-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LME won't install on CIS hardened server #520
Comments
IRT UMASK during the playbook we set the permissions for each directory. Maybe the initial directory upon download of the source code is being set to 750? |
In addition, we have documentation around firewall rules here that you can add to UFW to allow communication for LME clients to speak with LME services. The tricky piece is that because they're running in podman containers, you have to add special rules that allow communication for the LME network devices that podman creates: specifically rules for the podman LME network's interface:
the |
I will test these rules and see if they are sufficient to let LME get installed. That's the problem I was having, it wouldn't install properly with ufw enabled. |
If users are running an Ubuntu 22.04 server hardened according to the CIS benchmark, the Ansible playbook won't get everything installed correctly.
Through trial and error I was able to determine that the following changes were necessary:
Maybe this is too specific to document, but now it's at least recorded in an issue.
The text was updated successfully, but these errors were encountered: