Google Git
Sign in
apache / metron / 410993daf60dfe898a973fa8a9906ddbffd83208 / . / current-book / metron-deployment / amazon-ec2 / index.html
blob: a53a48b7bf13d0588655f3bda0ff3dc842c397b2 [file] [log] [blame]
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.8 from src/site/markdown/metron-deployment/amazon-ec2/index.md at 2019-05-14
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20190514" />
<meta http-equiv="Content-Language" content="en" />
<title>Metron &#x2013; Apache Metron on Amazon EC2</title>
<link rel="stylesheet" href="../../css/apache-maven-fluido-1.7.min.css" />
<link rel="stylesheet" href="../../css/site.css" />
<link rel="stylesheet" href="../../css/print.css" media="print" />
<script type="text/javascript" src="../../js/apache-maven-fluido-1.7.min.js"></script>
<script type="text/javascript">
$( document ).ready( function() { $( '.carousel' ).carousel( { interval: 3500 } ) } );
</script>
</head>
<body class="topBarDisabled">
<div class="container-fluid">
<div id="banner">
<div class="pull-left"><a href="http://metron.apache.org/" id="bannerLeft"><img src="../../images/metron-logo.png" alt="Apache Metron" width="148px" height="48px"/></a></div>
<div class="pull-right"></div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class=""><a href="http://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
<li class=""><a href="http://metron.apache.org/" class="externalLink" title="Metron">Metron</a><span class="divider">/</span></li>
<li class=""><a href="../../index.html" title="Documentation">Documentation</a><span class="divider">/</span></li>
<li class="active ">Apache Metron on Amazon EC2</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2019-05-14</li>
<li id="projectVersion" class="pull-right">Version: 0.7.1</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">User Documentation</li>
<li><a href="../../index.html" title="Metron"><span class="icon-chevron-down"></span>Metron</a>
<ul class="nav nav-list">
<li><a href="../../CONTRIBUTING.html" title="CONTRIBUTING"><span class="none"></span>CONTRIBUTING</a></li>
<li><a href="../../Upgrading.html" title="Upgrading"><span class="none"></span>Upgrading</a></li>
<li><a href="../../metron-analytics/index.html" title="Analytics"><span class="icon-chevron-right"></span>Analytics</a></li>
<li><a href="../../metron-contrib/metron-docker/index.html" title="Docker"><span class="none"></span>Docker</a></li>
<li><a href="../../metron-contrib/metron-performance/index.html" title="Performance"><span class="none"></span>Performance</a></li>
<li><a href="../../metron-deployment/index.html" title="Deployment"><span class="icon-chevron-down"></span>Deployment</a>
<ul class="nav nav-list">
<li><a href="../../metron-deployment/Kerberos-ambari-setup.html" title="Kerberos-ambari-setup"><span class="none"></span>Kerberos-ambari-setup</a></li>
<li><a href="../../metron-deployment/Kerberos-manual-setup.html" title="Kerberos-manual-setup"><span class="none"></span>Kerberos-manual-setup</a></li>
<li class="active"><a href="#"><span class="none"></span>Amazon-ec2</a></li>
<li><a href="../../metron-deployment/ansible/index.html" title="Ansible"><span class="icon-chevron-right"></span>Ansible</a></li>
<li><a href="../../metron-deployment/development/index.html" title="Development"><span class="icon-chevron-right"></span>Development</a></li>
<li><a href="../../metron-deployment/other-examples/index.html" title="Other-examples"><span class="icon-chevron-right"></span>Other-examples</a></li>
<li><a href="../../metron-deployment/packaging/ambari/index.html" title="Ambari"><span class="icon-chevron-right"></span>Ambari</a></li>
<li><a href="../../metron-deployment/packaging/docker/ansible-docker/index.html" title="Ansible-docker"><span class="none"></span>Ansible-docker</a></li>
<li><a href="../../metron-deployment/packaging/docker/deb-docker/index.html" title="Deb-docker"><span class="none"></span>Deb-docker</a></li>
