You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@metron.apache.org by Ali Nazemian <al...@gmail.com> on 2017/07/28 05:13:37 UTC

Geo enrichment failure after blocking internet connectivity

Hi,

Recently we have blocked internet connection to one of our platforms. After
we had restarted Enrichment topology, we found out that topology cannot
start anymore and it keeps throwing the following exception.

2017-07-28 04:41:38.816 o.a.c.f.r.c.TreeCache [ERROR]

java.lang.IllegalStateException: [Metron] Unable to update MaxMind database

               at
org.apache.metron.enrichment.adapters.geo.GeoLiteDatabase.update(GeoLiteDatabase.java:107)
~[stormjar.jar:?]

               at
org.apache.metron.enrichment.adapters.geo.GeoLiteDatabase.updateIfNecessary(GeoLiteDatabase.java:71)
~[stormjar.jar:?]

               at
org.apache.metron.enrichment.bolt.ThreatIntelJoinBolt.reloadCallback(ThreatIntelJoinBolt.java:205)
~[stormjar.jar:?]

               at
org.apache.metron.common.bolt.ConfiguredEnrichmentBolt.updateConfig(ConfiguredEnrichmentBolt.java:61)
~[stormjar.jar:?]

               at
org.apache.metron.common.bolt.ConfiguredBolt$1.childEvent(ConfiguredBolt.java:91)
~[stormjar.jar:?]

               at
org.apache.curator.framework.recipes.cache.TreeCache$2.apply(TreeCache.java:685)
[stormjar.jar:?]

               at
org.apache.curator.framework.recipes.cache.TreeCache$2.apply(TreeCache.java:679)
[stormjar.jar:?]

               at
org.apache.curator.framework.listen.ListenerContainer$1.run(ListenerContainer.java:92)
[stormjar.jar:?]

               at
org.apache.metron.guava.util.concurrent.MoreExecutors$SameThreadExecutorService.execute(MoreExecutors.java:297)
[stormjar.jar:?]

               at
org.apache.curator.framework.listen.ListenerContainer.forEach(ListenerContainer.java:84)
[stormjar.jar:?]

               at
org.apache.curator.framework.recipes.cache.TreeCache.callListeners(TreeCache.java:678)
[stormjar.jar:?]

               at
org.apache.curator.framework.recipes.cache.TreeCache.access$1400(TreeCache.java:69)
[stormjar.jar:?]

               at
org.apache.curator.framework.recipes.cache.TreeCache$4.run(TreeCache.java:790)
[stormjar.jar:?]

               at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[?:1.8.0_131]

               at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[?:1.8.0_131]

               at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[?:1.8.0_131]

               at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[?:1.8.0_131]

               at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[?:1.8.0_131]

               at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[?:1.8.0_131]

               at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]


It seems there is a hard requirement for updating GeoEnrichment database
that is broken now by blocking internet connection. How can we update that
database manually and bypass the verification part of Metron for updating
this database manually?


Regards,

Ali

Re: Geo enrichment failure after blocking internet connectivity

Posted by Ali Nazemian <al...@gmail.com>.

Hi Justin,

You are right. For unknown reason /apps/metron/geo was not accessible. I
need to work on understanding why HDFS acts inconsistent on this platform.

Regards,
Ali

On Fri, Jul 28, 2017 at 10:51 PM, Justin Leet <ju...@gmail.com> wrote:

> My expectation is that /apps/metron/geo is empty (or at least has no files
> in subdirs), can you verify this?
>
> Assuming it is empty, you should be able to place the file (
> http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz)
> into HDFS at /apps/metron/geo/default/GeoLite2-City.mmdb.gz and restart
> enrichment.  It'll look there by default.
>
> If you set up a cluster in the future, and want to avoid it Ambari also
> has a config for the GeoIP file's URL, and I believe (but haven't looked at
> it in awhile) that it should be able to take a file:/// type url that
> points to a local file on the Metron master node, as long as that file
> exists prior to Ambari's attempt to use it.
>
> Let me know if that solves the problem; I haven't taken a look at that
> stuff in a little bit, so I may have to dig a bit deeper if that doesn't
> resolve it.
>
> On Fri, Jul 28, 2017 at 1:13 AM, Ali Nazemian <al...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Recently we have blocked internet connection to one of our platforms.
>> After we had restarted Enrichment topology, we found out that topology
>> cannot start anymore and it keeps throwing the following exception.
>>
>> 2017-07-28 04:41:38.816 o.a.c.f.r.c.TreeCache [ERROR]
>>
>> java.lang.IllegalStateException: [Metron] Unable to update MaxMind
>> database
>>
>>                at org.apache.metron.enrichment.a
>> dapters.geo.GeoLiteDatabase.update(GeoLiteDatabase.java:107)
>> ~[stormjar.jar:?]
>>
>>                at org.apache.metron.enrichment.a
>> dapters.geo.GeoLiteDatabase.updateIfNecessary(GeoLiteDatabase.java:71)
>> ~[stormjar.jar:?]
>>
>>                at org.apache.metron.enrichment.b
>> olt.ThreatIntelJoinBolt.reloadCallback(ThreatIntelJoinBolt.java:205)
>> ~[stormjar.jar:?]
>>
>>                at org.apache.metron.common.bolt.
>> ConfiguredEnrichmentBolt.updateConfig(ConfiguredEnrichmentBolt.java:61)
>> ~[stormjar.jar:?]
>>
>>                at org.apache.metron.common.bolt.
>> ConfiguredBolt$1.childEvent(ConfiguredBolt.java:91) ~[stormjar.jar:?]
>>
>>                at org.apache.curator.framework.r
>> ecipes.cache.TreeCache$2.apply(TreeCache.java:685) [stormjar.jar:?]
>>
>>                at org.apache.curator.framework.r
>> ecipes.cache.TreeCache$2.apply(TreeCache.java:679) [stormjar.jar:?]
>>
>>                at org.apache.curator.framework.l
>> isten.ListenerContainer$1.run(ListenerContainer.java:92) [stormjar.jar:?]
>>
>>                at org.apache.metron.guava.util.c
>> oncurrent.MoreExecutors$SameThreadExecutorService.execute(MoreExecutors.java:297)
>> [stormjar.jar:?]
>>
>>                at org.apache.curator.framework.l
>> isten.ListenerContainer.forEach(ListenerContainer.java:84)
>> [stormjar.jar:?]
>>
>>                at org.apache.curator.framework.r
>> ecipes.cache.TreeCache.callListeners(TreeCache.java:678) [stormjar.jar:?]
>>
>>                at org.apache.curator.framework.r
>> ecipes.cache.TreeCache.access$1400(TreeCache.java:69) [stormjar.jar:?]
>>
>>                at org.apache.curator.framework.r
>> ecipes.cache.TreeCache$4.run(TreeCache.java:790) [stormjar.jar:?]
>>
>>                at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>> [?:1.8.0_131]
>>
>>                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>> [?:1.8.0_131]
>>
>>                at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>> [?:1.8.0_131]
>>
>>                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>> [?:1.8.0_131]
>>
>>                at java.util.concurrent.ThreadPoo
>> lExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_131]
>>
>>                at java.util.concurrent.ThreadPoo
>> lExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_131]
>>
>>                at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
>>
>>
>> It seems there is a hard requirement for updating GeoEnrichment database
>> that is broken now by blocking internet connection. How can we update that
>> database manually and bypass the verification part of Metron for updating
>> this database manually?
>>
>>
>> Regards,
>>
>> Ali
>>
>
>


