cesnet / list Goto Github PK

Security Tools as a Service

Shell 10.16% PHP 4.18% JavaScript 4.41% Python 77.51% Ruby 0.66% TSQL 3.08%

list's Introduction

About Liberouter Security Tools

Liberouter Security Tools (LiST) is an initiative to provide an easy way to setup and operate network monitoring and analysis toolset provided by CESNET. It takes flow records in form of NetFlow or IPFIX messages and provided tools for reception, processing, storing, analysing and displaying the data and processed results. For complete list of features read ahead to section LiST components

LiST installation

LiST uses ansible to automate installation and manage running instances. The LiST playbook requires at least version 2.1.0 and is targeted at CentOS 7 and Scientific Linux 7 systems.

LiST components

Following Components can be installed using ansible:

NEMEA system including Warden client
NEMEA Dashboard
NEMEA status
munin with plugins for NEMEA
SecurityCloud GUI
Liberouter GUI
IPFIXcol

Optional:

Nagios monitoring
Local Warden server for testing
Local Warden client that writes to files
Let's Encrypt certificate

LiST server initial configuration

To install LiST on a new server, the ansible has to have access to a root or a user with sudo. Following configuration is also expected:

/etc/sysconfig/iptables

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5555 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5666 -j ACCEPT
-A INPUT -p udp --dport 4739 -j ACCEPT

To permit ports: 80/TCP (Webserver), 443/TCP (Webserver), 5555/TCP (NEMEA Dashboard backend), 5666/TCP (NRPE - Nagios), 4739/UDP (IPFIXcol).

/etc/sudoers

Defaults   !requiretty

/etc/sysconfig/selinux

SELINUX=permissive

LiST inventory file

Each hosts file can specify following host groups:

[list] - Basic LiST provisioning
[warden] - Local Warden server installation for testing
[letsencrypt] - Create Let's encrypt certificate for the hosts, needs public IP
[nagios-clients] - Clients to be monitored by Nagios server
[nagios-servers] - Nagios server to monitor the clients

LiST per host configuration

It is possible to specify per host variables and configuration file to differentiate between managed hosts. This configuration can be found under the inventory directory. IT is possible to have a completely separate inventory, for example to track changes in hosts configuration in a repository.

Several variables can be set in the host_vars/hostname file:

hostname: list-demo.liberouter.org
timezone: Europe/Prague
scgui_history_minutes: 120
scgui_branch: devel
sample_data_src: "https://github.com/CESNET/LiST/releases/download/v0.1-beta/data.ipfix.bz2"
mongod_cachesizeGB: 1
nagios_client_hostgroups: [nemea-collectors, list]
nagios_client_contacts: []
nagios_client_exclude_services: [nemea-running-modules, link-traffic]
nagios_server_nopasswd: false
nemea_use_testing_repo: false

letsencrypt_cert: {
    email: "[email protected]"
}

ansible_become: true

The sample data URL should point to bzipped2 ipfix file with data stored by ipfix plugin of IPFIXcol collector.

Size of Mongo database cache in gigabytes. Allows float numbers (e.g.: 0.25)

Nagios client hostgroup list is a list of hostgroups to which the host belongs. If it is not an existing (nemea-collectors or list), the hostgroup must be created by adding configuration file for it (see next lines). Default is both nemea-collectors and list hostgroups.

Each host monitored by nagios can report to specific contacts. If none are specified, notifications are sent to admins contact group. The contacts must already exist.

Nagios client can be excluded from specific services if necessary.

Nagios server can be installed without password (for demo or secure environment).

Nemea testing repository can be used by setting nemea_use_testing_repo to true.

Let's encrypt certificate creation allows to set custom contact mail.

Configuration files are located in host_files/hostname/:

nemea directory copies to /etc/nemea
warden directory copies to /etc/warden and contains configuration for warden client
certificate directory must contain certificate.crt and certificate.key files that are used for apache and nemea-dashboard API
ipfixcol directory can contain:
- ipfixcol-startup.xml, which is the base to which other configuration parts are added.
- profiles.xml, which is used to configure profiles by the SecurityCloud GUI
nagios directory for configuring Nagios service
- server directory contents is copied to /etc/nagios/conf.d and can be used to define new hostgroups and services.

