Running in local machine allows us to get started using Pravega very quickly. Running Pravega in Standalone mode is suitable for development and testing Pravega applications.
The prerequisites for running in local machine is described below.
Checkout the source code:
git clone https://github.com/pravega/pravega.git
cd pravega
Build the Pravega standalone distribution:
./gradlew startStandalone
Download the Pravega release from the GitHub Releases.
$ tar xfvz pravega-<version>.tgz
Download and extract either tarball or zip files. Follow the instructions provided for the tar files (same can be applied for zip file) to launch all the components of Pravega on your local machine.
Run Pravega Standalone:
pravega-<version>/bin/pravega-standalone
The below command will download and run Pravega from the container image on docker hub.
Note: We must replace the <ip>
with the IP of our machine to connect to Pravega from our local machine. Optionally we can replace latest
with the version of Pravega as per the requirement.
docker run -it -e HOST_IP=<ip> -p 9090:9090 -p 12345:12345 pravega/pravega:latest standalone
Unlike other options for running locally, the Docker Compose option runs a full deployment of Pravega in distributed mode. It contains containers for running Zookeeper, Bookkeeper and HDFS. Hence Pravega operates as if it would in production. This is the easiest way to get started with the standalone option but requires additional resources.
-
Ensure that your host machine meets the following prerequisites:
- It has Docker
1.12
or later installed. - It has Docker Compose installed.
- It has Docker
-
Download the docker-compose.yml file from Pravega GitHub repository.
$ wget https://raw.githubusercontent.com/pravega/pravega/master/docker/compose/docker-compose.yml
Alternatively, clone the Pravega repository to fetch the code.
$ git clone https://github.com/pravega/pravega.git
-
Navigate to the directory containing Docker Compose configuration
.yml
files.$ cd /path/to/pravega/docker/compose
-
Add HOST_IP as an environment variable with the value as the IP address of the host.
$ export HOST_IP=<HOST_IP>
-
Run the following command to start a deployment comprising of multiple Docker containers, as specified in the
docker-compose.yml
file.$ docker-compose up -d
To use one of the other files in the directory, use the
-f
option to specify the file.$ docker-compose up -d -f docker-compose-nfs.yml
-
Verify that the deployment is up and running.
$ docker-compose ps
Clients can then connect to the Controller at <HOST_IP>:9090
.
To access the Pravega Controller REST
API, invoke it using a URL of the form http://<HOST_IP>:10080/v1/scopes
(where
/scopes
is one of the many endpoints that the API supports).
SSL/TLS singlenode.enableTls
is disabled by default in Pravega standalone mode cluster. The following steps explains how to enable and run standalone mode cluster with SSL/TLS enabled:
-
Configure standalone server to communicate using SSL/TLS. To do so, edit the TLS-related properties in
standalone-config.properties
as shown below:singlenode.enableTls=true singlenode.keyFile=../config/server-key.key singlenode.certFile=../config/server-cert.crt singlenode.keyStoreJKS=../config/server.keystore.jks singlenode.keyStoreJKSPasswordFile=../config/server.keystore.jks.passwd singlenode.trustStoreJKS=../config/client.truststore.jks
-
Ensure that the server's certificate is trusted. To ensure the server's certificate is trusted, import it into the JVM's truststore. The server certificate used for the Pravega standalone mode server must be trusted on the JVM that runs the server. A server certificate can be rendered trusted via either Chain of Trust or via Direct Trust.
Chain of Trust: A chain of trust, which is the standard SSL/TLS certificate trust model, is established by verifying that the certificate is issued and signed by a trusted CA. If you are using a certificate issued by a CA as the server certificate, ensure that the CA's certificate is in the JVM's truststore.
Direct Trust: This type of trust is established by adding the server's certificate to the truststore. It is a non-standard way of establishing trust when using self-signed certificates. If you using self-signed certificates such as those provided by Pravega for standalone mode, ensure that the server's certificate is in the JVM's truststore.
The following command sequence is used (in Linux) with the provided certificate file cert.pem
into the JVM's system truststore.
cd /path/to/pravega/config
- Convert the
server-cert.crt
file toDER
format:openssl x509 -in server-cert.crt -inform pem -out server-cert.der -outform der
- Import the certificate into the local JVM's trust store:
sudo keytool -importcert -alias local-CA -keystore /path/to/jre/lib/security/cacerts -file server-cert.der
(using the default passwordchangeit
)
Note: If you want to use a custom truststore instead of adding the certificate to the system truststore, create a new truststore using Java keytool utility, add the certificate to it and configure the JVM to use it by setting the system properties javax.net.ssl.trustStore
and javax.net.ssl.trustStorePassword
.
-
Run Pravega standalone mode using command
./gradlew startStandalone
. -
Verify that controller REST API is returning response over SSL/TLS:
curl -v -k https://<host-name>/v1/scopes
-v
is to avoid hostname verification, since we are using the provided certificate which isn't assigned to your hostname. You can find details about curl's options here. -
Run Reader/Writer Pravega sample applications against the standalone server to verify it is responding appropriately to
Read/Write
requests. To do so, in theClientConfig
, set the following:ClientConfig clientConfig = ClientConfig.builder() .controllerURI(...) .trustStore("/path/to/server-cert.crt") .validateHostName(false) .build();
-
Everything else should be the same as the Reader/Writer apps.