Docker installation

The first thing you need to do is to set up a system with the requirements needed to run Docker and Docker compose. Then install Docker and Docker compose if you don’t have them already.

Note

Root user privileges are required to execute all the commands described below.

Container memory

It is recommended to configure the Docker host preferences to give at least 6GB of memory for the host that creates the containers. This is because, depending on the deployment and usage, Wazuh indexer memory consumption can vary. Therefore, allocate the recommended memory for a complete stack deployment to work properly.

Increase max_map_count on your host (Linux)

Wazuh Indexer needs to be able to create many memory-mapped areas. So the kernel has to be set to give a process of at least 262,144 memory-mapped areas.

  1. You need to increase max_map_count on your Docker host:

$ sysctl -w vm.max_map_count=262144

  1. To set this value permanently, update the vm.max_map_count setting in /etc/sysctl.conf. To verify after rebooting, run “sysctl vm.max_map_count”.

    Warning

    If you don’t set the max_map_count on your host, the Wazuh indexer will NOT work properly.

Docker engine

For Linux/Unix machines, Docker requires an amd64 architecture system running kernel version 3.10 or higher.

  1. Check your current kernel version. Open a terminal and use uname -r to display your kernel version:

    # uname -r

    3.10.0-229.el7.x86_64

  2. Run the Docker installation script:

    On Ubuntu/Debian machines

    On CentOS machines

    On Amazon Linux 2 machines

    # curl -sSL https://get.docker.com/ | sh

    # yum install -y yum-utils
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

    # yum update -y
# yum install docker

  3. Start the Docker service:

    Systemd

    SysV Init

    # systemctl start docker

    # service docker start

Note

If you would like to use Docker as a non-root user, you should now consider adding your user to the docker group with something like the following command (remember that you’ll have to log out and log back in for this to take effect):

# usermod -aG docker your-user

Docker compose

Docker Compose 1.29 or newer is required. Follow these steps to install it:

  1. Download the Docker Compose binary:

    # curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

  2. Grant execution permissions:

    # chmod +x /usr/local/bin/docker-compose

    Note

    If the command docker-compose fails after installation, check your path. You can also create a symbolic link to /usr/bin or any other directory in your path.

    For example:

    # ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

  3. Test the installation to ensure everything went properly:

    $ docker-compose --version

    docker-compose version 1.29.2, build 5becea4c