Usage of Ansible

The ansible playbook uses two main tags: install and update. At least one of them has to be given at any time. The install tag is for initial installation, the update skips some steps that do not need to be repeated and refreshes repository caches so that latest versions of packages are installed.

To select only part of the playbook, --skip-tags can be used with ansible-playbook. Almost all roles can be excluded, list all tags that are to be applied by --list-tags

A basic ansible playbook command (call from the ansible directory):

ansible-playbook -i inventory/hosts site.yml --tags install

The site.yml playbook includes all parts of the LiST. You can use only selected playbooks, e.g. nagios.yml to setup nagios. In that case, everything except Nagios roles and hostgroups are ignored.

LiST Vagrant box

Local development and testing of LiST can be easily done using Vagrant box. Just go to vagrant directory and call

vagrant up

It will create new virtual machine and automatically apply the LiST ansible playbook.

Default login

Nemea-Dashboard: nemea/nemea
Liberouter GUI: admin/admin

list's People

Contributors

Stargazers

Watchers

Forkers

mathiaske arjuneng05 swipswaps

list's Issues

`vagrant up`, `ansible` warnings and fatal errors

I want to try NEMEA and so I followed the recommendation at https://nemea.liberouter.org/doc/#usage-by-user by using the vagrant/ansible option.

Here's what happened on a Fedora 29 host after following the instructions.

$ vagrant validate
==> vagrant: A new version of Vagrant is available: 2.2.6!
==> vagrant: To upgrade visit: https://www.vagrantup.com/downloads.html

Vagrantfile validated successfully.
$ vagrant version
Installed Version: 2.1.2
Latest Version: 2.2.6
 
To upgrade to the latest version, visit the downloads page and
download and install the latest version of Vagrant from the URL
below:

  https://www.vagrantup.com/downloads.html

If you're curious what changed in the latest release, view the
CHANGELOG below:

  https://github.com/hashicorp/vagrant/blob/v2.2.6/CHANGELOG.md
$ vagrant status
Current machine states:

list-vagrant              not created (libvirt)

