-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to get minemeld-ansible to install on Ubuntu 20.04 #89
Comments
hey just a thing i vaguely remember from ubuntu 20.04, instead of symlinking /usr/bin/python2.7 to /usr/bin/python, there should still be a package (aptly named) called so just install it with |
Great post! Thank you very much!!!! |
I'm having a problem running "ansible-playbook -K -i 127.0.0.1, local.yml" and I'm getting the following response: TASK [minemeld : requirements] ************************************************* PLAY RECAP ********************************************************************* |
Getting error: sudo python2.7 get-pip.py |
TASK [minemeld : minemeld virtualenv] **************************************************************************************************************************************************************************************************************************************************************************************************************************************************** |
Hey there, this is less of a trouble ticket and more of "If you're stuck using this, and you MUST get it working on Ubuntu 20.04, here are the general steps I followed to do so."
Now bear in mind, this project still uses python 2, pip version 2, and probably woefully updated libraries, etc. as a part of the installation process. Also bear in mind that python has been stating that for about a year now that the pip2 repos could be removed at any time, since 2.x is no longer supported anywhere.
Anyway, with that being said, this is a cliffnotes dump on what I needed to do to install minemeld on Ubuntu 20.04 and get it into a mostly operational state:
pre-reqs:
To install pip 2.7
You need ansible to use the minemeld ansible script:
pip install ansible
Now, grab this repo:
git clone https://github.com/PaloAltoNetworks/minemeld-ansible
change the following fields in
local.yml
:Ubuntu 20.04-specific ansible things:
navigate to
minemeld-ansible/roles/infrastructure/vars
and run:cp Ubuntu-18.04.yml Ubuntu-20.04.yml
navigate to
minemeld-ansible/roles/minemeld/vars
and run:cp Ubuntu-18.04.yml Ubuntu-20.04.yml
To kick off the install, run:
ansible-playbook -K -i 127.0.0.1, local.yml
note: for ubuntu 20.04, I had to include this in the ansible-playbook command:
ansible_python_interpreter=/usr/bin/python2
After the install, If you get the following error from nginx (which you almost certainly will):
nginx: [emerg] SSL_CTX_use_certificate("/etc/nginx/minemeld.cer") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Run these commands:
The commands above will create a self-signed SSL cert with parameters that nginx can actually use.
Now, there's another problem ujson and newer versions of glibc that modern Linux distros use. The easiest way to solve this problem is to modify the following files:
find the line that requests ujson 1.34, and change that line, in all three files to ujson version 2.0.3. After doing that, run:
This should place you in the python virtual environment for minemeld, allow you to install ujson, then exit the virtual environment.
You might also run into a problem where redis isn't creating /var/run/redis.sock
confirm that redis service is enabled:
systemctl enable redis.service
stop/start the redis service:
Finally, I also experienced a problem after installation where gunicorn was running, but I couldn't interact with the webUI, even after running:
systemctl restart minemeld.service
Don't be afraid to run:
killall gunicorn
or to reboot the service to clear the fail state.
At this point, I was able to log in and interact with the web interface.
I hope this braindump helps you, and may you find a way to migrate off of this abandonware.
The text was updated successfully, but these errors were encountered: