METRON-1785 Automate deployment of packet capture for development environment

[nickwallen]

While trying to test #1201 , I fixed some issues with the Ansible install of the components required for testing packet capture. I added instructions for how to do this in the README.

Testing

1. Spin-up the development environment and validate that alerts are visible in the Alerts UI and run the Metron Service Check in Ambari.

2. Follow the instruction in the README, to install and start all of the components for capturing packets. Ensure that you can search and find these packets using the Alerts UI > PCAP tab.

Pull Request Checklist

• Is there a JIRA ticket associated with this PR? If not one needs to be created at Metron Jira.
• Does your PR title start with METRON-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
• Has your PR been rebased against the latest commit within the target branch (typically master)?
• Have you included steps to reproduce the behavior or problem that is being changed or addressed?
• Have you included steps or a guide to how the change may be verified and tested manually?
• Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:
• Have you written or updated unit tests and or integration tests to verify your changes?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?

[nickwallen]

Comments to help reviewers.

[nickwallen]

Allows us to deploy all of the components required for testing packet capture using the tag 'pcap'.

[nickwallen]

Pycapa only works with 0.11.5 now. This was tested and validated in a previous PR #1136.

[JonZeolla]

Should we update the bro package as well? I would need to double check but I think it uses the version of librdkafka installed here in full-dev, but the package docs say "This plugin has been tested against the latest release of librdkafka, which at the time of this writing is v0.9.4."

[nickwallen]

Specific instructions for deploying the components required to test packet capture in the development environment.

[nickwallen]

Travis CI goofed

[MohanDV]

Deployed a full dev , I executed set of instructions as in Docs

vagrant up vagrant --ansible-tags="pcap" provision

#Stopped the Parser, Enrichment, Indexing, and Profiler topologies to free-up resources.

vagrant ssh sudo su - source /etc/default/metron yum -y install wireshark

I see that the pcap-replay and pycapa services not deployed ..

[root@node1 ~]# service pcap-replay start

pcap-replay: unrecognized service

[root@node1 ~]# service pycapa start

pycapa: unrecognized service

[nickwallen]

Yes, you are right @MohanDV. Somehow the default tags are interacting badly with the tags that are passed in. I'll try to figure out what's going on.