Ah, yes, you are right. It sounds like an external change might have broken that installation path for the dev environment.
In most cases, we don't install Bro in the dev environment any longer because it is just too much to run on a single VM. Keep that in mind for your demo. That being said, here are a couple things you could try to work around this. (1) Change the URL for the Bro download. You would need to make that change here <https://github.com/apache/metron/blob/0ba18026222f004316b96633780509c71934121e/metron-deployment/ansible/roles/bro/tasks/bro.yml#L20>. Try http instead of https? If that doesn't work, try the proper Zeek URL <https://www.zeek.org/downloads/bro-2.6.1.tar.gz> [2] instead of the legacy Bro URL. (2) If that does not work, manually download that tarball and put it on your VM at /tmp/bro-2.5.5.tar.gz. If the tarball is already at that location, it should skip over the download step. Best of luck -- [1] https://github.com/apache/metron/blob/0ba18026222f004316b96633780509c71934121e/metron-deployment/ansible/roles/bro/tasks/bro.yml#L20 [2] https://www.zeek.org/downloads/bro-2.5.5.tar.gz On Thu, May 23, 2019 at 8:46 PM Pablo de Azevedo <pablodeazev...@gmail.com> wrote: > Hi! > This python 2.6.6.. version refers to version installed in *node1*: > > *[vagrant@node1 ~]$ python* >> Python 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) >> [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)] on linux2 > > > In my host is default installation python package: > > *pablo@ub16042019:~$ python* >> Python 2.7.12 (default, Nov 12 2018, 14:36:49) >> [GCC 5.4.0 20160609] on linux2 > > > I reviewed all the packages on my host but still the error in the TASK > [bro : Download bro] continues in node1. > > *Best regards!* > Pablo de Azevedo > > > Em qua, 22 de mai de 2019 às 20:49, Nick Allen <n...@nickallen.org> > escreveu: > >> You probably have multiple Python versions installed. Take a look at >> your error message again. More specifically... >> >> > ... (the python executable used (/usr/bin/python) is version: 2.6.6 >> (r266:84292, Aug 18 2016, 15:13:37) >> >> On Wed, May 22, 2019 at 7:17 PM Pablo de Azevedo < >> pablodeazev...@gmail.com> wrote: >> >>> Hi Simon! >>> Yes, my python version is *Python 2.7.12* and my certificates are up to >>> date, but the failed again in download bro task. >>> >>> *Best regards!* >>> Pablo de Azevedo >>> >>> >>> Em qua, 22 de mai de 2019 às 12:34, Simon Elliston Ball < >>> si...@simonellistonball.com> escreveu: >>> >>>> Did you check the python versions and make sure your ca certificates >>>> were up-to-date as per the error message? >>>> >>>> Simon >>>> >>>> On Wed, 22 May 2019 at 16:18, Pablo de Azevedo < >>>> pablodeazev...@gmail.com> wrote: >>>> >>>>> Hello everybody! >>>>> I'm trying install apache with full sensors activated for >>>>> demonstration, but I have problems in TASK [bro : Download bro]. What's >>>>> happened? >>>>> Evidences: >>>>> >>>>> /apache-metron_0.7.1-rc2/metron-deployment/development/centos6$ >>>>>> vagrant --ansible-skip-tags="sensor-stubs" up >>>>>> ... >>>>>> ... >>>>>> ... >>>>>> ... >>>>>> ... >>>>>> TASK [bro : Download bro] >>>>>> ****************************************************** >>>>>> fatal: [node1]: FAILED! => {"changed": false, "failed": true, "msg": >>>>>> "Failed to validate the SSL certificate for www.zeek.org:443. Make >>>>>> sure your managed systems have a valid CA certificate installed. If the >>>>>> website serving the url uses SNI you need python >= 2.7.9 on your managed >>>>>> machine (the python executable used (/usr/bin/python) is version: 2.6.6 >>>>>> (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat >>>>>> 4.4.7-17)]) or you can install the `urllib3`, `pyOpenSSL`, >>>>>> `ndg-httpsclient`, and `pyasn1` python modules to perform SNI >>>>>> verification >>>>>> in python >= 2.6. You can use validate_certs=False if you do not need to >>>>>> confirm the servers identity but this is unsafe and not recommended. >>>>>> Paths >>>>>> checked for this platform: /etc/ssl/certs, >>>>>> /etc/pki/ca-trust/extracted/pem, >>>>>> /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, >>>>>> /etc/ansible. The exception msg was: hostname 'www.zeek.org' doesn't >>>>>> match either of 'blog.bro.org', 'bro.org', 'git.bro.org', ' >>>>>> nsf.bro.org', 'tracker.bro.org', 'www.bro.org'."} >>>>>> to retry, use: --limit >>>>>> @/home/pablo/git/apache-metron_0.7.1-rc2/metron-deployment/development/centos6/ansible/playbook.retry >>>>>> PLAY RECAP >>>>>> ********************************************************************* >>>>>> node1 : ok=153 changed=33 unreachable=0 >>>>>> failed=1 >>>>>> >>>>>> Ansible failed to complete successfully. Any error output should be >>>>>> visible above. Please fix these errors and try again. >>>>> >>>>> >>>>> >>>>> *************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** >>>>> Evidences(2): >>>>> >>>>> >>>>> /apache-metron_0.7.1-rc2$ metron-deployment/scripts/platform-info.sh >>>>>> Metron 0.7.1 >>>>>> -- >>>>>> -- >>>>>> fatal: your current branch 'master' does not have any commits yet >>>>>> -- >>>>>> -- >>>>>> ansible 2.4.0.0 >>>>>> config file = None >>>>>> configured module search path = >>>>>> [u'/home/pablo/.ansible/plugins/modules', >>>>>> u'/usr/share/ansible/plugins/modules'] >>>>>> ansible python module location = >>>>>> /usr/local/lib/python2.7/dist-packages/ansible >>>>>> executable location = /usr/local/bin/ansible >>>>>> python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 >>>>>> 20160609] >>>>>> -- >>>>>> Vagrant 2.2.4 >>>>>> -- >>>>>> vagrant-hostmanager (1.8.9, global) >>>>>> -- >>>>>> Python 2.7.12 >>>>>> -- >>>>>> Apache Maven 3.3.9 >>>>>> Maven home: /usr/share/maven >>>>>> Java version: 1.8.0_201, vendor: Oracle Corporation >>>>>> Java home: /usr/lib/jvm/java-8-oracle/jre >>>>>> Default locale: pt_BR, platform encoding: UTF-8 >>>>>> OS name: "linux", version: "4.4.0-148-generic", arch: "amd64", >>>>>> family: "unix" >>>>>> -- >>>>>> Docker version 18.09.6, build 481bc77 >>>>>> -- >>>>>> node >>>>>> v4.2.6 >>>>>> -- >>>>>> npm >>>>>> 3.5.2 >>>>>> -- >>>>>> g++ (Ubuntu 5.4.0-6ubuntu1~16.04.11) 5.4.0 20160609 >>>>>> Copyright (C) 2015 Free Software Foundation, Inc. >>>>>> This is free software; see the source for copying conditions. There >>>>>> is NO >>>>>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR >>>>>> PURPOSE. >>>>>> -- >>>>>> Compiler is C++11 compliant >>>>>> -- >>>>>> Linux ub1604in2017 4.4.0-148-generic #174-Ubuntu SMP Tue May 7 >>>>>> 12:20:14 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux >>>>>> -- >>>>>> Total System Memory = 15994.3 MB >>>>>> Processor Model: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz >>>>>> Processor Speed: 3361.617 MHz >>>>>> Processor Speed: 3448.476 MHz >>>>>> Processor Speed: 3323.898 MHz >>>>>> Processor Speed: 3400.664 MHz >>>>>> Processor Speed: 3359.625 MHz >>>>>> Processor Speed: 3283.125 MHz >>>>>> Processor Speed: 3382.335 MHz >>>>>> Processor Speed: 3275.023 MHz >>>>>> Total Physical Processors: 8 >>>>>> Total cores: 32 >>>>>> Disk information: >>>>>> /dev/sdb1 95G 52G 38G 58% / >>>>> >>>>> >>>>> >>>>> *Best regards!* >>>>> Pablo de Azevedo >>>>> >>>> >>>> >>>> -- >>>> -- >>>> simon elliston ball >>>> @sireb >>>> >>>