<li><a href="../../metron-deployment/packaging/docker/rpm-docker/index.html" title="Rpm-docker"><span class="none"></span>Rpm-docker</a></li>
<li><a href="../../metron-deployment/packaging/packer-build/index.html" title="Packer-build"><span class="none"></span>Packer-build</a></li>
</ul>
</li>
<li><a href="../../metron-interface/index.html" title="Interface"><span class="icon-chevron-right"></span>Interface</a></li>
<li><a href="../../metron-platform/index.html" title="Platform"><span class="icon-chevron-right"></span>Platform</a></li>
<li><a href="../../metron-sensors/index.html" title="Sensors"><span class="icon-chevron-right"></span>Sensors</a></li>
<li><a href="../../metron-stellar/stellar-3rd-party-example/index.html" title="Stellar-3rd-party-example"><span class="none"></span>Stellar-3rd-party-example</a></li>
<li><a href="../../metron-stellar/stellar-common/index.html" title="Stellar-common"><span class="icon-chevron-right"></span>Stellar-common</a></li>
<li><a href="../../metron-stellar/stellar-zeppelin/index.html" title="Stellar-zeppelin"><span class="none"></span>Stellar-zeppelin</a></li>
<li><a href="../../use-cases/index.html" title="Use-cases"><span class="icon-chevron-right"></span>Use-cases</a></li>
</ul>
</li>
</ul>
<hr />
<div id="poweredBy">
<div class="clear"></div>
<div class="clear"></div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" /></a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<h1>Apache Metron on Amazon EC2</h1>
<p>This project fully automates the provisioning of Apache Metron on Amazon EC2 infrastructure. Starting with only your Amazon EC2 credentials, this project will create a fully-functioning, end-to-end, multi-node cluster running Apache Metron.</p>
<p>Warning: Amazon will charge for the use of their resources when running Apache Metron. The amount will vary based on the number and size of hosts, along with current Amazon pricing structure. Be sure to stop or terminate all of the hosts instantiated by Apache Metron when not in use to avoid unnecessary charges.</p>
<div class="section">
<h2><a name="AWS_Defaults"></a>AWS Defaults</h2>
<p>The Ansible playbook uses the following defaults for AWS deployment:</p>
<ul>
<li>Instances: 10</li>
<li>Region: us-west-2</li>
<li>Instance type: m4.xlarge</li>
</ul></div>
<div class="section">
<h2><a name="Getting_Started"></a>Getting Started</h2>
<div class="section">
<h3><a name="Prerequisites"></a>Prerequisites</h3>
<p>The host used to deploy Apache Metron will need the following software tools installed. The following versions are known to work as of the time of this writing, but by no means are these the only working versions.</p>
<ul>
<li>Ansible 2.4.0+</li>
<li>Python 2.7.11</li>
<li>Maven 3.3.9</li>
</ul>
<p>Any platform that supports these tools is suitable, but the following instructions cover only macOS. The easiest means of installing these tools on a Mac is to use the excellent <a class="externalLink" href="http://brew.sh/">Homebrew</a> project.</p>
<ol style="list-style-type: decimal">
<li>
<p>Install Homebrew by running the following command in a terminal. Refer to the <a class="externalLink" href="http://brew.sh/">Homebrew</a> home page for the latest installation instructions.</p>
<div>
<div>
<pre class="source">/usr/bin/ruby -e &quot;$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)&quot;
</pre></div></div>
</li>
<li>
<p>With Homebrew installed, run the following command in a terminal to install all of the required tools and dependencies.</p>
<div>
<div>
<pre class="source">brew update
brew tap caskroom/versions
brew cask install java8 vagrant virtualbox
brew install maven git node
</pre></div></div>
</li>
<li>
<p>Install Ansible by following the instructions <a class="externalLink" href="http://docs.ansible.com/ansible/intro_installation.html#latest-releases-via-pip">here</a>.</p>
</li>
<li>
<p>Ensure that a public SSH key is located at <tt>~/.ssh/id_rsa.pub</tt>.</p>
<div>
<div>
