Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Metron Model-as-a-Service (Maas) - full dev platform

Labels (1)
Labels:
avatar
author-rank asubramanian
Super Collaborator

Created on ‎11-28-2017 08:55 AM - edited ‎08-17-2019 09:59 AM

This article serves as an addendum to the main Metron MaaS README doc in Apache Metron github.

It is highly recommended that you go through the README article in github to understand the concepts and working principle. This article only intends to capture the steps specific to the Metron full dev vagrant platform so it is easy for a user to copy-paste-run and get it working quickly.

Further, this article only covers the successful startup, deployment and validation of the Metron MaaS service. Refer to the master github README for further steps.

Prerequisites

* You need to have a working Metron full dev platform before you proceed with the instructions

Step 1:Install Required Packages

Run the following commands to install Flask, Jinja2, Squid client and the Elasticsearch HEAD plugin:

vagrant ssh #To SSH onto the full-dev platform
sudo yum install python-flask
sudo yum install python-jinja2
sudo yum install squid
sudo service start squid
sudo /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head

Step 2: Create Mock DGA service files

Run the following commands:

sudo su - metron
mkdir mock_dga
cd mock_dga

Download the files from this link and copy to the folder. Alternativey you use the following commands to create the files:

* vi dga.py

(paste the below code snippet, save and quit)

from flask import Flask
from flask import request,jsonify
import socket
app = Flask(__name__)
@app.route("/apply", methods=['GET'])
def predict():
        h = request.args.get('host')
        r = {}
        if h == 'yahoo.com' or h == 'amazon.com':
                r['is_malicious'] = 'legit'
        else:
                r['is_malicious'] = 'malicious'
        return jsonify(r)
if __name__ == "__main__":
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.bind(('localhost', 0))
        port = sock.getsockname()[1]
        sock.close()
        with open("endpoint.dat", "w") as text_file:
                text_file.write("{\"url\" : \"http://0.0.0.0:%d\"}" % port)
        app.run(threaded=True, host="0.0.0.0", port=port)

* vi rest.sh

(paste the below code snippet, save and quit)

#!/bin/bash
python dga.py

Run these commands to make the files executable

chmod +x /home/metron/mock_dga/*

Step 3: Create HDFS directories

Run the following commands as vagrant user, and _not_ as metron user

sudo su - hdfs -c "hadoop fs -mkdir /user/metron"
sudo su - hdfs -c "hadoop fs -chown metron:metron /user/metron"<br>

Step 4: Start MaaS service

Run the following commands:

Note: Change the METRON_HOME variable per the version of Metron you are running

sudo su - metron
export METRON_HOME=/usr/metron/0.4.2
$METRON_HOME/bin/maas_service.sh -zq node1:2181

Verify MaaS service running and view application log

Follow these steps to ensure that the maas service is running properly

1. Launch Ambari UI at http://node1:8080. Authenticate with admin/admin

2. Go to Services -> YARN -> 'Quick Links' dropdown -> ResourceManager UI

3. You should be able to see the application listed in the UI, similar to the below:

43729-maas-resourcemanagerui.png

4. Click on the application -> Logs -> AppMaster.stderr log file to view the startup logs. Check for presence of any errors. If there are none, you are good to deploy the DGA model in the next step.

Step 5: Deploy Mock DGA model

Run the following command as metron user to deploy the DGA model

$METRON_HOME/bin/maas_deploy.sh -zq node1:2181 -lmp /home/metron/mock_dga -hmp /user/metron/models -mo ADD -m 512 -n dga -v 1.0 -ni 1

Once the command completes, you can monitor the ResourceManager UI application logs to check for any errors.

Verify DGA model has been successfully deployed

a) Run the following command as metron user:

$METRON_HOME/bin/maas_deploy.sh -zq node1:2181 -mo LIST

At the end of the command execution, you should be able to see something similar to the following output, which indicates that the model has been successfully deployed.

Model dga @ 1.0
dga:1.0 @ http://node1:50451 serving:
 apply=apply

Note: The port number '50451' in the above output may change across different runs.

b) Try to hit the model via curl by running the following commands, and verify you are seeing the respective outputs. 

[metron@node1 ~]$ curl 'http://localhost:50451/apply?host=testing.com'
{
  "is_malicious": "malicious"
}

[metron@node1 ~]$ curl 'http://localhost:50451/apply?host=yahoo.com'
{
  "is_malicious": "legit"
}

With this you would have been able to successfully started, deployed and validated Metron MaaS on your full dev Metron platform.

Step 6: Squid Example

The next steps of sending data through the squid sensor and having it processed through the MaaS is not covered as a part of this article. Please refer to the steps listed in the github README doc.

5,961 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎08-17-2019 09:59 AM
Updated by:
Super Collaborator
Contributors