[
https://issues.apache.org/jira/browse/METRON-187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366184#comment-15366184
]
Nick Allen commented on METRON-187:
-----------------------------------
My opinion of this JIRA has evolved over time. I think this is beyond the
scope of Metron and is not something that we need to solve.
In an offline install on an isolated network, the user will have already had to
overcome this issue to get the core Hadoop-y components (HDP) installed with
Ambari. The user would likely have mirrored the core RPM repositories used by
Ambari to perform the installation. Metron would just need to be configured
(via configuration points that already exist) to point to the RPM repositories
that have been mirrored. There are a few additional repositories that would
need to be mirrored specifically for Metron, but the user would use the same
mechanism that they already used for HDP.
The only work that may be needed in Metron is to translate some of our non-RPM
dependencies (for Bro, YAF, etc) into standard RPM dependencies. This would
require us to, for example, build RPMs for Bro and the Bro Kafka Plugin and
make those available publicly within a standard rpm repository. The user could
then use their existing mechanism to mirror that on their isolated network.
Agree/disagree? What work do we need to do here?
> Support Deployment of Metron on Isolated Networks
> -------------------------------------------------
>
> Key: METRON-187
> URL: https://issues.apache.org/jira/browse/METRON-187
> Project: Metron
> Issue Type: Improvement
> Reporter: Nick Allen
> Assignee: Nick Allen
> Fix For: 0.2.1BETA
>
>
> h2. Problem
> In many cases Metron will need to be deployed on a network that does not have
> direct access to the public interwebs. The current deployment scheme requires
> access to the public interwebs to download artifacts like RPMs, tarballs,
> rule sets, etc.
> h2. Assumptions
> There exists a machine that will orchestrate the deployment that meets the
> following requirements.
> - The machine can deploy "Full Dev Platform" or "Quick Dev Platform". In
> short, this machine must run either Linux or OSX and have Ansible, Vagrant,
> Maven, Java, among the other dependencies installed.
> - The machine must be able to connect to both the public internet and the
> private, isolated network. This does not need to occur at the same time.
> For example, the machine can connect to the public internet, then disconnect
> from the public internet, then connect to the private, isolated network.
> This scheme also meets the requirement.
> h2. Solution
> The following high-level approach can be taken.
> - Extract: Extract artifacts from public internet and store on local
> deployment machine.
> - Transfer: Move deployment machine, along with extracted artifacts, to
> private, isolated network.
> - Reuse: Deploy Metron using the artifacts stored on the deployment machine.
> The following details steps implement the high-level approach of extract,
> transfer, and reuse.
> - Connect the deployment host to the public internet.
> - Run a customized Vagrant installation of Metron on the deployment host.
> - After the normal "Quick Dev Platform" deployment completes, the
> customization ensures that all required artifacts that were downloaded from
> the public internet are persisted locally on the deployment host.
> - Validate that the Vagrant installation worked correctly.
> - Disconnect the deployment host from the public internet.
> - Connect the deployment host to the private, isolated network.
> - Prior to the normal Metron deployment, the locally persisted artifacts will
> be deployed to a designated repository server. The repository server will
> host the artifacts by whatever means are required for the artifact. For
> example, for RPMs an RPM Repository will be created.
> - All properties that refer to resources on the public internet will be
> updated to point to the repository server.
> - Run the normal Metron deployment process.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