<pre class="source">$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChv5GJxPjR39UJV7VY17ivbLVlxFrH7UHwh1Jsjem4d1eYiAtde5N2y65/HRNxWbhYli9ED8k0/MRP92ejewucEbrPNq5mytPqdC4IvZ98Ln2GbqTDwvlP3T7xa/wYFOpFsOmXXql8216wSrnrS4f3XK7ze34S6/VmY+lsBYnr3dzyj8sG/mexpJgFS/w83mWJV0e/ryf4Hd7P6DZ5fO+nmTXfKNK22ga4ctcnbZ+toYcPL+ODCh8598XCKVo97XjwF5OxN3vl1p1HHguo3cHB4H1OIaqX5mUt59gFIZcAXUME89PO6NUiZDd3RTstpf125nQVkQAHu2fvW96/f037 nick@localhost
</pre></div></div>
<p>If this file does not exist, run the following command at a terminal and accept all defaults. Only the public key, not the private key, will be uploaded to Amazon and configured on each host to enable SSH connectivity. While it is possible to create and use an alternative key those details will not be covered.</p>
<div>
<div>
<pre class="source">ssh-keygen -t rsa
</pre></div></div>
</li>
<li>
<p>Ensure the JAVA_HOME environment variable is set</p>
<div>
<div>
<pre class="source">export JAVA_HOME=&quot;/Library/Java/JavaVirtualMachines/jdk1.8.0_162.jdk/Contents/Home&quot;
</pre></div></div>
<p>Notice: You must replace the path with the installed JDK version path</p>
</li>
</ol></div>
<div class="section">
<h3><a name="Amazon_Web_Services"></a>Amazon Web Services</h3>
<p>If you already have an Amazon Web Services account that you have used to deploy EC2 hosts, then you should be able to skip the next few steps.</p>
<ol style="list-style-type: decimal">
<li>
<p>Head over to <a class="externalLink" href="http://aws.amazon.com/">Amazon Web Services</a> and create an account. As part of the account creation process you will need to provide a credit card to cover any charges that may apply.</p>
</li>
<li>
<p>Create a set of user credentials through <a class="externalLink" href="https://console.aws.amazon.com/iam/">Amazon&#x2019;s Identity and Access Management (IAM) </a> dashboard. On the IAM dashboard menu click &#x201c;Users&#x201d; and then &#x201c;Create New User&#x201d;. Provide a name and ensure that &#x201c;Generate an access key for each user&#x201d; remains checked. Download the credentials and keep them for later use.</p>
</li>
<li>
<p>While still in <a class="externalLink" href="https://console.aws.amazon.com/iam/">Amazon&#x2019;s Identity and Access Management (IAM) </a> dashboard, click on the user that was previously created. Click the &#x201c;Permissions&#x201d; tab and then the &#x201c;Attach Policy&#x201d; button. Attach the following policies to the user.</p>
<ul>
<li>AmazonEC2FullAccess</li>
<li>AmazonVPCFullAccess</li>
</ul>
</li>
<li>
<p>Apache Metron uses the <a class="externalLink" href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO">official, open source CentOS 6</a> Amazon Machine Image (AMI). If you have never used this AMI before then you will need to accept Amazon&#x2019;s terms and conditions. Navigate to the <a class="externalLink" href="https://aws.amazon.com/marketplace/pp/B00NQAYLWO">web page for this AMI</a> and click the &#x201c;Continue&#x201d; button. Choose the &#x201c;Manual Launch&#x201d; tab then click the &#x201c;Accept Software Terms&#x201d; button.</p>
</li>
</ol>
<p>Having successfully created your Amazon Web Services account, hopefully you will find that the most difficult tasks are behind us.</p></div>
<div class="section">
<h3><a name="Deploy_Metron"></a>Deploy Metron</h3>
<ol style="list-style-type: decimal">
<li>
<p>Use the Amazon access key by exporting its values via the shell&#x2019;s environment. This allows Ansible to authenticate with Amazon EC2. For example:</p>
<div>
<div>
<pre class="source">export AWS_ACCESS_KEY_ID=&quot;AKIAI6NRFEO27E5FFELQ&quot;
export AWS_SECRET_ACCESS_KEY=&quot;vTDydWJQnAer7OWauUS150i+9Np7hfCXrrVVP6ed&quot;
</pre></div></div>
<p>Notice: You must replace the access key values above with values from your own access key.</p>
</li>
<li>
<p>Start the Apache Metron deployment process. When prompted provide a unique name for your Metron environment or accept the default.</p>
<div>
<div>
<pre class="source">$ ./run.sh
Metron Environment [metron-test]: my-metron-env
...
</pre></div></div>
<p>The process is likely to take between 70-90 minutes. Fortunately, everything is fully automated and you should feel free to grab a coffee.</p>
</li>
</ol></div>
<div class="section">
<h3><a name="Explore_Metron"></a>Explore Metron</h3>
<ol style="list-style-type: decimal">
<li>
<p>After the deployment has completed successfully, a message like the following will be displayed. Navigate to the specified resources to explore your newly minted Apache Metron environment.</p>
<div>
<div>
<pre class="source">TASK [debug] *******************************************************************
ok: [localhost] =&gt; {
&quot;Success&quot;: [
&quot;Apache Metron deployed successfully&quot;,
&quot; Metron @ http://ec2-52-37-255-142.us-west-2.compute.amazonaws.com:5000&quot;,
&quot; Ambari @ http://ec2-52-37-225-202.us-west-2.compute.amazonaws.com:8080&quot;,
&quot; Sensors @ ec2-52-37-225-202.us-west-2.compute.amazonaws.com on tap0&quot;,
&quot;For additional information, see https://metron.apache.org/'&quot;
]
}
</pre></div></div>
</li>
<li>
<p>Each of the provisioned hosts will be accessible from the internet. Connecting to one over SSH as the user <tt>centos</tt> will not require a password as it will authenticate with the pre-defined SSH key.</p>
<div>
<div>
<pre class="source">ssh centos@ec2-52-91-215-174.compute-1.amazonaws.com
</pre></div></div>
</li>
</ol></div></div>
<div class="section">
<h2><a name="Advanced_Usage"></a>Advanced Usage</h2>
<div class="section">
<h3><a name="Multiple_Environments"></a>Multiple Environments</h3>
<p>This process can support provisioning of multiple, isolated environments. Simply change the <tt>env</tt> settings in <tt>conf/defaults.yml</tt>. For example, you might provision separate development, test, and production environments.</p>
<div>
<div>
<pre class="source">env: metron-test
</pre></div></div>
</div>
<div class="section">
<h3><a name="Selective_Provisioning"></a>Selective Provisioning</h3>
<p>To provision only subsets of the entire Metron deployment, Ansible tags can be specified. For example, to only deploy the sensors on an Amazon EC2 environment, run the following command:</p>
<div>
<div>
<pre class="source">./run.sh --tags=&quot;ec2,sensors&quot;
</pre></div></div>
</div>
<div class="section">
<h3><a name="Setting_REST_API_Profile"></a>Setting REST API Profile</h3>
<p>By default, EC2 is deployed with the <tt>dev</tt> Spring profile. This simply instructs the REST API to automatically setup default test users <tt>[user, user1, user2, admin]</tt> with password &#x201c;<tt>password</tt>&#x201d; as opposed to requiring the user to manually create users in the REST database. You can change this default functionality by removing the <tt>metron_spring_profiles_active</tt> setting in <tt>metron-deployment/roles/ambari_config/vars/small_cluster.yml</tt>. You can view more detail on the REST Spring profiles <a href="../../metron-interface/metron-rest/index.html#spring-profiles">here</a>.</p></div>
<div class="section">
<h3><a name="Custom_SSH_Key"></a>Custom SSH Key</h3>
<p>By default, the playbook will attempt to register your public SSH key <tt>~/.ssh/id_rsa.pub</tt> with each provisioned host. This enables Ansible to communicate with each host using an SSH connection. If would prefer to use another key simply add the path to the public key file to the <tt>key_file</tt> property in <tt>conf/defaults.yml</tt>.</p>
<p>For example, generate a new SSH key for Metron that will be stored at <tt>~/.ssh/my-metron-key</tt>.</p>
<div>
<div>
<pre class="source">$ ssh-keygen -q -f ~/.ssh/my-metron-key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
</pre></div></div>
<p>Add the path to the newly created SSH public key to <tt>conf/defaults.yml</tt>.</p>
<div>
<div>
<pre class="source">key_file: ~/.ssh/metron-private-key.pub
</pre></div></div>
</div></div>
<div class="section">
<h2><a name="Common_Errors"></a>Common Errors</h2>
<div class="section">
<h3><a name="Error:_.5Bunsupported_operation_exception.5D_custom_format_isn.E2.80.99t_supported"></a>Error: [unsupported_operation_exception] custom format isn&#x2019;t supported</h3>
<p>This error might be seen within Metron&#x2019;s default dashboard in Kibana 4. This occurs when the index templates do not exist for the Snort, Bro or YAF indices in Elasticsearch.</p>
<p>The dashboard expects fields to be of a certain type. If the index templates have not been loaded correctly, the data types for the fields in these indices will be incorrect and the dashboard will display this error.</p>
<div class="section">
<h4><a name="Solution"></a>Solution</h4>
