I have finished preparing a multi-node cluster of Bro and the setup was enjoyable to say the least. Now I am stuck at getting the manager to provision the nodes with an error stating that it cannot create some of the directories on the nodes: permission denied.
The error message is pretty clear, however I am not able to find the “best practice” solution for it.
What I did was:
Create the bro user on both manager and nodes.
Gegenrate the ssh key as the user bro on the manager and copy the public key to the nodes.
SSH as the user bro works without password.
May be not necessary but I added the bro user to the sudors visduo and granted it everything a root can do.
I attempted to create a test folder where Bro is attempting to create its directories on a node, and that failed with permissions denied as expected from the Bro error message.
My options (I think) are:
Setup Bro as root, which I am trying to avoid in the first place.
Setup Bro with root initially and then change ownership of directories to the bro users. This does not seem to the right way to do though.
Elevate the permissions of the user Bro to have more privileges. Again, not sure if this is the right way.
You may get this question a lot, but any help or pointers are appreciated.
Any thoughts or pointers on this? Some googling did turn some similar issue(s) but nothing definitive. The rest of the results I have seen involved using root to setup and run Bro.
I attempted to create a test folder where Bro is attempting to create its
directories on a node, and that failed with permissions denied as expected
Yes, thats what is happening.
When setting up, I believe you'd want to make sure that on all the nodes, there is a directory with same path, ownership and premissions as the directory you have bro installed on the manager.
For example: if you have bro:bro with install prefix of /usr/local/bro-2.4
make sure your other nodes also have a /usr/local/bro-2.4 with bro:bro permissions.
That should fix this issue.
(Oh also make sure you ssh with both hostname and ip address once to your nodes and "yes" the ssh banner/warning)
OK, then when you run "broctl deploy", broctl will try
to create the directory "/usr/local/bro" on each machine
in your cluster. If the user that you're running
broctl does not have write access to the "/usr/local"
directory, then you will see a permission denied error.
Have you tried to manually create that directory on each machine,
and then change the ownership to the user that runs
broctl, and then run "broctl deploy"?
> I attempted to create a test folder where Bro is attempting to create
its
> directories on a node, and that failed with permissions denied as
expected
Yes, thats what is happening.
When setting up, I believe you'd want to make sure that on all the nodes,
there is a directory with same path, ownership and premissions as the
directory you have bro installed on the manager.
For example: if you have bro:bro with install prefix of /usr/local/bro-2.4
make sure your other nodes also have a /usr/local/bro-2.4 with bro:bro
permissions.
That should fix this issue.
(Oh also make sure you ssh with both hostname and ip address once to your
nodes and "yes" the ssh banner/warning)
let me know if you still encounter problems.
The rather simple steps you described above worked flawlessly! Thank you
for that!
I was convinced that Bro will create them and I thought I was doing
something wrong that prevented Bro from doing what it is supposed to do.
OK, then when you run "broctl deploy", broctl will try
to create the directory "/usr/local/bro" on each machine
in your cluster. If the user that you're running
broctl does not have write access to the "/usr/local"
directory, then you will see a permission denied error.
Have you tried to manually create that directory on each machine,
and then change the ownership to the user that runs
broctl, and then run "broctl deploy"?
I just did like what you said and as recommended by Aashish and now I got a
working multi-node Bro cluster, just like that