The Libvirt domain is not created. Run `vagrant up` to create it.
$ vagrant up
Bringing machine 'list-vagrant' up with 'libvirt' provider...
==> list-vagrant: Box 'centos/7' could not be found. Attempting to find and install...
    list-vagrant: Box Provider: libvirt
    list-vagrant: Box Version: >= 0
==> list-vagrant: Loading metadata for box 'centos/7'
    list-vagrant: URL: https://vagrantcloud.com/centos/7
==> list-vagrant: Adding box 'centos/7' (v1905.1) for provider: libvirt
    list-vagrant: Downloading: https://vagrantcloud.com/centos/boxes/7/versions/1905.1/providers/libvirt.box
    list-vagrant: Download redirected to host: cloud.centos.org
==> list-vagrant: Successfully added box 'centos/7' (v1905.1) for 'libvirt'!
==> list-vagrant: Uploading base box image as volume into libvirt storage...
==> list-vagrant: Creating image (snapshot of base box volume).
==> list-vagrant: Creating domain with the following settings...
==> list-vagrant:  -- Name:              vagrant_list-vagrant
==> list-vagrant:  -- Domain type:       kvm
==> list-vagrant:  -- Cpus:              1
==> list-vagrant:  -- Feature:           acpi
==> list-vagrant:  -- Feature:           apic
==> list-vagrant:  -- Feature:           pae
==> list-vagrant:  -- Memory:            512M
==> list-vagrant:  -- Management MAC:    
==> list-vagrant:  -- Loader:            
==> list-vagrant:  -- Base box:          centos/7
==> list-vagrant:  -- Storage pool:      default
==> list-vagrant:  -- Image:             /var/lib/libvirt/images/vagrant_list-vagrant.img (41G)
==> list-vagrant:  -- Volume Cache:      default
==> list-vagrant:  -- Kernel:            
==> list-vagrant:  -- Initrd:            
==> list-vagrant:  -- Graphics Type:     vnc
==> list-vagrant:  -- Graphics Port:     5900
==> list-vagrant:  -- Graphics IP:       127.0.0.1
==> list-vagrant:  -- Graphics Password: Not defined
==> list-vagrant:  -- Video Type:        cirrus
==> list-vagrant:  -- Video VRAM:        9216
==> list-vagrant:  -- Sound Type:	
==> list-vagrant:  -- Keymap:            en-us
==> list-vagrant:  -- TPM Path:          
==> list-vagrant:  -- INPUT:             type=mouse, bus=ps2
==> list-vagrant: Creating shared folders metadata...
==> list-vagrant: Starting domain.
==> list-vagrant: Waiting for domain to get an IP address...
==> list-vagrant: Waiting for SSH to become available...
    list-vagrant: 
    list-vagrant: Vagrant insecure key detected. Vagrant will automatically replace
    list-vagrant: this with a newly generated keypair for better security.
    list-vagrant: 
    list-vagrant: Inserting generated public key within guest...
    list-vagrant: Removing insecure key from the guest if it's present...
    list-vagrant: Key inserted! Disconnecting and reconnecting using new SSH key...
==> list-vagrant: Forwarding ports...
==> list-vagrant: 443 (guest) => 8443 (host) (adapter eth0)
==> list-vagrant: 22 (guest) => 22222 (host) (adapter eth0)
==> list-vagrant: 5555 (guest) => 5555 (host) (adapter eth0)
==> list-vagrant: 4739 (guest) => 4739 (host) (adapter eth0)
==> list-vagrant: Configuring and enabling network interfaces...
    list-vagrant: SSH address: 192.168.121.203:22
    list-vagrant: SSH username: vagrant
    list-vagrant: SSH auth method: private key
==> list-vagrant: Rsyncing folder: /home/rick/ČVUT/B191/GitHub-CESNET-List/LiST/vagrant/ => /vagrant
==> list-vagrant: Running provisioner: ansible...
Vagrant has automatically selected the compatibility mode '2.0'
according to the Ansible version installed (2.9.1).

Alternatively, the compatibility mode can be specified in your Vagrantfile:
https://www.vagrantup.com/docs/provisioning/ansible_common.html#compatibility_mode

    list-vagrant: Running ansible-playbook...
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to 
allow bad characters in group names by default, this will change, but still be 
user configurable on deprecation. This feature will be removed in version 2.10.
 Deprecation warnings can be disabled by setting deprecation_warnings=False in 
ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use
-vvvv to see details

[DEPRECATION WARNING]: 'include' for playbook includes. You should use 
'import_playbook' instead. This feature will be removed in version 2.12. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in 
ansible.cfg.

PLAY [list] ********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [list-vagrant]

TASK [settings : Set default hostname from inventory file] *********************
skipping: [list-vagrant]

TASK [settings : Set system hostname] ******************************************
changed: [list-vagrant]

TASK [settings : Set hostname to /etc/hosts] ***********************************
changed: [list-vagrant]

TASK [settings : Set SELinux policy to permissive] *****************************
changed: [list-vagrant]

TASK [settings : Set large system receive buffers using sysctl] ****************
changed: [list-vagrant]

TASK [settings : Activate large system receive buffers] ************************
changed: [list-vagrant]

TASK [settings : Set timezone] *************************************************
changed: [list-vagrant]

TASK [common : Check for compatible system] ************************************
ok: [list-vagrant]

TASK [common : Install necessary packages for Ansible run] *********************
changed: [list-vagrant]

TASK [common : Expand the ansible ssh private key file path] *******************
ok: [list-vagrant]

TASK [epel : Add Epel repository] **********************************************
changed: [list-vagrant]

TASK [apache : Install Apache] *************************************************
changed: [list-vagrant]

