...
For the purposes of this discussion, there will be 4 7 types of server roles:
- Hadoop Master
- Hadoop Slave
- Ambari Server
- Metron Installer
- Metron Search
- Metron Probe
- Metron Web
...
Based on the above specs, here is sample deployment architecture..
Install Instructions
Step 1: Setup
For the below instructions, set the following environmental variables. Plugin in the necessary values for your deployment.
export METRON_HOME=/root/metron/incubator-metron-Metron_0.2.0BETA_rc2
export METRON_0_2_RELEASE_BINARIES=https://dist.apache.org/repos/dist/dev/incubator/metron/0.2.0BETA-RC2-incubating/apache-metron-0.2.0BETA-RC2-incubating.tar.gz
export INSTALL_CONF_DIRECTORY=my_install
Step 2: Install or Validate existing Hadoop Cluster
- Install a new HDP 2.4 using the following instructions or ensure you have an existing HDP cluster that follows the specs outlined in the pre-requisites section.
Step 3: Download and Build Metron
- Log into the Metron Installer node
- Verify Docker is installed and running.
- Ensure that this node has ssh access to each of the Metron and Hadoop/HDP nodes.
- Download the Metron Binaries from $METRON_0_2_RELEASE_BINARIES
- Untar it: tar -zxvf apache-metron-0.2.0BETA-RC2-incubating.tar.gz
- cd $METRON_HOME
- Run Docker installer image:
docker run -it -v $METRON_HOME:/root/incubator-metron dlyle65535/metron-ansible:2.0.0.2 bash - Build Metron
cd /root/incubator-metron/
mvn clean package -DskipTests
Step 4: Configure Metron for Install
- cd /root/incubator-metron/metron-deployment/inventory
- create a directory called $INSTALL_CONF_DIRECTORY that will hold all of your metron deployment configuration
- Copy the sample configs into the new directory:
- cp - R /root/incubator-metron/metron-deployment/inventory/metron-example/* /root/incubator-metron/metron-deployment/inventory/$INSTALL_CONF_DIRECTORY
- Setup your inventory hosts by editing the file $METRON_HOME/metron-deployment/inventory/$INSTALL_CONF_DIRECTORY/hosts
Configure with your cluster details by defining which hosts the Metron services will be installed on by updating these groups:
[ambari_master] - host running Ambari
[ambari_slaves] - all Ambari-managed hosts
[metron_hbase_tables] - host used to create the HBase tables required by Metron. Requires a HBase client.
[metron_kafka_topics] - host used to create the Kafka topics required by Metron. Requires a Kafka broker.
[enrichment] - submits the topology code to Storm and requires a Storm client
[search] - host(s) where Elasticsearch will be installed
[web] - host where the Metron UI and underlying services will be installed
[sensors] - host where network data will be collected and published to Kafka- Setup your environment configuration by editing the file $METRON_HOME/metron-deployment/inventory/$INSTALL_CONF_DIRECTORY/group_vars/all
Commonly Used Settings:
Ansible
- ansible_ssh_private_key_file: /Path/to/private/key/file Point to the private key file for ssh user on the target hosts
- ansible_ssh_user: root The name of the ssh user on the target hosts (requires sudo)
Ambari
- ambari_port: 8080 Change if your Ambari instance uses a non-default port
- ambari_user: admin Change to user on your Ambari instance
- ambari_password: admin Change to password for your Ambari user above
Kafka
- num_partitions: 3 Change to your desired number of partitions
- retention_in_gb: 25 Change to your desired retention size
Metron
- java_home: /usr/jdk64/jdk1.8.0_40 Location of Java on all hosts
Sensors
- sensor_test_mode: True Change to false if not running traffic replay
- sniff_interface: eth0 Interface that the Metron sensors will sniff on the [sensors] host
Search
- elasticsearch_network_interface: eth0 Bind interface for the Elasticsearch host(s)
- Ensure that you do't have duplicate entries of sniff_interface
Step 5: Install/Deploy Metron to the Cluster
Note: adding -u user -k to the below command lines allows deployment in environments where passwordless SSH has not been enabled.
...