cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Running MineMeld using Docker

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Printer Friendly Page
lmori
lmori
4 weeks ago

An easy and powerful way of installing MineMeld is using MineMeld docker image. A docker-based installation of MineMeld can run on any Linux distribution supported by Docker and it is extremely easy to upgrade and maintain.

 

Overview

The procedure to use MineMeld is pretty simple:

The rest of the article will guide you thru installing Docker CE on RHEL 7 and run MineMeld on top of it. Only the first part, the one related to installing Docker on RHEL, is RHEL specific. The second part, the one related to MineMeld itself, is distribution independent.

 

Install Docker on RHEL7

  1. Update your RHEL 
    sudo yum update -y
  2. Remove old docker version 
    sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
  3. Install container-selinux package from CentOS repo 
    sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-1.el7_6.noarch.rpm
  4. Install additional packages 
    sudo yum install -y yum-utils   device-mapper-persistent-data   lvm2 container-selinux
  5. Add official Docker CE repo 
    sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  6. Rebuild package cache 
    sudo yum update -y && sudo yum makecache fast
  7. Install official Docker CE packages 
    sudo yum install docker-ce docker-ce-cli containerd.io
  8. Start Docker engine 
    sudo systemctl start docker
  9. Make sure Docker is working 
    sudo docker run hello-world

 

Install & Run MineMeld

  1. Pull the latest official image 
    sudo docker pull paloaltonetworks/minemeld
  2. Create named volumes for data and logs 
    sudo docker volume create minemeld-logs
sudo docker volume create minemeld-local
  3. Start the container 
    sudo docker run -dit --name minemeld --restart unless-stopped --tmpfs /run -v minemeld-local:/opt/minemeld/local -v minemeld-logs:/opt/minemeld/log  -p 443:443 -p 80:80 paloaltonetworks/minemeld
  4. After ~30 seconds you should see minemeld running in the container logs 
    [ec2-user@minemeld ~]$ sudo docker logs minemeld
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 7
minemeld: checking if dependencies are running...
run: redis: (pid 18) 0s
run: collectd: (pid 19) 0s
Copying constraints
Starting redis-server...
Regenarating CA bundle
Sep 18 14:07:31 d0b5d1fbc102 syslog-ng[20]: syslog-ng starting up; version='3.5.6'
2019-09-18T14:07:31 (35)cacert_merge.main INFO: config: {'cafile': ['/opt/minemeld/local/certs/site/'], 'dst': '/opt/minemeld/local/certs/bundle.crt', 'config': '/opt/minemeld/local/certs/cacert-merge-config.yml', 'no_merge_certifi': False}
(integer) 0
Starting minemeld...
/opt/minemeld/engine/0.9.64/local/lib/python2.7/site-packages/supervisor/options.py:383: PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
  return pkg_resources.EntryPoint.parse("x="+spec).load(False)
2019-09-18 14:07:32,153 CRIT Set uid to user 106
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-engine.conf" during parsing
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-supervisord-listener.conf" during parsing
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-traced.conf" during parsing
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-web.conf" during parsing
2019-09-18 14:07:32,164 INFO RPC interface 'supervisor' initialized
2019-09-18 14:07:32,164 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2019-09-18 14:07:32,164 INFO supervisord started with pid 21
2019-09-18 14:07:33,167 INFO spawned: 'minemeld-supervisord-listener' with pid 60
2019-09-18 14:07:33,168 INFO spawned: 'minemeld-engine' with pid 61
2019-09-18 14:07:33,170 INFO spawned: 'minemeld-traced' with pid 62
2019-09-18 14:07:33,172 INFO spawned: 'minemeld-web' with pid 63
2019-09-18 14:07:34,322 INFO success: minemeld-supervisord-listener entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-09-18 14:07:34,322 INFO success: minemeld-traced entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-09-18 14:07:34,322 INFO success: minemeld-web entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-09-18 14:08:03,191 INFO success: minemeld-engine entered RUNNING state, process has stayed up for > than 30 seconds (startsecs)
  5. Connect to the Web interface (https://<address>/) and use username admin and password minemeld to login

 

Check MineMeld Logs

You can check MineMeld engine and MineMeld audit logs from outside the container. Inspect the minemeld-logs volume to grab the directory used by the Docker engine to store volume files. Your logs will be there.