TASK [apache : Redirect HTTP to HTTPs] *****************************************
changed: [list-vagrant]

TASK [apache : Check for certificates dir] *************************************
ok: [list-vagrant -> localhost]

TASK [apache : Copy certificates] **********************************************
skipping: [list-vagrant]

TASK [apache : Create fallback certificate dir] ********************************
changed: [list-vagrant]

TASK [apache : Fallback to local certificate] **********************************
changed: [list-vagrant]

TASK [apache : Fallback to local certificate key] ******************************
changed: [list-vagrant]

TASK [apache : Configure Apache SSL] *******************************************
changed: [list-vagrant]

TASK [apache : Start & enable Apache] ******************************************
changed: [list-vagrant]

TASK [mongodb : Add Mongo repository] ******************************************
changed: [list-vagrant]

TASK [mongodb : Install Mongo, python, etc] ************************************
changed: [list-vagrant]

TASK [mongodb : Copy mongod configuration] *************************************
changed: [list-vagrant]

TASK [mongodb : Start & enable Mongo] ******************************************
changed: [list-vagrant]

TASK [pip3.4 : Install dependencies] *******************************************
changed: [list-vagrant]

TASK [pip3.4 : Get python pip] *************************************************
changed: [list-vagrant]

TASK [pip3.4 : Install python pip] *********************************************
changed: [list-vagrant]

TASK [warden-client : Install warden client] ***********************************
changed: [list-vagrant]

TASK [warden-client : Copy Warden filer python file] ***************************
changed: [list-vagrant]

TASK [ipfixcol : Add IPFIXcol repo] ********************************************
changed: [list-vagrant]

TASK [ipfixcol : Add NEMEA repo (unirec dependency)] ***************************
changed: [list-vagrant]

TASK [ipfixcol : Install IPFIXcol] *********************************************
changed: [list-vagrant]

TASK [ipfixcol : Check for host specific startup.xml] **************************
ok: [list-vagrant -> localhost]

TASK [ipfixcol : Select host specific startup.xml] *****************************
ok: [list-vagrant]

TASK [ipfixcol : Copy startup.xml configuration template] **********************
changed: [list-vagrant]

TASK [nemea : Add NEMEA repository] ********************************************
ok: [list-vagrant]

TASK [nemea : Add NEMEA-Testing repository] ************************************
skipping: [list-vagrant]

TASK [nemea : Install NEMEA packages] ******************************************
changed: [list-vagrant]

TASK [nemea : Get sample data] *************************************************
[WARNING]: Consider using the file module with state=directory rather than
running 'mkdir'.  If you need to use command because file is insufficient you
can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.

changed: [list-vagrant]

TASK [nemea : Copy host specific NEMEA configuration] **************************
fatal: [list-vagrant]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --recursive --times --rsh=/usr/bin/ssh -S none -i '/home/rick/ČVUT/B191/GitHub-CESNET-List/LiST/vagrant/.vagrant/machines/list-vagrant/virtualbox/private_key' -o Port=22222 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --omit-dir-times --exclude=supervisor_config_gener.xml --exclude=nemea_status.conf --out-format=<<CHANGED>>%i %n%L /home/rick/ČVUT/B191/GitHub-CESNET-List/LiST/ansible/inventory/host_files/list-vagrant/nemea/ vagrant@localhost:/etc/nemea/", "msg": "Warning: Identity file /home/rick/ČVUT/B191/GitHub-CESNET-List/LiST/vagrant/.vagrant/machines/list-vagrant/virtualbox/private_key not accessible: No such file or directory.\nWarning: Permanently added '[localhost]:22222' (ECDSA) to the list of known hosts.\r\nvagrant@localhost: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\nrsync: connection unexpectedly closed (0 bytes received so far) [sender]\nrsync error: unexplained error (code 255) at io.c(226) [sender=3.1.3]\n", "rc": 255}
...ignoring

TASK [nemea : Set NEMEA permissions] *******************************************
changed: [list-vagrant]

TASK [nemea : Check for reporters configuration] *******************************
ok: [list-vagrant]

