fatal: [localhost]: FAILED!

[indian-summers]

TASK [Set sysctl limits] **************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/path/to/clone/directory/scripts/set_sysctl_limits.sh", "msg": "[Errno 2] No such file or directory: b'/path/to/clone/directory/scripts/set_sysctl_limits.sh'", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

This assumes that you have the repo in ~/LME/.

If you don't, you can pass the CLONE_DIRECTORY variable to the playbook.

The above error occurs every time I run the following script:
ansible-playbook ./ansible/install_lme_local.yml -e "clone_dir=/path/to/clone/directory"

I've tried several times from clean installations and it always fails on the same script.

[cbaxley]

You need to put the real path to where you cloned the repo to. In most cases, it is your home directory. Or just leave off the -e and path and just check it out to your home directory.

[indian-summers]

Thank you cbaxley! that worked! It made perfect sense after you explain what the issue was.

I was wondering if I can bounce a couple of other issues to you?

I am not getting the expected results when running this script:
sudo -i podman ps --format "{{.Names}} {{.Status}}"

This is the output I see after running the script:
lme-elasticsearch Up 36 seconds (unhealthy)

Per the instructions, a sample output should look like the following:

lme-elasticsearch Up 19 hours (healthy)
lme-wazuh-manager Up 19 hours
lme-kibana Up 19 hours (healthy)
lme-fleet-server Up 19 hours
lme-elastalert2 Up 17 hours

One more question, I am not sure where in the script I should enter my pwd.
Check if you can connect to Elasticsearch

Script:
#substitute your password below:
curl -k -u elastic:$(sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep elastic | awk '{print $1}') | tr -d '\n') https://localhost:9200

[aarz-snl]

elasticsearch will not be up and healthy in 36 seconds. It takes minutes.

The step to check isn't saying it will immediately say that -- its basically saying wait until everything looks like that before moving on to the next steps. You want to wait about 10 minutes for all services to be up and running before running the post-install playbook next

[indian-summers]

Hello aarz-snl thank you for your response.

I honestly continue to attempt to get LME up and running because it will be a valuable resource to meet NIST compliance. I was under the impression based on the instructions this would be an easy install, but its been challenging to say the least.

Per your instructions, I've waited for more than 1 hour, and the timer never gets pass 1 minute every time I run the sudo -i podman ps --format "{{.Names}} {{.Status}}" script.

I suspect it might be related to the following message when executing the following script.

#if something breaks, use these commands to debug:
SERVICE_NAME=lme-elasticsearch.service
sudo -i journalctl -xu $SERVICE_NAME

I see the following errors when the script is executed.

1. lme systemd[1]: lme-elasticsearch.service: start operation timed out. Terminating.

2. The unit lme-elasticsearch.service has entered the 'failed' state with result 'timeout'

lme systemd[1]: Failed to start lme-elasticsearch.service - Elasticsearch Container

Service.Subject: A start job for unit lme-elasticsearch.service has failed.

3. The process' exit code is 'exited' and its exit status is 143.
   lme systemd[1]: lme-elasticsearch.service: Failed with result 'timeout'.
   Subject: Unit failed
   Defined-By: systemd