Re: [DISCUSS] Field conversions

[Laurens Vets]

ES 2.x support officially ended 4 months ago 
(https://www.elastic.co/support/eol), so why still support ':' at all? 
:) Additionally, 2.x isn't even supported at all on the last 2 Ubuntu 
LTS releases (16.04 & 18.05).


Therefor, move everything to use '.' and provide a conversion/upgrade 
script to change '.' to ':'?


On 2018-06-04 13:55, Ryan Merriman wrote:
We've been dealing with a reoccurring challenge in Metron.  It is 
common
for various fields to contain '.' characters for the purpose of making 
them

more readable, namespacing, etc.  At one point we only supported
Elasticsearch 2.3 which did not allow dots and forced us to use ':'
instead.  This limitation does not exist in later versions of 
Elasticsearch

or Solr.

Now we're in a situation where we need to allow a user to use either 
one
because they may still be using ES 2.3 or have data with ':' characters 
in

field names.  We've attempted to make this configurable in a couple
different PRs:

https://github.com/apache/metron/pull/1022
https://github.com/apache/metron/pull/1010
https://github.com/apache/metron/pull/1038

The approaches taken in these are not consistent and fall short in
different ways.  The first (METRON-1569 Allow user to change field name
conversion when indexing) only applies to indexing and not querying.  
The
others only apply to a single field which does not scale well.  Now we 
have

an issue with another field in
https://issues.apache.org/jira/browse/METRON-1600.  Rather than 
continuing

with a patchwork of different fixes I want to attempt to design a
system-wide solution.

My first thought is to expand 
https://github.com/apache/metron/pull/1022 to
apply globally.  However this is not trivial and would require 
significant

changes.  It would also make https://github.com/apache/metron/pull/1010
obsolete and we might end up having to revert all of it.

Does anyone have any ideas or opinions?  I am still researching 
solutions

but would love some guidance from the community.

Windows full-dev

[Laurens Vets]

Hey list,

Has anyone gotten full-dev automatically set up on Windows by any chance 
or are we all using Linux & macOS?

Re: [DISCUSS] Using JSON Path to support more complex documents with the JSONMap Parser

[Laurens Vets]

On 2018-01-25 07:57, Otto Fowler wrote:

While it would be preferred if all data streamed into the parsers is
already in ‘stream’ form, as opposed to ‘batched’ form, it may not 
always

be possible, or possible at every step of system development.

I was wondering if it would be worth adding optional support to the 
JSONMap
Parser to support more complex documents, and split them in the parser 
into

multiple messages. This is similar in function to the JSON Splitter
processor in NiFi

So, a document would come into the JSONMap Parser from Kafka, with some
embedded set of the real message content, such as in this simplified
example:

{
“messages" : [
{ message1},
{ message2},
….
{messageN}
]
}

the JSONMap Parser, would have a new configuration item for message
selection, that would be a JSON Path expression

“messageSelector” : “$.messages “

Inside the JSONMap Parser, it would evaluate the expression, and do the
same processing on each item returned by the expression list.

the Parser interface already supports returning multiple message 
objects

from a single byte[] input.

There is a performance penalty to be paid here, and it is more than 
just

doing more than one message due to the JSONPath evaluation.

I can see this being useful in a couple of circumstances:

   -

   You want to work with some document format with metron but do not 
have

   NiFi or the equivalent available or setup yet
   -

   You want to prototype with Metron before you get the ‘preprocessing’
   setup
   -

   You are not going to be able to use NiFi and are ok with the 
performance


I have something in github to look at for more detail :
ottobackwards/json-path-play


Thoughts?


I like this, it's the exact reason why we use NiFi Splitter right now. 
We get 'batched' CloudTrail events which need to be split in individual 
events...

Re: Some more upgrade fallout... Can't restart Metron Indexing

[Laurens Vets]

On 2018-01-18 09:14, Casey Stella wrote:
So, the challenge here is that our install script isn't smart enough 
right
now to skip creating tables that are already created.  One thing you 
could

do is

   1. rename the hbase tables for metron (see

https://stackoverflow.com/questions/27966072/how-do-you-rename-a-table-in-hbase
   )
   2. let the install create them anew
   3. stop metron
   4. delete the new empty hbase tables
   5. swap in the old tables
   6. start metron


This worked, thanks! I'll update 
https://issues.apache.org/jira/browse/METRON-1410 as well.

Some more upgrade fallout... Can't restart Metron Indexing

[Laurens Vets]

After upgrading from 0.4.1 to 0.4.2, I can't seem to start or restart 
Metron Indexing. I get the following errors:


stderr:   /var/lib/ambari-agent/data/errors-2468.txt

Traceback (most recent call last):
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.2/package/scripts/indexing_master.py", 
line 160, in 

Indexing().execute()
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", 
line 280, in execute

method(env)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.2/package/scripts/indexing_master.py", 
line 82, in start

self.configure(env)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.2/package/scripts/indexing_master.py", 
line 72, in configure

commands.create_hbase_tables()
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.2/package/scripts/indexing_commands.py", 
line 126, in create_hbase_tables

user=self.__params.hbase_user
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/base.py", 
line 155, in __init__

self.env.run()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 160, in run

self.run_action(resource, action)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 124, in run_action

provider_action()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", 
line 273, in action_run

tries=self.resource.tries, try_sleep=self.resource.try_sleep)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 70, in inner

result = function(command, **kwargs)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 92, in checked_call

tries=tries, try_sleep=try_sleep)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 140, in _call_wrapper

result = _call(command, **kwargs_copy)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 293, in _call

raise ExecutionFailed(err_msg, code, out, err)
resource_management.core.exceptions.ExecutionFailed: Execution of 'echo 
"create 'metron_update','t'" | hbase shell -n' returned 1. ERROR 
RuntimeError: Table already exists: metron_update!


stdout:   /var/lib/ambari-agent/data/output-2468.txt

2018-01-18 16:54:30,101 - Using hadoop conf dir: 
/usr/hdp/current/hadoop-client/conf
2018-01-18 16:54:30,301 - Using hadoop conf dir: 
/usr/hdp/current/hadoop-client/conf

2018-01-18 16:54:30,302 - Group['metron'] {}
2018-01-18 16:54:30,303 - Group['livy'] {}
2018-01-18 16:54:30,303 - Group['elasticsearch'] {}
2018-01-18 16:54:30,303 - Group['spark'] {}
2018-01-18 16:54:30,303 - Group['zeppelin'] {}
2018-01-18 16:54:30,304 - Group['hadoop'] {}
2018-01-18 16:54:30,304 - Group['kibana'] {}
2018-01-18 16:54:30,304 - Group['users'] {}
2018-01-18 16:54:30,304 - User['hive'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,305 - User['storm'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,306 - User['zookeeper'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,306 - User['infra-solr'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,307 - User['ams'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,307 - User['tez'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['users']}
2018-01-18 16:54:30,308 - User['zeppelin'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,309 - User['metron'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,309 - User['livy'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,310 - User['elasticsearch'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,310 - User['spark'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,311 - User['ambari-qa'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['users']}
2018-01-18 16:54:30,311 - User['flume'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,312 - User['kafka'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,312 - User['hdfs'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,313 - User['yarn'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,314 - User['kibana'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,314 - User['mapred'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': ['hadoop']}
2018-01-18 16:54:30,315 - User['hbase'] {'gid': 'hadoop', 
'fe

Upgrade from 0.4.1 to 0.4.2 fails on Alerts UI

[Laurens Vets]

Hello List,

Targeting a wider audience here, see bug report 
https://issues.apache.org/jira/browse/METRON-1408.


Basically, when I upgrade from 0.4.1 to 0.4.2 I run into issues with the 
Alerts UI. I built the Metron 0.4.2 RPMs and did an upgrade of my 
current 0.4.1 install with: "rpm -Uvh metron*.rpm". This results in an 
error message related to metron-alerts-ui:


[root@metron1 localrepo]# rpm -Uvh metron*.rpm
Preparing...### 
[100%]
   1:metron-solr### 
[  7%]
   2:metron-rest### 
[ 14%]
   3:metron-profiler### 
[ 21%]
   4:metron-pcap### 
[ 29%]
   5:metron-parsers ### 
[ 36%]
   6:metron-metron-managemen### 
[ 43%]
   7:metron-maas-service### 
[ 50%]
   8:metron-indexing### 
[ 57%]
   9:metron-enrichment  ### 
[ 64%]
  10:metron-elasticsearch   ### 
[ 71%]
  11:metron-data-management ### 
[ 79%]
  12:metron-config  ### 
[ 86%]
error reading information on service metron-alerts-ui: No such file or 
directory
warning: %post(metron-config-0.4.2-201801171923.noarch) scriptlet 
failed, exit status 1
  13:metron-common  ### 
[ 93%]
  14:metron-alerts  ### 
[100%]

[root@metron1 localrepo]#

I did an upgrade of the installed mpack with: ambari-server 
upgrade-mpack 
--mpack=/root/metron/metron-deployment/packaging/ambari/metron-mpack/target/metron_mpack-0.4.2.0.tar.gz 
--verbose

This seems to work as no errors were shown.

When I now start ambari-server, I get the following error message:

[root@metron1 ~]# ambari-server start
Using python  /usr/bin/python
Starting ambari-server
Ambari Server running with administrator privileges.
Organizing resource files at /var/lib/ambari-server/resources...
Ambari database consistency check started...
DB configs consistency check failed. Run "ambari-server start 
--skip-database-check" to skip. If you use this "--skip-da
tabase-check" option, do not make any changes to your cluster topology 
or perform a cluster upgrade until you correct th
e database consistency issues. See 
"/var/log/ambari-server/ambari-server-check-database.log" for more 
details on the con

sistency issues.
Ambari database consistency check finished
[root@metron1 ~]#

When I run the check-database command, I see the following in the 
ambari-server logs:


2018-01-17 21:54:11,274  INFO - *** Check 
database started ***
2018-01-17 21:54:15,924  INFO - Checking for configs not mapped to any 
cluster
2018-01-17 21:54:16,002  INFO - Checking for configs selected more than 
once

2018-01-17 21:54:16,005  INFO - Checking for hosts without state
2018-01-17 21:54:16,006  INFO - Checking host component states count 
equals host component desired states count

2018-01-17 21:54:16,009  INFO - Checking services and their configs
2018-01-17 21:54:18,136  INFO - Processing HDP-2.5 / HDFS
2018-01-17 21:54:18,136  INFO - Processing HDP-2.5 / MAPREDUCE2
2018-01-17 21:54:18,136  INFO - Processing HDP-2.5 / TEZ
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / SPARK
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / ZOOKEEPER
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / HBASE
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / YARN
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / METRON
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / PIG
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / KIBANA
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / STORM
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / HIVE
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / SLIDER
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / AMBARI_INFRA
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / AMBARI_METRICS
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / ZEPPELIN
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / KAFKA
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / FLUME
2018-01-17 21:54:18,137  INFO - Processing HDP-2.5 / ELASTICSEARCH
2018-01-17 21:54:18,138 ERROR - Required config(s): metron-alerts-ui-env 
is(are) not available for service METRON with service config version 2 
in cluster metron
2018-01-17 21:54:18,195  INFO - *** Check 
database completed ***


Running "ambari-server start --skip-database-check"

Otto asked me to look at 
https://community.hortonworks.com/cont

Re: Metron nested object

[Laurens Vets]

Hi Ali,


We have recently faced some data sources that generate data in a nested
format. For example, AWS Cloudtrail generates data in the following 
JSON

format:

{
  "Records": [
{
  "eventVersion": *"2.0"*,
  "userIdentity": {
"type": *"IAMUser"*,
"principalId": *"EX_PRINCIPAL_ID"*,
"arn": *"arn:aws:iam::123456789012:user/Alice"*,
"accessKeyId": *"EXAMPLE_KEY_ID"*,
"accountId": *"123456789012"*,
"userName": *"Alice"*
  },
  "eventTime": *"2014-03-07T21:22:54Z"*,
  "eventSource": *"ec2.amazonaws.com "*,
  "eventName": *"StartInstances"*,
  "awsRegion": *"us-east-2"*,
  "sourceIPAddress": *"205.251.233.176"*,
  "userAgent": *"ec2-api-tools 1.6.12.2"*,
  "requestParameters": {
"instancesSet": {
  "items": [
{
  "instanceId": *"i-ebeaf9e2"*
}
  ]
}
  },
  "responseElements": {
"instancesSet": {
  "items": [
{
  "instanceId": *"i-ebeaf9e2"*,
  "currentState": {
"code": 0,
"name": *"pending"*
  },
  "previousState": {
"code": 80,
"name": *"stopped"*
  }
}
  ]
}
  }
}
  ]
}

We are able to make this as a flat JSON file. However, a nested object 
is
supported by data backends in Metron (ES, ORC, etc.), so I was 
wondering

whether with the current version of Metron we are able to index nested
documents or we have to make it flat?


We parse the same CloudTrail data. The way we parse this is first of 
all, we have Apache NiFi running which extracts the individual events 
from the records. Second, make sure that you use set mapStrategy to 
UNFOLD in your JSON Parser.

Re: [DISCUSS] Lowering the barrier to entry to for new users

[Laurens Vets]

On 2017-12-19 06:19, Justin Leet wrote:

One of the topics that came up in recent community meeting was about
lowering the barrier to entry for new users.

This is a fairly broad topic that I think covers a few different 
subtopics.


1) Addressing (or making it easier to address) some of the things we've
seen on the user group from people getting started.
2) Making contributing easier and the ways to do so more obvious.  This
includes things like making it easier to find on our site (compare our 
page
to Storm's, for example).  It also includes things like reassessing our 
PR

template (For example, is everything still useful enough to keep it?).
3) Anything else that would make help users adopt Metron and become
actively involved in reviewing, fixes, docs, and all the other sorts of
things that make our stuff better.

I'm mostly going to open this up to a general discussion and 
brainstorming,

and presumably we come out with some tickets at the end of this.


I use a github gist that Otto once created for me, maybe I can try and 
turn that into something more official?

Re: [DISCUSS] Stellar in a Zeppelin Notebook

[Laurens Vets]

On 2017-12-19 07:03, Nick Allen wrote:

> (1) I love the REPL, but I hate how inaccessible it is. 
> 
> (2) I love our use cases [1] and examples [2], but I hate how difficult it is 
> for a new user to run them. 
> 
> (3) I love the extensibility of Metron, but I hate looking at JSON. 
> 
> (4) I love the Profiler, but I hate not being able to *see* my profiles as 
> plots. 
> 
> ... 
> 
> Let me introduce, Stellar running in a Zeppelin Notebook.   
> 
>> (1) Access the REPL from any web browser. 
>> 
>> (2) Create executable use cases that can be easily shared between users. 
>> 
>> (3) Use the simpler management functions to interact with Metron (less 
>> JSON). 
>> 
>> (4) Extract your profiles and create a time series plot.
> 
> The screenshot above is a very lightweight MVP showing that we can run 
> Stellar from Zeppelin.  I have a lot more work ahead in refactoring the 
> existing Stellar Shell/REPL functionality so that we get the same experience 
> in Zeppelin as we get on the command line.

I love your screenshot :D 

On a more serious note, I wanted to add the examples and use cases to
the installation documentation somehow (maybe as an addendum?) in the
future. 

Links:
--
[1]
https://github.com/apache/metron/tree/master/use-cases/geographic_login_outliers
[2]
https://github.com/apache/metron/tree/master/metron-analytics/metron-profiler#creating-profiles

Re: [DEV COMMUNITY MEETING] Call for Ideas and Schedule

[Laurens Vets]

I'll try to attend :)

On 2017-12-14 12:43, Otto Fowler wrote:

Dev Community Meeting Call

I would like to propose a developer community meeting.

I propose that we set the meeting early next week, and will throw out
Monday, December 18th at 09:30AM PST, 12:30 on the East Coast and 5:30 
in

London Towne.

This meeting will be held over a web-ex, the details of which will be
included in the actual meeting notice.

Please reply to this with scheduling concerns and topic suggestions.
Potential Topics

   - Call for reviewers, ideas how to get more involvement, what people 
can

   do to help
   - Feature branches : we have two now, what are they and how are we 
going

   to work on them
   - Extension Repository: Default deployment and installation of 
parsers

   as it relates to ‘777’
   - General ‘777’ discussion

Developer Community Meeting Disclaimers

   - Developer Community meetings are a means for realtime discussion 
of

   development issues
   - These meetings are not specifically aimed at demonstrations, 
unless

   one is required or requested as part of such discussion
   - These meetings are geared towards Metron development issues, not 
user

   issues with deployment or shipped functionality
   - There are *NO* decisions made in these meetings. The mailing list 
is
   the official communication record of the Apache Metron Project, and 
as such
   all public decisions are to be made on the list, as to give the 
greatest

   opportunity for community involvement.
   - There *ARE* proposals that can be made and discussed in these
   meetings, that will then be discussed on list for decision.
   - Notes will be taken of these meetings, and they will be posted to 
the

   list
   - There may also be breakout posts to the list per proposal or 
topic,

   for more detailed discussion

Re: [DISCUSS] Community Meetings

[Laurens Vets]

Sounds good to me :)

On 2017-12-14 05:59, Otto Fowler wrote:

Ok,

So we will be concerned with two types of meetings.  I’ll take
responsibility for calling the meetings and ‘moderation’.

Dev meetings
 - feedback on how things are going overall
 - discussions on specific technical problems
 - discussion of possible improvements

User meetings
 - demos
 - user content ( how I’m using metron )
 - some unavoidable discussion on problems
 - some requirements gathering triage

ALL
 - I will call
 - I will gather input for agenda
 - I will distribute the agenda
 - I will distribute the notes to the list and on confluence
 - No decisions will be made, only discussed and then put to list
 - besides general nodes, breakout messages for topical discussion or
decisions



How does that sound?


On December 13, 2017 at 16:41:29, Otto Fowler (ottobackwa...@gmail.com)
wrote:

+1


On December 13, 2017 at 16:39:52, James Sirota (jsir...@apache.org) 
wrote:


I can set up a dedicated Zoom room with a recurrent meeting and give 
PMC
members rights to the room. I think hosting these meetings should not 
be a

problem. I would vote not to record them, but rather provide the notes
after the meeting. It's a lot easier to skim through the notes than 
jump
around in a recording. As Simon mentioned, I would also make it 
explicitly
clear that the meetings are dev meetings. These are not user Q&A and 
are
not meant to be overviews of how different features of Metron work. If 
we
want to do feature demos or provide user content I would want that to 
be in

its own separate meeting.

Thanks,
James

13.12.2017, 05:00, "Otto Fowler" :

I am ok with just notes and no recording.

On December 13, 2017 at 04:37:20, Simon Elliston Ball (
si...@simonellistonball.com) wrote:

Good points Larry, we would need to get consent from everyone on the 
call
to record to properly comply with regulations in some countries. We 
would

definitely need someone to step up as note taker.

Something else to think about is intended audience. Previously we’ve 
had
meeting like this which have been very detailed Dev@ focussed (which 
is a
great thing) but have rather alienated participants in User@ land. We 
need

to make it clear what level we’re talking about to be inclusive.

Simon


 On 13 Dec 2017, at 00:44, larry mccay  wrote:

 Not sure about posting the recordings - you will need to check and 
make

 sure that doesn't violate anything.

 Just a friendly reminder...
 It is important that meetings have notes and a summary that is sent 
out

 describing topics to be decided on the mailing list.
 No decisions can be made in the community meeting itself - this 
gives

 others in other timezones and commitments review and voice in the


decisions.

 If it didn't happen on the mailing lists then it didn't happen. :)

 On Tue, Dec 12, 2017 at 1:39 PM, Simon Elliston Ball <
 si...@simonellistonball.com> wrote:


 Yes, I do.

 I suspect the best bet will be to post recordings somewhere on the
 apache.org  metron site.

 Simon

 On 12 Dec 2017, at 18:36, Otto Fowler  
wrote:


 Excellent, do you have the > 40 min + record option?

 On December 12, 2017 at 13:19:55, Simon Elliston Ball (
 si...@simonellistonball.com) wrote:

 Happy to volunteer a zoom room. That seems to have worked for most 
in


the

 past.

 Simon


 On 12 Dec 2017, at 18:09, Otto Fowler 

wrote:


 Thanks! I think I’d like something hosted though.

 On December 12, 2017 at 11:18:52, Ahmed Shah (

 ahmeds...@cmail.carleton.ca)

 wrote:

 Hello,

 wrt "- How are we going to host it"...

 I've used BigBlueButton as an end user at our University.

 It is LGPL open source.

 https://bigbluebutton.org/
 https://bigbluebutton.org/developers/

 -Ahmed

 ___
 Ahmed Shah (PMP, M. Eng.)
 Cybersecurity Analyst & Developer
 GCR - Cybersecurity Operations Center
 Carleton University - 
cugcr.com


 
 From: Otto Fowler 
 Sent: December 11, 2017 4:41 PM
 To: dev@metron.apache.org
 Subject: [DISCUSS] Community Meetings

 I think that we all want to have regular community meetings. We 
may

be
 better able to keep to a regular schedule with these meetings if 
we

 spread
 out the responsibility for them from James and Casey, both of 
whom


have

 a

 lot on their plate already.

 I would be willing to coordinate and run the meetings, and would


welcome

 anyone else who wants to help when they can.

 The only issue for me is I do not have a web-ex account that I 
can

use

 to
 hold the meeting. So I’ll need some recommendations for a 
suitable

 alternative. I have not been able to find an Apache Friendly

 alternative,

 in the same way that Atlassian is apache friendly.

 So - from what I can see we need to:

 - Talk through who is going to do it
 - How are we going to host it
 - When are we going to do it

 Anything else?

 ottO


---
Tha

Re: script for verification of metron release canidates

[Laurens Vets]

On 2017-12-11 06:18, Otto Fowler wrote:

I have written a script:
https://github.com/ottobackwards/Metron-and-Nifi-Scripts/blob/master/metron/metron-rc-check.sh
.
I think it might be useful.  If any of you could give it a look over 
and

perhaps try it, I would appreciate it.


https://github.com/ottobackwards/Metron-and-Nifi-Scripts/blob/master/metron/metron-rc-check 
:D

Re: [DISCUSS] - Remove Kibana

[Laurens Vets]

How would I do that without Kibana? Having a SIEM without the ability to 
see raw processed events (whether they are alerts or not), would be a 
big issue I think.


Or would Kibana always be required, just not installed by Metron?

On 2017-11-01 11:34, Michael Miklavcic wrote:
You could absolutely still do it, I'm simply saying it would not be 
managed

by us.

On Nov 1, 2017 12:20 PM, "Laurens Vets"  wrote:


If there's a viable way of looking at raw processed events (not
necessarily alerts), then I'm all for removeing Kibana. I use Discover 
a

lot to filter and look at events and create new policies from that.

Is there currently a simple way to do this without Kibana?

On 2017-11-01 09:13, Michael Miklavcic wrote:

As part of the ES upgrade, I got to thinking that it makes sense to 
remove
Kibana and the dashboards we're currently bundling in the MPack. To 
be
clear, this would not remove the ability to independently install and 
use
Kibana if the user so chooses, it would only remove the dashboards, 
and

potentially, the Ambari/MPack management support that we ship.

*pros*
Removes need to support tooling outside our wheelhouse
Smaller testing effort for ongoing support and future upgrades
Simplifies our base Metron install via Ambari. Also simplifies full 
dev

setup.

*cons*
User would need to install and setup their own Kibana instance and
dashboards.
If any existing users are using this, they'd need to backup and 
manage
their own Kibana dashboards going forward. They would also need to 
handle

any upgrade issues with Kibana post-Metron ES 5.x upgrade.

Any concerns?