TASK [nemea : Create default reporters configuration] **************************
changed: [list-vagrant]

TASK [nemea : Copy logrotate configuration configuration] **********************
changed: [list-vagrant]

TASK [nemea : Check for Warden config dir] *************************************
ok: [list-vagrant -> localhost]

TASK [nemea : Copy Warden client configuration for NEMEA] **********************
skipping: [list-vagrant]

TASK [nemea : Set Warden config dir ownership] *********************************
skipping: [list-vagrant]

TASK [nemea : Set Warden config dir permissions] *******************************
skipping: [list-vagrant]

TASK [nemea : Add configuration to startup.xml] ********************************
changed: [list-vagrant]

TASK [nemea : Linkload monitor] ************************************************
changed: [list-vagrant]

TASK [nemea : Start NEMEA supervisor] ******************************************
changed: [list-vagrant]

TASK [nemea-dashboard : Install dependencies] **********************************
ok: [list-vagrant]

TASK [nemea-dashboard : Clone Nemea-Dashboard] *********************************
[WARNING]: Your git version is too old to fully support the depth argument.
Falling back to full checkouts.

changed: [list-vagrant]

TASK [nemea-dashboard : Install requirements for dashboard] ********************
fatal: [list-vagrant]: FAILED! => {"changed": false, "cmd": ["/bin/pip3", "install", "-r", "/var/www/html/Nemea-Dashboard/requirements.txt"], "msg": "stdout: Collecting Flask==1.0.3 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 1))\n  Downloading https://files.pythonhosted.org/packages/9a/74/670ae9737d14114753b8c8fdf2e8bd212a05d3b361ab15b44937dfd40985/Flask-1.0.3-py2.py3-none-any.whl (92kB)\nCollecting Flask-Cors==3.0.7 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 2))\n  Downloading https://files.pythonhosted.org/packages/65/cb/683f71ff8daa3aea0a5cbb276074de39f9ab66d3fbb8ad5efb5bb83e90d2/Flask_Cors-3.0.7-py2.py3-none-any.whl\nCollecting itsdangerous==1.1.0 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 3))\n  Downloading https://files.pythonhosted.org/packages/76/ae/44b03b253d6fade317f32c24d100b3b35c2239807046a4c953c7b89fa49e/itsdangerous-1.1.0-py2.py3-none-any.whl\nCollecting Jinja2==2.10.1 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 4))\n  Downloading https://files.pythonhosted.org/packages/1d/e7/fd8b501e7a6dfe492a433deb7b9d833d39ca74916fa8bc63dd1a4947a671/Jinja2-2.10.1-py2.py3-none-any.whl (124kB)\nCollecting MarkupSafe==1.1.1 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 5))\n  Downloading https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl\nCollecting py-bcrypt==0.4 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 6))\n  Downloading https://files.pythonhosted.org/packages/68/b1/1c3068c5c4d2e35c48b38dcc865301ebfdf45f54507086ac65ced1fd3b3d/py-bcrypt-0.4.tar.gz\nCollecting pycparser==2.19 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 7))\n  Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB)\nCollecting PyJWT==1.7.1 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 8))\n  Downloading https://files.pythonhosted.org/packages/87/8b/6a9f14b5f781697e51259d81657e6048fd31a113229cf346880bb7545565/PyJWT-1.7.1-py2.py3-none-any.whl\nCollecting pymongo==3.8.0 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 9))\n  Downloading https://files.pythonhosted.org/packages/fb/4a/586826433281ca285f0201235fccf63cc29a30fa78bcd72b6a34e365972d/pymongo-3.8.0-cp36-cp36m-manylinux1_x86_64.whl (416kB)\nCollecting six==1.12.0 