-- 
A.Nazemian

Re: Geo enrichment failure after blocking internet connectivity

Posted by Justin Leet <ju...@gmail.com>.

My expectation is that /apps/metron/geo is empty (or at least has no files
in subdirs), can you verify this?

Assuming it is empty, you should be able to place the file (
http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz)
into HDFS at /apps/metron/geo/default/GeoLite2-City.mmdb.gz and restart
enrichment.  It'll look there by default.

If you set up a cluster in the future, and want to avoid it Ambari also has
a config for the GeoIP file's URL, and I believe (but haven't looked at it
in awhile) that it should be able to take a file:/// type url that points
to a local file on the Metron master node, as long as that file exists
prior to Ambari's attempt to use it.

Let me know if that solves the problem; I haven't taken a look at that
stuff in a little bit, so I may have to dig a bit deeper if that doesn't
resolve it.

On Fri, Jul 28, 2017 at 1:13 AM, Ali Nazemian <al...@gmail.com> wrote:

> Hi,
>
> Recently we have blocked internet connection to one of our platforms.
> After we had restarted Enrichment topology, we found out that topology
> cannot start anymore and it keeps throwing the following exception.
>
> 2017-07-28 04:41:38.816 o.a.c.f.r.c.TreeCache [ERROR]
>
> java.lang.IllegalStateException: [Metron] Unable to update MaxMind
> database
>
>                at org.apache.metron.enrichment.
> adapters.geo.GeoLiteDatabase.update(GeoLiteDatabase.java:107)
> ~[stormjar.jar:?]
>
>                at org.apache.metron.enrichment.
> adapters.geo.GeoLiteDatabase.updateIfNecessary(GeoLiteDatabase.java:71)
> ~[stormjar.jar:?]
>
>                at org.apache.metron.enrichment.bolt.ThreatIntelJoinBolt.
> reloadCallback(ThreatIntelJoinBolt.java:205) ~[stormjar.jar:?]
>
>                at org.apache.metron.common.bolt.ConfiguredEnrichmentBolt.
> updateConfig(ConfiguredEnrichmentBolt.java:61) ~[stormjar.jar:?]
>
>                at org.apache.metron.common.bolt.
> ConfiguredBolt$1.childEvent(ConfiguredBolt.java:91) ~[stormjar.jar:?]
>
>                at org.apache.curator.framework.recipes.cache.TreeCache$2.apply(TreeCache.java:685)
> [stormjar.jar:?]
>
>                at org.apache.curator.framework.recipes.cache.TreeCache$2.apply(TreeCache.java:679)
> [stormjar.jar:?]
>
>                at org.apache.curator.framework.listen.ListenerContainer$1.run(ListenerContainer.java:92)
> [stormjar.jar:?]
>
>                at org.apache.metron.guava.util.concurrent.MoreExecutors$
> SameThreadExecutorService.execute(MoreExecutors.java:297) [stormjar.jar:?]
>
>                at org.apache.curator.framework.listen.ListenerContainer.
> forEach(ListenerContainer.java:84) [stormjar.jar:?]
>
>                at org.apache.curator.framework.recipes.cache.TreeCache.
> callListeners(TreeCache.java:678) [stormjar.jar:?]
>
>                at org.apache.curator.framework.recipes.cache.TreeCache.access$1400(TreeCache.java:69)
> [stormjar.jar:?]
>
>                at org.apache.curator.framework.
> recipes.cache.TreeCache$4.run(TreeCache.java:790) [stormjar.jar:?]
>
>                at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [?:1.8.0_131]
>
>                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [?:1.8.0_131]
>
>                at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [?:1.8.0_131]
>
>                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [?:1.8.0_131]
>
>                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [?:1.8.0_131]
>
>                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [?:1.8.0_131]
>
>                at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
>
>
> It seems there is a hard requirement for updating GeoEnrichment database
> that is broken now by blocking internet connection. How can we update that
> database manually and bypass the verification part of Metron for updating
> this database manually?
>
>
> Regards,
>
> Ali
>