metron-deployment/inventory/metron_example/group_vars/all - metron - Git at Google

 #
 #  Licensed to the Apache Software Foundation (ASF) under one or more
 #  contributor license agreements.  See the NOTICE file distributed with
 #  this work for additional information regarding copyright ownership.
 #  The ASF licenses this file to You under the Apache License, Version 2.0
 #  (the "License"); you may not use this file except in compliance with
 #  the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 #
 ---
 # which services should be started?
 services_to_start:
   - mysql
   - elasticsearch
   - pcap-service
   - kibana
   - yaf
   - snort
   - snort-logs
   - bro
   - pcap-replay
   - yaf-parser
   - bro-parser
   - snort-parser
   - enrichment
   - indexing

 #Ansible Variables
 ansible_ssh_private_key_file: /Path/to/private/key/file #Change This
 ansible_ssh_user: root

 #Ambari
 ambari_host: "{{ groups.ambari_master[0] }}"
 ambari_port: 8080
 ambari_user: admin
 ambari_password: admin
 cluster_type: small_cluster

 # hbase
 pcap_hbase_table: pcap
 tracker_hbase_table: access_tracker
 threatintel_hbase_table: threatintel
 enrichment_hbase_table: enrichment

 # kafka
 num_partitions: 3
 retention_in_gb: 25

 # metron variables
 metron_version: 0.3.0
 metron_directory: /usr/metron/{{ metron_version }}
 pcapservice_port: 8081

 # sensors
 sniff_interface: eth1
 bro_version: "2.4.1"
 fixbuf_version: "1.7.1"
 yaf_version: "2.8.0"
 daq_version: "2.0.6-1"
 iface: "eth0"
 pycapa_repo: "https://github.com/OpenSOC/pycapa.git"
 pycapa_home: "/opt/pycapa"
 snort_version: "2.9.8.0-1"
 snort_alert_csv_path: "/var/log/snort/alert.csv"

 # pcap-replay
 install_pcap_replay: True
 install_tap: True
 tap_ip: 10.0.0.1
 sensor_test_mode: True
 pcap_replay_interface: tap0
 pcap_replay_home: /opt/pcap-replay

 # data directories
 zookeeper_data_dir: "/data1/hadoop/zookeeper"
 namenode_checkpoint_dir: "/data1/hadoop/hdfs/namesecondary"
 namenode_name_dir: "/data1/hadoop/hdfs/namenode"
 datanode_data_dir: "/data1/hadoop/hdfs/data,/data2/hadoop/hdfs/data"
 journalnode_edits_dir: "/data1/hadoop/hdfs/journalnode"
 nodemanager_local_dirs: "/data1/hadoop/yarn/local"
 timeline_ldb_store_path: "/data1/hadoop/yarn/timeline"
 timeline_ldb_state_path: "/data1/hadoop/yarn/timeline"
 nodemanager_log_dirs: "/data1/hadoop/yarn/log"
 jhs_recovery_store_ldb_path: "/data1/hadoop/mapreduce/jhs"
 storm_local_dir: "/data1/hadoop/storm"
 kafka_log_dirs: "/data2/kafka-log"
 elasticsearch_data_dir: "/data1/elasticsearch,/data2/elasticsearch"

 # search
 install_elasticsearch: True
 install_solr: False
 elasticsearch_transport_port: 9300
 elasticsearch_network_interface: eth0
 elasticsearch_web_port: 9200
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	---
	# which services should be started?
	services_to_start:
	- mysql
	- elasticsearch
	- pcap-service
	- kibana
	- yaf
	- snort
	- snort-logs
	- bro
	- pcap-replay
	- yaf-parser
	- bro-parser
	- snort-parser
	- enrichment
	- indexing

	#Ansible Variables
	ansible_ssh_private_key_file: /Path/to/private/key/file #Change This
	ansible_ssh_user: root

	#Ambari
	ambari_host: "{{ groups.ambari_master[0] }}"
	ambari_port: 8080
	ambari_user: admin
	ambari_password: admin
	cluster_type: small_cluster

	# hbase
	pcap_hbase_table: pcap
	tracker_hbase_table: access_tracker
	threatintel_hbase_table: threatintel
	enrichment_hbase_table: enrichment

	# kafka
	num_partitions: 3
	retention_in_gb: 25

	# metron variables
	metron_version: 0.3.0
	metron_directory: /usr/metron/{{ metron_version }}
	pcapservice_port: 8081

	# sensors
	sniff_interface: eth1
	bro_version: "2.4.1"
	fixbuf_version: "1.7.1"
	yaf_version: "2.8.0"
	daq_version: "2.0.6-1"
	iface: "eth0"
	pycapa_repo: "https://github.com/OpenSOC/pycapa.git"
	pycapa_home: "/opt/pycapa"
	snort_version: "2.9.8.0-1"
	snort_alert_csv_path: "/var/log/snort/alert.csv"

	# pcap-replay
	install_pcap_replay: True
	install_tap: True
	tap_ip: 10.0.0.1
	sensor_test_mode: True
	pcap_replay_interface: tap0
	pcap_replay_home: /opt/pcap-replay

	# data directories
	zookeeper_data_dir: "/data1/hadoop/zookeeper"
	namenode_checkpoint_dir: "/data1/hadoop/hdfs/namesecondary"
	namenode_name_dir: "/data1/hadoop/hdfs/namenode"
	datanode_data_dir: "/data1/hadoop/hdfs/data,/data2/hadoop/hdfs/data"
	journalnode_edits_dir: "/data1/hadoop/hdfs/journalnode"
	nodemanager_local_dirs: "/data1/hadoop/yarn/local"
	timeline_ldb_store_path: "/data1/hadoop/yarn/timeline"
	timeline_ldb_state_path: "/data1/hadoop/yarn/timeline"
	nodemanager_log_dirs: "/data1/hadoop/yarn/log"
	jhs_recovery_store_ldb_path: "/data1/hadoop/mapreduce/jhs"
	storm_local_dir: "/data1/hadoop/storm"
	kafka_log_dirs: "/data2/kafka-log"
	elasticsearch_data_dir: "/data1/elasticsearch,/data2/elasticsearch"

	# search
	install_elasticsearch: True
	install_solr: False
	elasticsearch_transport_port: 9300
	elasticsearch_network_interface: eth0
	elasticsearch_web_port: 9200