Mike

Re: [DISCUSS] - Remove Kibana

[Laurens Vets]

If there's a viable way of looking at raw processed events (not 
necessarily alerts), then I'm all for removeing Kibana. I use Discover a 
lot to filter and look at events and create new policies from that.


Is there currently a simple way to do this without Kibana?

On 2017-11-01 09:13, Michael Miklavcic wrote:
As part of the ES upgrade, I got to thinking that it makes sense to 
remove

Kibana and the dashboards we're currently bundling in the MPack. To be
clear, this would not remove the ability to independently install and 
use

Kibana if the user so chooses, it would only remove the dashboards, and
potentially, the Ambari/MPack management support that we ship.

*pros*
Removes need to support tooling outside our wheelhouse
Smaller testing effort for ongoing support and future upgrades
Simplifies our base Metron install via Ambari. Also simplifies full dev
setup.

*cons*
User would need to install and setup their own Kibana instance and
dashboards.
If any existing users are using this, they'd need to backup and manage
their own Kibana dashboards going forward. They would also need to 
handle

any upgrade issues with Kibana post-Metron ES 5.x upgrade.

Any concerns?

Mike

Re: [DISCUSS] Build broken due to transitive dependencies

[Laurens Vets]

I was hesitant to believe Ryan that this was a compiler issue, but I 
upgraded my compiler on CentOS 6 to 4.9.2 and the build worked on the 
first try... Lesson learned: Never question Ryan again!


How to upgrade compiler on CentOS 6:

$ sudo yum install centos-release-scl
$ sudo yum install devtoolset-3-toolchain
$ scl enable devtoolset-3 bash
$ 

On 2017-10-13 11:12, Ryan Merriman wrote:
We recently ran into this and the cause was an old C++ compiler 
version.

It wants a compiler that has support for C++11:
https://gcc.gnu.org/projects/cxx-status.html#cxx11.

On Fri, Oct 13, 2017 at 1:00 PM, Laurens Vets  
wrote:



...
[INFO] --- frontend-maven-plugin:1.3:npm (ng build) @ metron-config 
---
[DEBUG] Configuring mojo 
com.github.eirslett:frontend-maven-plugin:1.3:npm

from plugin realm ClassRealm[plugin>com.github.e
irslett:frontend-maven-plugin:1.3, parent: 
sun.misc.Launcher$AppClassLoad

er@70dea4e]
[DEBUG] Configuring mojo 
'com.github.eirslett:frontend-maven-plugin:1.3:npm'

with basic configurator -->
[DEBUG]   (f) arguments = run build
[DEBUG]   (f) npmInheritsProxyConfigFromMaven = false
[DEBUG]   (f) project = MavenProject: 
org.apache.metron:metron-config:0.4.1

@ /root/metron/metron-interface/metron-config/pom.xml
[DEBUG]   (f) repositorySystemSession = org.eclipse.aether.DefaultRepo
sitorySystemSession@e883a51
[DEBUG]   (f) session = 
org.apache.maven.execution.MavenSession@2aaefbd

[DEBUG]   (f) skip = false
[DEBUG]   (f) skipTests = true
[DEBUG]   (f) workingDirectory = /root/metron/metron-interface/
metron-config
[DEBUG]   (f) execution = 
com.github.eirslett:frontend-maven-plugin:1.3:npm

{execution: ng build}
[DEBUG] -- end configuration --
[INFO] npm not inheriting proxy config from Maven
[INFO] Running 'npm run build' in /root/metron/metron-interface/
metron-config
[INFO]
[INFO] > metron-management-ui@0.4.1 build 
/root/metron/metron-interface/

metron-config
[INFO] > ./node_modules/angular-cli/bin/ng build -prod
[INFO]
[INFO] Cannot find module 'tough-cookie'
[INFO] Error: Cannot find module 'tough-cookie'
[INFO] at Function.Module._resolveFilename (module.js:440:15)
[INFO] at Function.Module._load (module.js:388:25)
[INFO] at Module.require (module.js:468:17)
[INFO] at require (internal/module.js:20:19)
[INFO] at Object. (/root/metron/metron-interface
/metron-config/node_modules/request/lib/cookies.js:3:13)
[INFO] at Module._compile (module.js:541:32)
[INFO] at Object.Module._extensions..js (module.js:550:10)
[INFO] at Module.load (module.js:458:32)
[INFO] at tryModuleLoad (module.js:417:12)
[INFO] at Function.Module._load (module.js:409:3)
[INFO] at Module.require (module.js:468:17)
[INFO] at require (internal/module.js:20:19)
[INFO] at Object. (/root/metron/metron-interface
/metron-config/node_modules/request/index.js:18:15)
[INFO] at Module._compile (module.js:541:32)
[INFO] at Object.Module._extensions..js (module.js:550:10)
[INFO] at Module.load (module.js:458:32)
[INFO] at tryModuleLoad (module.js:417:12)
[INFO] at Function.Module._load (module.js:409:3)
[INFO] at Module.require (module.js:468:17)
[INFO] at require (internal/module.js:20:19)
[INFO] at Leek._enqueue (/root/metron/metron-interface
/metron-config/node_modules/leek/lib/leek.js:60:30)
[INFO] at Leek.track (/root/metron/metron-interface
/metron-config/node_modules/leek/lib/leek.js:87:15)
[INFO] at Class.Command.validateAndRun 
(/root/metron/metron-interface

/metron-config/node_modules/angular-cli/lib/models/command.js:119:18)
[INFO] at 
/root/metron/metron-interface/metron-config/node_modules/ang

ular-cli/lib/cli/cli.js:86:22
[INFO] at tryCatch (/root/metron/metron-interface
/metron-config/node_modules/rsvp/dist/lib/rsvp/-internal.js:198:12)
[INFO] at invokeCallback (/root/metron/metron-interface
/metron-config/node_modules/rsvp/dist/lib/rsvp/-internal.js:211:13)
[INFO] at 
/root/metron/metron-interface/metron-config/node_modules/rsv

p/dist/lib/rsvp/then.js:26:14
[INFO] at flush (/root/metron/metron-interface
/metron-config/node_modules/rsvp/dist/lib/rsvp/asap.js:80:5)
[INFO] at _combinedTickCallback 
(internal/process/next_tick.js:67:7)
[INFO] at process._tickCallback 
(internal/process/next_tick.js:98:9)

[ERROR]
[ERROR] npm ERR! Linux 2.6.32-696.13.2.el6.x86_64
[ERROR] npm ERR! argv 
"/root/metron/metron-interface/metron-config/node/node"

"/root/metron/metron-interface/metron-config/node/node_modules/npm/bin/npm-cli.js"
"run" "build"
[ERROR] npm ERR! node v6.2.0
[ERROR] npm ERR! npm  v3.8.9
[ERROR] npm ERR! code ELIFECYCLE
[ERROR] npm ERR! metron-management-ui@0.4.1 build:
`./node_modules/angular-cli/bin/ng build -prod`
[ERROR] npm ERR! Exit status 1
[ERROR] npm ERR!
[ERROR] npm ERR! Failed at the metron-management-ui@0.4.1 build script
'./node_modules/angular-cli/bin/ng build -prod'.
[ERR

Re: [DISCUSS] Build broken due to transitive dependencies

[Laurens Vets]

Does that mean CentOS 6 won't work anymore?

On 2017-10-13 11:12, Ryan Merriman wrote:
We recently ran into this and the cause was an old C++ compiler 
version.

It wants a compiler that has support for C++11:
https://gcc.gnu.org/projects/cxx-status.html#cxx11.

On Fri, Oct 13, 2017 at 1:00 PM, Laurens Vets  
wrote:



...
[INFO] --- frontend-maven-plugin:1.3:npm (ng build) @ metron-config 
---
[DEBUG] Configuring mojo 
com.github.eirslett:frontend-maven-plugin:1.3:npm

from plugin realm ClassRealm[plugin>com.github.e
irslett:frontend-maven-plugin:1.3, parent: 
sun.misc.Launcher$AppClassLoad

er@70dea4e]
[DEBUG] Configuring mojo 
'com.github.eirslett:frontend-maven-plugin:1.3:npm'

with basic configurator -->
[DEBUG]   (f) arguments = run build
[DEBUG]   (f) npmInheritsProxyConfigFromMaven = false
[DEBUG]   (f) project = MavenProject: 
org.apache.metron:metron-config:0.4.1

@ /root/metron/metron-interface/metron-config/pom.xml
[DEBUG]   (f) repositorySystemSession = org.eclipse.aether.DefaultRepo
sitorySystemSession@e883a51
[DEBUG]   (f) session = 
org.apache.maven.execution.MavenSession@2aaefbd

[DEBUG]   (f) skip = false
[DEBUG]   (f) skipTests = true
[DEBUG]   (f) workingDirectory = /root/metron/metron-interface/
metron-config
[DEBUG]   (f) execution = 
com.github.eirslett:frontend-maven-plugin:1.3:npm

{execution: ng build}
[DEBUG] -- end configuration --
[INFO] npm not inheriting proxy config from Maven
[INFO] Running 'npm run build' in /root/metron/metron-interface/
metron-config
[INFO]
[INFO] > metron-management-ui@0.4.1 build 
/root/metron/metron-interface/

metron-config
[INFO] > ./node_modules/angular-cli/bin/ng build -prod
[INFO]
[INFO] Cannot find module 'tough-cookie'
[INFO] Error: Cannot find module 'tough-cookie'
[INFO] at Function.Module._resolveFilename (module.js:440:15)
[INFO] at Function.Module._load (module.js:388:25)
[INFO] at Module.require (module.js:468:17)
[INFO] at require (internal/module.js:20:19)
[INFO] at Object. (/root/metron/metron-interface
/metron-config/node_modules/request/lib/cookies.js:3:13)
[INFO] at Module._compile (module.js:541:32)
[INFO] at Object.Module._extensions..js (module.js:550:10)
[INFO] at Module.load (module.js:458:32)
[INFO] at tryModuleLoad (module.js:417:12)
[INFO] at Function.Module._load (module.js:409:3)
[INFO] at Module.require (module.js:468:17)
[INFO] at require (internal/module.js:20:19)
[INFO] at Object. (/root/metron/metron-interface
/metron-config/node_modules/request/index.js:18:15)
[INFO] at Module._compile (module.js:541:32)
[INFO] at Object.Module._extensions..js (module.js:550:10)
[INFO] at Module.load (module.js:458:32)
[INFO] at tryModuleLoad (module.js:417:12)
[INFO] at Function.Module._load (module.js:409:3)
[INFO] at Module.require (module.js:468:17)
[INFO] at require (internal/module.js:20:19)
[INFO] at Leek._enqueue (/root/metron/metron-interface
/metron-config/node_modules/leek/lib/leek.js:60:30)
[INFO] at Leek.track (/root/metron/metron-interface
/metron-config/node_modules/leek/lib/leek.js:87:15)
[INFO] at Class.Command.validateAndRun 
(/root/metron/metron-interface

/metron-config/node_modules/angular-cli/lib/models/command.js:119:18)
[INFO] at 
/root/metron/metron-interface/metron-config/node_modules/ang

ular-cli/lib/cli/cli.js:86:22
[INFO] at tryCatch (/root/metron/metron-interface
/metron-config/node_modules/rsvp/dist/lib/rsvp/-internal.js:198:12)
[INFO] at invokeCallback (/root/metron/metron-interface
/metron-config/node_modules/rsvp/dist/lib/rsvp/-internal.js:211:13)
[INFO] at 
/root/metron/metron-interface/metron-config/node_modules/rsv

p/dist/lib/rsvp/then.js:26:14
[INFO] at flush (/root/metron/metron-interface
/metron-config/node_modules/rsvp/dist/lib/rsvp/asap.js:80:5)
[INFO] at _combinedTickCallback 
(internal/process/next_tick.js:67:7)
[INFO] at process._tickCallback 
(internal/process/next_tick.js:98:9)

[ERROR]
[ERROR] npm ERR! Linux 2.6.32-696.13.2.el6.x86_64
[ERROR] npm ERR! argv 
"/root/metron/metron-interface/metron-config/node/node"

"/root/metron/metron-interface/metron-config/node/node_modules/npm/bin/npm-cli.js"
"run" "build"
[ERROR] npm ERR! node v6.2.0
[ERROR] npm ERR! npm  v3.8.9
[ERROR] npm ERR! code ELIFECYCLE
[ERROR] npm ERR! metron-management-ui@0.4.1 build:
`./node_modules/angular-cli/bin/ng build -prod`
[ERROR] npm ERR! Exit status 1
[ERROR] npm ERR!
[ERROR] npm ERR! Failed at the metron-management-ui@0.4.1 build script
'./node_modules/angular-cli/bin/ng build -prod'.
[ERROR] npm ERR! Make sure you have the latest version of node.js and 
npm

installed.
[ERROR] npm ERR! If you do, this is most likely a problem with the
metron-management-ui package,
[ERROR] npm ERR! not with npm itself.
[ERROR] npm ERR! Tell the author that this fails on your system:
[ERROR] npm ERR!  

Re: [DISCUSS] Build broken due to transitive dependencies

[Laurens Vets]

edBuilder$1.call(MultiThreadedBuilder.java:181)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.maven.plugin.MojoFailureException: Failed to run 
task
	at 
com.github.eirslett.maven.plugins.frontend.mojo.AbstractFrontendMojo.execute(AbstractFrontendMojo.java:95)
	at 
org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
	at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)

... 11 more
Caused by: 
com.github.eirslett.maven.plugins.frontend.lib.TaskRunnerException: 'npm 
run build' failed. (error code 1)
	at 
com.github.eirslett.maven.plugins.frontend.lib.NodeTaskExecutor.execute(NodeTaskExecutor.java:60)
	at 
com.github.eirslett.maven.plugins.frontend.mojo.NpmMojo.execute(NpmMojo.java:62)
	at 
com.github.eirslett.maven.plugins.frontend.mojo.AbstractFrontendMojo.execute(AbstractFrontendMojo.java:89)

... 13 more
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, 
please read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

[ERROR]
[ERROR] After correcting the problems, you can resume the build with the 
command

[ERROR]   mvn  -rf :metron-config
[root@centos6 metron]#

[root@centos6 metron]# gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info 
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap 
--enable-shared --enable-threads=posix --enable-checking=release 
--with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions 
--enable-gnu-unique-object 
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada 
--enable-java-awt=gtk --disable-dssi 
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre 
--enable-libgcj-multifile --enable-java-maintainer-mode 
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar 
--disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic 
--with-arch_32=i686 --build=x86_64-redhat-linux

Thread model: posix
gcc version 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
[root@centos6 metron]#

On 2017-10-04 13:15, James Sirota wrote:

Can you run it with the -X flag and paste the error?  What version of
the gcc compiler do you have?

02.10.2017, 09:37, "Laurens Vets" :

I might have spoken too soon. This is what I see now on 0.4.1-release:

...
[INFO] metron-contrib . SUCCESS [
0.006 s]
[INFO] metron-docker .. SUCCESS [
3.088 s]
[INFO] metron-interface ... SUCCESS [
0.057 s]
[INFO] metron-config .. FAILURE
[06:54 min]
[INFO] metron-alerts .. SUCCESS
[03:44 min]
[INFO] metron-rest-client . SUCCESS [
0.411 s]
[INFO] metron-rest  SUCCESS [
26.628 s]
[INFO] site-book .. SUCCESS [
1.136 s]
[INFO]

[INFO] BUILD FAILURE
[INFO]

[INFO] Total time: 06:56 min (Wall Clock)
[INFO] Finished at: 2017-10-02T16:33:39+00:00
[INFO] Final Memory: 240M/3203M
[INFO]

[ERROR] Failed to execute goal
com.github.eirslett:frontend-maven-plugin:1.3:npm (ng build) on 
project

metron-config: Failed to run task: 'npm run build' failed. (error code
1) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with 
the

-e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with 
the

command
[ERROR] mvn  -rf :metron-config

On 2017-10-02 08:16, Laurens Vets wrote:

 I can confirm 0.4.1 (on CentOS 6!) builds for me as well.

 Are we sure it isn't due to the version of node shipped with the OS?

 On 2017-10-02 08:04, zeo...@gmail.com wrote:

 Hmm, 0.4.1 built fine for me.

 Jon

 On Mon, Oct 2, 2017 at 10:44 AM Casey Stella 
 wrote:


 Ok, the build is broken in metron-config due to some transitive
 changes
 that happened in npm-land:

 [INFO]

 
/U

Re: Cloudtrail use case

[Laurens Vets]

Yes, that's what I meant :) I sent my mail too soon.

On 2017-10-05 15:48, Nick Allen wrote:
If you mean that you would be willing to do the work, then yes 
absolutely!

I think that would be great. :)

On Thu, Oct 5, 2017 at 6:45 PM, Laurens Vets  wrote:


Hi,

Would anyone be interested in adding a full AWS Cloudtrail use case to 
the

Metron documentation? I would roughly consist of:
- Apache NiFi configuration to retrieve Cloudtrail logs from S3 and 
send

it to Metron via Kafka.
- Complete Metron sensor configuration (enrichment, alerting, etc...) 
for

this.

Re: Cloudtrail use case

[Laurens Vets]

On 2017-10-05 15:45, Laurens Vets wrote:

Hi,

Would anyone be interested in adding a full AWS Cloudtrail use case to
the Metron documentation? I would roughly consist of:
- Apache NiFi configuration to retrieve Cloudtrail logs from S3 and
send it to Metron via Kafka.
- Complete Metron sensor configuration (enrichment, alerting, etc...) 
for this.


Sent too soon :(

If anyone would be interested in this documentation, where would add 
this in the source?

Cloudtrail use case

[Laurens Vets]

Hi,

Would anyone be interested in adding a full AWS Cloudtrail use case to 
the Metron documentation? I would roughly consist of:
- Apache NiFi configuration to retrieve Cloudtrail logs from S3 and send 
it to Metron via Kafka.
- Complete Metron sensor configuration (enrichment, alerting, etc...) 
for this.

Re: SUM aggregator not working?

[Laurens Vets]

It's working now, so I'm happy :)

On 2017-10-04 14:03, Casey Stella wrote:
Ok, so this is subtle.  Your rules are wrong and I totally understand 
why

you thought they were right.

When we index into ES, we take . and convert them to :, however PRIOR 
to

indexing (when threat triage is running) those fields have .'s not :'s
Therefore, your rules should be:

userIdentity.sessionContext.attributes.mfaAuthenticated == 'False'
and
additionalEventData.MFAUsed == 'No'

The same general argument goes for your threat triage stellar 
expressions.



Sorry about the confusion, we do that mapping because ES doesn't handle
those .'s well.  Hey, maybe ES 5 is more sane about that sort of thing 
and

we can avoid doing that transformation.

Casey

On Wed, Oct 4, 2017 at 4:38 PM, Laurens Vets  wrote:


No idea whether it's a bug yet, I just need a 2nd set of eyes :)

This is my event as indexed in ES (Obviously some parts have been
obfuscated):

{
  "_index": "cloudtrail_index_2017.10.04.19",
  "_type": "cloudtrail_doc",
  "_id": "95617686-bd39-46ff-b5c0-db3aeb5b6bab",
  "_score": null,
  "_timestamp": 1507143907108,
  "_source": {
"eventID": "9e3d5468-2d97-4b9a-9821-5c61fec8c158",
"additionalEventData:MFAUsed": "No",
"adapter:stellaradapter:end:ts": "1507143907145",
"threatinteljoinbolt:joiner:ts": "1507143907153",
"eventVersion": "1.05",
"threat:triage:rules:0:comment": "Checks whether the field is_work 
is

true or false.",
"sourceIPAddress": "208.110.73.106",
"eventSource": "signin.amazonaws.com",
"enrichmentsplitterbolt:splitter:begin:ts": "1507143907143",
"enrichmentjoinbolt:joiner:ts": "1507143907147",
"additionalEventData:MobileVersion": "No",
"threat:triage:rules:0:name": "Not WORK",
"source:type": "cloudtrail",
"original_string": "{\"eventVersion\":\"1.05\",\"
userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"AIDAI
5ITCMVR3BQV5DUFW\",\"arn\":\"arn:aws:iam:::user/
\",\"accountId\":\"\",\"userName\":\"<
EMAIL>\"},\"eventTime\":\"2017-10-04T18:57:31Z\",\"eventSource\":\"
signin.amazonaws.com\",\"eventName\":\"ConsoleLogin\"
,\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"208.110.7
3.106\",\"userAgent\":\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; 
rv:56.0)

Gecko/20100101 Firefox/56.0\",\"requestParame
ters\":null,\"responseElements\":{\"ConsoleLogin\":\"
Success\"},\"additionalEventData\":{\"LoginTo\":\"https://
console.aws.amazon.com/console/home?state=hashArgs%23&isauthcode=true\
<https://console.aws.amazon.com/console/home?state=hashArgs%23&isauthcode=true%5C>
",\"MobileVersion\":\"No\",\"MFAUsed\":\"No\"},\"eventID\":
\"9e3d5468-2d97-4b9a-9821-5c61fec8c158\",\"eventType\":\
"AwsConsoleSignIn\",\"recipientAccountId\":\"\"}",
"eventTime": "2017-10-04T18:57:31Z",
"eventName": "ConsoleLogin",
"recipientAccountId": "",
"userIdentity:principalId": "AIDAI5ITCMVR3BQV5DUFW",
"threatintelsplitterbolt:splitter:end:ts": "1507143907148",
"threat:triage:rules:0:score": 20,
"timestamp": 1507143907108,
"threat:triage:rules:0:reason": "208.110.73.106 is not an WORK
network!",
"awsRegion": "us-east-1",
"is_work": false,
"userIdentity:userName": "",
"enrichmentsplitterbolt:splitter:end:ts": "1507143907143",
"threat:triage:score": 20,
"is_alert": "true",
"userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:56.0)
Gecko/20100101 Firefox/56.0",
"adapter:stellaradapter:begin:ts": "1507143907145",
"eventType": "AwsConsoleSignIn",
"userIdentity:arn": "arn:aws:iam:::user/",
"userIdentity:accountId": "",
"userIdentity:type": "IAMUser",
"threatintelsplitterbolt:splitter:begin:ts": "1507143907148",
"gu

SUM aggregator not working?

[Laurens Vets]

No idea whether it's a bug yet, I just need a 2nd set of eyes :)

This is my event as indexed in ES (Obviously some parts have been 
obfuscated):


{
  "_index": "cloudtrail_index_2017.10.04.19",
  "_type": "cloudtrail_doc",
  "_id": "95617686-bd39-46ff-b5c0-db3aeb5b6bab",
  "_score": null,
  "_timestamp": 1507143907108,
  "_source": {
"eventID": "9e3d5468-2d97-4b9a-9821-5c61fec8c158",
"additionalEventData:MFAUsed": "No",
"adapter:stellaradapter:end:ts": "1507143907145",
"threatinteljoinbolt:joiner:ts": "1507143907153",
"eventVersion": "1.05",
"threat:triage:rules:0:comment": "Checks whether the field is_work 
is true or false.",

"sourceIPAddress": "208.110.73.106",
"eventSource": "signin.amazonaws.com",
"enrichmentsplitterbolt:splitter:begin:ts": "1507143907143",
"enrichmentjoinbolt:joiner:ts": "1507143907147",
"additionalEventData:MobileVersion": "No",
"threat:triage:rules:0:name": "Not WORK",
"source:type": "cloudtrail",
"original_string": 
"{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"AIDAI5ITCMVR3BQV5DUFW\",\"arn\":\"arn:aws:iam:::user/\",\"accountId\":\"\",\"userName\":\"\"},\"eventTime\":\"2017-10-04T18:57:31Z\",\"eventSource\":\"signin.amazonaws.com\",\"eventName\":\"ConsoleLogin\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"208.110.73.106\",\"userAgent\":\"Mozilla/5.0 
(X11; Ubuntu; Linux x86_64; rv:56.0) Gecko/20100101 
Firefox/56.0\",\"requestParameters\":null,\"responseElements\":{\"ConsoleLogin\":\"Success\"},\"additionalEventData\":{\"LoginTo\":\"https://console.aws.amazon.com/console/home?state=hashArgs%23&isauthcode=true\",\"MobileVersion\":\"No\",\"MFAUsed\":\"No\"},\"eventID\":\"9e3d5468-2d97-4b9a-9821-5c61fec8c158\",\"eventType\":\"AwsConsoleSignIn\",\"recipientAccountId\":\";\"}",

"eventTime": "2017-10-04T18:57:31Z",
"eventName": "ConsoleLogin",
"recipientAccountId": "",
"userIdentity:principalId": "AIDAI5ITCMVR3BQV5DUFW",
"threatintelsplitterbolt:splitter:end:ts": "1507143907148",
"threat:triage:rules:0:score": 20,
"timestamp": 1507143907108,
"threat:triage:rules:0:reason": "208.110.73.106 is not an WORK 
network!",

"awsRegion": "us-east-1",
"is_work": false,
"userIdentity:userName": "",
"enrichmentsplitterbolt:splitter:end:ts": "1507143907143",
"threat:triage:score": 20,
"is_alert": "true",
"userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:56.0) 
Gecko/20100101 Firefox/56.0",

"adapter:stellaradapter:begin:ts": "1507143907145",
"eventType": "AwsConsoleSignIn",
"userIdentity:arn": "arn:aws:iam:::user/",
"userIdentity:accountId": "",
"userIdentity:type": "IAMUser",
"threatintelsplitterbolt:splitter:begin:ts": "1507143907148",
"guid": "95617686-bd39-46ff-b5c0-db3aeb5b6bab",
"additionalEventData:LoginTo": 
"https://console.aws.amazon.com/console/home?state=hashArgs%23&isauthcode=true";,

"responseElements:ConsoleLogin": "Success"
  },
  "fields": {
"adapter:stellaradapter:end:ts": [
  1507143907145
],
"threatinteljoinbolt:joiner:ts": [
  1507143907153
],
"enrichmentsplitterbolt:splitter:end:ts": [
  1507143907143
],
"enrichmentsplitterbolt:splitter:begin:ts": [
  1507143907143
],
"enrichmentjoinbolt:joiner:ts": [
  1507143907147
],
"adapter:stellaradapter:begin:ts": [
  1507143907145
],
"eventTime": [
  1507143451000
],
"threatintelsplitterbolt:splitter:begin:ts": [
  1507143907148
],
"threatintelsplitterbolt:splitter:end:ts": [
  1507143907148
],
"timestamp": [
  1507143907108
]
  },
  "sort": [
1507143451000
  ]
}

This is my sensor configuration:


{
"enrichment": {
"fieldMap": {
"stellar": {
"config": {
	"is_work": "IN_SUBNET(if IS_IP(sourceIPAddress) then 
sourceIPAddress else NULL, '1.2.3.4/16', '5.6.7.8/23')"

}
}
},
"fieldToTypeMap": {},
"config": {}
},
"threatIntel": {
"fieldMap": {
"stellar": {
"config": [
	"is_alert := exists(is_work) && is_work != true && eventName == 
\"ConsoleLogin\"",
	"is_alert := is_alert ||  (eventName == \"ConsoleLogin\" && 
userIdentity:sessionContext:attributes:mfaAuthenticated == \"False\")",
	"is_alert := is_alert || (eventName == \"ConsoleLogin\" && 
additionalEventData:MFAUsed == \"No\")"

]
}
},
"fieldToTypeMap": {},
"config": {},
"triageConfig": {
"riskLevelRules": [
{
"name": "Not WORK",
 

Re: Error message when changing riskLevelRules

[Laurens Vets]

 MFA used.'"

},

{

"name": "MFA2",

"comment": "Checks whether MFA used or not.",

"rule": "additionalEventData:MFAUsed == \"No\"",

"score": 20,

"reason": "'No MFA used.'"

}

]

[Stellar]>>> rules := TO_JSON_LIST(input)


​
​(4) ​
​Again, i
nitialize the threat triage engine and add the rules.


[Stellar]>>> t := THREAT_TRIAGE_INIT()

[Stellar]>>> THREAT_TRIAGE_ADD(t, rules)

{

  "enrichment" : {

"fieldMap" : { },

"fieldToTypeMap" : { },

"config" : { }

  },

  "threatIntel" : {

"fieldMap" : { },

"fieldToTypeMap" : { },

"config" : { },

"triageConfig" : {

  "riskLevelRules" : [ {

"name" : "Not WORK",

"comment" : "Checks whether the field is_work is true or 
false.",


"rule" : "is_work == false",

"score" : 20.0,

"reason" : "FORMAT('%s is not a WORK network!', 
sourceIPAddress)"


  }, {

"name" : "MFA",

"comment" : "Checks whether MFA used or not.",

"rule" : 
"userIdentity:sessionContext:attributes:mfaAuthenticated

== \"False\"",

"score" : 20.0,

"reason" : "'No MFA used.'"

  }, {

"name" : "MFA2",

"comment" : "Checks whether MFA used or not.",

"rule" : "additionalEventData:MFAUsed == \"No\"",

"score" : 20.0,

"reason" : "'No MFA used.'"

  } ],

  "aggregator" : "MAX",

  "aggregationConfig" : { }

}

  },

  "configuration" : { }

}


(5) As you can see the rules are now valid; no more exceptions.  From 
here

you could score some mock telemetry to validate your rule set further.


Hope this helps.

On Thu, Sep 28, 2017 at 12:42 PM, Laurens Vets  
wrote:



I have the following riskLevelRules:

"riskLevelRules": [
{
"name": "Not WORK",
"comment": "Checks whether the field is_work is true 
or

false.",
"rule": "is_work == false",
"score": 20,
"reason": "FORMAT('%s is not a WORK network!',
sourceIPAddress)"
},
{
"name": "MFA",
"comment": "Checks whether MFA used or not.",
"rule": 
"userIdentity:sessionContext:attributes:mfaAuthenticated

== \"False\"",
"score": 20,
"reason": null
},
{
"name": "MFA2",
"comment": "Checks whether MFA used or not.",
"rule": "additionalEventData:MFAUsed == \"No\"",
"score": 20,
"reason": null
}
],

When I try to change the reason in the 2nd and 3rd from null to "No 
MFA
used.", I get the error message: "Modified Sensor parser config but 
unable
to save enrichment configuration: JSON.parse: unexpected end of data 
at
line 1 column 1 of the JSON data" and the reason is reverted back to 
null.

Changing other items in the above works fine.

Any idea what might be going on?

Re: [DISCUSS] Build broken due to transitive dependencies

[Laurens Vets]

I might have spoken too soon. This is what I see now on 0.4.1-release:

...
[INFO] metron-contrib . SUCCESS [  
0.006 s]
[INFO] metron-docker .. SUCCESS [  
3.088 s]
[INFO] metron-interface ... SUCCESS [  
0.057 s]
[INFO] metron-config .. FAILURE 
[06:54 min]
[INFO] metron-alerts .. SUCCESS 
[03:44 min]
[INFO] metron-rest-client . SUCCESS [  
0.411 s]
[INFO] metron-rest  SUCCESS [ 
26.628 s]
[INFO] site-book .. SUCCESS [  
1.136 s]
[INFO] 


[INFO] BUILD FAILURE
[INFO] 


[INFO] Total time: 06:56 min (Wall Clock)
[INFO] Finished at: 2017-10-02T16:33:39+00:00
[INFO] Final Memory: 240M/3203M
[INFO] 

[ERROR] Failed to execute goal 
com.github.eirslett:frontend-maven-plugin:1.3:npm (ng build) on project 
metron-config: Failed to run task: 'npm run build' failed. (error code 
1) -> [Help 1]

[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the 
-e switch.

[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, 
please read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

[ERROR]
[ERROR] After correcting the problems, you can resume the build with the 
command

[ERROR]   mvn  -rf :metron-config



On 2017-10-02 08:16, Laurens Vets wrote:

I can confirm 0.4.1 (on CentOS 6!) builds for me as well.

Are we sure it isn't due to the version of node shipped with the OS?

On 2017-10-02 08:04, zeo...@gmail.com wrote:

Hmm, 0.4.1 built fine for me.

Jon

On Mon, Oct 2, 2017 at 10:44 AM Casey Stella  
wrote:


Ok, the build is broken in metron-config due to some transitive 
changes

that happened in npm-land:

[INFO]

/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32
[INFO]   throw new Error('Cyclic dependency: 
'+JSON.stringify(node))

[INFO] ^
[INFO] Error: Cyclic dependency: "[object Object]"
[INFO] at visit

(/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32:13)
[INFO] at visit

(/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:48:9)

Evidently one of our transitive dependencies has changed and we have 
ended
up with a cyclic dependency.  I'm not sure where or why yet, but I 
believe
this breaks both master and our 0.4.1 release (I haven't confirmed 
this

yet, but I strongly suspect).

While the good work of tracking down this specific error is done, I'd 
like
to bring up a broader discussion point: our practice of not fixing 
versions
for our node dependencies.  This is, in effect, causing a few 
problems:


   - We do not have a consistent, repeatable build.
   - We set ourselves up for possible license violation without 
knowing

   about it (a transitive dependency changes its license)

As we stand, we have a release which doesn't not build after we have
released it and tested it.  It seems to me that we should at a 
minimum as a

stopgap:

   - fix the versions of our dependencies so that they are in a 
working

   state
   - consider a point release to get a working build.

I guess my questions to those of us with more javascript and UI 
experience

is as follows:

   - Does fixing the version of our dependencies actually fix the 
problem

   transitively?
   - IF not, then how do we get a version of a build which is 
consistent
   and repeatable and does not expose us to downstream licensing 
issues?


Thanks,

Casey

Re: [DISCUSS] Build broken due to transitive dependencies

[Laurens Vets]

I can confirm 0.4.1 (on CentOS 6!) builds for me as well.

Are we sure it isn't due to the version of node shipped with the OS?

On 2017-10-02 08:04, zeo...@gmail.com wrote:

Hmm, 0.4.1 built fine for me.

Jon

On Mon, Oct 2, 2017 at 10:44 AM Casey Stella  
wrote:


Ok, the build is broken in metron-config due to some transitive 
changes

that happened in npm-land:

[INFO]

/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32
[INFO]   throw new Error('Cyclic dependency: 
'+JSON.stringify(node))

[INFO] ^
[INFO] Error: Cyclic dependency: "[object Object]"
[INFO] at visit

(/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:32:13)
[INFO] at visit

(/Users/cstella/Documents/workspace/metron/fork/incubator-metron/metron-interface/metron-config/node_modules/toposort/index.js:48:9)

Evidently one of our transitive dependencies has changed and we have 
ended
up with a cyclic dependency.  I'm not sure where or why yet, but I 
believe
this breaks both master and our 0.4.1 release (I haven't confirmed 
this

yet, but I strongly suspect).

While the good work of tracking down this specific error is done, I'd 
like
to bring up a broader discussion point: our practice of not fixing 
versions
for our node dependencies.  This is, in effect, causing a few 
problems:


   - We do not have a consistent, repeatable build.
   - We set ourselves up for possible license violation without 
knowing

   about it (a transitive dependency changes its license)

As we stand, we have a release which doesn't not build after we have
released it and tested it.  It seems to me that we should at a minimum 
as a

stopgap:

   - fix the versions of our dependencies so that they are in a 
working

   state
   - consider a point release to get a working build.

I guess my questions to those of us with more javascript and UI 
experience

is as follows:

   - Does fixing the version of our dependencies actually fix the 
problem

   transitively?
   - IF not, then how do we get a version of a build which is 
consistent
   and repeatable and does not expose us to downstream licensing 
issues?


Thanks,

Casey

Error message when changing riskLevelRules

[Laurens Vets]

I have the following riskLevelRules:

"riskLevelRules": [
{
"name": "Not WORK",
"comment": "Checks whether the field is_work is true or false.",
"rule": "is_work == false",
"score": 20,
"reason": "FORMAT('%s is not a WORK network!', sourceIPAddress)"
},
{
"name": "MFA",
"comment": "Checks whether MFA used or not.",
		"rule": "userIdentity:sessionContext:attributes:mfaAuthenticated == 
\"False\"",

"score": 20,
"reason": null
},
{
"name": "MFA2",
"comment": "Checks whether MFA used or not.",
"rule": "additionalEventData:MFAUsed == \"No\"",
"score": 20,
"reason": null
}
],

When I try to change the reason in the 2nd and 3rd from null to "No MFA 
used.", I get the error message: "Modified Sensor parser config but 
unable to save enrichment configuration: JSON.parse: unexpected end of 
data at line 1 column 1 of the JSON data" and the reason is reverted 
back to null. Changing other items in the above works fine.


Any idea what might be going on?

Re: [DISCUSS] How should Management UI save changes?

[Laurens Vets]

Maybe change the text on the button on the primary panel to "write" 
instead of "save"?


Also, I want wider child panels in the management UI if at all possible. 
Especially the "RAW JSON" feels cramped.


On 2017-09-20 14:37, Ryan Merriman wrote:
Recently @nickwallen brought up some good points about the usability of 
the

Management UI here:
https://github.com/apache/metron/pull/737#issuecomment-330632113.  The
issues he brings up apply to all child panels so I think it makes sense 
to

agree on a common approach and apply it to all of them.

Most child panels have a save button that saves changes to the local
(browser) copy of the config.  The save button on the primary panel
persists the changes to zookeeper and closes all panels.  Should we 
change

the buttons or button text?  What should the different buttons do?  One
idea could be to just skip saving to a local copy, meaning hitting the 
save
button persists changes in that panel to zookeeper.  Another idea could 
be

to get rid of the save buttons on child panels and changes to the form
would immediately update the local copy.  In this case we would likely 
need
an indicator that there are changes to be saved (or should we have that 
no

matter what?).  Other ideas?

There is also the issue of being able to discard changes and go back to
what they were before.  Now you can close a child or primary panel but 
you
discard all changes in that panel and all changes period in the case of 
the
primary panel.  We could be to expose a revert link or button for each 
form

input (a lot of work probably).  Other ideas?

Ryan

[DISCUSS] Is there a reason for separate Management & Alerts UIs?

[Laurens Vets]

As the subject says, is there a specific reason to have the Management & 
Alerts UI separate?


Having another option under "Operations" called "Alerts" in the 
Management UI seems to make more sense to me... If it's because they are 
called Management UI and Alerts UI, maybe we should make it more general 
and name it Metron UI?

Re: [DISCUSS] Community meeting on Tuesday, Sept.23 10AM PST

[Laurens Vets]

11:30 won't work for me, but that's fine. I only had 1 comment on Otto's 
video: What happens when we have 2 parsers/sensors with the same name. 
If there's ever a parser/sensor repository, this might be an issue.


On 2017-09-25 17:38, Otto Fowler wrote:
11:30 your time.  Sorry I have to pick my kids up from school.  2:30 
mine.



On September 25, 2017 at 19:41:28, James Sirota (jsir...@apache.org) 
wrote:


Oh sorry, didn't notice that. Otto, when is a good time for you?

25.09.2017, 16:35, "zeo...@gmail.com" :
When is the meeting, given Otto mentioned he can't make 10am? Or did 
that

change

Jon

On Mon, Sep 25, 2017, 19:19 James Sirota  wrote:

 Great. Thank you, Otto. I would encourage everyone to watch it so 
that

we

 have constructive feedback for tomorrow and are able to arrive to a

decision


 Thanks,
 James

 25.09.2017, 08:27, "Otto Fowler" :
 > https://youtu.be/-ISycoP3TVA
 >
 > The video is short and simple. Hopefully it is what you are 
looking

for.

 >
 > On September 21, 2017 at 16:54:13, zeo...@gmail.com 
(zeo...@gmail.com)



 > wrote:
 >
 > I won't be able to make it and would really like to make sure 
there's

a
 > recording for this one, if possible. I'm unavailable until 
Thursday

of

 > next week, but not necessarily suggesting this gets moved.
 >
 > Jon
 >
 > On Thu, Sep 21, 2017, 15:04 Otto Fowler 

wrote:

 >
 >> I can’t make that time, can we make it later in the day?
 >>
 >> On September 21, 2017 at 11:40:37, James Sirota 
(jsir...@apache.org)

 >> wrote:
 >>
 >> https://hortonworks.webex.com/meet/jsirota
 > --
 >
 > Jon

 ---
 Thank you,

 James Sirota
 PPMC- Apache Metron (Incubating)
 jsirota AT apache DOT org

--

Jon


---
Thank you,

James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org

Re: Elasticsearch masters_also_are_datanodes doesn't work.

[Laurens Vets]

I'll try to look further into it... Thanks for the help! 

On 2017-09-13 14:18, Matt Foley wrote:

> Interesting, I had previously found that many (but not all) ES params are 
> extensively processed by code fairly deep in the guts of ES itself (unrelated 
> to Metron's use of it), to allow this kind of flexibility. 
> 
> Thanks very much for sharing your results, Mike.  Looks like we'll continue 
> with the release. 
> 
> Laurens, I hope you can find what's going on, on your system.  I would 
> suggest that, if it isn't being written through to the yml file, it seems to 
> be an Ambari or install issue rather than an ES issue per se. 
> 
> Thanks, 
> 
> --Matt 
> 
> FROM: Michael Miklavcic 
> DATE: Wednesday, September 13, 2017 at 2:08 PM
> TO: Matt Foley 
> CC: Laurens Vets , "dev@metron.apache.org" 
> 
> SUBJECT: Re: Elasticsearch masters_also_are_datanodes doesn't work. 
> 
> Here's what I found. Data is flowing into ES indexes. I can change the 
> "masters_also_are_datanodes" property and it is reflected in the node.data 
> property in elasticsearch.yml. 
> 
> Here's my search for this property in the source code. It is properly being 
> used int the ES mpack scripts afaik. 
> 
> Targets 
> 
> Occurrences of 'masters_also_are_datanodes' in Directory 
> devprojects/metron/metron-deployment 
> 
> Found Occurrences  (6 usages found) 
> 
> Unclassified occurrence  (5 usages found) 
> 
> metron-deployment  (2 usages found) 
> 
> metron-deployment/other-examples/manual-install  (1 usage found) 
> 
> Manual_Install_CentOS6.md  (1 usage found) 
> 
> 810 "masters_also_are_datanodes" to "true" 
> 
> metron-deployment/roles/ambari_config/vars  (1 usage found) 
> 
> single_node_vm.yml  (1 usage found) 
> 
> 104 masters_also_are_datanodes: "1" 
> 
> metron_mpack  (3 usages found) 
> 
> common-services.ELASTICSEARCH.2.3.3.configuration  (1 usage found) 
> 
> elastic-site.xml  (1 usage found) 
> 
> 30 masters_also_are_datanodes 
> 
> common-services.ELASTICSEARCH.2.3.3.package.scripts  (1 usage found) 
> 
> params.py  (1 usage found) 
> 
> 26 masters_also_are_datanodes = 
> config['configurations']['elastic-site']['masters_also_are_datanodes'] 
> 
> common-services.ELASTICSEARCH.2.3.3.package.templates  (1 usage found) 
> 
> elasticsearch.master.yaml.j2  (1 usage found) 
> 
> 36   DATA: {{ MASTERS_ALSO_ARE_DATANODES }} 
> 
> Usage in string constants  (1 usage found) 
> 
> metron_mpack  (1 usage found) 
> 
> common-services.ELASTICSEARCH.2.3.3.package.scripts  (1 usage found) 
> 
> params.py  (1 usage found) 
> 
> 26 MASTERS_ALSO_ARE_DATANODES = 
> CONFIG['CONFIGURATIONS']['ELASTIC-SITE']['MASTERS_ALSO_ARE_DATANODES'] 
> 
> It should be noted that regardless of the ES documentation, this seems to 
> work with a variety of values including "true" (with quotes) and 1 (without 
> quotes). When I set the value to garbage through Ambari, I see this in 
> /var/log/elasticsearch/metron.log 
> 
> java.lang.IllegalArgumentException: value cannot be parsed to boolean [ 
> TRUE/1/ON/YES OR FALSE/0/OFF/NO ] 
> 
> at org.elasticsearch.common.Booleans.parseBooleanExact(Booleans.java:97) 
> 
> at 
> org.elasticsearch.cluster.node.DiscoveryNode.dataNode(DiscoveryNode.java:256) 
> 
> at 
> org.elasticsearch.cluster.node.DiscoveryNodes$Builder.build(DiscoveryNodes.java:659)
>  
> 
> at 
> org.elasticsearch.cluster.ClusterState$Builder.nodes(ClusterState.java:571) 
> 
> at 
> org.elasticsearch.cluster.service.InternalClusterService.doStart(InternalClusterService.java:205)
>  
> 
> at 
> org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68)
>  
> 
> at org.elasticsearch.node.Node.start(Node.java:279) 
> 
> at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:206) 
> 
> at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:272) 
> 
> at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35) 
> 
> Apparently, even yes/no will work! I tried it, and can confirm they work with 
> quotes. But surprisingly, this does NOT work if you pass true/false or yes/no 
> without quotes. In summary, here are the supported values: 
> 
> * 1
> * 0
> * "true"
> * "false"
> * "yes"
> * "no"
> 
> Mike 
> 
> On Wed, Sep 13, 2017 at 2:17 PM, Matt Foley  wrote: 
> 
> Sorry, you've beat me. 
> 
> Mike, what have you found in full-dev?  Does ES work correctly the

Re: Elasticsearch masters_also_are_datanodes doesn't work.

[Laurens Vets]

Yes, I'm saving the changes. The orange bar pops up saying I have to
restart elasticsearch, which I do. I'm logged in with the admin user, it
has privileges to do everything else. I'm using a bare metal install via
Ambari. Everything else seems to work through Ambari except this :) 

On 2017-09-13 12:04, Matt Foley wrote:

> That it doesn't work in Ambari, at least to the point of writing thru to the 
> config file (whether or not it actually works with ES), is quite mystifying.  
> Silly question, but, are you pressing the "Save" button after changing the 
> field?  Are you perhaps not logged into Ambari with an ambari user id that 
> has privs to change this config?  Did you use non-default user configuration 
> with Ambari, and if so are you running with an admin-priv ambari account? 
> 
> FROM: Laurens Vets 
> DATE: Tuesday, September 12, 2017 at 8:32 PM
> TO: "dev@metron.apache.org" 
> CC: Michael Miklavcic , Matt Foley 
> 
> SUBJECT: Re: Elasticsearch masters_also_are_datanodes doesn't work. 
> 
> See inline. 
> 
>> Now, Laurens, two question for you:   First, please confirm: Are you setting 
>> the value of masters_also_are_datanodes via the masters_also_are_datanodes 
>> field in the Ambari configuration GUI?  Or directly editing files?
> 
> I'm using Ambari to edit the configuration. However, I have to manually edit 
> the file locally as the Ambari configuration doesn't work. 
> 
>> Second, do you set it at the initial install time, or afterward?  I'm pretty 
>> sure it needs to be set at initial install time, before you ever launch the 
>> Elasticsearch nodes.  I'm dubious about whether an Elasticsearch master can 
>> learn to be a datanode if it first wakes up and configures itself to not be 
>> one.  But I'm not an Elasticsearch expert, so if someone else knows 
>> different, please say so.
> 
> In this case, I forgot to set it initially, so I tried to change it 
> afterwards to no avail. 
> 
> Hope this helps more than obfuscates. 
> 
> --Matt 
> 
> FROM: Michael Miklavcic 
> DATE: Tuesday, September 12, 2017 at 4:54 PM
> TO: "dev@metron.apache.org" 
> CC: Matt Foley 
> SUBJECT: Re: Elasticsearch masters_also_are_datanodes doesn't work. 
> 
> At the very least, the value provided by default seems to have changed to a 
> "1" instead of "true" without the tooltip having been updated to match.
> 
> ERROR! FILENAME NOT SPECIFIED. 
> 
> On Tue, Sep 12, 2017 at 4:00 PM, Michael Miklavcic 
>  wrote: 
> 
> I think this is our default setup for full dev. It's only a 1-node VM, so I'm 
> pretty sure that it would not work otherwise. I'm spinning up full dev now 
> and will look into it also. 
> 
> On Tue, Sep 12, 2017 at 3:04 PM, Laurens Vets  wrote: 
> 
> https://issues.apache.org/jira/browse/METRON-1181
> 
> I'll also spin up a full-dev environment and see what happens there.
> 
> On 2017-09-10 21:50, Matt Foley wrote: 
> 
> Laurens, please open a jira.  Altho it may seem obvious, please
> include full repro.
> This may be a showstopper, as it presumably (?) prevents ES from
> working on a single-node deployment?
> 
> On 9/10/17, 4:01 PM, "Laurens Vets"  wrote:
> 
> Another issue I noticed. Setting "masters_also_are_datanodes" in Ambari
> to "true" does not work.
> The settings in /etc/elasticsearch/elasticsearch.yml will always be
> false when restarting elasticsearch...

