Firewall settings and Docker
If you don't properly configure your firewall settings to work with Docker, you may not be able to install GroundWork Monitor 8. On CentOS and Red Hat systems with default firewalld rulesets, there is a known issue that can halt the GroundWork Monitor installation during the setup of the database with an error like the following:
If you see this error, you can take the following steps to complete your GroundWork Monitor 8 installation. You will need to resolve the firewalld ruleset issues to a compatible setup for your internal security policy afterward. These steps will disable the default firewalld configuration and leave your GroundWork server in a potentially vulnerable state, so be sure to follow up and set up compatible secure rules.
Disable the existing firewalld ruleset. Type, at the command line:
Remove the gw8 container that may have been left defined:
Restart the Docker daemon (note this instantiates the firewall rules Docker needs, but does not restart the firewall itself):
Complete the installation manually. From the command line in the gw8 directory, (e.g., 8.0.0):
You should see a message about the volumes getting initialized or migrated successfully.
Copy the (still missing) environment files to the gw8 directory:
Remove the gw8 container, since its purpose is fulfilled:
Don't forget! You will need to determine and instantiate the appropriate firewall rules for your host!
GroundWork uses port TCP/443, and optionally TCP/5667 (for legacy GDMA) to the revproxy container, and it also requires container-to-container communications. You can adjust the firewalld settings to match your companies security policy as long as these conditions are met.
A useful example of adjusting firewalld rulesets to secure a Docker CE host can be found here.