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 10))\n  Downloading https://files.pythonhosted.org/packages/73/fb/00a976f728d0d1fecfe898238ce23f502a721c0ac0ecfedb80e0d88c64e9/six-1.12.0-py2.py3-none-any.whl\nCollecting Werkzeug==0.15.4 (from -r /var/www/html/Nemea-Dashboard/requirements.txt (line 11))\n  Downloading https://files.pythonhosted.org/packages/9f/57/92a497e38161ce40606c27a86759c6b92dd34fcdb33f64171ec559257c02/Werkzeug-0.15.4-py2.py3-none-any.whl (327kB)\nCollecting click>=5.1 (from Flask==1.0.3->-r /var/www/html/Nemea-Dashboard/requirements.txt (line 1))\n  Downloading https://files.pythonhosted.org/packages/fa/37/45185cb5abbc30d7257104c434fe0b07e5a195a6847506c074527aa599ec/Click-7.0-py2.py3-none-any.whl (81kB)\nInstalling collected packages: Werkzeug, click, itsdangerous, MarkupSafe, Jinja2, Flask, six, Flask-Cors, py-bcrypt, pycparser, PyJWT, pymongo\n  Running setup.py install for py-bcrypt: started\n    Running setup.py install for py-bcrypt: finished with status 'error'\n    Complete output from command /usr/bin/python3 -u -c \"import setuptools, tokenize;__file__='/tmp/pip-build-bvh0lm1s/py-bcrypt/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\\r\\n', '\\n');f.close();exec(compile(code, __file__, 'exec'))\" install --record /tmp/pip-7zivfqar-record/install-record.txt --single-version-externally-managed --compile:\n    running install\n    running build\n    running build_py\n    creating build\n    creating build/lib.linux-x86_64-3.6\n    creating build/lib.linux-x86_64-3.6/bcrypt\n    copying bcrypt/__init__.py -> build/lib.linux-x86_64-3.6/bcrypt\n    running build_ext\n    building 'bcrypt._bcrypt' extension\n    creating build/temp.linux-x86_64-3.6\n    creating build/temp.linux-x86_64-3.6/bcrypt\n    gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.6m -c bcrypt/bcrypt.c -o build/temp.linux-x86_64-3.6/bcrypt/bcrypt.o\n    gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.6m -c bcrypt/bcrypt_pbkdf.c -o build/temp.linux-x86_64-3.6/bcrypt/bcrypt_pbkdf.o\n    gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.6m -c bcrypt/bcrypt_python.c -o build/temp.linux-x86_64-3.6/bcrypt/bcrypt_python.o\n    bcrypt/bcrypt_python.c:18:20: fatal error: Python.h: No such file or directory\n     #include \"Python.h\"\n                        ^\n    compilation terminated.\n    error: command 'gcc' failed with exit status 1\n    \n    ----------------------------------------\n\n:stderr: WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.\nCommand \"/usr/bin/python3 -u -c \"import setuptools, tokenize;__file__='/tmp/pip-build-bvh0lm1s/py-bcrypt/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\\r\\n', '\\n');f.close();exec(compile(code, __file__, 'exec'))\" install --record /tmp/pip-7zivfqar-record/install-record.txt --single-version-externally-managed --compile\" failed with error code 1 in /tmp/pip-build-bvh0lm1s/py-bcrypt/\n"}

RUNNING HANDLER [apache : Apache restart] **************************************
changed: [list-vagrant]

RUNNING HANDLER [nemea : Restart NEMEA supervisor] *****************************
changed: [list-vagrant]

PLAY RECAP *********************************************************************
list-vagrant               : ok=50   changed=39   unreachable=0    failed=1    skipped=6    rescued=0    ignored=1   

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

Installation to Vagrant image

Issue

When trying to deploy local machine with collector-nemea2 configuration using Centos7 minimal vagrant image as a target, installation failed on 2 Ansible tasks (listed below).