Re: Elasticsearch masters_also_are_datanodes doesn't work.

[Laurens Vets]

See inline. 

> Now, Laurens, two question for you:   First, please confirm: Are you setting 
> the value of masters_also_are_datanodes via the masters_also_are_datanodes 
> field in the Ambari configuration GUI?  Or directly editing files?

 I'm using Ambari to edit the configuration. However, I have to manually
edit the file locally as the Ambari configuration doesn't work.

> Second, do you set it at the initial install time, or afterward?  I'm pretty 
> sure it needs to be set at initial install time, before you ever launch the 
> Elasticsearch nodes.  I'm dubious about whether an Elasticsearch master can 
> learn to be a datanode if it first wakes up and configures itself to not be 
> one.  But I'm not an Elasticsearch expert, so if someone else knows 
> different, please say so.

In this case, I forgot to set it initially, so I tried to change it
afterwards to no avail.

> Hope this helps more than obfuscates. 
> 
> --Matt 
> 
> FROM: Michael Miklavcic 
> DATE: Tuesday, September 12, 2017 at 4:54 PM
> TO: "dev@metron.apache.org" 
> CC: Matt Foley 
> SUBJECT: Re: Elasticsearch masters_also_are_datanodes doesn't work. 
> 
> At the very least, the value provided by default seems to have changed to a 
> "1" instead of "true" without the tooltip having been updated to match.
> 
> On Tue, Sep 12, 2017 at 4:00 PM, Michael Miklavcic 
>  wrote: 
> 
> I think this is our default setup for full dev. It's only a 1-node VM, so I'm 
> pretty sure that it would not work otherwise. I'm spinning up full dev now 
> and will look into it also. 
> 
> On Tue, Sep 12, 2017 at 3:04 PM, Laurens Vets  wrote: 
> 
> https://issues.apache.org/jira/browse/METRON-1181
> 
> I'll also spin up a full-dev environment and see what happens there.
> 
> On 2017-09-10 21:50, Matt Foley wrote: 
> 
> Laurens, please open a jira.  Altho it may seem obvious, please
> include full repro.
> This may be a showstopper, as it presumably (?) prevents ES from
> working on a single-node deployment?
> 
> On 9/10/17, 4:01 PM, "Laurens Vets"  wrote:
> 
> Another issue I noticed. Setting "masters_also_are_datanodes" in Ambari
> to "true" does not work.
> The settings in /etc/elasticsearch/elasticsearch.yml will always be
> false when restarting elasticsearch...

Re: Elasticsearch masters_also_are_datanodes doesn't work.

[Laurens Vets]

https://issues.apache.org/jira/browse/METRON-1181

I'll also spin up a full-dev environment and see what happens there.

On 2017-09-10 21:50, Matt Foley wrote:

Laurens, please open a jira.  Altho it may seem obvious, please
include full repro.
This may be a showstopper, as it presumably (?) prevents ES from
working on a single-node deployment?

On 9/10/17, 4:01 PM, "Laurens Vets"  wrote:

Another issue I noticed. Setting "masters_also_are_datanodes" in 
Ambari

to "true" does not work.
The settings in /etc/elasticsearch/elasticsearch.yml will always be
false when restarting elasticsearch...

Re: [BUG] Ambari-server login loop

[Laurens Vets]

I have no idea how this happened, but it is fixed now.

- I've removed Ambari Metrics and reinstalled it again on a different 
host.

- Rebooted all Metron nodes

After this, the login works again.

On 2017-09-12 08:15, Laurens Vets wrote:

This seems to be related to Ambari Metrics somehow which I've put in
Maintenance Mode because it's not working. Can I safely delete Ambari
Metrics to see whether this is indeed the problem?

On 2017-09-11 16:21, Laurens Vets wrote:

Hi list,

I have a strange issue suddenly... Ambari lets me log in, but
immediately logs me out again with the following messages in
/var/log/ambari-server/ambari-server.log:

11 Sep 2017 23:09:34,790  INFO [ambari-client-thread-78]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,400  INFO [ambari-client-thread-103]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,401  INFO [ambari-client-thread-103]
MetricsReportPropertyProvider:154 - METRICS_COLLECTOR is not live.
Skip populating resources with metrics, next message will be logged
after 1000 attempts.
11 Sep 2017 23:09:36,402  INFO [ambari-client-thread-31]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,406  INFO [ambari-client-thread-28]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,406  INFO [ambari-client-thread-114]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,407  INFO [ambari-client-thread-28]
MetricsReportPropertyProvider:154 - METRICS_COLLECTOR is not live.
Skip populating resources with metrics, next message will be logged
after 1000 attempts.
11 Sep 2017 23:09:36,749  INFO [ambari-client-thread-79]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,857  INFO [ambari-client-thread-28]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1

These correspond to 1 login/logout loop. As long as I have my browser
open, this will continue. If I close my browser, the messages stop. Of
course, this means that I can't use Ambari at all anymore.

Ambari Metrics is set in Maintenance Mode because it can't connect
(See other mail to mailing list). This started happening when I
changed "delete.topic.enable" from false to true in Kafka via Ambari.

Restarting Ambari server does not help. Checking the database doesn't
work either. Clearing browser cache doesn't help...

Any idea what might be going on here? This is with the latest Metron
code (master, so 0.4.1-rc4 I guess?).

Re: [BUG] Ambari-server login loop

[Laurens Vets]

This seems to be related to Ambari Metrics somehow which I've put in 
Maintenance Mode because it's not working. Can I safely delete Ambari 
Metrics to see whether this is indeed the problem?


On 2017-09-11 16:21, Laurens Vets wrote:

Hi list,

I have a strange issue suddenly... Ambari lets me log in, but
immediately logs me out again with the following messages in
/var/log/ambari-server/ambari-server.log:

11 Sep 2017 23:09:34,790  INFO [ambari-client-thread-78]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,400  INFO [ambari-client-thread-103]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,401  INFO [ambari-client-thread-103]
MetricsReportPropertyProvider:154 - METRICS_COLLECTOR is not live.
Skip populating resources with metrics, next message will be logged
after 1000 attempts.
11 Sep 2017 23:09:36,402  INFO [ambari-client-thread-31]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,406  INFO [ambari-client-thread-28]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,406  INFO [ambari-client-thread-114]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,407  INFO [ambari-client-thread-28]
MetricsReportPropertyProvider:154 - METRICS_COLLECTOR is not live.
Skip populating resources with metrics, next message will be logged
after 1000 attempts.
11 Sep 2017 23:09:36,749  INFO [ambari-client-thread-79]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1
11 Sep 2017 23:09:36,857  INFO [ambari-client-thread-28]
AbstractProviderModule:424 - Metrics Collector Host or host component
not live : metron1

These correspond to 1 login/logout loop. As long as I have my browser
open, this will continue. If I close my browser, the messages stop. Of
course, this means that I can't use Ambari at all anymore.

Ambari Metrics is set in Maintenance Mode because it can't connect
(See other mail to mailing list). This started happening when I
changed "delete.topic.enable" from false to true in Kafka via Ambari.

Restarting Ambari server does not help. Checking the database doesn't
work either. Clearing browser cache doesn't help...

Any idea what might be going on here? This is with the latest Metron
code (master, so 0.4.1-rc4 I guess?).

[BUG] Ambari-server login loop

[Laurens Vets]

Hi list,

I have a strange issue suddenly... Ambari lets me log in, but 
immediately logs me out again with the following messages in 
/var/log/ambari-server/ambari-server.log:


11 Sep 2017 23:09:34,790  INFO [ambari-client-thread-78] 
AbstractProviderModule:424 - Metrics Collector Host or host component 
not live : metron1
11 Sep 2017 23:09:36,400  INFO [ambari-client-thread-103] 
AbstractProviderModule:424 - Metrics Collector Host or host component 
not live : metron1
11 Sep 2017 23:09:36,401  INFO [ambari-client-thread-103] 
MetricsReportPropertyProvider:154 - METRICS_COLLECTOR is not live. Skip 
populating resources with metrics, next message will be logged after 
1000 attempts.
11 Sep 2017 23:09:36,402  INFO [ambari-client-thread-31] 
AbstractProviderModule:424 - Metrics Collector Host or host component 
not live : metron1
11 Sep 2017 23:09:36,406  INFO [ambari-client-thread-28] 
AbstractProviderModule:424 - Metrics Collector Host or host component 
not live : metron1
11 Sep 2017 23:09:36,406  INFO [ambari-client-thread-114] 
AbstractProviderModule:424 - Metrics Collector Host or host component 
not live : metron1
11 Sep 2017 23:09:36,407  INFO [ambari-client-thread-28] 
MetricsReportPropertyProvider:154 - METRICS_COLLECTOR is not live. Skip 
populating resources with metrics, next message will be logged after 
1000 attempts.
11 Sep 2017 23:09:36,749  INFO [ambari-client-thread-79] 
AbstractProviderModule:424 - Metrics Collector Host or host component 
not live : metron1
11 Sep 2017 23:09:36,857  INFO [ambari-client-thread-28] 
AbstractProviderModule:424 - Metrics Collector Host or host component 
not live : metron1


These correspond to 1 login/logout loop. As long as I have my browser 
open, this will continue. If I close my browser, the messages stop. Of 
course, this means that I can't use Ambari at all anymore.


Ambari Metrics is set in Maintenance Mode because it can't connect (See 
other mail to mailing list). This started happening when I changed 
"delete.topic.enable" from false to true in Kafka via Ambari.


Restarting Ambari server does not help. Checking the database doesn't 
work either. Clearing browser cache doesn't help...


Any idea what might be going on here? This is with the latest Metron 
code (master, so 0.4.1-rc4 I guess?).

Elasticsearch masters_also_are_datanodes doesn't work.

[Laurens Vets]

Another issue I noticed. Setting "masters_also_are_datanodes" in Ambari 
to "true" does not work.
The settings in /etc/elasticsearch/elasticsearch.yml will always be 
false when restarting elasticsearch...

Re: Upgrade from Metron 0.4.1-rc to 0.4.1-rc4 problems.

[Laurens Vets]

On 2017-09-10 04:35, Otto Fowler wrote:

Laurens,

The fix for right now is to update the Metron escalation topic setting 
in

the Metron Config in ambari.
It should be in the rest tab.  I don’t think there is a management ui 
tab,

but if there is check there.

After changing the setting, you will be prompted to restart dependent
services, and after that
you should be all set.


This fixed it. I changed the default "escalation" to "metron_escalation" 
and both services start without issues now.



Please log a jira on this.


Done: https://issues.apache.org/jira/browse/METRON-1172

Thank you!

On September 9, 2017 at 21:27:13, Casey Stella (ceste...@gmail.com) 
wrote:


So the escalation topic is a new parameter for the REST service in 
0.4.1.

It appears that the ambari upgrade story is a bit weak.
Is it possible to modify /var/lib/ambari-agent/cache/
common-services/METRON/0.4.1/package/templates/metron.j2 and

- create a kafka topic called 'metron_escalation'
- replace the {{metron_escalation_topic}} with 'metron_escalation'

I'm honestly not sure if ambari will act more sensible after that. Does
anyone with more ambari-fu than me have any idea if this will work and, 
if

not, what we should direct people to do who are migrating?

On Sat, Sep 9, 2017 at 17:22 Laurens Vets  wrote:


Hello,

After upgrading from 0.4.1-rc (from last week) to rc4, both Metron
Management UI and Metron REST fail to start with an error related to
"METRON_ESCALATION_TOPIC="{{metron_escalation_topic}}"".

Does anyone know what might be going on here?

Metron Management UI Start output:

Traceback (most recent call last):
File
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/
package/scripts/management_ui_master.py",
line 95, in 
ManagementUIMaster().execute()
File
"/usr/lib/python2.6/site-packages/resource_management/
libraries/script/script.py",
line 280, in execute
method(env)
File
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/
package/scripts/management_ui_master.py",
line 67, in start
self.configure(env)
File
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/
package/scripts/management_ui_master.py",
line 47, in configure
content=Template("metron.j2")
File
"/usr/lib/python2.6/site-packages/resource_management/core/base.py",
line 155, in __init__
self.env.run()
File
"/usr/lib/python2.6/site-packages/resource_management/
core/environment.py",
line 160, in run
self.run_action(resource, action)
File
"/usr/lib/python2.6/site-packages/resource_management/
core/environment.py",
line 124, in run_action
provider_action()
File
"/usr/lib/python2.6/site-packages/resource_management/
core/providers/system.py",
line 123, in action_create
content = self._get_content()
File
"/usr/lib/python2.6/site-packages/resource_management/
core/providers/system.py",
line 160, in _get_content
return content()
File
"/usr/lib/python2.6/site-packages/resource_management/core/source.py",
line 51, in __call__
return self.get_content()
File
"/usr/lib/python2.6/site-packages/resource_management/core/source.py",
line 142, in get_content
rendered = self.template.render(self.context)
File "/usr/lib/python2.6/site-packages/ambari_jinja2/environment.py",
line 891, in render
return self.environment.handle_exception(exc_info, True)
File
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/
package/templates/metron.j2",
line 42, in top-level template code
METRON_ESCALATION_TOPIC="{{metron_escalation_topic}}"
File
"/usr/lib/python2.6/site-packages/resource_management/
libraries/script/config_dictionary.py",
line 73, in __getattr__
raise Fail("Configuration parameter '" + self.name + "' was not
found in configurations dictionary!")
resource_management.core.exceptions.Fail: Configuration parameter
'metron_escalation_topic' was not found in configurations dictionary!

Metron REST Start output:

Traceback (most recent call last):
File
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/
package/scripts/rest_master.py",
line 83, in 
RestMaster().execute()
File
"/usr/lib/python2.6/site-packages/resource_management/
libraries/script/script.py",
line 280, in execute
method(env)
File
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/
package/scripts/rest_master.py",
line 55, in start
self.configure(env)
File
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/
package/scripts/rest_master.py",
line 43, in configure
content=Template("metron.j2")
File
"/usr/lib/python2.6/site-packages/resource_management/core/base.py",
line 155, in __init__
self.env.run()
File
"/usr/lib/python2.6/site-packages/resource_management/
core/environment.py",
line 160, in run
self.run_action(resource, action)
File
&q

Upgrade from Metron 0.4.1-rc to 0.4.1-rc4 problems.

[Laurens Vets]

Hello,

After upgrading from 0.4.1-rc (from last week) to rc4, both Metron 
Management UI and Metron REST fail to start with an error related to 
"METRON_ESCALATION_TOPIC="{{metron_escalation_topic}}"".


Does anyone know what might be going on here?

Metron Management UI Start output:

Traceback (most recent call last):
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/scripts/management_ui_master.py", 
line 95, in 

ManagementUIMaster().execute()
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", 
line 280, in execute

method(env)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/scripts/management_ui_master.py", 
line 67, in start

self.configure(env)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/scripts/management_ui_master.py", 
line 47, in configure

content=Template("metron.j2")
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/base.py", 
line 155, in __init__

self.env.run()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 160, in run

self.run_action(resource, action)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 124, in run_action

provider_action()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", 
line 123, in action_create

content = self._get_content()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", 
line 160, in _get_content

return content()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/source.py", 
line 51, in __call__

return self.get_content()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/source.py", 
line 142, in get_content

rendered = self.template.render(self.context)
  File "/usr/lib/python2.6/site-packages/ambari_jinja2/environment.py", 
line 891, in render

return self.environment.handle_exception(exc_info, True)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/templates/metron.j2", 
line 42, in top-level template code

METRON_ESCALATION_TOPIC="{{metron_escalation_topic}}"
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py", 
line 73, in __getattr__
raise Fail("Configuration parameter '" + self.name + "' was not 
found in configurations dictionary!")
resource_management.core.exceptions.Fail: Configuration parameter 
'metron_escalation_topic' was not found in configurations dictionary!


Metron REST Start output:

Traceback (most recent call last):
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/scripts/rest_master.py", 
line 83, in 

RestMaster().execute()
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", 
line 280, in execute

method(env)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/scripts/rest_master.py", 
line 55, in start

self.configure(env)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/scripts/rest_master.py", 
line 43, in configure

content=Template("metron.j2")
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/base.py", 
line 155, in __init__

self.env.run()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 160, in run

self.run_action(resource, action)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 124, in run_action

provider_action()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", 
line 123, in action_create

content = self._get_content()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", 
line 160, in _get_content

return content()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/source.py", 
line 51, in __call__

return self.get_content()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/source.py", 
line 142, in get_content

rendered = self.template.render(self.context)
  File "/usr/lib/python2.6/site-packages/ambari_jinja2/environment.py", 
line 891, in render

return self.environment.handle_exception(exc_info, True)
  File 
"/var/lib/ambari-agent/cache/common-services/METRON/0.4.1/package/templates/metron.j2", 
line 42, in top-level template code

METRON_ESCALATION_TOPIC="{{metron_escalation_topic}}"
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py", 
line 73, in __getattr__
raise Fail("Configuration parameter '" + self.name + "' was not 
found in configurations dictionary!")
resource_management.core.exceptions.Fail: Configuration parameter 
'metron_escalation_topic' was not found in configurations dictionary!

Re: Ambari Metrics Collector failing...

[Laurens Vets]

Is this something we need to fix for 0.4.1? Also, should I create  JIRA 
ticket?


On 2017-09-06 16:45, zeo...@gmail.com wrote:
I'm seeing the same issue right now as well on my fresh bare metal 
install

of HDP (no Metron yet), haven't dug into it further to troubleshoot.

Jon

On Wed, Sep 6, 2017, 18:22 Laurens Vets  wrote:


In preparation of 0.4.1-rc, I'm trying to install the current github
master and I'm running into an issue with Ambari-metrics-collector.
"Metrics Collector" seems to start, but immediately turns red again
Ambari and stops.

Any idea what might be going on or where I can start troubleshooting
this?

In /var/log/hbase-ams-master-metron1.log I see lots of:

2017-09-06 21:49:16,469 INFO  [HBase-Metrics2-1] impl.MetricsConfig:
loaded properties from hadoop-metrics2-hbase.properties
2017-09-06 21:49:16,477 INFO  [HBase-Metrics2-1]
timeline.HadoopTimelineMetricsSink: Initializing Timeline metrics 
sink.

2017-09-06 21:49:16,478 INFO  [HBase-Metrics2-1]
timeline.HadoopTimelineMetricsSink: Identified hostname = metron1,
serviceName = ams-hbase
2017-09-06 21:49:16,478 INFO  [HBase-Metrics2-1]
timeline.HadoopTimelineMetricsSink: Collector Uri:
http://metron1:6188/ws/v1/timeline/metrics
2017-09-06 21:49:16,491 INFO  [HBase-Metrics2-1]
impl.MetricsSinkAdapter: Sink timeline started
2017-09-06 21:49:16,500 INFO  [HBase-Metrics2-1] 
impl.MetricsSystemImpl:

Scheduled snapshot period at 10 second(s).
2017-09-06 21:49:16,500 INFO  [HBase-Metrics2-1] 
impl.MetricsSystemImpl:

HBase metrics system started
2017-09-06 21:49:16,518 WARN  [HBase-Metrics2-1] lib.Interns: Metrics
intern cache overflow at 2011 for
MetricsSystem={MetricsSystem=MetricsInfo
Impl{name=MetricsSystem, description=MetricsSystem}, MetricsSystem
record=MetricsInfoImpl{name=MetricsSystem, description=MetricsSystem
record}}
2017-09-06 21:49:17,564 WARN
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:61181] server.NIOServerCnxn:
caught end of stream exception
EndOfStreamException: Unable to read additional data from client
sessionid 0x15e5929270d0001, likely client has closed socket
 at
org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228)
 at

org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
 at java.lang.Thread.run(Thread.java:745)
2017-09-06 21:49:17,565 INFO
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:61181] server.NIOServerCnxn:
Closed socket connection for client /10.0.0.11:
45058 which had sessionid 0x15e5929270d0001q

Additionally, I also see:

2017-09-06 22:19:16,468 INFO  [HBase-Metrics2-1]
timeline.HadoopTimelineMetricsSink: Initializing Timeline metrics 
sink.

2017-09-06 22:19:16,468 INFO  [HBase-Metrics2-1]
timeline.HadoopTimelineMetricsSink: Identified hostname = metron1,
serviceName = ams-hbase
2017-09-06 22:19:16,468 INFO  [HBase-Metrics2-1]
timeline.HadoopTimelineMetricsSink: Collector Uri:
http://metron1:6188/ws/v1/timeline/metrics
2017-09-06 22:19:16,470 INFO  [HBase-Metrics2-1]
impl.MetricsSinkAdapter: Sink timeline started
2017-09-06 22:19:16,471 INFO  [HBase-Metrics2-1] 
impl.MetricsSystemImpl:

Scheduled snapshot period at 10 second(s).
2017-09-06 22:19:16,471 INFO  [HBase-Metrics2-1] 
impl.MetricsSystemImpl:

HBase metrics system started
2017-09-06 22:20:26,491 INFO  [timeline]
timeline.HadoopTimelineMetricsSink: Unable to connect to collector,
http://metron1:6188/ws/v1/timeline/metrics
This exceptions will be ignored for next 100 times

2017-09-06 22:20:26,491 WARN  [timeline]
timeline.HadoopTimelineMetricsSink: Unable to send metrics to 
collector

by address:http://metron1:6188/ws/v1/timeline/metrics

Which ok because metrics collector isn't working...

Any ideas?

Ambari Metrics Collector failing...

[Laurens Vets]

In preparation of 0.4.1-rc, I'm trying to install the current github 
master and I'm running into an issue with Ambari-metrics-collector. 
"Metrics Collector" seems to start, but immediately turns red again 
Ambari and stops.


Any idea what might be going on or where I can start troubleshooting 
this?


