METRON-1128: MAAS_GET_ENDPOINT - Unable to resolve function error seen for squid example #714
Conversation
…s that I ran into while testing this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1. Ran it up in full dev, with Kerberos enabled also.
@@ -21,5 +21,5 @@ tmp/** | |||
tmp/**/* | |||
temp/** | |||
temp/**/* | |||
|
|||
metron-interface/metron-alerts/node/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
THANK YOU
Now let's start MaaS and deploy the Mock DGA Service: | ||
* Start MaaS via `$METRON_HOME/bin/maas_service.sh -zq node1:2181` | ||
* Start one instance of the mock DGA model with 512M of memory via `$METRON_HOME/bin/maas_deploy.sh -zq node1:2181 -lmp /root/mock_dga -hmp /user/root/models -mo ADD -m 512 -n dga -v 1.0 -ni 1` | ||
* Start one instance of the mock DGA model with 512M of memory via `$METRON_HOME/bin/maas_deploy.sh -zq node1:2181 -lmp $HOME/mock_dga -hmp /user/$USER/models -mo ADD -m 512 -n dga -v 1.0 -ni 1` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I accidentally created the mock_dga dir in /root/, and the switched to the metron user. I did not get an error from the CLI, but the LIST command did not show any running models as one would expect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I bumped into the same issue that @mmiklavc described. Turns out that the HDFS folder owner and group needs to be owned by the same user (e.g. metron) and then the LIST command worked fine.
After this, I was able to follow the steps and everything worked fine. I was able to get the squid indices generated with the is_alert
and is_malicious
fields set correctly.
+1 (non-binding) from my side. Thank you @cestella !
|
||
This service will treat `yahoo.com` and `amazon.com` as legit and everything else as malicious. The contract is that the REST service exposes an endpoint `/apply` and returns back JSON maps with a single key `is_malicious` which can be `malicious` or `legit`. | ||
|
||
## Deploy Mock DGA Service via MaaS | ||
|
||
The following presumes that you are a logged in as a user who has a | ||
home directory in HDFS under `/user/$USER`. If you do not, please create one | ||
and ensure the permissions are set appropriate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be good to add the following example steps picking 'metron' as a user?
su - hdfs -c "hadoop fs -mkdir /user/metron"
su - hdfs -c "hadoop fs -chown metron:metron /user/metron"
Contributor Comments
This is due to an artifact of the extraction of Stellar. We moved the location of the MaaS stellar functions to
metron-maas-service
instead ofmetron-maas-common
. The former is not on the classpath for the parsers and enrichment whereas the later is.Ultimately, the workaround is to add the maas-service jar to HDFS and adjust the global config to pick it up in the classpath. That being said, it is still a regression and it's extremely useful for MaaS functions to be available to the various places we use Stellar.
As for manual testing, I suggest going through the example in
metron-maas-service
'sREADME.md
. In addition to that, I added a reference to the MaaS stellar functions as a stellar enrichment as well.Pull Request Checklist
Thank you for submitting a contribution to Apache Metron.
Please refer to our Development Guidelines for the complete guide to follow for contributions.
Please refer also to our Build Verification Guidelines for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following:
For all changes:
For code changes:
Have you included steps to reproduce the behavior or problem that is being changed or addressed?
Have you included steps or a guide to how the change may be verified and tested manually?
Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:
Have you written or updated unit tests and or integration tests to verify your changes?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?
For documentation related changes:
Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via
site-book/target/site/index.html
:Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
It is also recommended that travis-ci is set up for your personal repository such that your branches are built there before submitting a pull request.