Skip to content

Latest commit

 

History

History
169 lines (110 loc) · 7.07 KB

run-local.md

File metadata and controls

169 lines (110 loc) · 7.07 KB

Running Pravega

Running in local machine allows us to get started using Pravega very quickly. Running Pravega in Standalone mode is suitable for development and testing Pravega applications.

The prerequisites for running in local machine is described below.

Standalone Mode

From Source

Checkout the source code:

git clone https://github.com/pravega/pravega.git
cd pravega

Build the Pravega standalone distribution:

./gradlew startStandalone

From Installation Package

Download the Pravega release from the GitHub Releases.

$ tar xfvz pravega-<version>.tgz

Download and extract either tarball or zip files. Follow the instructions provided for the tar files (same can be applied for zip file) to launch all the components of Pravega on your local machine.

Run Pravega Standalone:

pravega-<version>/bin/pravega-standalone

From Docker Container

The below command will download and run Pravega from the container image on docker hub.

Note: We must replace the <ip> with the IP of our machine to connect to Pravega from our local machine. Optionally we can replace latest with the version of Pravega as per the requirement.

docker run -it -e HOST_IP=<ip> -p 9090:9090 -p 12345:12345 pravega/pravega:latest standalone

Docker Compose (Distributed Mode)

Unlike other options for running locally, the Docker Compose option runs a full deployment of Pravega in distributed mode. It contains containers for running Zookeeper, Bookkeeper and HDFS. Hence Pravega operates as if it would in production. This is the easiest way to get started with the standalone option but requires additional resources.

  1. Ensure that your host machine meets the following prerequisites:

    • It has Docker 1.12 or later installed.
    • It has Docker Compose installed.
  2. Download the docker-compose.yml file from Pravega GitHub repository.

    $ wget https://raw.githubusercontent.com/pravega/pravega/master/docker/compose/docker-compose.yml
    

    Alternatively, clone the Pravega repository to fetch the code.

    $ git clone https://github.com/pravega/pravega.git
    
  3. Navigate to the directory containing Docker Compose configuration .yml files.

    $ cd /path/to/pravega/docker/compose
    
  4. Add HOST_IP as an environment variable with the value as the IP address of the host.

    $ export HOST_IP=<HOST_IP>
    
  5. Run the following command to start a deployment comprising of multiple Docker containers, as specified in the docker-compose.yml file.

    $ docker-compose up -d
    

    To use one of the other files in the directory, use the -f option to specify the file.

    $ docker-compose up -d -f docker-compose-nfs.yml
    
  6. Verify that the deployment is up and running.

    $ docker-compose ps
    

Clients can then connect to the Controller at <HOST_IP>:9090.

To access the Pravega Controller REST API, invoke it using a URL of the form http://<HOST_IP>:10080/v1/scopes (where /scopes is one of the many endpoints that the API supports).

Running Pravega in Standalone Mode with SSL/TLS Enabled

SSL/TLS singlenode.enableTls is disabled by default in Pravega standalone mode cluster. The following steps explains how to enable and run standalone mode cluster with SSL/TLS enabled:

  1. Configure standalone server to communicate using SSL/TLS. To do so, edit the TLS-related properties in standalone-config.properties as shown below:

       singlenode.enableTls=true
       singlenode.keyFile=../config/server-key.key
       singlenode.certFile=../config/server-cert.crt
       singlenode.keyStoreJKS=../config/server.keystore.jks
       singlenode.keyStoreJKSPasswordFile=../config/server.keystore.jks.passwd
       singlenode.trustStoreJKS=../config/client.truststore.jks
  2. Ensure that the server's certificate is trusted. To ensure the server's certificate is trusted, import it into the JVM's truststore. The server certificate used for the Pravega standalone mode server must be trusted on the JVM that runs the server. A server certificate can be rendered trusted via either Chain of Trust or via Direct Trust.

    Chain of Trust: A chain of trust, which is the standard SSL/TLS certificate trust model, is established by verifying that the certificate is issued and signed by a trusted CA. If you are using a certificate issued by a CA as the server certificate, ensure that the CA's certificate is in the JVM's truststore.

    Direct Trust: This type of trust is established by adding the server's certificate to the truststore. It is a non-standard way of establishing trust when using self-signed certificates. If you using self-signed certificates such as those provided by Pravega for standalone mode, ensure that the server's certificate is in the JVM's truststore.

The following command sequence is used (in Linux) with the provided certificate file cert.pem into the JVM's system truststore.

  • cd /path/to/pravega/config
  • Convert the server-cert.crt file to DER format: openssl x509 -in server-cert.crt -inform pem -out server-cert.der -outform der
  • Import the certificate into the local JVM's trust store: sudo keytool -importcert -alias local-CA -keystore /path/to/jre/lib/security/cacerts -file server-cert.der (using the default password changeit)

Note: If you want to use a custom truststore instead of adding the certificate to the system truststore, create a new truststore using Java keytool utility, add the certificate to it and configure the JVM to use it by setting the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword.

  1. Run Pravega standalone mode using command ./gradlew startStandalone.

  2. Verify that controller REST API is returning response over SSL/TLS:

      curl -v -k https://<host-name>/v1/scopes

    -v is to avoid hostname verification, since we are using the provided certificate which isn't assigned to your hostname. You can find details about curl's options here.

  3. Run Reader/Writer Pravega sample applications against the standalone server to verify it is responding appropriately to Read/Write requests. To do so, in the ClientConfig, set the following:

     ClientConfig clientConfig = ClientConfig.builder()
                  .controllerURI(...)
                  .trustStore("/path/to/server-cert.crt")
                  .validateHostName(false)
                  .build();
  4. Everything else should be the same as the Reader/Writer apps.