In /var/log/hbase-ams-master-metron1.log I see lots of:

2017-09-06 21:49:16,469 INFO  [HBase-Metrics2-1] impl.MetricsConfig: 
loaded properties from hadoop-metrics2-hbase.properties
2017-09-06 21:49:16,477 INFO  [HBase-Metrics2-1] 
timeline.HadoopTimelineMetricsSink: Initializing Timeline metrics sink.
2017-09-06 21:49:16,478 INFO  [HBase-Metrics2-1] 
timeline.HadoopTimelineMetricsSink: Identified hostname = metron1, 
serviceName = ams-hbase
2017-09-06 21:49:16,478 INFO  [HBase-Metrics2-1] 
timeline.HadoopTimelineMetricsSink: Collector Uri: 
http://metron1:6188/ws/v1/timeline/metrics
2017-09-06 21:49:16,491 INFO  [HBase-Metrics2-1] 
impl.MetricsSinkAdapter: Sink timeline started
2017-09-06 21:49:16,500 INFO  [HBase-Metrics2-1] impl.MetricsSystemImpl: 
Scheduled snapshot period at 10 second(s).
2017-09-06 21:49:16,500 INFO  [HBase-Metrics2-1] impl.MetricsSystemImpl: 
HBase metrics system started
2017-09-06 21:49:16,518 WARN  [HBase-Metrics2-1] lib.Interns: Metrics 
intern cache overflow at 2011 for 
MetricsSystem={MetricsSystem=MetricsInfo
Impl{name=MetricsSystem, description=MetricsSystem}, MetricsSystem 
record=MetricsInfoImpl{name=MetricsSystem, description=MetricsSystem 
record}}
2017-09-06 21:49:17,564 WARN  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:61181] server.NIOServerCnxn: 
caught end of stream exception
EndOfStreamException: Unable to read additional data from client 
sessionid 0x15e5929270d0001, likely client has closed socket
at 
org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228)
at 
org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)

at java.lang.Thread.run(Thread.java:745)
2017-09-06 21:49:17,565 INFO  
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:61181] server.NIOServerCnxn: 
Closed socket connection for client /10.0.0.11:

45058 which had sessionid 0x15e5929270d0001q

Additionally, I also see:

2017-09-06 22:19:16,468 INFO  [HBase-Metrics2-1] 
timeline.HadoopTimelineMetricsSink: Initializing Timeline metrics sink.
2017-09-06 22:19:16,468 INFO  [HBase-Metrics2-1] 
timeline.HadoopTimelineMetricsSink: Identified hostname = metron1, 
serviceName = ams-hbase
2017-09-06 22:19:16,468 INFO  [HBase-Metrics2-1] 
timeline.HadoopTimelineMetricsSink: Collector Uri: 
http://metron1:6188/ws/v1/timeline/metrics
2017-09-06 22:19:16,470 INFO  [HBase-Metrics2-1] 
impl.MetricsSinkAdapter: Sink timeline started
2017-09-06 22:19:16,471 INFO  [HBase-Metrics2-1] impl.MetricsSystemImpl: 
Scheduled snapshot period at 10 second(s).
2017-09-06 22:19:16,471 INFO  [HBase-Metrics2-1] impl.MetricsSystemImpl: 
HBase metrics system started
2017-09-06 22:20:26,491 INFO  [timeline] 
timeline.HadoopTimelineMetricsSink: Unable to connect to collector, 
http://metron1:6188/ws/v1/timeline/metrics

This exceptions will be ignored for next 100 times

2017-09-06 22:20:26,491 WARN  [timeline] 
timeline.HadoopTimelineMetricsSink: Unable to send metrics to collector 
by address:http://metron1:6188/ws/v1/timeline/metrics


Which ok because metrics collector isn't working...

Any ideas?

Metron master installation

[Laurens Vets]

Hi list,

In preparation of 0.4.1-rc, I'm trying to install the current github 
master and I'm running into an issue with Ambari-metrics-collector. 
"Metrics Collector" seems to start, but immediately turns red again 
Ambari.
Any idea what might be going on or where I can start troubleshooting 
this?

Re: Question about SourceHandler and HdfsWriter

[Laurens Vets]

Hi Otto,

Might this be related to the issues I was seeing? If/when indexing 
topology got broken, I couldn't recover until I cleared all queues.


On 2017-09-04 08:23, Otto Fowler wrote:
It looks like if the SourceHandler has a problem with it’s output 
stream,

it will never recover.
The handler will be in the map and continue to be used, but it will
continue to throw exceptions.

Is there a reason why we don’t try to recover and recreate the 
SourceHandler,

such as:

synchronized SourceHandler getSourceHandler(String sourceType, String
stellarResult, WriterConfiguration config) throws IOException {
  SourceHandlerKey key = new SourceHandlerKey(sourceType, 
stellarResult);

  SourceHandler ret = sourceHandlerMap.get(key);

  // BEGIN FAKE CODE PART
  if(ret != null && ret.isUsableOrIsOpenOrSomething()) {
try {
  ret.close();
} catch(Exception e){
  // NO LOGGER IN THIS CLASS
}
sourceHandlerMap.remove(key);
ret = null;
  }
  // END FAKE CODE PART

  if(ret == null) {
if(sourceHandlerMap.size() >= maxOpenFiles) {
  throw new IllegalStateException("Too many HDFS files open!");
}
ret = new SourceHandler(rotationActions,
rotationPolicy,
syncPolicyCreator.create(sourceType, 
config),

new
PathExtensionFileNameFormat(key.getStellarResult(), fileNameFormat),
new SourceHandlerCallback(sourceHandlerMap, 
key));

sourceHandlerMap.put(key, ret);
  }
  return ret;
}



It seems strange for something that is supposed to be a long long 
running

process, writing to a distributed network store.

Re: [Question] Stopping Storm, Metron & Kafka doesn't stop all Storm processes?

[Laurens Vets]

I'll see what I can do re batch sizes.

I can pretty much gather any metric you want. Which one do you need? 

On 2017-08-18 03:22, zeo...@gmail.com wrote:

> I'm grasping at straws but maybe play with your batch sizes?  I hear now 
> there's a time based option too that I haven't played with. 
> 
> It would be helpful to have more metrics about resource utilization over time 
> in your cluster, are you able to gather anything and maybe put it into a 
> visualization tool? 
> 
> Jon 
> 
> On Thu, Aug 17, 2017, 16:35 Laurens Vets  wrote: 
> 
>> That seems close to the issue that I'm having... But there's a part I
>> don't quite understand in my case.
>> 
>> Everything's working fine for days and then suddenly, Java throws an
>> error (see other mail to the mailing list) and I can't get Metron stable
>> again. It's always either the indexingBolt or hdfsIndexingBolt. The
>> error I see the most after this is "java.lang.OutOfMemoryError: GC
>> overhead limit exceeded"...
>> 
>> It seems that somewhere there's a big pileup of messages which Metron
>> suddenly can't process.
>> 
>> Any ideas on how to further troubleshoot this?
>> 
>> On 2017-08-17 11:10, zeo...@gmail.com wrote:
>>> I used to run into similar issues when my environment was resource
>>> constrained but never ran it to root cause.  It has been a long time
>>> since
>>> I was in this scenario to re-test.
>>> 
>>> https://issues.apache.org/jira/projects/METRON/issues/METRON-485
>>> 
>>> Jon
>>> 
>>> On Thu, Aug 17, 2017 at 12:49 PM Laurens Vets 
>>> wrote:
>>> 
>>>> Hi,
>>>> 
>>>> Simple question, when I stop Metron, Kafka & Storm via Ambari, I still
>>>> see the storm worker processes running, is this expected?
>>>> 
> 
> -- 
> 
> Jon

Re: [Question] Stopping Storm, Metron & Kafka doesn't stop all Storm processes?

[Laurens Vets]

I'll see what I can do re batch sizes.

I can pretty much gather any metric you want. Which one do you need?

On 2017-08-18 03:22, zeo...@gmail.com wrote:
I'm grasping at straws but maybe play with your batch sizes?  I hear 
now

there's a time based option too that I haven't played with.

It would be helpful to have more metrics about resource utilization 
over
time in your cluster, are you able to gather anything and maybe put it 
into

a visualization tool?

Jon

On Thu, Aug 17, 2017, 16:35 Laurens Vets  wrote:


That seems close to the issue that I'm having... But there's a part I
don't quite understand in my case.

Everything's working fine for days and then suddenly, Java throws an
error (see other mail to the mailing list) and I can't get Metron 
stable

again. It's always either the indexingBolt or hdfsIndexingBolt. The
error I see the most after this is "java.lang.OutOfMemoryError: GC
overhead limit exceeded"...

It seems that somewhere there's a big pileup of messages which Metron
suddenly can't process.

Any ideas on how to further troubleshoot this?

On 2017-08-17 11:10, zeo...@gmail.com wrote:
> I used to run into similar issues when my environment was resource
> constrained but never ran it to root cause.  It has been a long time
> since
> I was in this scenario to re-test.
>
> https://issues.apache.org/jira/projects/METRON/issues/METRON-485
>
> Jon
>
> On Thu, Aug 17, 2017 at 12:49 PM Laurens Vets 
> wrote:
>
>> Hi,
>>
>> Simple question, when I stop Metron, Kafka & Storm via Ambari, I still
>> see the storm worker processes running, is this expected?
>>

Re: [Question] Stopping Storm, Metron & Kafka doesn't stop all Storm processes?

[Laurens Vets]

That seems close to the issue that I'm having... But there's a part I 
don't quite understand in my case.


Everything's working fine for days and then suddenly, Java throws an 
error (see other mail to the mailing list) and I can't get Metron stable 
again. It's always either the indexingBolt or hdfsIndexingBolt. The 
error I see the most after this is "java.lang.OutOfMemoryError: GC 
overhead limit exceeded"...


It seems that somewhere there's a big pileup of messages which Metron 
suddenly can't process.


Any ideas on how to further troubleshoot this?

On 2017-08-17 11:10, zeo...@gmail.com wrote:

I used to run into similar issues when my environment was resource
constrained but never ran it to root cause.  It has been a long time 
since

I was in this scenario to re-test.

https://issues.apache.org/jira/projects/METRON/issues/METRON-485

Jon

On Thu, Aug 17, 2017 at 12:49 PM Laurens Vets  
wrote:



Hi,

Simple question, when I stop Metron, Kafka & Storm via Ambari, I still
see the storm worker processes running, is this expected?

[Question] Stopping Storm, Metron & Kafka doesn't stop all Storm processes?

[Laurens Vets]

Hi,

Simple question, when I stop Metron, Kafka & Storm via Ambari, I still 
see the storm worker processes running, is this expected?

Re: Facing error whith mvn clean install

[Laurens Vets]

I highly suspect the fact that you're trying to compile Metron on 
Windows is the problem :) The only supported OS at the moment is CentOS 
6 I believe.


On 2017-07-27 19:07, bharath phatak wrote:

Hi Michael,

I was able pass on with the above issue.Its resolved. I am facing issue
with metron-config

[ERROR] 'cp' is not recognized as an internal or external command,
[ERROR] operable program or batch file.
[ERROR]
[ERROR] npm ERR! Windows_NT 10.0.10586
[ERROR] npm ERR! argv
"C:\\metron2\\metron\\metron-interface\\metron-config\\node\\node.exe"
"C:\\metron2\\metron\\metron-interface\\metron-config\\node_modules\\npm\\bin\\npm-cli.js
" "run" "copy-ace"
[ERROR] npm ERR! node v6.2.0
[ERROR] npm ERR! npm  v2.14.21
[ERROR] npm ERR! code ELIFECYCLE
[ERROR] npm ERR! metron-management-ui@0.4.1 copy-ace: `cp -f
$npm_package_config_node_ace/ext-language_tools.js
$npm_package_config_node_ace/mode-json.js $npm_package_config_node_ace
/theme-monokai.js $npm_package_config_node_ace/worker-json.js
src/assets/ace`
[ERROR] npm ERR! Exit status 1
[ERROR] npm ERR!
[ERROR] npm ERR! Failed at the metron-management-ui@0.4.1 copy-ace 
script

'cp -f $npm_package_config_node_ace/ext-language_tools.js
$npm_package_config_node_ace/mode-json.js $npm_pac
kage_config_node_ace/theme-monokai.js
$npm_package_config_node_ace/worker-json.js src/assets/ace'.
[ERROR] npm ERR! This is most likely a problem with the
metron-management-ui package,
[ERROR] npm ERR! not with npm itself.
[ERROR] npm ERR! Tell the author that this fails on your system:
[ERROR] npm ERR! cp -f
$npm_package_config_node_ace/ext-language_tools.js
$npm_package_config_node_ace/mode-json.js
$npm_package_config_node_ace/theme-monokai.js $npm_package_con
fig_node_ace/worker-json.js src/assets/ace
[ERROR] npm ERR! You can get information on how to open an issue for 
this

project with:
[ERROR] npm ERR! npm bugs metron-management-ui
[ERROR] npm ERR! Or if that isn't available, you can get their info 
via:

[ERROR] npm ERR!
[ERROR] npm ERR! npm owner ls metron-management-ui
[ERROR] npm ERR! There is likely additional logging output above.
[ERROR]
[ERROR] npm ERR! Please include the following file with any support 
request:

[ERROR] npm ERR!
C:\metron2\metron\metron-interface\metron-config\npm-debug.log


##
ERROR] Failed to execute goal
com.github.eirslett:frontend-maven-plugin:1.3:npm (npm install) on 
project
metron-config: Failed to run task: 'npm install' failed. (error code 1) 
-> [

Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with 
the -e

switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with 
the

command
[ERROR]   mvn  -rf :metron-config



I found some thing related to above issue.
https://issues.apache.org/jira/browse/METRON-914

Any resolution?

Thanks,
Bharath

On Fri, Jul 28, 2017 at 1:22 AM, Michael Miklavcic <
michael.miklav...@gmail.com> wrote:


Hi Bharath,

Thanks for the interest in Metron! Is this continuing to be a problem 
for

you? It looks like the maven repo hosting that jar may have been
temporarily unavailable. I just tried the URL locally and it appears 
to be

working.

Downloaded ->
http://packages.confluent.io/maven/io/confluent/kafka-avro-
serializer/1.0/kafka-avro-serializer-1.0.jar

{13:49}~ ➭ jar tvf kafka-avro-serializer-1.0.jar
 0 Tue Feb 24 19:49:38 MST 2015 META-INF/
   131 Tue Feb 24 19:49:36 MST 2015 META-INF/MANIFEST.MF
 0 Tue Feb 24 19:49:36 MST 2015 io/
 0 Tue Feb 24 19:49:36 MST 2015 io/confluent/
 0 Tue Feb 24 19:49:36 MST 2015 io/confluent/kafka/
 0 Tue Feb 24 19:49:36 MST 2015 io/confluent/kafka/formatter/
 0 Tue Feb 24 19:49:36 MST 2015 io/confluent/kafka/serializers/
  4126 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/formatter/AvroMessageFormatter.class
  6602 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/formatter/AvroMessageReader.class
  3550 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/serializers/AbstractKafkaAvroDeserializer.class
  3540 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/serializers/AbstractKafkaAvroSerDe.class
  3388 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/serializers/AbstractKafkaAvroSerializer.class
  1688 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/serializers/KafkaAvroDecoder.class
  2240 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/serializers/KafkaAvroEncoder.class
  2373 Tue Feb 24 19:49:36 MST 2015
io/confluent/kafka/serializers/KafkaAvroSerializer.class
 0 Tue Feb 24 19:49:38 MST 2015 META-INF/maven/
 0 Tue Feb 24 19:49:38 MST 2015 META-INF/maven/io.confluent/
 0 Tue Feb 24 19:49:38 MST 2015
META-INF/maven/io.confluent/kafka-a

Re: [REQUEST] Contributor rights in Jira

[Laurens Vets]

Thank you.

On 2017-07-14 06:54, Nick Allen wrote:
Hi Laurens - It seems that I do not have the access that I should in 
JIRA.

I soon as I get my access worked out, I can take care of this for you.

On Wed, Jul 12, 2017 at 5:21 PM, Laurens Vets  
wrote:



Hello,

Could a PMC member please grant my Jira account contributor rights? 
I'd
like to start helping out with various smaller tasks. I promise I 
won't
mess stuff up and go to IRC first for any 
questions/comments/additions.

Otto has been extremely helpful there already :)

Thanks,
Laurens

Re: [DISCUSS] Relocate Docker

[Laurens Vets]

On 2017-07-13 09:04, Nick Allen wrote:

Having metron-docker at the top-level of the project seems to catch the
attention of new users.  Some then start using metron-docker to
explore/try-out/demo Metron.

The metron-docker code that we have is not well-suited for this 
purpose.
It is only really useful for development.  It is not regularly tested 
and

maintained like our Vagrant environment.

I am proposing that we move the top-level "metron-docker" directory to 
live
under "metron-deployment" to avoid confusing new users.  This also 
seems
more logical to me. I would also pair this move with some better 
"Getting

Started" steps for new users in the top-level README.

cd $METRON_HOME
mv metron-docker metron-deployment/docker


Do you agree/disagree?  Is there a better solution?


Maybe under "Other Examples"?

[REQUEST] Contributor rights in Jira

[Laurens Vets]

Hello,

Could a PMC member please grant my Jira account contributor rights? I'd 
like to start helping out with various smaller tasks. I promise I won't 
mess stuff up and go to IRC first for any questions/comments/additions. 
Otto has been extremely helpful there already :)


Thanks,
Laurens

Upgrade from 0.4.0-rc to 0.4.0-release

[Laurens Vets]

Can someone confirm that the following instructions are correct for 
upgrading from 0.4.0-rc to 0.4.0-release? They seem to work for me, but 
my testing is rather limited.


# cd metron
# git checkout Metron_0.4.0
# mvn clean package -DskipTests -T 2C -P HDP-2.5.0.0,mpack
# cd metron-deployment/packaging/docker/rpm-docker
# mvn clean install -DskipTests -PHDP-2.5.0.0

# mkdir /localrepo/archive
# mv /localrepo/*.rpm /localrepo/archive
# cp -rp 
/root/metron/metron-deployment/packaging/docker/rpm-docker/RPMS/noarch/* 
/localrepo/

# cd /localrepo
# createrepo /localrepo

# ambari-server stop
# ambari-server install-mpack 
--mpack=/root/metron/metron-deployment/packaging/ambari/metron-mpack/target/metron_mpack-0.4.0.0.tar.gz 
--verbose --force


Old 0.4.0-rc RPMs:
[root@metron1 localrepo]#  rpm -qa | grep metron
metron-data-management-0.4.0-201707052247.noarch
metron-profiler-0.4.0-201707052247.noarch
metron-indexing-0.4.0-201707052247.noarch
metron-parsers-0.4.0-201707052247.noarch
metron-elasticsearch-0.4.0-201707052247.noarch
metron-enrichment-0.4.0-201707052247.noarch
metron-rest-0.4.0-201707052247.noarch
metron-config-0.4.0-201707052247.noarch
metron-solr-0.4.0-201707052247.noarch
metron-pcap-0.4.0-201707052247.noarch
metron-common-0.4.0-201707052247.noarch
[root@metron1 localrepo]#

# rpm -Uvh metron*.rpm

New 0.4.0-release RPMs installed:
[root@metron1 localrepo]#  rpm -qa | grep metron
metron-config-0.4.0-201707111641.noarch
metron-pcap-0.4.0-201707111641.noarch
metron-enrichment-0.4.0-201707111641.noarch
metron-indexing-0.4.0-201707111641.noarch
metron-solr-0.4.0-201707111641.noarch
metron-data-management-0.4.0-201707111641.noarch
metron-elasticsearch-0.4.0-201707111641.noarch
metron-profiler-0.4.0-201707111641.noarch
metron-common-0.4.0-201707111641.noarch
metron-rest-0.4.0-201707111641.noarch
metron-parsers-0.4.0-201707111641.noarch
You have new mail in /var/spool/mail/root
[root@metron1 localrepo]#

# ambari-server start

Re: [Discussion] About the wiki….

[Laurens Vets]

On 2017-06-13 14:09, Otto Fowler wrote:
I think there are things in the wiki that are very very out of date, to 
the

extent that they are confusing people looking at Metron.
Basically anyone going to DOCS HOME from the site is being thrown into
documentation that is sure to confuse them.

Does anyone have any ideas how we can address this?   Can we prune the 
wiki
and remove the out of date information ( better less than wrong )?  
Should

we replace DOCS HOME with the site book link?


Throw out the old/wrong stuff asap.

I also wouldn't mind trying to get some structure in it but is the wiki 
still necessary if everything will be in markdown in the source 
eventually?

[DISCUSSION] How to profile storm component taking massive load.

[Laurens Vets]

Hi list,

I've installed metron (pre-)0.4.0 on CentOS 7 (VM) and when I start all 
services, the load is really high (as in 20+ on 4 and 8 CPUs). The same 
install on a CentOS 6 VM is fine with a load of 0.5.


When I look at htop, the pid 27867 has 300%+ CPU% which is:

storm 27867  328  3.2 6653844 1056312 ? Sl   11:53   8:52 
/usr/jdk64/jdk1.8.0_77/bin/java -server -Xmx768m 
-javaagent:/usr/hdp/current/storm-client/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-client/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_6700_JVM 
-Djava.library.path=/data1/hadoop/storm/supervisor/stormdist/enrichment-1-1496861469/resources/Linux-amd64:/data1/hadoop/storm/supervisor/stormdist/enrichment-1-1496861469/resources:/usr/local/lib:/opt/local/lib:/usr/lib:/usr/hdp/current/storm-client/lib 
-Dlogfile.name=worker.log -Dstorm.home=/usr/hdp/2.5.3.0-37/storm 
-Dworkers.artifacts=/var/log/storm/workers-artifacts -Dstorm.conf.file= 
-Dstorm.options= -Dstorm.log.dir=/var/log/storm 
-Djava.io.tmpdir=/data1/hadoop/storm/workers/44e84652-9940-430a-ae10-7ba5b1962a84/tmp 
-Dlogging.sensitivity=S3 
-Dlog4j.configurationFile=/usr/hdp/2.5.3.0-37/storm/log4j2/worker.xml 
-DLog4jContextSelector=org.apache.logging.log4j.core.selector.BasicContextSelector 
-Dstorm.id=enrichment-1-1496861469 
-Dworker.id=44e84652-9940-430a-ae10-7ba5b1962a84 -Dworker.port=6700 -cp 
/usr/hdp/2.5.3.0-37/storm/lib/asm-5.0.3.jar:/usr/hdp/2.5.3.0-37/storm/lib/clojure-1.7.0.jar:/usr/hdp/2.5.3.0-37/storm/lib/disruptor-3.3.2.jar:/usr/hdp/2.5.3.0-37/storm/lib/kryo-3.0.3.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-api-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-core-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-over-slf4j-1.6.6.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-slf4j-impl-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/minlog-1.3.0.jar:/usr/hdp/2.5.3.0-37/storm/lib/objenesis-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/reflectasm-1.10.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/ring-cors-0.1.5.jar:/usr/hdp/2.5.3.0-37/storm/lib/servlet-api-2.5.jar:/usr/hdp/2.5.3.0-37/storm/lib/slf4j-api-1.7.7.jar:/usr/hdp/2.5.3.0-37/storm/lib/storm-core-1.0.1.2.5.3.0-37.jar:/usr/hdp/2.5.3.0-37/storm/lib/storm-rename-hack-1.0.1.2.5.3.0-37.jar:/usr/hdp/2.5.3.0-37/storm/lib/zookeeper.jar:/usr/hdp/2.5.3.0-37/storm/lib/ambari-metrics-storm-sink.jar:/usr/hdp/current/storm-supervisor/conf:/data1/hadoop/storm/supervisor/
stormdist/enrichment-1-1496861469/stormjar.jar:/etc/hbase/conf:/etc/hadoop/conf 
org.apache.storm.daemon.worker enrichment-1-1496861469 
9c90251f-54cc-42d7-8c4e-6f3bb2528752 6700 
44e84652-9940-430a-ae10-7ba5b1962a84


Any idea what might cause this or how I can further troubleshoot this 
component?


Again, same install on CentOS 6, everything's fine...

High load on CentOS 7

[Laurens Vets]

Hi list,

I've installed metron on CentOS 7 and when I start all services, the 
load is really high (as in 20+ on 4 and 8 CPUs). The same install on a 
CentOS 6 VM is fine... (load is 0.5 there).


