Exploring RedHat Linux 8 & Installing ELK Stack

With the new acquisition of RedHat by IBM, RedHat have taken the time to announce their new RedHat Enterprise Linux version 8, boasting a wealth of new features.

Still being a student (in technicality only), I still have access to my RedHat Linux developer subscription, and wanted to take the time to explore the next industry de-facto operating system for enterprise Linux (at-least while we wait on CentOS being released). I will be updating this post over some period of time as a “home lab” type experiment, so if anything seems missing or incomplete, its probably because it is.  By the end of the project then everything will be at the proper academic standard I’ve been taught to deliver.

As this is an enterprise piece of kit, I find it appropriate I treat it with the some respect and assign some resources on my beloved gaming PC running System76’s Pop_OS! (which you should definitely try for Linux gaming by the way).  Admittedly, the first phase of experimentation will be on the “playful” side of research, as I will install the RedHat 8 OS onto a VirtualBox VM.  Why? because it’s what I’ve used for 5 years of university study and its a great learning environment. If anything substantial comes from my “playing”, the deployment would likely be in KVM as to provide a better consolidation ratio and industrial feel to the deployment.

Anyway, for the tale of the tape:

  • OS – RedHat 8
  • CPU – Intel i7 6700k – 4 of 8 Cores Assigned
  • RAM – 12GB of 16GB DDR4 3000Mhz
  • Network Type – NAT Network
  • Hypervisor – VirtualBox

The first step with any install is to boot the ISO and verify the integrity, which RHEL provides a handy tool on boot to do:

 

 

With that done & the file verified, I will run the normal installation of any GNU/Linux OS.

 

 

After the installation is done (and I tangle with the mighty subscription demon that is RedHat Linux) I can finally get a terminal open and update the system.

 

 

My first point of call is always to install the latest security patches as well as the VirtualBox guest additions to improve VM performance.  This proved as annoying as I remember from university, as RHEL has decided to drop support from dkms.

 

sudo yum install sudo yum install perl gcc kernel-devel kernel-headers make bzip2

 

Followed by going to http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/d/dkms-2.7.1-1.fc31.noarch.rpm to install RPM using the package manager in RHEL.

 

After all of that, success has been had and I’ve got RedHat 8 Installed in a functional manner in VirtualBox.

 

With RHEL 8 now installed, there are two possible choices.

  1. Set up my client nodes to monitor
  2. Set up monitoring & add clients later

I think for this installation, installing the clients first makes the most sense.  For this, I’ll install one Lcrubntu host and clone it, and come back to possibly adding a Windows Server or Windows 10 host later.

Following a (basic) standard setup adding SWAP and space for a root parition:

 

The system is then installed successfully & can be cloned:

 

For this deployment, ill use “Linked Clones” as the cloning type, and keep the master intact just in case I want to add more hosts later:

This also means that I’ll need to add these hosts to the same NAT network the RedHat host is on and update the hostnames, /etc/hosts file & /etc/network/interfaces file to gain IP through DHCP respectively:

  • Host 1 – redhat8 – 10.0.2.4

  • Host 2 – Lcrubuntu1 – 10.0.2.15

  • Host 3 – Lcrubuntu2 10.0.2.5

With all hosts now networked together and with a basic name resolution in place, the installation of ELK stack monitoring can begin.

The next step of installing the ELK stack would be to install elasticsearch, this can be done easily with the following command on RHEL 8:

sudo yum install java && elasticsearch

 

Following this, installing Logstash is the next step:

 

sudo yum install logstash

Next, create a systemctl entry for logstash:

 

sudo /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd

Next, the Kibana service requires that the public key is downloaded and the repo be added to the /etc/yum.repos.d directory, followed by installing the packages using the package manager:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
cd /etc/yum.repos.d
sudo touch kibana.repo
sudo nano kibana.repo

Then in the kibana.repo file, add the following, followed by exiting and performing a yum install:

[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

sudo yum install kibana

 

With Kibana libaries now installed, the next step is to discover which boot system that RHEL 8 uses in order to allow Kibana to be ran on startuo, which can be done by issuing the following command:

ps -p 1

As seen in the screenshot, RHEL 8 is running in the new systemd system, meaning the command to have Kibana run is:

sudo /bin/systemctl daemon-reload

sudo /bin/systemctl enable kibana.service

 

This will now allow us to start and stop Kibana. With this all down, we can now go to http://localhost:5601 and check if we have got everything installed

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *