This script automates the setup of Elasticsearch version 8.17.4 using Podman and the hardened Wolfi image, following the official Elastic Docker documentation.
- Podman: Ensure Podman is installed on your system. You can find installation instructions for various distributions on the Podman Installation Guide.
- Podman Compose: Podman Compose is required to manage the Elasticsearch container. Installation instructions can also be found on the Podman website or through your distribution's package manager (often in an
epel-releaserepository for RPM-based systems).
- Save the Script: Save the provided bash script as
setup-elasticsearch.shor any other name you prefer. - Make it Executable: Open your terminal and navigate to the directory where you saved the script. Make the script executable using the command:
chmod +x setup_elasticsearch.sh
- Run the Script: Execute the script using:
You might need
./setup_elasticsearch.sh
sudoif the script requires root privileges for installing Podman or Podman Compose, depending on your system configuration.
- Installs Podman and Podman Compose: If not already installed, the script attempts to install Podman and Podman Compose using
dnf(for Fedora, CentOS, etc.). - Pulls Elasticsearch Image: Downloads the official Elasticsearch 8.17.4 hardened Wolfi image from Docker Hub.
- Optional Cosign Verification: If
cosignis installed, the script downloads the Elastic public key and verifies the signature of the Elasticsearch image. - Starts Elasticsearch Container: Creates and starts an Elasticsearch container named
es01usingpodman-compose. The container exposes port 9200. - Retrieves Elasticsearch Password: After Elasticsearch starts, the script resets the password for the
elasticuser and retrieves the new password. This password is saved in a temporary file (elk-wolfi/temp_credentials.txt) and also printed to the console. - Retrieves Kibana Enrollment Token: The script generates a Kibana enrollment token, which is also saved in the temporary credentials file and printed to the console.
- Copies SSL Certificate: The SSL certificate used by Elasticsearch for HTTPS is copied from the container to the
elk-wolfi/certsdirectory. - Makes REST API Call: The script uses
curlto make a basic API call to Elasticsearch to verify that it's running. - Cleans Up Credentials: The script removes any leading or trailing whitespace or newline characters from both the Elasticsearch password and the Kibana enrollment token.
- Elasticsearch Password: The newly generated password for the
elasticuser is stored in theelk-wolfi/temp_credentials.txtfile in the same directory where you run the script. It is highly recommended to secure this password. - Kibana Enrollment Token: The Kibana enrollment token is also located in the
elk-wolfi/temp_credentials.txtfile. You will need this token if you decide to set up Kibana to connect to this Elasticsearch instance. - Access Elasticsearch: Once the script completes successfully, you can access Elasticsearch at
https://localhost:9200. You will be prompted for credentials. Use the usernameelasticand the password found in thetemp_credentials.txtfile. - Wolfi Image: This script uses the hardened Wolfi image for Elasticsearch, which might have specific system requirements. Ensure your system meets these requirements if you encounter any issues.
- Set up Kibana: You can use the Kibana enrollment token to set up a Kibana instance to visualize and manage your Elasticsearch data. Refer to the official Elastic documentation for instructions on setting up Kibana with Docker or Podman.
- Configure Elasticsearch: For production environments, you will likely want to configure Elasticsearch further, such as setting up a cluster, configuring data paths, and managing resources.
Enjoy using your new Elasticsearch setup!
Harisfazillah Jamel aka LinuxMalaysia
20250331
This script automates the setup of Kibana 8.17.4 using Podman with the hardened Wolfi image. It follows the official Docker documentation from Elastic. The script configures Kibana to run with its own custom kibana.yml and utilizes Podman for container management.
Important Note: Wolfi images might have specific kernel or dependency requirements.
Before running this script, ensure the following prerequisites are met:
- Podman: Podman must be installed on the system.
- podman-compose: Podman Compose must be installed.
- Elasticsearch Setup: The Elasticsearch setup script (
setup_elasticsearch.sh) should be executed successfully before running this script, as this script relies on the Elasticsearch environment. - Elasticsearch Certificate: The script requires the Elasticsearch certificate file (
http_ca.crt), which is generated during the Elasticsearch setup. - Network: The Podman network created by the Elasticsearch setup script must exist.
- Elasticsearch Password: The Elasticsearch password must be available in the temporary credentials file created by the Elasticsearch setup script.
- Automates Kibana setup using Podman.
- Uses a hardened Wolfi image for Kibana.