When I look at htop, the pid 27867 has 300%+ CPU% which is:

storm 27867  328  3.2 6653844 1056312 ? Sl   11:53   8:52 
/usr/jdk64/jdk1.8.0_77/bin/java -server -Xmx768m 
-javaagent:/usr/hdp/current/storm-client/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=localhost,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-client/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_6700_JVM 
-Djava.library.path=/data1/hadoop/storm/supervisor/stormdist/enrichment-1-1496861469/resources/Linux-amd64:/data1/hadoop/storm/supervisor/stormdist/enrichment-1-1496861469/resources:/usr/local/lib:/opt/local/lib:/usr/lib:/usr/hdp/current/storm-client/lib 
-Dlogfile.name=worker.log -Dstorm.home=/usr/hdp/2.5.3.0-37/storm 
-Dworkers.artifacts=/var/log/storm/workers-artifacts -Dstorm.conf.file= 
-Dstorm.options= -Dstorm.log.dir=/var/log/storm 
-Djava.io.tmpdir=/data1/hadoop/storm/workers/44e84652-9940-430a-ae10-7ba5b1962a84/tmp 
-Dlogging.sensitivity=S3 
-Dlog4j.configurationFile=/usr/hdp/2.5.3.0-37/storm/log4j2/worker.xml 
-DLog4jContextSelector=org.apache.logging.log4j.core.selector.BasicContextSelector 
-Dstorm.id=enrichment-1-1496861469 
-Dworker.id=44e84652-9940-430a-ae10-7ba5b1962a84 -Dworker.port=6700 -cp 
/usr/hdp/2.5.3.0-37/storm/lib/asm-5.0.3.jar:/usr/hdp/2.5.3.0-37/storm/lib/clojure-1.7.0.jar:/usr/hdp/2.5.3.0-37/storm/lib/disruptor-3.3.2.jar:/usr/hdp/2.5.3.0-37/storm/lib/kryo-3.0.3.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-api-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-core-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-over-slf4j-1.6.6.jar:/usr/hdp/2.5.3.0-37/storm/lib/log4j-slf4j-impl-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/minlog-1.3.0.jar:/usr/hdp/2.5.3.0-37/storm/lib/objenesis-2.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/reflectasm-1.10.1.jar:/usr/hdp/2.5.3.0-37/storm/lib/ring-cors-0.1.5.jar:/usr/hdp/2.5.3.0-37/storm/lib/servlet-api-2.5.jar:/usr/hdp/2.5.3.0-37/storm/lib/slf4j-api-1.7.7.jar:/usr/hdp/2.5.3.0-37/storm/lib/storm-core-1.0.1.2.5.3.0-37.jar:/usr/hdp/2.5.3.0-37/storm/lib/storm-rename-hack-1.0.1.2.5.3.0-37.jar:/usr/hdp/2.5.3.0-37/storm/lib/zookeeper.jar:/usr/hdp/2.5.3.0-37/storm/lib/ambari-metrics-storm-sink.jar:/usr/hdp/current/storm-supervisor/conf:/data1/hadoop/storm/supervisor/
stormdist/enrichment-1-1496861469/stormjar.jar:/etc/hbase/conf:/etc/hadoop/conf 
org.apache.storm.daemon.worker enrichment-1-1496861469 
9c90251f-54cc-42d7-8c4e-6f3bb2528752 6700 
44e84652-9940-430a-ae10-7ba5b1962a84


Any idea what might cause this?

Again, same install on CentOS 6, everything's fine...

Re: AWS single_node_vm

[Laurens Vets]

Hi David,

That works, thanks! Now trying to get this down even more (4 sounds like 
a nice number :p)


On 2017-05-30 17:05, David Lyle wrote:

This one should do the trick for you.

Due to how smal_cluster.yml is structured (designed for 10+ nodes)- 
you'll

only get 2 data nodes, so you'll have to reduce replication to 2 if you
don't want to see under-replicated block warnings.

- include: tasks/create-hosts.yml host_count=1
host_type=sensors,ambari_master,ec2,monit
- include: tasks/create-hosts.yml host_count=2
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,enrichment,metron,ec2,zeppelin
- include: tasks/create-hosts.yml host_count=1
host_type=pcap_server,monit,ambari_slave,web,ec2

The reason the first one didn't work is because order matters. In the 
that

example, the host created by

- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,enrichment,metron,ec2,zeppelin

was ending up in 2 separate hostgroups, which is not allowed. 
Relocating
that line solves the problem. I also relocated the web hosts (ES Master 
and

Kibana) since there were fewer hosts.


-D...


On Tue, May 30, 2017 at 12:49 PM, Laurens Vets  
wrote:



I put in what you said previously :)

- include: tasks/create-hosts.yml host_count=1
host_type=sensors,ambari_master,ec2,monit
- include: tasks/create-hosts.yml host_count=1
host_type=pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,enrichment,metron,ec2,zeppelin
- include: tasks/create-hosts.yml host_count=2
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,web,ec2

On 2017-05-30 08:53, David Lyle wrote:

That's actually a different error than you posted before. That error 
is
Ambari telling you that the blueprint that Ansible submitted is 
invalid.
Likely a result of a required hostgroup not being defined. Can you 
(re?)

post what you've put in amazon-ec2/playbook.yml?

-D...


On Mon, May 29, 2017 at 12:02 PM, Laurens Vets  
wrote:


Same problem as all the previous ones...


TASK [ambari_config : Install python-requests]
*
ok: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com] => 
{"attempts":

1, "changed": false, "msg": "", "rc": 0, "results":
["python-requests-2.6.0-3.el6.noarch providing python-requests is
already
installed"]}

TASK [ambari_config : check if ambari-server is up on
ec2-34-209-23-182.us-west-2.compute.amazonaws.com:8080] ***
ok: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com] => 
{"changed":
false, "elapsed": 120, "path": null, "port": 8080, "search_regex": 
null,

"state": "started"}

TASK [ambari_config : Deploy cluster with Ambari;
http://ec2-34-209-23-182.us-west-2.compute.amazonaws.com:8080] ***
fatal: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com]: FAILED! 
=>

{"changed": false, "failed": true, "msg": "Ambari client exception
occurred: Could not create cluster: request code 400,
 request message {\n  \"status\" : 400,\n  \"message\" : \"Topology
validation failed: org.apache.ambari.server.topol
ogy.InvalidTopologyException:
The following hosts are mapped to multiple host groups: [
ec2-34-208-74-17.us-west-2.compute.amazonaws.com]. Be aware that 
host

names are converted to lowercase, case differences do not matter in
Ambari
deployments.\"\n}"}
to retry, use: --limit @/root/metron/metron-deploymen
t/amazon-ec2/playbook.retry

PLAY RECAP 


*
ec2-34-208-74-17.us-west-2.compute.amazonaws.com : ok=47   
changed=31

 unreachable=0failed=0
ec2-34-209-23-182.us-west-2.compute.amazonaws.com : ok=48   
changed=28

 unreachable=0failed=1
ec2-35-163-138-4.us-west-2.compute.amazonaws.com : ok=41   
changed=27

 unreachable=0failed=0
ec2-35-163-150-6.us-west-2.compute.amazonaws.com : ok=41   
changed=27

 unreachable=0failed=0
ec2-35-167-207-80.us-west-2.compute.amazonaws.com : ok=17   
changed=8

unreachable=0failed=0
ec2-54-70-75-61.us-west-2.compute.amazonaws.com : ok=41   changed=27
 unreachable=0failed=0
localhost  : ok=18   changed=13   unreachable=0
failed=0

root@ip-10-0-10-6:~/metron/metron-deployment/amazon-ec2#


On 2017-05-27 04:45, David Lyle wrote:

For some reason, kibana_hosts is undefined, so the curl command that

loads
the Kibana dashboard doesn't contain the URL for Kibana. If you 
look at
small_cluster.yml, you'll see that the Kibana should have been 
installed

on
the first host in the "web" hostgroup. Verify that you placed a 
host in
that hostgroup

Re: AWS single_node_vm

[Laurens Vets]

I put in what you said previously :)

- include: tasks/create-hosts.yml host_count=1 
host_type=sensors,ambari_master,ec2,monit
- include: tasks/create-hosts.yml host_count=1 
host_type=pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=ambari_slave,enrichment,metron,ec2,zeppelin
- include: tasks/create-hosts.yml host_count=2 
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=ambari_slave,web,ec2


On 2017-05-30 08:53, David Lyle wrote:

That's actually a different error than you posted before. That error is
Ambari telling you that the blueprint that Ansible submitted is 
invalid.
Likely a result of a required hostgroup not being defined. Can you 
(re?)

post what you've put in amazon-ec2/playbook.yml?

-D...


On Mon, May 29, 2017 at 12:02 PM, Laurens Vets  
wrote:



Same problem as all the previous ones...

TASK [ambari_config : Install python-requests]
*
ok: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com] => 
{"attempts":

1, "changed": false, "msg": "", "rc": 0, "results":
["python-requests-2.6.0-3.el6.noarch providing python-requests is 
already

installed"]}

TASK [ambari_config : check if ambari-server is up on
ec2-34-209-23-182.us-west-2.compute.amazonaws.com:8080] ***
ok: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com] => {"changed":
false, "elapsed": 120, "path": null, "port": 8080, "search_regex": 
null,

"state": "started"}

TASK [ambari_config : Deploy cluster with Ambari;
http://ec2-34-209-23-182.us-west-2.compute.amazonaws.com:8080] ***
fatal: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com]: FAILED! =>
{"changed": false, "failed": true, "msg": "Ambari client exception
occurred: Could not create cluster: request code 400,
 request message {\n  \"status\" : 400,\n  \"message\" : \"Topology
validation failed: 
org.apache.ambari.server.topology.InvalidTopologyException:

The following hosts are mapped to multiple host groups: [
ec2-34-208-74-17.us-west-2.compute.amazonaws.com]. Be aware that host
names are converted to lowercase, case differences do not matter in 
Ambari

deployments.\"\n}"}
to retry, use: --limit @/root/metron/metron-deploymen
t/amazon-ec2/playbook.retry

PLAY RECAP 


*
ec2-34-208-74-17.us-west-2.compute.amazonaws.com : ok=47   changed=31
 unreachable=0failed=0
ec2-34-209-23-182.us-west-2.compute.amazonaws.com : ok=48   changed=28
 unreachable=0failed=1
ec2-35-163-138-4.us-west-2.compute.amazonaws.com : ok=41   changed=27
 unreachable=0failed=0
ec2-35-163-150-6.us-west-2.compute.amazonaws.com : ok=41   changed=27
 unreachable=0failed=0
ec2-35-167-207-80.us-west-2.compute.amazonaws.com : ok=17   changed=8
unreachable=0failed=0
ec2-54-70-75-61.us-west-2.compute.amazonaws.com : ok=41   changed=27
 unreachable=0failed=0
localhost  : ok=18   changed=13   unreachable=0
failed=0


root@ip-10-0-10-6:~/metron/metron-deployment/amazon-ec2#


On 2017-05-27 04:45, David Lyle wrote:

For some reason, kibana_hosts is undefined, so the curl command that 
loads
the Kibana dashboard doesn't contain the URL for Kibana. If you look 
at
small_cluster.yml, you'll see that the Kibana should have been 
installed

on
the first host in the "web" hostgroup. Verify that you placed a host 
in
that hostgroup (it's the 5th line in Mike's example). If you did, 
check
that host on Ambari and verify that Kibana was installed, if not, 
you'll

want to dig through the install log to find out why.

Also- now that I've looked at the example carefully, I noticed that 
the
Zeppelin hostgroup was duplicated. That's not a problem, because the 
2nd

host will be ignored, maybe you caught it when you created your own.

I would try something like (for a 6 node host cluster):

- include: tasks/create-hosts.yml host_count=1
host_type=sensors,ambari_
master,ec2,monit
- include: tasks/create-hosts.yml host_count=1
host_type=pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=ambari_slave,

enrichment,metron,ec2,zeppelin
- include: tasks/create-hosts.yml host_count=2
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,web,ec2

-D...


On Fri, May 26, 2017 at 8:15 PM, Laurens Vets  
wrote:


Different error than before, but it still fails:


TASK [ambari_gather_facts : set_fact] **

ok: [ec2-34-210-207-190.us-west-2.compute.amazonaws.com] =>
{"ansible_facts": {"kibana_hosts": []}, "changed": false}

TASK [ambari_gather_facts : debug] 

Re: AWS single_node_vm

[Laurens Vets]

Same problem as all the previous ones...

TASK [ambari_config : Install python-requests] 
*
ok: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com] => {"attempts": 
1, "changed": false, "msg": "", "rc": 0, "results": 
["python-requests-2.6.0-3.el6.noarch providing python-requests is 
already installed"]}


TASK [ambari_config : check if ambari-server is up on 
ec2-34-209-23-182.us-west-2.compute.amazonaws.com:8080] ***
ok: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com] => {"changed": 
false, "elapsed": 120, "path": null, "port": 8080, "search_regex": null, 
"state": "started"}


TASK [ambari_config : Deploy cluster with Ambari; 
http://ec2-34-209-23-182.us-west-2.compute.amazonaws.com:8080] ***
fatal: [ec2-34-209-23-182.us-west-2.compute.amazonaws.com]: FAILED! => 
{"changed": false, "failed": true, "msg": "Ambari client exception 
occurred: Could not create cluster: request code 400,
 request message {\n  \"status\" : 400,\n  \"message\" : \"Topology 
validation failed: 
org.apache.ambari.server.topology.InvalidTopologyException: The 
following hosts are mapped to multiple host groups: 
[ec2-34-208-74-17.us-west-2.compute.amazonaws.com]. Be aware that host 
names are converted to lowercase, case differences do not matter in 
Ambari deployments.\"\n}"}
to retry, use: --limit 
@/root/metron/metron-deployment/amazon-ec2/playbook.retry


PLAY RECAP 
*
ec2-34-208-74-17.us-west-2.compute.amazonaws.com : ok=47   changed=31   
unreachable=0failed=0
ec2-34-209-23-182.us-west-2.compute.amazonaws.com : ok=48   changed=28   
unreachable=0failed=1
ec2-35-163-138-4.us-west-2.compute.amazonaws.com : ok=41   changed=27   
unreachable=0failed=0
ec2-35-163-150-6.us-west-2.compute.amazonaws.com : ok=41   changed=27   
unreachable=0failed=0
ec2-35-167-207-80.us-west-2.compute.amazonaws.com : ok=17   changed=8
unreachable=0failed=0
ec2-54-70-75-61.us-west-2.compute.amazonaws.com : ok=41   changed=27   
unreachable=0failed=0
localhost  : ok=18   changed=13   unreachable=0
failed=0


root@ip-10-0-10-6:~/metron/metron-deployment/amazon-ec2#

On 2017-05-27 04:45, David Lyle wrote:
For some reason, kibana_hosts is undefined, so the curl command that 
loads

the Kibana dashboard doesn't contain the URL for Kibana. If you look at
small_cluster.yml, you'll see that the Kibana should have been 
installed on

the first host in the "web" hostgroup. Verify that you placed a host in
that hostgroup (it's the 5th line in Mike's example). If you did, check
that host on Ambari and verify that Kibana was installed, if not, 
you'll

want to dig through the install log to find out why.

Also- now that I've looked at the example carefully, I noticed that the
Zeppelin hostgroup was duplicated. That's not a problem, because the 
2nd

host will be ignored, maybe you caught it when you created your own.

I would try something like (for a 6 node host cluster):

- include: tasks/create-hosts.yml host_count=1 
host_type=sensors,ambari_

master,ec2,monit
- include: tasks/create-hosts.yml host_count=1
host_type=pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=ambari_slave,

enrichment,metron,ec2,zeppelin
- include: tasks/create-hosts.yml host_count=2
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,web,ec2

-D...


On Fri, May 26, 2017 at 8:15 PM, Laurens Vets  
wrote:



Different error than before, but it still fails:

TASK [ambari_gather_facts : set_fact] **

ok: [ec2-34-210-207-190.us-west-2.compute.amazonaws.com] =>
{"ansible_facts": {"kibana_hosts": []}, "changed": false}

TASK [ambari_gather_facts : debug] **
***
ok: [ec2-34-210-207-190.us-west-2.compute.amazonaws.com] => {
"msg": "zookeeper_port = 2181, zookeeper_hosts = [u'
ec2-52-43-143-124.us-west-2.compute.amazonaws.com'], zookeeper_url =
ec2-52-43-143-124.us-west-2.compute.amazonaws.com:2181, 
kafka_broker_port

= 6667, kafka_broker_hosts = [u'ec2-34-210-18-244.us-west-2
.compute.amazonaws.com', u'ec2-35-164-236-192.us-west-2
.compute.amazonaws.com', u'ec2-52-41-30-101.us-west-2.c
ompute.amazonaws.com'], kafka_broker_url = 
ec2-34-210-18-244.us-west-2.co

mpute.amazonaws.com:6667,ec2-35-164-236-192.us-west-2.compu
te.amazonaws.com:6667,ec2-52-41-30-101.us-west-2.compute.
amazonaws.com:6667, metron_hosts = [u'ec2-35-164-236-192.us-west-
2.compute.amazonaws.com']

Re: AWS single_node_vm

[Laurens Vets]

vpc.yml
- include: tasks/create-open-inbound-security-group.yml
- include: tasks/create-open-outbound-security-group.yml
- include: tasks/create-hosts.yml host_count=1
host_type=sensors,ambari_master,ec2,monit
- include: tasks/create-hosts.yml host_count=4
host_type=ambari_slave,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,enrichment,metron,ec2,zeppelin
- include: tasks/create-hosts.yml host_count=2
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,web,ec2

to this (6-node)

  tasks:
- include: tasks/create-keypair.yml
- include: tasks/create-vpc.yml
- include: tasks/create-open-inbound-security-group.yml
- include: tasks/create-open-outbound-security-group.yml
- include: tasks/create-hosts.yml host_count=1
host_type=sensors,ambari_master,ec2,monit,zeppelin,search,web
- include: tasks/create-hosts.yml host_count=3
host_type=ambari_slave,ec2
- include: tasks/create-hosts.yml host_count=1 host_type= 
ambari_slave

,pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,enrichment,metron,ec2,zeppelin

Of course, this is just to demonstrate re-locating items, not 
necessarily

how you would want to lay them out.

Best,
Mike Miklavcic


On Fri, May 26, 2017 at 11:28 AM, Laurens Vets  
wrote:


I'm trying to install Metron in AWS but with fewer hosts than the 
default
10 node cluster install... So far no luck. Whatever I do, it always 
ends in

errors...


On 2017-05-26 10:16, David Lyle wrote:


I'm gonna to venture a 'no' simply because I don't know what that is.
Afaik, single_node_vm.yml was never used with AWS. What are you 
trying to

do?

-D...


On Thu, May 25, 2017 at 8:50 PM, Laurens Vets  
wrote:


Is AWS single_node_vm still supported?

Re: AWS single_node_vm

[Laurens Vets]

I'm trying to install Metron in AWS but with fewer hosts than the 
default 10 node cluster install... So far no luck. Whatever I do, it 
always ends in errors...


On 2017-05-26 10:16, David Lyle wrote:

I'm gonna to venture a 'no' simply because I don't know what that is.
Afaik, single_node_vm.yml was never used with AWS. What are you trying 
to

do?

-D...


On Thu, May 25, 2017 at 8:50 PM, Laurens Vets  
wrote:



Is AWS single_node_vm still supported?

AWS single_node_vm

[Laurens Vets]

Is AWS single_node_vm still supported?

Re: Trying to spin up Metron in EC2: Failed

[Laurens Vets]

Hmmm, deploying Metron in AWS from another EC2 instance seems to work 
fine...


I have a fully deployed 10 node Metron install now.

On 2017-05-19 10:52, Nick Allen wrote:

I am not sure what the issue is.  Nothing is jumping out at me.

Weird issues can arise when the machine that you are running the 
Ansible
deployment from has intermittent connectivity issues to the AWS data 
center.


Is Amazon's us-west-2 data center the one closest to you?  You might 
try a

different/closer data center.  You can alter the data center here [1].

[1]
https://github.com/apache/metron/blob/master/metron-deployment/amazon-ec2/conf/defaults.yml#L27-L39

Other than that, you could try standing up a small node in AWS and then 
use

that to run the Metron deployment from.  That always works much more
smoothly.




On Wed, May 17, 2017 at 4:41 PM, Laurens Vets  
wrote:



Also, it's only 1 out of 10 hosts that failing it seems.


On 2017-05-17 13:25, Laurens Vets wrote:

When you say Metron host, do you mean the host I'm pushing from to 
ec2

or the master ambari server in ec2?

On 2017-05-17 11:51, Ryan Merriman wrote:

That happens when you don't have the zookeeper url configured 
correctly.

Can you check the contents of the /etc/sysconfig/metron file on the
Metron
host?

On Wed, May 17, 2017 at 1:36 PM, Laurens Vets  
wrote:


For testing purposes, I decided to spin up the default Metron AWS 
config.

This resulted in a hang from ansible here:

TASK [librdkafka : include] **
**
task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/main.yml:18
included: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml for 
ec2-34-210-194-189.us-west-2.c

ompute.amazonaws.com

TASK [librdkafka : Install prerequisites] 
**


task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml:18
 ESTABLISH
CONNECTION
FOR USER: centos on PORT 22 TO ec2-34-210-194-189.us-west-2.c
ompute.amazonaws.com
/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py:141:
FutureWarning: CTR mode needs counter parameter, not IV
  self._cipher = factory.new(key, *args, **kwargs)
 EXEC ( umask 
22 &&

mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp
-1495041091.74-92163853889508
)" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp
-1495041091.74-92163853889508
)" )
 PUT 
/tmp/tmpwnH61y

TO /home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853
889508/yum
 EXEC /bin/sh 
-c

'sudo -H -S -n -u root /bin/sh -c '"'"'echo
BECOME-SUCCESS-rmswjjyhfdywqvwtvqwcmbsqpsbohvxh;
LANG=en_CA.UTF-8 LC_ALL=en_CA.UTF-8 LC_MESSAGES=en_CA.UTF-8
/usr/bin/python
-tt /home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853
889508/yum;
rm -rf "/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-9216385
3889508/"
> /dev/null 2>&1'"'"''

Looking in the machine logs, I see the following for Kafka and 
Metron

REST:

Kafka:
[2017-05-17 17:03:14,831] INFO KafkaConfig values:
advertised.host.name = null
metric.reporters = []
quota.producer.default = 9223372036854775807
offsets.topic.num.partitions = 50
log.flush.interval.messages = 9223372036854775807
auto.create.topics.enable = true
controller.socket.timeout.ms = 3
log.flush.interval.ms = null
principal.builder.class = class 
org.apache.kafka.common.securi

ty.auth.DefaultPrincipalBuilder
replica.socket.receive.buffer.bytes = 65536
min.insync.replicas = 1
replica.fetch.wait.max.ms = 500
num.recovery.threads.per.data.dir = 1
ssl.keystore.type = JKS
sasl.mechanism.inter.broker.protocol = GSSAPI
default.replication.factor = 1
ssl.truststore.password = null
log.preallocate = false
sasl.kerberos.principal.to.local.rules = [DEFAULT]
fetch.purgatory.purge.interval.requests = 1
ssl.endpoint.identification.algorithm = null
replica.socket.timeout.ms = 3
message.max.bytes = 100
num.io.threads = 8
offsets.commit.required.acks = -1
log.flush.offset.checkpoint.interval.ms = 6
delete.topic.enable = false
quota.window.size.seconds = 1
ssl.truststore.type = JKS
offsets.commit.timeout.ms = 5000
quota.window.num = 11
zookeeper.connect = ec2-34-223-200-113.us-west-2.c
ompute.amazonaws.com:2181
authorizer.class.name =
num.replica.fetchers = 1
log.retention.ms = null
log.roll.jitter.hours = 0
log.cleaner.enable = true
offsets.load.buffer.size = 5242880
log.cleaner.delete.retention.ms = 8640
ssl.client.auth = none
controlled.shutdown.max.retries = 3
queued.m

Re: Trying to spin up Metron in EC2: Failed

[Laurens Vets]

Thanks, I'll try your suggestion of deploying from AWS itself.

