ok, i give. i realize that i need to have a bro vm on each of the
physical nodes in a three-node ganeti cluster and run a bro cluster.
can i do this with only three vms for a three-node cluster, i.e. one of
the bro vms be both a worker and the central manager with broctl? or
does the manager need to be a fourth vm?
randy
ok, to put it directly, is it reasonable, presuming i can give the bro
vms whatever cpus they need, and the load is not heavy, to do the
following:
[logger]
type=logger
host=localhost
[ ubuntu 16.04 on ganeti cluster ]
so i figured the config out
[logger]
type=logger
host=bro0.sea.rg.net
Hi Randy,
I wrote a Bro plugin that takes care of the ’setcap’ tasks after each deploy. Just adjusts the paths to reflect your Bro instal. Let me know if you run into any issues with it.
https://github.com/PingTrip/broctl-setcap
-Dave
hi dave,
aha!
bro0.sea.rg.net:/usr/local/bro> broctl install
removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/site ...
removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/auto ...
creating policy directories ...
installing site policies ...
generating cluster-layout.bro ...
generating local-networks.bro ...
generating broctl-config.bro ...
generating broctl-config.sh ...
updating nodes ...
setcap plugin: executing setcap on each node:
bro2.sea.rg.net - Executing setcap: SUCCESS
bro0.sea.rg.net - Executing setcap: SUCCESS
bro1.sea.rg.net - Executing setcap: SUCCESS
thank you!!
randy
Hi Dave,
First of all, thank you for your plugin, it is very useful! I am using since a while.
Last time I used it I ran into an error and had to change the code to see it.
In the last line of the plugin I appended the reason of the FAIL when it fails:
self.message("{0} - Executing setcap: {1}".format(n.host, ‘SUCCESS’ if success else 'FAIL ’ + output[0]))
The reason was:
sorry, you must have a tty to run sudo
This is linked to the sudoers setting:
Defaults requiretty
In order to fix it I couldn’t find a workaround using the command given to the plugin (using -tt for instance). I just commented the line using visudo.
Any ideas to make both compatible are still welcome!
Hope it helps!
Best regards,
Pierre Gaulon.
Thanks for the feedback Pierre, what OS and version are you running Bro on?
Modify the sudoers file to add an additional line to disable the tty requirement specifically for setcap.
bro ALL=NOPASSWD: /sbin/setcap
Defaults!/sbin/setcap !requiretty
Let me know if that takes care of the issue and I’ll get my documentation updated.
-Dave
The workers are running on CentOS Linux release 7.2.1511 (Core).
The Defaults!/sbin/setcap !requiretty fixed the problem!
Thanks for your help!
Best regards,
Pierre Gaulon.
fwiw, at my age, i leave a docco trail because i will forget what the
heck i did a day later. so the hack i finally used is available at
https://git.rg.net/randy/randy/src/master/bro-cluster.md
randy