Running Pravega¶
Running in local machine allows us to get started using Pravega very quickly. Running Pravega in Standalone mode is suitable for development and testing Pravega applications.
The prerequisites for running in local machine is described below.
Standalone Mode¶
From Source¶
Checkout the source code:
git clone https://github.com/pravega/pravega.git cd pravega
Build the Pravega standalone distribution:
./gradlew startStandalone
From Installation Package¶
Download the Pravega release from the GitHub Releases.
$ tar xfvz pravega-<version>.tgz
Run Pravega Standalone:
pravega-<version>/bin/pravega-standalone
From Docker Container¶
The below command will download and run Pravega from the container image on docker hub.
Note: We must replace the <ip> with the IP of our machine to connect to Pravega from our local machine. Optionally we can replace latest with the version of Pravega as per the requirement.
docker run -it -e HOST_IP=<ip> -p 9090:9090 -p 12345:12345 pravega/pravega:latest standalone
Docker Compose (Distributed Mode)¶
Unlike other options for running locally, the Docker Compose option runs a full deployment of Pravega in distributed mode. It contains containers for running Zookeeper, Bookkeeper and HDFS. Hence Pravega operates as if it would in production. This is the easiest way to get started with the standalone option but requires additional resources.
-
Ensure that your host machine meets the following prerequisites:
-
It has Docker
1.12or later installed. -
It has Docker Compose installed.
-
Download the docker-compose.yml file from Pravega GitHub repository.
$ wget https://raw.githubusercontent.com/pravega/pravega/master/docker/compose/docker-compose.yml
Alternatively, clone the Pravega repository to fetch the code.
$ git clone https://github.com/pravega/pravega.git
- Navigate to the directory containing Docker Compose configuration
.ymlfiles.
$ cd /path/to/pravega/docker/compose
- Add HOST_IP as an environment variable with the value as the IP address of the host.
$ export HOST_IP=<HOST_IP>
- Run the following command to start a deployment comprising of multiple Docker containers, as specified in the
docker-compose.ymlfile.
$ docker-compose up -d
To use one of the other files in the directory, use the -f option to specify the file.
$ docker-compose up -d -f docker-compose-nfs.yml
- Verify that the deployment is up and running.
$ docker-compose ps
Clients can then connect to the Controller at <HOST_IP>:9090.
To access the Pravega Controller REST API, invoke it using a URL of the form http://<HOST_IP>:10080/v1/scopes (where
/scopes is one of the many endpoints that the API supports).
Running Pravega in Standalone Mode with SSL/TLS Enabled¶
SSL/TLS singlenode.enableTls is disabled by default in Pravega standalone mode cluster. The following steps explains how to enable and run standalone mode cluster with SSL/TLS enabled:
-
Configure standalone server to communicate using SSL/TLS. To do so, edit the TLS-related properties in
standalone-config.propertiesas shown below:singlenode.enableTls=true singlenode.keyFile=../config/server-key.key singlenode.certFile=../config/server-cert.crt singlenode.keyStoreJKS=../config/server.keystore.jks singlenode.keyStoreJKSPasswordFile=../config/server.keystore.jks.passwd singlenode.trustStoreJKS=../config/client.truststore.jks
-
Ensure that the server's certificate is trusted. To ensure the server's certificate is trusted, import it into the JVM's truststore. The server certificate used for the Pravega standalone mode server must be trusted on the JVM that runs the server. A server certificate can be rendered trusted via either Chain of Trust or via Direct Trust.
Chain of Trust: A chain of trust, which is the standard SSL/TLS certificate trust model, is established by verifying that the certificate is issued and signed by a trusted CA. If you are using a certificate issued by a CA as the server certificate, ensure that the CA's certificate is in the JVM's truststore.
Direct Trust: This type of trust is established by adding the server's certificate to the truststore. It is a non-standard way of establishing trust when using self-signed certificates. If you using self-signed certificates such as those provided by Pravega for standalone mode, ensure that the server's certificate is in the JVM's truststore.
The following command sequence is used (in Linux) with the provided certificate file cert.pem into the JVM's system truststore.
cd /path/to/pravega/config- Convert the
server-cert.crtfile toDERformat:openssl x509 -in server-cert.crt -inform pem -out server-cert.der -outform der - Import the certificate into the local JVM's trust store:
sudo keytool -importcert -alias local-CA -keystore /path/to/jre/lib/security/cacerts -file server-cert.der(using the default passwordchangeit)
Note: If you want to use a custom truststore instead of adding the certificate to the system truststore, create a new truststore using Java keytool utility, add the certificate to it and configure the JVM to use it by setting the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword.
-
Run Pravega standalone mode using command
./gradlew startStandalone. -
Verify that controller REST API is returning response over SSL/TLS:
curl -v -k https://<host-name>/v1/scopes
-vis to avoid hostname verification, since we are using the provided certificate which isn't assigned to your hostname. You can find details about curl's options here. -
Run Reader/Writer Pravega sample applications against the standalone server to verify it is responding appropriately to
Read/Writerequests. To do so, in theClientConfig, set the following:
ClientConfig clientConfig = ClientConfig.builder() .controllerURI(...) .trustStore("/path/to/server-cert.crt") .validateHostName(false) .build();