<p>If you see this error, please report your findings by creating a JIRA or dropping an email to the Metron Users mailing list. Follow these steps to work around the problem.</p>
<ol style="list-style-type: decimal">
<li>
<p>Define which Elasticsearch host to interact with. Any Elasticsearch host should work.</p>
<div>
<div>
<pre class="source">export ES_HOST=&quot;http://ec2-52-25-237-20.us-west-2.compute.amazonaws.com:9200&quot;
</pre></div></div>
</li>
<li>
<p>Confirm the index templates are in fact missing.</p>
<div>
<div>
<pre class="source">curl -s -XGET $ES_HOST/_template
</pre></div></div>
</li>
<li>
<p>Manually load the index templates.</p>
<div>
<div>
<pre class="source">cd metron-deployment
curl -s -XPOST $ES_HOST/_template/bro_index -d @roles/metron_elasticsearch_templates/files/es_templates/bro_index.template
curl -s -XPOST $ES_HOST/_template/snort_index -d @roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
curl -s -XPOST $ES_HOST/_template/yaf_index -d @roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template
</pre></div></div>
</li>
<li>
<p>Delete the existing indexes. Only a new index will use the templates defined in the previous step.</p>
<div>
<div>
<pre class="source">curl -s -XDELETE &quot;$ES_HOST/yaf_index*&quot;
curl -s -XDELETE &quot;$ES_HOST/bro_index*&quot;
curl -s -XDELETE &quot;$ES_HOST/snort_index*&quot;
</pre></div></div>
</li>
<li>
<p>Open up Kibana and wait for the new indexes to be created. The dashboard should now work.</p>
</li>
</ol></div></div>
<div class="section">
<h3><a name="Error:_.E2.80.98No_handler_was_ready_to_authenticate.E2.80.A6Check_your_credentials.E2.80.99"></a>Error: &#x2018;No handler was ready to authenticate&#x2026;Check your credentials&#x2019;</h3>
<div>
<div>
<pre class="source">TASK [Define keypair] **********************************************************
failed: [localhost] =&gt; (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXbcb1AlWsEPP
r9jEFrn0yun3PYNidJ/...david@hasselhoff.com) =&gt; {&quot;failed&quot;: true, &quot;item&quot;: &quot;ssh-r
sa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXbcb1AlWsEPPr9jEFr... david@hasselhoff.com&quot;,
&quot;msg&quot;: &quot;No handler was ready to authenticate. 1 handlers were checked.
['HmacAuthV4Handler'] Check your credentials&quot;}
</pre></div></div>
<div class="section">
<h4><a name="Solution_1"></a>Solution 1</h4>
<p>This occurs when Ansible does not have the correct AWS access keys. The following commands must return a valid access key that is defined within Amazon&#x2019;s <a class="externalLink" href="https://console.aws.amazon.com/iam/">Identity and Access Management</a> console.</p>
<div>
<div>
<pre class="source">$ echo $AWS_ACCESS_KEY_ID
AKIAI6NRFEO27E5FFELQ
$ echo $AWS_SECRET_ACCESS_KEY
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
</pre></div></div>
</div>
<div class="section">
<h4><a name="Solution_2"></a>Solution 2</h4>
<p>This error can occur if you have exported the correct AWS access key, but you are using <tt>sudo</tt> to run the Ansible playbook. Do not use the <tt>sudo</tt> command when running the Ansible playbook.</p></div></div>
<div class="section">
<h3><a name="Error:_.E2.80.98OptInRequired:_.E2.80.A6_you_need_to_accept_terms_and_subscribe.E2.80.99"></a>Error: &#x2018;OptInRequired: &#x2026; you need to accept terms and subscribe&#x2019;</h3>
<div>
<div>
<pre class="source">TASK [metron-test: Instantiate 1 host(s) as sensors,ambari_master,metron,ec2] **
fatal: [localhost]: FAILED! =&gt; {&quot;changed&quot;: false, &quot;failed&quot;: true, &quot;msg&quot;:
&quot;Instance creation failed =&gt; OptInRequired: In order to use this AWS Marketplace
product you need to accept terms and subscribe. To do so please visit
http://aws.amazon.com/marketplace/pp?sku=6x5jmcajty9edm3f211pqjfn2&quot;}
to retry, use: --limit @playbook.retry
</pre></div></div>
<div class="section">
<h4><a name="Solution"></a>Solution</h4>
<p>Apache Metron uses the <a class="externalLink" href="https://aws.amazon.com/marketplace/pp?sku=6x5jmcajty9edm3f211pqjfn2">official CentOS 6 Amazon Machine Image</a> when provisioning hosts. Amazon requires that you accept certain terms and conditions when using any Amazon Machine Image (AMI). Follow the link provided in the error message to accept the terms and conditions then re-run the playbook.</p></div></div>
<div class="section">
<h3><a name="Error:_.E2.80.98PendingVerification:_Your_account_is_currently_being_verified.E2.80.99"></a>Error: &#x2018;PendingVerification: Your account is currently being verified&#x2019;</h3>
<div>
<div>
<pre class="source">TASK [metron-test: Instantiate 1 host(s) as sensors,ambari_master,metron,ec2] **