 

[ec2-user@minemeld ~]$ sudo docker inspect minemeld-logs
[
    {
        "CreatedAt": "2019-09-18T10:07:32-04:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/minemeld-logs/_data",
        "Name": "minemeld-logs",
        "Options": {},
        "Scope": "local"
    }
]
[ec2-user@minemeld ~]$ sudo ls /var/lib/docker/volumes/minemeld-logs/_data
minemeld-engine-stderr---supervisor-PV9ZPJ.log		      minemeld-supervisord-listener.log		      minemeld-web-stderr---supervisor-cXauy4.log
minemeld-engine.log					      minemeld-traced-stderr---supervisor-4V3T4E.log  minemeld-web.log
minemeld-supervisord-listener-stdout---supervisor-T3Wfwi.log  minemeld-traced.log			      supervisord.log

 

Backup MineMeld

The config directory in the minemeld-local volume contains all the file needed to restore the MineMeld installation. You can backup the files by inspecting the volume and perform a backup of the config directory.

[ec2-user@minemeld ~]$ sudo docker inspect minemeld-local
[
    {
        "CreatedAt": "2019-09-18T10:03:12-04:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/minemeld-local/_data",
        "Name": "minemeld-local",
        "Options": {},
        "Scope": "local"
    }
]
[ec2-user@minemeld ~]$ sudo ls /var/lib/docker/volumes/minemeld-local/_data
certs  config  data  library  prototypes  redis  supervisor  trace

 

Upgrade MineMeld

To upgrade to the latest and greatest release:

  1. Pull the latest release 
    sudo docker pull paloaltonetworks/minemeld
  2. Stop and remove the current container 
    sudo docker stop minemeld
sudo docker rm minemeld
  3. Start the container 
    sudo docker run -dit --name minemeld --restart unless-stopped --tmpfs /run -v minemeld-local:/opt/minemeld/local -v minemeld-logs:/opt/minemeld/log  -p 443:443 -p 80:80 paloaltonetworks/minemeld

 

Change MineMeld UI Certificate

The default certificate used by MineMeld is a self-signed certificate. You should change it when running in production. To do it just map your certificate and private key on the default certificate:

sudo docker run -dit \
    --name minemeld \
    --restart unless-stopped \
    --tmpfs /run \
    -v minemeld-local:/opt/minemeld/local \
    -v minemeld-logs:/opt/minemeld/log  \
    -v /var/lib/minemeld/real-cert.crt:/etc/nginx/minemeld.cer:ro \
    -v /var/lib/minemeld/real-cert.pem:/etc/nginx/minemeld.pem:ro \
    -p 443:443 -p 80:80 \
    paloaltonetworks/minemeld

 

Tags (5)
Rate this article:
643 Views
Comments
Potato-soup
Potato-soup
3 weeks ago
3 weeks ago

Thanks @lmori this looks great I may give it a go.   I am at that point where I'm about to build our Minemeld solution.   I have successfully created a 16.04 Ubuntu build using anisible in our Dev environment.  All other distro are listed as "Still experimental" on the minemeld site. 

How stable is the Docker install?   I'd be interested in what you would recommend.

 

 

 

524 Views
lmori
lmori
2 weeks ago
2 weeks ago

@Potato-soup It is stable, it is being used in production.

398 Views
ksampson
ksampson
2 weeks ago
2 weeks ago

I can confirm this will work on Ubuntu as well.  Get docker running on Ubuntu using the instructions below. Then follow the instructions from Install & Run MineMeld.

 

https://docs.docker.com/install/linux/docker-ce/ubuntu/

 

Great article @lmori 

341 Views
ACMENEWS
ACMENEWS
a week ago
a week ago

Thank you to Ksampson and Lmori.  Following the provided instructions I was able to install MimeMeld within Ubuntu 18.04.1 LTS and have it properly function.   I have been attempting to replace my Ubuntu 14.x MineMeld install and these were the only instructions which actually worked.

242 Views
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
4 of 4
Last update:
3 weeks ago
Updated by:
 
View article history
Contributors
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2019 - Palo Alto Networks