On 2017-05-19 10:52, Nick Allen wrote:

I am not sure what the issue is.  Nothing is jumping out at me.

Weird issues can arise when the machine that you are running the 
Ansible
deployment from has intermittent connectivity issues to the AWS data 
center.


Is Amazon's us-west-2 data center the one closest to you?  You might 
try a

different/closer data center.  You can alter the data center here [1].

[1]
https://github.com/apache/metron/blob/master/metron-deployment/amazon-ec2/conf/defaults.yml#L27-L39

Other than that, you could try standing up a small node in AWS and then 
use

that to run the Metron deployment from.  That always works much more
smoothly.




On Wed, May 17, 2017 at 4:41 PM, Laurens Vets  
wrote:



Also, it's only 1 out of 10 hosts that failing it seems.


On 2017-05-17 13:25, Laurens Vets wrote:

When you say Metron host, do you mean the host I'm pushing from to 
ec2

or the master ambari server in ec2?

On 2017-05-17 11:51, Ryan Merriman wrote:

That happens when you don't have the zookeeper url configured 
correctly.

Can you check the contents of the /etc/sysconfig/metron file on the
Metron
host?

On Wed, May 17, 2017 at 1:36 PM, Laurens Vets  
wrote:


For testing purposes, I decided to spin up the default Metron AWS 
config.

This resulted in a hang from ansible here:

TASK [librdkafka : include] **
**
task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/main.yml:18
included: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml for 
ec2-34-210-194-189.us-west-2.c

ompute.amazonaws.com

TASK [librdkafka : Install prerequisites] 
**


task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml:18
 ESTABLISH
CONNECTION
FOR USER: centos on PORT 22 TO ec2-34-210-194-189.us-west-2.c
ompute.amazonaws.com
/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py:141:
FutureWarning: CTR mode needs counter parameter, not IV
  self._cipher = factory.new(key, *args, **kwargs)
 EXEC ( umask 
22 &&

mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp
-1495041091.74-92163853889508
)" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp
-1495041091.74-92163853889508
)" )
 PUT 
/tmp/tmpwnH61y

TO /home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853
889508/yum
 EXEC /bin/sh 
-c

'sudo -H -S -n -u root /bin/sh -c '"'"'echo
BECOME-SUCCESS-rmswjjyhfdywqvwtvqwcmbsqpsbohvxh;
LANG=en_CA.UTF-8 LC_ALL=en_CA.UTF-8 LC_MESSAGES=en_CA.UTF-8
/usr/bin/python
-tt /home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853
889508/yum;
rm -rf "/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-9216385
3889508/"
> /dev/null 2>&1'"'"''

Looking in the machine logs, I see the following for Kafka and 
Metron

REST:

Kafka:
[2017-05-17 17:03:14,831] INFO KafkaConfig values:
advertised.host.name = null
metric.reporters = []
quota.producer.default = 9223372036854775807
offsets.topic.num.partitions = 50
log.flush.interval.messages = 9223372036854775807
auto.create.topics.enable = true
controller.socket.timeout.ms = 3
log.flush.interval.ms = null
principal.builder.class = class 
org.apache.kafka.common.securi

ty.auth.DefaultPrincipalBuilder
replica.socket.receive.buffer.bytes = 65536
min.insync.replicas = 1
replica.fetch.wait.max.ms = 500
num.recovery.threads.per.data.dir = 1
ssl.keystore.type = JKS
sasl.mechanism.inter.broker.protocol = GSSAPI
default.replication.factor = 1
ssl.truststore.password = null
log.preallocate = false
sasl.kerberos.principal.to.local.rules = [DEFAULT]
fetch.purgatory.purge.interval.requests = 1
ssl.endpoint.identification.algorithm = null
replica.socket.timeout.ms = 3
message.max.bytes = 100
num.io.threads = 8
offsets.commit.required.acks = -1
log.flush.offset.checkpoint.interval.ms = 6
delete.topic.enable = false
quota.window.size.seconds = 1
ssl.truststore.type = JKS
offsets.commit.timeout.ms = 5000
quota.window.num = 11
zookeeper.connect = ec2-34-223-200-113.us-west-2.c
ompute.amazonaws.com:2181
authorizer.class.name =
num.replica.fetchers = 1
log.retention.ms = null
log.roll.jitter.hours = 0
log.cleaner.enable = true
offsets.load.buffer.size = 5242880
log.cleaner.delete.retention.ms = 8640
ssl.client.auth = none
controlled.shutdown.max.retries = 3
queued.max.requests = 500
offsets.topic.replication.factor = 3
log.cl

Re: Trying to spin up Metron in EC2: Failed

[Laurens Vets]

Also, it's only 1 out of 10 hosts that failing it seems.

On 2017-05-17 13:25, Laurens Vets wrote:

When you say Metron host, do you mean the host I'm pushing from to ec2
or the master ambari server in ec2?

On 2017-05-17 11:51, Ryan Merriman wrote:
That happens when you don't have the zookeeper url configured 
correctly.
Can you check the contents of the /etc/sysconfig/metron file on the 
Metron

host?

On Wed, May 17, 2017 at 1:36 PM, Laurens Vets  
wrote:


For testing purposes, I decided to spin up the default Metron AWS 
config.

This resulted in a hang from ansible here:

TASK [librdkafka : include] **
**
task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/main.yml:18
included: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml for ec2-34-210-194-189.us-west-2.c
ompute.amazonaws.com

TASK [librdkafka : Install prerequisites] 
**


task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml:18
 ESTABLISH 
CONNECTION

FOR USER: centos on PORT 22 TO ec2-34-210-194-189.us-west-2.c
ompute.amazonaws.com
/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py:141:
FutureWarning: CTR mode needs counter parameter, not IV
  self._cipher = factory.new(key, *args, **kwargs)
 EXEC ( umask 22 
&&
mkdir -p "$( echo 
$HOME/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508
)" && echo "$( echo 
$HOME/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508

)" )
 PUT 
/tmp/tmpwnH61y
TO 
/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508/yum

 EXEC /bin/sh -c
'sudo -H -S -n -u root /bin/sh -c '"'"'echo 
BECOME-SUCCESS-rmswjjyhfdywqvwtvqwcmbsqpsbohvxh;
LANG=en_CA.UTF-8 LC_ALL=en_CA.UTF-8 LC_MESSAGES=en_CA.UTF-8 
/usr/bin/python
-tt 
/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508/yum;
rm -rf 
"/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508/"

> /dev/null 2>&1'"'"''

Looking in the machine logs, I see the following for Kafka and Metron 
REST:


Kafka:
[2017-05-17 17:03:14,831] INFO KafkaConfig values:
advertised.host.name = null
metric.reporters = []
quota.producer.default = 9223372036854775807
offsets.topic.num.partitions = 50
log.flush.interval.messages = 9223372036854775807
auto.create.topics.enable = true
controller.socket.timeout.ms = 3
log.flush.interval.ms = null
principal.builder.class = class 
org.apache.kafka.common.securi

ty.auth.DefaultPrincipalBuilder
replica.socket.receive.buffer.bytes = 65536
min.insync.replicas = 1
replica.fetch.wait.max.ms = 500
num.recovery.threads.per.data.dir = 1
ssl.keystore.type = JKS
sasl.mechanism.inter.broker.protocol = GSSAPI
default.replication.factor = 1
ssl.truststore.password = null
log.preallocate = false
sasl.kerberos.principal.to.local.rules = [DEFAULT]
fetch.purgatory.purge.interval.requests = 1
ssl.endpoint.identification.algorithm = null
replica.socket.timeout.ms = 3
message.max.bytes = 100
num.io.threads = 8
offsets.commit.required.acks = -1
log.flush.offset.checkpoint.interval.ms = 6
delete.topic.enable = false
quota.window.size.seconds = 1
ssl.truststore.type = JKS
offsets.commit.timeout.ms = 5000
quota.window.num = 11
zookeeper.connect = ec2-34-223-200-113.us-west-2.c
ompute.amazonaws.com:2181
authorizer.class.name =
num.replica.fetchers = 1
log.retention.ms = null
log.roll.jitter.hours = 0
log.cleaner.enable = true
offsets.load.buffer.size = 5242880
log.cleaner.delete.retention.ms = 8640
ssl.client.auth = none
controlled.shutdown.max.retries = 3
queued.max.requests = 500
offsets.topic.replication.factor = 3
log.cleaner.threads = 1
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
socket.request.max.bytes = 104857600
ssl.trustmanager.algorithm = PKIX
zookeeper.session.timeout.ms = 3
log.retention.bytes = -1
log.message.timestamp.type = CreateTime
sasl.kerberos.min.time.before.relogin = 6
zookeeper.set.acl = false
connections.max.idle.ms = 60
offsets.retention.minutes = 8640
replica.fetch.backoff.ms = 1000
inter.broker.protocol.version = 0.10.0-IV1
log.retention.hours = 168
num.partitions = 1
broker.id.generation.enable = true
listeners = PLAINTEXT://ec2-34-209-53-166.
us-west-2.compute.amazonaws.com:6667
ssl.provider 

Re: Trying to spin up Metron in EC2: Failed

[Laurens Vets]

When you say Metron host, do you mean the host I'm pushing from to ec2 
or the master ambari server in ec2?


On 2017-05-17 11:51, Ryan Merriman wrote:
That happens when you don't have the zookeeper url configured 
correctly.
Can you check the contents of the /etc/sysconfig/metron file on the 
Metron

host?

On Wed, May 17, 2017 at 1:36 PM, Laurens Vets  
wrote:


For testing purposes, I decided to spin up the default Metron AWS 
config.

This resulted in a hang from ansible here:

TASK [librdkafka : include] **
**
task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/main.yml:18
included: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml for ec2-34-210-194-189.us-west-2.c
ompute.amazonaws.com

TASK [librdkafka : Install prerequisites] 
**


task path: /home/laurens/SAPSource/metron/metron-deployment/roles/
librdkafka/tasks/dependencies.yml:18
 ESTABLISH 
CONNECTION

FOR USER: centos on PORT 22 TO ec2-34-210-194-189.us-west-2.c
ompute.amazonaws.com
/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py:141:
FutureWarning: CTR mode needs counter parameter, not IV
  self._cipher = factory.new(key, *args, **kwargs)
 EXEC ( umask 22 
&&
mkdir -p "$( echo 
$HOME/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508
)" && echo "$( echo 
$HOME/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508

)" )
 PUT 
/tmp/tmpwnH61y
TO 
/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508/yum

 EXEC /bin/sh -c
'sudo -H -S -n -u root /bin/sh -c '"'"'echo 
BECOME-SUCCESS-rmswjjyhfdywqvwtvqwcmbsqpsbohvxh;
LANG=en_CA.UTF-8 LC_ALL=en_CA.UTF-8 LC_MESSAGES=en_CA.UTF-8 
/usr/bin/python
-tt 
/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508/yum;
rm -rf 
"/home/centos/.ansible/tmp/ansible-tmp-1495041091.74-92163853889508/"

> /dev/null 2>&1'"'"''

Looking in the machine logs, I see the following for Kafka and Metron 
REST:


Kafka:
[2017-05-17 17:03:14,831] INFO KafkaConfig values:
advertised.host.name = null
metric.reporters = []
quota.producer.default = 9223372036854775807
offsets.topic.num.partitions = 50
log.flush.interval.messages = 9223372036854775807
auto.create.topics.enable = true
controller.socket.timeout.ms = 3
log.flush.interval.ms = null
principal.builder.class = class org.apache.kafka.common.securi
ty.auth.DefaultPrincipalBuilder
replica.socket.receive.buffer.bytes = 65536
min.insync.replicas = 1
replica.fetch.wait.max.ms = 500
num.recovery.threads.per.data.dir = 1
ssl.keystore.type = JKS
sasl.mechanism.inter.broker.protocol = GSSAPI
default.replication.factor = 1
ssl.truststore.password = null
log.preallocate = false
sasl.kerberos.principal.to.local.rules = [DEFAULT]
fetch.purgatory.purge.interval.requests = 1
ssl.endpoint.identification.algorithm = null
replica.socket.timeout.ms = 3
message.max.bytes = 100
num.io.threads = 8
offsets.commit.required.acks = -1
log.flush.offset.checkpoint.interval.ms = 6
delete.topic.enable = false
quota.window.size.seconds = 1
ssl.truststore.type = JKS
offsets.commit.timeout.ms = 5000
quota.window.num = 11
zookeeper.connect = ec2-34-223-200-113.us-west-2.c
ompute.amazonaws.com:2181
authorizer.class.name =
num.replica.fetchers = 1
log.retention.ms = null
log.roll.jitter.hours = 0
log.cleaner.enable = true
offsets.load.buffer.size = 5242880
log.cleaner.delete.retention.ms = 8640
ssl.client.auth = none
controlled.shutdown.max.retries = 3
queued.max.requests = 500
offsets.topic.replication.factor = 3
log.cleaner.threads = 1
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
socket.request.max.bytes = 104857600
ssl.trustmanager.algorithm = PKIX
zookeeper.session.timeout.ms = 3
log.retention.bytes = -1
log.message.timestamp.type = CreateTime
sasl.kerberos.min.time.before.relogin = 6
zookeeper.set.acl = false
connections.max.idle.ms = 60
offsets.retention.minutes = 8640
replica.fetch.backoff.ms = 1000
inter.broker.protocol.version = 0.10.0-IV1
log.retention.hours = 168
num.partitions = 1
broker.id.generation.enable = true
listeners = PLAINTEXT://ec2-34-209-53-166.
us-west-2.compute.amazonaws.com:6667
ssl.provider = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
log.roll.ms = null
log.

Re: Trying to spin up Metron in EC2: Failed

[Laurens Vets]

nRegistry.java:230)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at 
org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:207)
at 
org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1128)
at 
org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1056)
at 
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:566)

... 50 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed 
to instantiate [org.I0Itec.zkclient.ZkClient]: Factory method 'zkClient' 
threw exception; nested exception is 
org.I0Itec.zkclient.exception.ZkTimeoutException: Unable to connect to 
zookeeper server within timeout: 1
at 
org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at 
org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)

... 62 more
Caused by: org.I0Itec.zkclient.exception.ZkTimeoutException: Unable to 
connect to zookeeper server within timeout: 1

at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1232)
at org.I0Itec.zkclient.ZkClient.(ZkClient.java:156)
at org.I0Itec.zkclient.ZkClient.(ZkClient.java:130)
at org.I0Itec.zkclient.ZkClient.(ZkClient.java:97)
at 
org.apache.metron.rest.config.ZookeeperConfig.zkClient(ZookeeperConfig.java:52)
at 
org.apache.metron.rest.config.ZookeeperConfig$$EnhancerBySpringCGLIB$$6e0c6742.CGLIB$zkClient$1()
at 
org.apache.metron.rest.config.ZookeeperConfig$$EnhancerBySpringCGLIB$$6e0c6742$$FastClassBySpringCGLIB$$3219d861.invoke()
at 
org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at 
org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:356)
at 
org.apache.metron.rest.config.ZookeeperConfig$$EnhancerBySpringCGLIB$$6e0c6742.zkClient()

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)

... 63 more

Any ideas on what might be going or why the timeout triggers?

On 2017-05-17 08:31, Laurens Vets wrote:

Hello list,

I'm trying to spin up Metron in EC2 for testing purposes. I made the
following changes in playbook.yml so that I'm left with 5 EC2
instances instead of 10:

<-- SNIP -->
  tasks:
- include: tasks/create-keypair.yml
- include: tasks/create-vpc.yml
- include: tasks/create-open-inbound-security-group.yml
- include: tasks/create-open-outbound-security-group.yml
- include: tasks/create-hosts.yml host_count=1
host_type=sensors,ambari_master,ec2,monit
#- include: tasks/create-hosts.yml host_count=4 
host_type=ambari_slave,ec2

- include: tasks/create-hosts.yml host_count=1
host_type=pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,enrichment,metron,ec2,zeppelin
#- include: tasks/create-hosts.yml host_count=2
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1
host_type=ambari_slave,web,ec2
<-- END SNIP -->

I also had to change the line "ansible-playbook -vvv -i ec2.py 
playbook.yml \

  --skip-tags="quick_dev,sensor-stubs" \
  --extra-vars="env=$ENV" \
  $EXTRA_ARGS"

to "ansible-playbook -vvv -i ec2.py playbook.yml \
  --skip-tags="quick_dev,sensor-stubs" \
  --extra-vars="env=$ENV" \
  $EXTRA_ARGS -c paramiko"
in run.sh otherwise ssh would time out.

However, Ansible errors out with:

2017-05-16 18:02:50,615 p=5362 u=laurens |  TASK [ambari_config :
Deploy cluster with Ambari;
http://ec2-35-164-26-255.us-west-2.compute.amazonaws.com:8080] ***
2017-05-16 18:02:50,615 p=5362 u=laurens |  task path:
/home/laurens/SAPSource/metron/metron-deployment/roles/ambari_config/tasks/main.yml:36
2017-05-16 18:02:52,660 p=5362 u=laurens |  fatal:
[ec2-35-164-26-255.us-west-2.compute.amazonaws.com]: FAILED! =>
{"changed": false, "fail

Trying to spin up Metron in EC2: Failed

[Laurens Vets]

Hello list,

I'm trying to spin up Metron in EC2 for testing purposes. I made the 
following changes in playbook.yml so that I'm left with 5 EC2 instances 
instead of 10:


<-- SNIP -->
  tasks:
- include: tasks/create-keypair.yml
- include: tasks/create-vpc.yml
- include: tasks/create-open-inbound-security-group.yml
- include: tasks/create-open-outbound-security-group.yml
- include: tasks/create-hosts.yml host_count=1 
host_type=sensors,ambari_master,ec2,monit
#- include: tasks/create-hosts.yml host_count=4 
host_type=ambari_slave,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=pcap_server,monit,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=ambari_slave,enrichment,metron,ec2,zeppelin
#- include: tasks/create-hosts.yml host_count=2 
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=ambari_slave,search,ec2
- include: tasks/create-hosts.yml host_count=1 
host_type=ambari_slave,web,ec2

<-- END SNIP -->

I also had to change the line "ansible-playbook -vvv -i ec2.py 
playbook.yml \

  --skip-tags="quick_dev,sensor-stubs" \
  --extra-vars="env=$ENV" \
  $EXTRA_ARGS"

to "ansible-playbook -vvv -i ec2.py playbook.yml \
  --skip-tags="quick_dev,sensor-stubs" \
  --extra-vars="env=$ENV" \
  $EXTRA_ARGS -c paramiko"
in run.sh otherwise ssh would time out.

However, Ansible errors out with:

2017-05-16 18:02:50,615 p=5362 u=laurens |  TASK [ambari_config : Deploy 
cluster with Ambari; 
http://ec2-35-164-26-255.us-west-2.compute.amazonaws.com:8080] ***
2017-05-16 18:02:50,615 p=5362 u=laurens |  task path: 
/home/laurens/SAPSource/metron/metron-deployment/roles/ambari_config/tasks/main.yml:36
2017-05-16 18:02:52,660 p=5362 u=laurens |  fatal: 
[ec2-35-164-26-255.us-west-2.compute.amazonaws.com]: FAILED! => 
{"changed": false, "failed": true, "invocation": {"module_args": 
{"blueprint_name": "metron_blueprint", "blueprint_var": {"groups": 
[{"cardinality": 1, "components": [{"name": "NAMENODE"}, {"name": 
"SECONDARY_NAMENODE"}, {"name": "RESOURCEMANAGER"}, {"name": 
"HISTORYSERVER"}, {"name": "HDFS_CLIENT"}, {"name": "YARN_CLIENT"}, 
{"name": "MAPREDUCE2_CLIENT"}, {"name": "SPARK_CLIENT"}, {"name": 
"ZOOKEEPER_CLIENT"}, {"name": "HBASE_CLIENT"}, {"name": "ES_SLAVE"}], 
"configuration": [], "name": "master_1"}, {"cardinality": 1, 
"components": [{"name": "ZOOKEEPER_SERVER"}, {"name": "NIMBUS"}, 
{"name": "STORM_UI_SERVER"}, {"name": "DRPC_SERVER"}, {"name": 
"SPARK_JOBHISTORYSERVER"}, {"name": "HBASE_MASTER"}, {"name": 
"HDFS_CLIENT"}, {"name": "YARN_CLIENT"}, {"name": "MAPREDUCE2_CLIENT"}, 
{"name": "SPARK_CLIENT"}, {"name": "ZOOKEEPER_CLIENT"}, {"name": 
"HBASE_CLIENT"}, {"name": "APP_TIMELINE_SERVER"}, {"name": "ES_SLAVE"}], 
"configuration": [], "name": "master_2"}, {"cardinality": 1, 
"components": [{"name": "METRON_INDEXING"}, {"name": 
"METRON_ENRICHMENT_MASTER"}, {"name": "METRON_PARSERS"}, {"name": 
"METRON_REST"}, {"name": "DATANODE"}, {"name": "NODEMANAGER"}, {"name": 
"SUPERVISOR"}, {"name": "KAFKA_BROKER"}, {"name": "HBASE_REGIONSERVER"}, 
{"name": "HDFS_CLIENT"}, {"name": "YARN_CLIENT"}, {"name": 
"MAPREDUCE2_CLIENT"}, {"name": "SPARK_CLIENT"}, {"name": 
"ZOOKEEPER_CLIENT"}, {"name": "HBASE_CLIENT"}], "configuration": [], 
"name": "metron"}, {"cardinality": 1, "components": [{"name": 
"KIBANA_MASTER"}, {"name": "ES_MASTER"}], "configuration": [], "name": 
"web"}, {"cardinality": "1+", "components": [{"name": "DATANODE"}, 
{"name": "NODEMANAGER"}, {"name": "SUPERVISOR"}, {"name": 
"KAFKA_BROKER"}, {"name": "HBASE_REGIONSERVER"}, {"name": 
"HDFS_CLIENT"}, {"name": "YARN_CLIENT"}, {"name": "MAPREDUCE2_CLIENT"}, 
{"name": "SPARK_CLIENT"}, {"name": "ZOOKEEPER_CLIENT"}, {"name": 
"HBASE_CLIENT"}], "configuration": [], "name": "slaves"}], 
"required_configurations": [{"metron-env": {"es_hosts": 
"ec2-35-164-136-88.us-west-2.compute.amazonaws.com,ec2-34-208-94-45.us-west-2.compute.amazonaws.com", 
"metron_jdbc_driver": "org.h2.Driver", "metron_jdbc_password": "root", 
"metron_jdbc_platform": "h2", "metron_jdbc_url": 
"jdbc:h2:file:~/metrondb", "metron_jdbc_username": "root", 
"storm_rest_addr": 
"ec2-34-208-94-45.us-west-2.compute.amazonaws.com:8744", 
"zeppelin_server_url": 
"ec2-34-210-151-29.us-west-2.compute.amazonaws.com"}}, {"kibana-env": 
{"kibana_default_application": "dashboard/Metron-Dashboard", 
"kibana_es_url": 
"http://ec2-35-164-136-88.us-west-2.compute.amazonaws.com:9200";, 
"kibana_log_dir": "/var/log/kibana", "kibana_pid_dir": 
"/var/run/kibana", "kibana_server_port": 5000}}], "stack_name": "HDP", 
"stack_version": "2.5"}, "cluster_name": "metron", "cluster_state": 
"present", "configurations": [{"zoo.cfg": {"dataDir": 
"/data1/hadoop/zookeeper"}}, {"hadoop-env": {"dtnode_heapsize": 1024, 
"namenode_heapsize": 2048}}, {"hbase-env": {"hbase_master_heapsize": 
1024, "hbase_regionserver_heapsize": 1024}}, {"hdfs-site": 
{"dfs.datanode.data.dir": 
"/data1/hadoop/hdfs/data,/data2/hadoop

Re: Elasticsearch: network.publish_host needed it seems

[Laurens Vets]

Hey David,

"[_local_,_site_]" didn't work, but you put me on the right path. It 
seems that "[_enp0s8_]" works! Thanks!




