-u elastic:changeme \
-d '{"attributes":{"title":"http-groupb-*","timeFieldName":"@timestamp"}}'Test your indices
curl -XPOST -H 'Content-Type: application/json' \
"http://$PUBLICIP:8080" -d '{"message":"hello"}'Log to Kibana and check index management and discover logs.
http://$PUBLICIP:5601