- Configures Kibana with a custom
kibana.ymlfile. - Sets up Kibana to communicate with Elasticsearch.
- Manages Kibana data using a Podman volume.
- Retrieves the Elasticsearch container IP address.
- Retrieves the Kibana enrollment token from Elasticsearch.
- Provides instructions for retrieving the Kibana verification code.
The script performs the following steps:
- Checks Prerequisites: Verifies that Podman and Podman Compose are installed and that the Elasticsearch setup has been completed.
- Checks for Certificate File: Ensures that the Elasticsearch certificate file exists.
- Checks for Elasticsearch Network: Ensures that the Podman network created by the Elasticsearch setup script exists.
- Checks Elasticsearch Status and Version:
- Retrieves the Elasticsearch password from the temporary credentials file.
- Checks if Elasticsearch is running and retrieves its version.
- Pulls Kibana Docker Image: Pulls the Kibana Docker image from the Docker Hub, tagged with the Elasticsearch version.
- Gets Default Kibana Configuration:
- Creates a temporary Kibana container.
- Copies the default
kibana.ymlfile from the container to the host. - Stops and removes the temporary container. The user is expected to review and customize this file.
- Starts Kibana Container:
- Creates a
podman-compose.ymlfile to define the Kibana service. - Starts the Kibana container using
podman-compose up.
- Creates a
- Waits for Kibana to Start: Waits for the Kibana container to start.
- Gets Elasticsearch Container IP Address: Retrieves the IP address of the Elasticsearch container.
- Retrieves Kibana Enrollment Token: Retrieves the Kibana enrollment token from the Elasticsearch container and saves it to the temporary credentials file.
- Provides Post-Installation Information: * Displays a message indicating that the Kibana setup is complete. * Displays the URL to access Kibana in a web browser (http://localhost:5601). * Displays the command to retrieve the Kibana verification code.
-
Ensure Elasticsearch is Running: Make sure Elasticsearch is set up and running before executing this script.
-
Run the Script: Execute the script from your terminal:
./setup_kibana.sh
-
Review Configuration: Review the
kibana.ymlfile in theelk-wolfidirectory and customize it as needed. -
Access Kibana: Once the script completes, access Kibana in your web browser at
http://localhost:5601. -
Retrieve Verification Code: Run the command provided by the script to get the Kibana verification code and use it during the initial Kibana setup in your browser.
The script uses the following variables:
ELK_BASE_DIR: Base directory for ELK-related files (where the script is located).ELK_DIR: Directory for ELK-related files (${ELK_BASE_DIR}/elk-wolfi).CERT_DIR: Directory for SSL certificates (${ELK_DIR}/certs).KIBANA_IMAGE_NAME: Name of the Kibana Docker image (docker.elastic.co/kibana/kibana-wolfi).KIBANA_CONTAINER_NAME: Name for the Kibana container (kib01).KIBANA_PORT: Port on which Kibana will be accessible (5601).NETWORK_NAME: Name of the Podman network.TEMP_CREDENTIALS_FILE: File to store temporary credentials (like Elasticsearch password) (${ELK_DIR}/temp_credentials.txt).
The script defines the following helper functions:
info(): Prints informational messages with a separator.command_exists(): Checks if a command exists in the system's PATH.
To remove the resources created by this script, follow these steps:
-
Stop and Remove Kibana Container:
cd ${ELK_BASE_DIR}/elk-wolfi podman-compose -f podman-compose-kibana.yml down
-
Remove the Network:
podman network prune
-
Delete the ELK Directory:
rm -rf ${ELK_BASE_DIR}/elk-wolfiThis will remove the configuration files and any other data created by the script.
-
Delete the /data directory:
rm -rf /data
Caution: This will delete any data stored in the
/datadirectory on your system. Only proceed if you are sure you have backed up any important data and it is safe to delete. This directory is used for the elasticsearch data volume.
- Phase 1: Install Almalinux 9 Windows Subsystem for Linux version 2 (WSL2)
- HOWTO: Install Almalinux 9 WSL2 and Move AlmaLinux 9 to Another Drive
- Phase 2: Install WSL2 and Move AlmaLinux 9 to Another Drive
- setup_elasticsearch.sh explain
- setup_kibana.sh explain
The script is licensed under the GNU GENERAL PUBLIC LICENSE Version 3.
Harisfazillah Jamel aka LinuxMalaysia
20250402