Have you tried [_local_,_site_]? If that doesn't work, perhaps give the
publish address for enp0s8. Be sure to set that on the network_host 
field

in the Elasticsearch config and leave network_publish_host empty.

-D...


On Thu, May 11, 2017 at 2:51 PM, Laurens Vets  
wrote:



Environment:
- 2 VMs, each with 2 ip addresses (interfaces enp0s3 & enp0s8) called
node1 and node3
- ES master on node1, data node on node3
- CentOS 7

For some reason, elasticsearch uses the ip attached to enp0s3 as it's
publish address. Due to the way my test environment is set up, this 
will

not work. ES should use the ip address of enp0s8. However, we've been
trying to debug this over irc and nothing seems to work in Ambari 
except
setting network.publish_host manually in elasticsearch.yml on node1 & 
node3
and restarting 'manually'. Unfortunately, this setting will be gone 
from

both hosts when I restart via Ambari.

We've tried the following in Ambari:
- network.host: 0.0.0.0 => Wrong ip used (enp0s3).
- network.host: "_lo:ipv4_","_enp0s8:ipv4_" => This blows up Java
- network.host: "_lo:ipv4","_enp0s8:ipv4" or 
["_lo:ipv4","_enp0s8:ipv4"]

=> Unknown host exception in Java.

Any idea how I can add network.publish_host to Ambari so that it 
doesn't
get removed when I restart the services via Ambari? Or what setting I 
need

to use for network.host?

Elasticsearch: network.publish_host needed it seems

[Laurens Vets]

Environment:
- 2 VMs, each with 2 ip addresses (interfaces enp0s3 & enp0s8) called 
node1 and node3

- ES master on node1, data node on node3
- CentOS 7

For some reason, elasticsearch uses the ip attached to enp0s3 as it's 
publish address. Due to the way my test environment is set up, this will 
not work. ES should use the ip address of enp0s8. However, we've been 
trying to debug this over irc and nothing seems to work in Ambari except 
setting network.publish_host manually in elasticsearch.yml on node1 & 
node3 and restarting 'manually'. Unfortunately, this setting will be 
gone from both hosts when I restart via Ambari.


We've tried the following in Ambari:
- network.host: 0.0.0.0 => Wrong ip used (enp0s3).
- network.host: "_lo:ipv4_","_enp0s8:ipv4_" => This blows up Java
- network.host: "_lo:ipv4","_enp0s8:ipv4" or ["_lo:ipv4","_enp0s8:ipv4"] 
=> Unknown host exception in Java.


Any idea how I can add network.publish_host to Ambari so that it doesn't 
get removed when I restart the services via Ambari? Or what setting I 
need to use for network.host?

Re: Metron REST not starting

[Laurens Vets]

Do you mean "yum install mysql-connector-java" or something else?

On 2017-05-08 10:43, Ryan Merriman wrote:

Did you install the MySQL client jar?

On Mon, May 8, 2017 at 12:40 PM, Laurens Vets  
wrote:



Hello list,

I've installed Metron via Ambari and everything works except the 
Metron
REST interface. It fails with the following error message: "Cannot 
load
driver class: com.mysql.jdbc.Driver". I got the MySQL configuration 
items
from here: 
https://github.com/apache/incubator-metron/tree/master/metro

n-interface/metron-rest. Any ideas on what might be going wrong?

The full log:

  .     ___ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  || .__|_| |_|_| |_\__, | / / / /
 =|_|==|___/=/_/_/_/
 :: Spring Boot ::(v1.4.1.RELEASE)

2017-05-08T10:16:46.408 ERROR 
[org.springframework.boot.SpringApplication]

- Application startup failed
org.springframework.beans.factory.UnsatisfiedDependencyException: 
Error

creating bean with name 'webSecurityConfig': Unsatisfied dependency
expressed through field 'dataSource'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error 
creating

bean with name 'dataSource' defined in class path resource
[org/springframework/boot/autoconfigure/jdbc/DataSourceConfiguration$Tomcat.class]:
Bean instantiation via factory method failed; nested exception is
org.springframework.beans.BeanInstantiationException: Failed to
instantiate [org.apache.tomcat.jdbc.pool.DataSource]: Factory method
'dataSource' threw exception; nested exception is
java.lang.IllegalStateException: Cannot load driver class:
com.mysql.jdbc.Driver
at 
org.springframework.beans.factory.annotation.AutowiredAnnota

tionBeanPostProcessor$AutowiredFieldElement.inject(A
utowiredAnnotationBeanPostProcessor.java:569)
at 
org.springframework.beans.factory.annotation.InjectionMetada

ta.inject(InjectionMetadata.java:88)
at 
org.springframework.beans.factory.annotation.AutowiredAnnota

tionBeanPostProcessor.postProcessPropertyValues(AutowiredAnn
otationBeanPostProcessor.java:349)
at 
org.springframework.beans.factory.support.AbstractAutowireCa

pableBeanFactory.populateBean(AbstractAutowireCapableBeanFac
tory.java:1219)
at 
org.springframework.beans.factory.support.AbstractAutowireCa

pableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at 
org.springframework.beans.factory.support.AbstractAutowireCa

pableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at 
org.springframework.beans.factory.support.AbstractBeanFactor

y$1.getObject(AbstractBeanFactory.java:306)
at 
org.springframework.beans.factory.support.DefaultSingletonBe

anRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at 
org.springframework.beans.factory.support.AbstractBeanFactor

y.doGetBean(AbstractBeanFactory.java:302)
at 
org.springframework.beans.factory.support.AbstractBeanFactor

y.getBean(AbstractBeanFactory.java:197)
at 
org.springframework.beans.factory.support.DefaultListableBea

nFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:751)
at 
org.springframework.context.support.AbstractApplicationConte

xt.finishBeanFactoryInitialization(AbstractApplicationContext.java:861)
at 
org.springframework.context.support.AbstractApplicationConte

xt.refresh(AbstractApplicationContext.java:541)
at 
org.springframework.boot.context.embedded.EmbeddedWebApplica

tionContext.refresh(EmbeddedWebApplicationContext.java:122)
at 
org.springframework.boot.SpringApplication.refresh(SpringApp

lication.java:761)
at 
org.springframework.boot.SpringApplication.refreshContext(Sp

ringApplication.java:371)
at 
org.springframework.boot.SpringApplication.run(SpringApplica

tion.java:315)
at 
org.springframework.boot.SpringApplication.run(SpringApplica

tion.java:1186)
at 
org.springframework.boot.SpringApplication.run(SpringApplica

tion.java:1175)
at 
org.apache.metron.rest.MetronRestApplication.main(MetronRest

Application.java:27)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce

ssorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe

thodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.springframework.boot.loader.MainMethodRunner.run(MainMet

hodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.
java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.
java:50)
at org.springframework.boot.loader.PropertiesLauncher.main(
PropertiesLauncher.java:525)
Caus

Metron REST not starting

[Laurens Vets]

Hello list,

I've installed Metron via Ambari and everything works except the Metron 
REST interface. It fails with the following error message: "Cannot load 
driver class: com.mysql.jdbc.Driver". I got the MySQL configuration 
items from here: 
https://github.com/apache/incubator-metron/tree/master/metron-interface/metron-rest. 
Any ideas on what might be going wrong?


The full log:

  .     ___ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  || .__|_| |_|_| |_\__, | / / / /
 =|_|==|___/=/_/_/_/
 :: Spring Boot ::(v1.4.1.RELEASE)

2017-05-08T10:16:46.408 ERROR 
[org.springframework.boot.SpringApplication] - Application startup 
failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
creating bean with name 'webSecurityConfig': Unsatisfied dependency 
expressed through field 'dataSource'; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 'dataSource' defined in class path resource 
[org/springframework/boot/autoconfigure/jdbc/DataSourceConfiguration$Tomcat.class]: 
Bean instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to 
instantiate [org.apache.tomcat.jdbc.pool.DataSource]: Factory method 
'dataSource' threw exception; nested exception is 
java.lang.IllegalStateException: Cannot load driver class: 
com.mysql.jdbc.Driver
	at 
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:569)
	at 
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
	at 
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:349)
	at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1219)
	at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
	at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
	at 
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at 
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at 
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at 
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at 
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:751)
	at 
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:861)
	at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:541)
	at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
	at 
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:761)
	at 
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:371)
	at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
	at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1186)
	at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1175)
	at 
org.apache.metron.rest.MetronRestApplication.main(MetronRestApplication.java:27)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)
	at 
org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)

at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
	at 
org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:525)
Caused by: org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'dataSource' defined in class path 
resource 
[org/springframework/boot/autoconfigure/jdbc/DataSourceConfiguration$Tomcat.class]: 
Bean instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to 
instantiate [org.apache.tomcat.jdbc.pool.DataSource]: Factory method 
'dataSource' threw exception; nested exception is 
java.lang.IllegalStateExceptio

Re: Metron with HDP 2.5 bare-metal install fails

[Laurens Vets]

Additionally,

Ambari server doesn't even start now:

[root@metron1 ~]# ambari-server start
Using python  /usr/bin/python
Starting ambari-server
Ambari Server running with administrator privileges.
Organizing resource files at /var/lib/ambari-server/resources...
Ambari database consistency check started...
No errors were found.
Ambari database consistency check finished
Server PID at: /var/run/ambari-server/ambari-server.pid
Server out at: /var/log/ambari-server/ambari-server.out
Server log at: /var/log/ambari-server/ambari-server.log
Waiting for server start
ERROR: Exiting with exit code -1.
REASON: Ambari Server java process died with exitcode 255. Check 
/var/log/ambari-server/ambari-server.out for more information.

[root@metron1 ~]# cat /var/log/ambari-server/ambari-server.out
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option 
MaxPermSize=128m; support was removed in 8.0

[root@metron1 ~]#

How can I enable extra Ambari debugging?

On 2017-05-05 09:32, Laurens Vets wrote:
If it normal that I see the following error during install with the new 
repo?


[root@metron1 yum.repos.d]# yum install ambari-server -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.sjc02.svwh.net
 * epel: mirrors.kernel.org
 * extras: mirrors.kernel.org
 * updates: repo1.sea.innoscale.net
Resolving Dependencies
--> Running transaction check
---> Package ambari-server.x86_64 0:2.4.2.0-136 will be installed
--> Finished Dependency Resolution

Dependencies Resolved


 Package Arch Version
  RepositorySize

Installing:
 ambari-server   x86_64   2.4.2.0-136
  Updates-ambari-2.4.2.0   645 M

Transaction Summary

Install  1 Package

Total download size: 645 M
Installed size: 700 M
Downloading packages:
ambari-server-2.4.2.0-136.x86_64.rpm
  | 645 MB  00:15:33
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
# THIS -> #
cp: cannot stat ‘//var/lib/ambari-server/resources/views/*.jar’: No
such file or directory
  Installing : ambari-server-2.4.2.0-136.x86_64
 1/1
  Verifying  : ambari-server-2.4.2.0-136.x86_64
 1/1

Installed:
  ambari-server.x86_64 0:2.4.2.0-136

Complete!
[root@metron1 yum.repos.d]#

On 2017-05-04 16:02, David Lyle wrote:
Looks like those instructions could use a bit of a re-vamp. Ambari 
2.4.1
isn't supported, but it has you download that version. You'll need to 
use

Ambari 2.4.2+.


Here's the link for 2.4.2:
http://public-repo-1.hortonworks.com/ambari/centos6/2.x/updates/2.4.2.0/ambari.repo
-O /etc/yum.repos.d/ambari.repo


-D...


On Thu, May 4, 2017 at 6:16 PM, Laurens Vets  
wrote:



I'm installing Metron in 3 VMs following this guide:
https://cwiki.apache.org/confluence/display/METRON/Metron+
with+HDP+2.5+bare-metal+install. Ambari tries to install all 
components

but fails with Elasticsearch Master Install:

stderr: /var/lib/ambari-agent/data/errors-385.txt

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/ELASTICSEARCH/2
.3.3/package/scripts/elastic_master.py", line 73, in 
Elasticsearch().execute()
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",

line 280, in execute
method(env)
  File "/var/lib/ambari-agent/cache/common-services/ELASTICSEARCH/2
.3.3/package/scripts/elastic_master.py", line 32, in install
self.install_packages(env)
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",

line 567, in install_packages
retry_count=agent_stack_retry_count)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/base.py",

line 155, in __init__
self.env.run()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",

line 160, in run
self.run_action(resource, action)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",

line 124, in run_action
provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/
providers/package/__init__.py", line 54, in action_install
self.install_package(package_name, self.resource.use_repos,
self.resource.skip_repos)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/package/yumrpm.py",

line 49, i

Re: Metron with HDP 2.5 bare-metal install fails

[Laurens Vets]

If it normal that I see the following error during install with the new 
repo?


[root@metron1 yum.repos.d]# yum install ambari-server -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.sjc02.svwh.net
 * epel: mirrors.kernel.org
 * extras: mirrors.kernel.org
 * updates: repo1.sea.innoscale.net
Resolving Dependencies
--> Running transaction check
---> Package ambari-server.x86_64 0:2.4.2.0-136 will be installed
--> Finished Dependency Resolution

Dependencies Resolved


 Package Arch Version
RepositorySize


Installing:
 ambari-server   x86_64   2.4.2.0-136
Updates-ambari-2.4.2.0   645 M


Transaction Summary

Install  1 Package

Total download size: 645 M
Installed size: 700 M
Downloading packages:
ambari-server-2.4.2.0-136.x86_64.rpm 
| 645 MB  00:15:33

Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
# THIS -> #
cp: cannot stat ‘//var/lib/ambari-server/resources/views/*.jar’: No such 
file or directory
  Installing : ambari-server-2.4.2.0-136.x86_64  
   1/1
  Verifying  : ambari-server-2.4.2.0-136.x86_64  
   1/1


Installed:
  ambari-server.x86_64 0:2.4.2.0-136

Complete!
[root@metron1 yum.repos.d]#

On 2017-05-04 16:02, David Lyle wrote:
Looks like those instructions could use a bit of a re-vamp. Ambari 
2.4.1
isn't supported, but it has you download that version. You'll need to 
use

Ambari 2.4.2+.


Here's the link for 2.4.2:
http://public-repo-1.hortonworks.com/ambari/centos6/2.x/updates/2.4.2.0/ambari.repo
-O /etc/yum.repos.d/ambari.repo


-D...


On Thu, May 4, 2017 at 6:16 PM, Laurens Vets  wrote:


I'm installing Metron in 3 VMs following this guide:
https://cwiki.apache.org/confluence/display/METRON/Metron+
with+HDP+2.5+bare-metal+install. Ambari tries to install all 
components

but fails with Elasticsearch Master Install:

stderr: /var/lib/ambari-agent/data/errors-385.txt

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/ELASTICSEARCH/2
.3.3/package/scripts/elastic_master.py", line 73, in 
Elasticsearch().execute()
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",

line 280, in execute
method(env)
  File "/var/lib/ambari-agent/cache/common-services/ELASTICSEARCH/2
.3.3/package/scripts/elastic_master.py", line 32, in install
self.install_packages(env)
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",

line 567, in install_packages
retry_count=agent_stack_retry_count)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/base.py",

line 155, in __init__
self.env.run()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",

line 160, in run
self.run_action(resource, action)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",

line 124, in run_action
provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/
providers/package/__init__.py", line 54, in action_install
self.install_package(package_name, self.resource.use_repos,
self.resource.skip_repos)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/package/yumrpm.py",

line 49, in install_package
self.checked_call_with_retries(cmd, sudo=True,
logoutput=self.get_logoutput())
  File "/usr/lib/python2.6/site-packages/resource_management/core/
providers/package/__init__.py", line 83, in checked_call_with_retries
return self._call_with_retries(cmd, is_checked=True, **kwargs)
  File "/usr/lib/python2.6/site-packages/resource_management/core/
providers/package/__init__.py", line 91, in _call_with_retries
code, out = func(cmd, **kwargs)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py",

line 71, in inner
result = function(command, **kwargs)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py",

line 93, in checked_call
tries=tries, try_sleep=try_sleep)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py",

line 141, in _call

Metron with HDP 2.5 bare-metal install fails

[Laurens Vets]

I'm installing Metron in 3 VMs following this guide: 
https://cwiki.apache.org/confluence/display/METRON/Metron+with+HDP+2.5+bare-metal+install. 
Ambari tries to install all components but fails with Elasticsearch 
Master Install:


stderr: /var/lib/ambari-agent/data/errors-385.txt

Traceback (most recent call last):
  File 
"/var/lib/ambari-agent/cache/common-services/ELASTICSEARCH/2.3.3/package/scripts/elastic_master.py", 
line 73, in 

Elasticsearch().execute()
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", 
line 280, in execute

method(env)
  File 
"/var/lib/ambari-agent/cache/common-services/ELASTICSEARCH/2.3.3/package/scripts/elastic_master.py", 
line 32, in install

self.install_packages(env)
  File 
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", 
line 567, in install_packages

retry_count=agent_stack_retry_count)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/base.py", 
line 155, in __init__

self.env.run()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 160, in run

self.run_action(resource, action)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py", 
line 124, in run_action

provider_action()
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/package/__init__.py", 
line 54, in action_install
self.install_package(package_name, self.resource.use_repos, 
self.resource.skip_repos)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/package/yumrpm.py", 
line 49, in install_package
self.checked_call_with_retries(cmd, sudo=True, 
logoutput=self.get_logoutput())
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/package/__init__.py", 
line 83, in checked_call_with_retries

return self._call_with_retries(cmd, is_checked=True, **kwargs)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/providers/package/__init__.py", 
line 91, in _call_with_retries

code, out = func(cmd, **kwargs)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 71, in inner

result = function(command, **kwargs)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 93, in checked_call

tries=tries, try_sleep=try_sleep)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 141, in _call_wrapper

result = _call(command, **kwargs_copy)
  File 
"/usr/lib/python2.6/site-packages/resource_management/core/shell.py", 
line 294, in _call

raise Fail(err_msg)
resource_management.core.exceptions.Fail: Execution of '/usr/bin/yum -d 
0 -e 0 -y install elasticsearch-2.3.3' returned 1. Error: Nothing to do


stdout: /var/lib/ambari-agent/data/output-385.txt

2017-05-04 15:12:26,016 - Using hadoop conf dir: 
/usr/hdp/current/hadoop-client/conf

2017-05-04 15:12:26,017 - Group['metron'] {}
2017-05-04 15:12:26,019 - Group['livy'] {}
2017-05-04 15:12:26,019 - Group['elasticsearch'] {}
2017-05-04 15:12:26,019 - Group['spark'] {}
2017-05-04 15:12:26,020 - Group['zeppelin'] {}
2017-05-04 15:12:26,020 - Group['hadoop'] {}
2017-05-04 15:12:26,020 - Group['kibana'] {}
2017-05-04 15:12:26,020 - Group['users'] {}
2017-05-04 15:12:26,021 - User['hive'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,021 - User['storm'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,022 - User['zookeeper'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,023 - User['ams'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,023 - User['tez'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'users']}
2017-05-04 15:12:26,024 - User['zeppelin'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,026 - User['metron'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,027 - User['livy'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,028 - User['elasticsearch'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,029 - User['spark'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,030 - User['ambari-qa'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'users']}
2017-05-04 15:12:26,031 - User['flume'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,031 - User['kafka'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,032 - User['hdfs'] {'gid': 'hadoop', 
'fetch_nonlocal_groups': True, 'groups': [u'hadoop']}
2017-05-04 15:12:26,033 - User['yarn'] {'gid': 'hadoop', 
'fetch_nonlocal_gro

Ambari stuck

[Laurens Vets]

Hi List,

I'm manually going through a Metron install following this guide: 
https://cwiki.apache.org/confluence/display/METRON/Metron+with+HDP+2.5+bare-metal+install. 
I'm installing Metron in 3 VMs for testing purposes. I'm currently at 
the Ambari step where I access Ambari via the URL 
http://:8080/#/installer/step0.


However, the following happened:
- I'm at step 9 and all installs fail due to some underlying issue (2 
NICs per VM, wrong routing, so nodes can't 'see' each other).

- While trying to fix this, I had to restart all 3 VMs.
- Logging back into Ambari immediately redirects me to 
http://:8080/#/installer/step9, but there's 
no further output. The right side of the browser window stays blank. 
There's nothing else I can do at this point...


I 'fixed' this by removing the Ambari postgres database and reinstalling 
everything again... Any ideas what I could've tried instead?

Unable to build Metron, stuck at rpm-docker

[Laurens Vets]

Hi List,

I'm following this guide: 
https://cwiki.apache.org/confluence/display/METRON/Metron+with+HDP+2.5+bare-metal+install 
and Maven seems to fail after this:

"cd metron-deployment/packaging/docker/rpm-docker"
"mvn clean install -DskipTests -PHDP-2.5.0.0"

Removing intermediate container 8644c929ac36
Successfully built 7147787972fc
[INFO]
[INFO] --- exec-maven-plugin:1.5.0:exec (rpm-build) @ metron-rpm ---
/bin/bash: ./build.sh: Permission denied
[ERROR] Command execution failed.
org.apache.commons.exec.ExecuteException: Process exited with an error: 
126 (Exit value: 126)
at 
org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404)
at 
org.apache.commons.exec.DefaultExecutor.execute(DefaultExecutor.java:166)
at 
org.codehaus.mojo.exec.ExecMojo.executeCommandLine(ExecMojo.java:764)
at 
org.codehaus.mojo.exec.ExecMojo.executeCommandLine(ExecMojo.java:711)

at org.codehaus.mojo.exec.ExecMojo.execute(ExecMojo.java:289)
at 
org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at 
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at 
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at 
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at 
org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at 
org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at 
org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)

at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
[INFO] 


[INFO] BUILD FAILURE
[INFO] 


[INFO] Total time: 05:13 min
[INFO] Finished at: 2017-05-03T07:48:12-07:00
[INFO] Final Memory: 12M/155M
[INFO] 

[ERROR] Failed to execute goal 
org.codehaus.mojo:exec-maven-plugin:1.5.0:exec (rpm-build) on project 
metron-rpm: Command
 execution failed. Process exited with an error: 126 (Exit value: 126) 
-> [Help 1]

[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the 
-e switch.

[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, 
please read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

[root@metron1 rpm-docker]#

I don't know why build.sh would give a permission denied:

[root@metron1 rpm-docker]# ls -altr
total 36
drwxr-xr-x. 2 root root25 May  2 14:35 SPECS
-rw-r--r--. 1 root root   449 May  2 14:35 README.md
-rw-r--r--. 1 root root 14915 May  2 14:35 pom.xml
-rw-r--r--. 1 root root40 May  2 14:35 .gitignore
-rw-r--r--. 1 root root  1268 May  2 14:35 Dockerfile
-rwxr-xr-x. 1 root root  1965 May  2 14:35 build.sh
drwxr-xr-x. 4 root root46 May  2 14:35 ..
drwxr-xr-x. 4 root root   118 May  3 07:43 .
drwxr-xr-x. 2 root root  4096 May  3 07:43 SOURCES
[root@metron1 rpm-docker]#

Any ideas?