[
https://issues.apache.org/jira/browse/METRON-520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15630487#comment-15630487
]
ASF GitHub Bot commented on METRON-520:
---------------------------------------
GitHub user justinleet opened a pull request:
https://github.com/apache/incubator-metron/pull/340
METRON-520: /apps/metron/enrichment directory does not get created for
Metron cluster deployed via Ambari
In addition to the main goal, there's a couple minor changes I made while I
was in the neighborhood for simple changes that didn't seem to make sense to
bother with separate PRs. If anyone wants them to be split out, I'm happy to
break the commit up appropriately.
This PR covers 3 things:
1. The original directory fix. It did exist before, but was configured to
be /tmp/metron/enriched. This moves it to be consistent with quick-dev and
adjusts the folder's permissions appropriately so that it can actually be
written to by Storm (owned by the Hadoop group with 755 perms, same as quick
dev). Complimentary to this the /apps/metron/patterns folder is properly
created and used. It was defined in configs before, but /apps/metron was
passed instead of the /apps/metron/patterns.
2. Pcap RPM never got installed. It's a simple three line change to make
sure the scripts get deployed.
3. Made the is_configured files consistent (enrichment had slightly
different file pattern). One line config change.
To test, I used the docker-ambari procedure outline at:
https://www.evernote.com/shard/s530/sh/c5551fbd-0ac1-4861-89ce-9c5e37065c52/b13e05f39eaac1a6
After spinning up the instance and installing the service, the directories
are appropriately created (/apps/metron/enrichments and /apps/metron/patterns).
The Metron home directory on the nodes contains the pcap scripts and yum
reports the pcap rpm as installed. Finally, the configured files are all just
metron_<indexing|enrichment|parsers>_configured
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/justinleet/incubator-metron METRON-520
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/340.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #340
----
----
> /apps/metron/enrichment directory does not get created for Metron cluster
> deployed via Ambari
> ---------------------------------------------------------------------------------------------
>
> Key: METRON-520
> URL: https://issues.apache.org/jira/browse/METRON-520
> Project: Metron
> Issue Type: Bug
> Affects Versions: 0.2.1BETA
> Reporter: Neha Sinha
> Assignee: Justin Leet
>
> 1.Deploy Metron cluster via Ambari
> 2. Replay Bro logs to generate bro elasticsearch indices
> 3. The bro enriched and indexed data should be written to the HDFS at :-
> /apps/metron/enrichment
> The indexed data gets written to "/apps/metron/enrichment" for metron setups
> that get deployed via Ansible, however, this path does not get created for
> clusters deployed via Ambari.
> Output for "hdfs dfs -ls" command for clusters deployed via Ansible
> [hdfs@metron-ansible-3 ~]$ hdfs dfs -ls /apps/metron
> Found 2 items
> drwxrwxr-x - storm hadoop 0 2016-10-24 11:41
> /apps/metron/enrichment
> drwxrwxr-x - hdfs hadoop 0 2016-10-24 11:03 /apps/metron/patterns
> Output for "hdfs dfs -ls" command for clusters deployed via Ambari
> [hdfs@metron-s-10 ~]$ hdfs dfs -ls /apps/metron
> Found 7 items
> -rwxr-xr-x 3 hdfs hdfs 13427 2016-10-25 10:02 /apps/metron/asa
> -rwxr-xr-x 3 hdfs hdfs 5203 2016-10-25 10:02 /apps/metron/common
> -rwxr-xr-x 3 hdfs hdfs 524 2016-10-25 10:02 /apps/metron/fireeye
> -rwxr-xr-x 3 hdfs hdfs 2552 2016-10-25 10:02 /apps/metron/sourcefire
> -rwxr-xr-x 3 hdfs hdfs 180 2016-10-25 10:02 /apps/metron/squid
> -rwxr-xr-x 3 hdfs hdfs 2221 2016-10-25 10:02 /apps/metron/websphere
> -rwxr-xr-x 3 hdfs hdfs 879 2016-10-25 10:02 /apps/metron/yaf
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