TASK [nemea-dashboard : Clone Nemea-Dashboard]
Err: "Peer reports incompatible or unsupported protocol version."
Solution: yum update -y nss curl libcurl on target system.
TASK [scgui : Download rrdtool archive]
Err: "Failed to validate the SSL certificate for oss.oetiker.ch:443. Make sure your managed systems have a valid CA certificate installed."
Solution: yum update -y python on target system

How to reproduce this installation/task failure

Vagrant image and configuration

config.vm.box = "minimal/centos7"
config.vm.box_version = "7.0"
config.vm.hostname="collector-nemea-local"
config.vm.provider :virtualbox do |vb|
vb.name = "collector-nemea-local"
end
config.vm.box_url = "https://app.vagrantup.com/minimal/boxes/centos7"

Whole vagrantfile configuration available here Vagrantfile.zip

Host configuration

Target system Ansible configuration file available here collector-test.zip

Installation execution

ansible-playbook -i collector-test.hosts -u vagrant -k ../STaaS/ansible/site.yml --tags install
Run from directory with host configuration.

Solution

To solve this, maybe add some system updates before new packages installation with Ansible script.

TRAP multi-file read errors

This may not be the best place to report this, but I'm using the vagrant machine built from here so I'm confident this will be forwarded to the best place, if necessary.

There seems to be a problem reading multiple files in directory. For example

[vagrant@list-vagrant sf_vboxsf]$ ll my_UniRecs/
total 40
drwxrwx---. 1 root vboxsf 4096 Dec 12 16:49 ./
drwxrwx---. 1 root vboxsf 4096 Dec 12 16:42 ../
-rwxrwx---. 1 root vboxsf 3146 Nov  2  2018 lan_basic.201711261310*
-rwxrwx---. 1 root vboxsf 1485 Nov  2  2018 lan_dns.201711261310*
-rwxrwx---. 1 root vboxsf  787 Nov  2  2018 lan_http.201711261310*
-rwxrwx---. 1 root vboxsf 8913 Nov  2  2018 wan_basic.201711261310*
-rwxrwx---. 1 root vboxsf 1861 Nov  2  2018 wan_dns.201711261310*
-rwxrwx---. 1 root vboxsf  917 Nov  2  2018 wan_http.201711261310*

[vagrant@list-vagrant sf_vboxsf]$ traffic_repeater -v -i f:my_UniRecs/*,f:/dev/null
Info: Initializing traffic repeater...
VERBOSE: --------------- STATS --------------- 
VERBOSE: ------------- INPUT IFC ------------- 
VERBOSE: IFC[0]: recv buf: 1, msg: 37.
VERBOSE: ------------- OUTPUT IFC ------------ 
VERBOSE: IFC[0]: sent buf: 0, msg: 37, drop msg: 0, flush: 0.
VERBOSE: ------------------------------------- 
ERROR: FILE IFC[0]: unable to open file "my_UniRecs/lan_dns.20171126131010" in mode "r". Possible reasons: non-existing file, bad permission, file can not be opened in this mode.
Error: trap_recv() returned 14 (INPUT FILE IFC[0]: Unable to open next file.)
Info: Flows received:                36
Info: Flows sent:                    36
Info: Timeouts:                       0
Info: Time elapsed:               0.013s
VERBOSE: Output ifc 0: Setting autoflush timeout to 18446744073709551615.
VERBOSE: Output ifc 0: Setting timeout to 100000.

It appears that part of the file globbing isn't null terminating a string somewhere.

[vagrant@list-vagrant sf_vboxsf]$ \ls -1 my_UniRecs/
lan_basic.201711261310
lan_dns.201711261310
lan_http.201711261310
wan_basic.201711261310
wan_dns.201711261310
wan_http.201711261310

See how the second filename got trashed?

Also, ...

[vagrant@list-vagrant sf_vboxsf]$ traffic_repeater -v -i f:my_UniRecs/lan_basic.201711261310,f:/dev/null
Info: Initializing traffic repeater...
Info: Final record received, terminating repeater...
Info: Flows received:                37
Info: Flows sent:                    37
Info: Timeouts:                       0
Info: Time elapsed:               0.016s
VERBOSE: Output ifc 0: Setting autoflush timeout to 18446744073709551615.
VERBOSE: Output ifc 0: Setting timeout to 100000.

Why are the flows received/sent +1 from the example above? Where did the extra flow come from?

Ref: CESNET/Nemea-Framework#137

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.