fatal: [localhost]: FAILED! =&gt; {&quot;changed&quot;: false, &quot;failed&quot;: true, &quot;msg&quot;:
&quot;Instance creation failed =&gt; PendingVerification: Your account is currently
being verified. Verification normally takes less than 2 hours. Until your
account is verified, you may not be able to launch additional instances or
create additional volumes. If you are still receiving this message after more
than 2 hours, please let us know by writing to aws-verification@amazon.com. We
appreciate your patience.&quot;}
to retry, use: --limit @playbook.retry
</pre></div></div>
<div class="section">
<h4><a name="Solution"></a>Solution</h4>
<p>This will occur if you are attempting to deploy Apache Metron using a newly created Amazon Web Services account. Follow the advice of the message and wait until Amazon&#x2019;s verification process is complete. Amazon has some additional <a class="externalLink" href="http://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html">advice for dealing with this error and more</a>.</p>
<blockquote>
<p>Your account is pending verification. Until the verification process is complete, you may not be able to carry out requests with this account. If you have questions, contact <a class="externalLink" href="http://console.aws.amazon.com/support/home#/">AWS Support</a>.</p>
</blockquote></div></div>
<div class="section">
<h3><a name="Error:_.E2.80.98Instance_creation_failed_.3D.3E_InstanceLimitExceeded.E2.80.99"></a>Error: &#x2018;Instance creation failed =&gt; InstanceLimitExceeded&#x2019;</h3>
<div>
<div>
<pre class="source">TASK [metron-test: Instantiate 3 host(s) as search,metron,ec2] *****************
fatal: [localhost]: FAILED! =&gt; {&quot;changed&quot;: false, &quot;failed&quot;: true, &quot;msg&quot;:
&quot;Instance creation failed =&gt; InstanceLimitExceeded: You have requested more
instances (11) than your current instance limit of 10 allows for the specified
instance type. Please visit http://aws.amazon.com/contact-us/ec2-request to
request an adjustment to this limit.&quot;}
to retry, use: --limit @playbook.retry
</pre></div></div>
<div class="section">
<h4><a name="Solution"></a>Solution</h4>
<p>This will occur if Apache Metron attempts to deploy more host instances than allowed by your account. The total number of instances required for Apache Metron can be reduced by editing <tt>deployment/amazon-ec/playbook.yml</tt>. Perhaps a better alternative is to request of Amazon that this limit be increased. Amazon has some additional <a class="externalLink" href="http://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html">advice for dealing with this error and more</a>.</p>
<blockquote>
<p>You&#x2019;ve reached the limit on the number of instances you can run concurrently. The limit depends on the instance type. For more information, see <a class="externalLink" href="http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2">How many instances can I run in Amazon EC2</a>. If you need additional instances, complete the <a class="externalLink" href="https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&amp;limitType=service-code-ec2-instances">Amazon EC2 Instance Request Form</a>.</p>
</blockquote></div></div>
<div class="section">
<h3><a name="Error:_.E2.80.98SSH_encountered_an_unknown_error_during_the_connection.E2.80.99"></a>Error: &#x2018;SSH encountered an unknown error during the connection&#x2019;</h3>
<div>
<div>
<pre class="source">TASK [setup] *******************************************************************
fatal: [ec2-52-26-113-221.us-west-2.compute.amazonaws.com]: UNREACHABLE! =&gt; {
&quot;changed&quot;: false, &quot;msg&quot;: &quot;SSH encountered an unknown error during the
connection. We recommend you re-run the command using -vvvv, which will enable
SSH debugging output to help diagnose the issue&quot;, &quot;unreachable&quot;: true}
</pre></div></div>
<div class="section">
<h4><a name="Solution"></a>Solution</h4>
<p>This most often indicates that Ansible cannot connect to the host with the SSH key that it has access to. This could occur if hosts are provisioned with one SSH key, but the playbook is executed subsequently with a different SSH key. The issue can be addressed by either altering the <tt>key_file</tt> variable to point to the key that was used to provision the hosts or by simply terminating all hosts and re-running the playbook.</p></div></div></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
© 2015-2016 The Apache Software Foundation. Apache Metron, Metron, Apache, the Apache feather logo,
and the Apache Metron project logo are trademarks of The Apache Software Foundation.
</div>
</div>
</footer>
</body>
</html>