Tuesday, December 8, 2015

Data availability across multiple pods in Kubernetes using GlusterFS

Posted by Sudheera Palihakkara On 11:55 PM

Goolge's Kubernetes gives you the ability of managing a cluster of containers across multiple nodes and provide mechanisms for deploying, maintaining, and scaling applications. Usually in  a container application uses a on-disk files which are ephemeral by the nature of the container concept. Kubernetes provides a solution for this problem by introducing the 'volumes'  which resolves the aforementioned problem as well as the file sharing problem we encounter when we using several containers in a single pod or running several replicas of the same pod.

Taking the Kubernates volumes in to next level, we can use a network file system such a "GlusterFS" to manage the file system across the physical machines (nodes) and  let it handle the replication, security and data availability.  

Following example will show you how to configure two physical machines with glusterFS replication and boot-up kubernetes pods across those node with shared volume mounted. 

1. Setup the nodes with glusterfs

We will use two physical machines which we are going to identify as server-1 and server-2 here after, for ease of access add the following entries with suitable IP addresses to /etc/hosts of the each machine.   server-1   server-2

I'll explain how to set up the server-1 with glusterfs, follow the same steps and configure the server-2 once you completed with the server-1.

1.1 Install the glusterfs-server

If you using a dabian- based OS use apt to install the required packages.

apt-get install glusterfs-server

use following command to verify the proper installation of the package.

glusterfsd --version

above command should give a output similar to following.

glusterfs 3.4.2 built on Jan 14 2014 18:05:35
Repository revision: git://git.gluster.com/glusterfs.git
Copyright (c) 2006-2013 Red Hat, Inc.
It is licensed to you under your choice of the GNU Lesser
General Public License, version 3 or any later version (LGPLv3
or later), or the GNU General Public License, version 2 (GPLv2),
in all cases as published by the Free Software Foundation.

Note: Make sure tcp ports 111, 24007, 24008 and 24009 open for the server's by your firewall.

1.2 Add the peer node to trusted storage pool

On server-1 add the server-2 as a trusted storage
gluster peer probe server-2

You can check the status of the peers using following command.

gluster peer status

Note:  Now you have successfully configured the server-1 with glusterfs, follow the same steps with proper changes to configure the server-2

1.3 Create the shared volume with replicas

Now we can create the shared volume with required replicas (here we using 2 replicas because the mirroring to take effect).  Following command will create the shared volume and set up the data directories in the nodes. You can specify any directory you wish to store the data in each node. If this command gives an error saying the data directories should be created in a separate physical volume, you can override it with using 'force' keyword at the end of the command.

gluster volume create test-volume replica 2 transport tcp server-1:/home/user/data server-2:/home/user/data

Start the above created volume using following command

gluster volume start test-volume

Check the status of the volumes using following command

gluster volume info

It should give you a output similar to this.

Volume Name: test-volume
Type: Replicate
Volume ID: a13d64b6-7e07-4253-895e-d736e176b59f
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Brick1: server-1:/home/user/data
Brick2: server-2:/home/user/data

Note : If the volume info doesn't give you the expected output, just restart the glusterFS-server and check the info again. 

Now you completed the setup of shared volume and for testing the operation mount the created volume to a directory of any of physical nodes and add, delete files and see the replication works.
Use the mount.glusterfs command to mount the shared volume.

mount.glusterfs server-1:/test-volume /mnt/glusterfs

2 Use the shared volume as a mountVolume in kubernetes pod

In order to use the glusterFS volumes in kubernetes nodes you will have to configure kubernetes endpoints that are pointed to glusterFS servers. This will gives you the flexibility of using entire different set of servers to use as the gluster-cluster and mount those volumes. In addition we have to add a kubernetes service to be used by pods. 

Refer the following yaml configurations to start the kubernetes components.

Endpoint :
  kind: "Endpoints"
  apiVersion: "v1"
    name: "glusterfs-cluster"
        - ip: ""
        - port: 1
        - ip: ""
        - port: 1

  kind: "Service"
  apiVersion: "v1"
    name: "glusterfs-cluster"
      - port: 1

  apiVersion: "v1"
  id: "glusterfs"
  kind: "Pod"
    name: "glusterfs"
      - name: "glusterfs"
        image: "your-test-image"
          - mountPath: "/mnt/glusterfs"
            name: "glusterfsvol"
      - name: "glusterfsvol"
          endpoints: "glusterfs-cluster"
          path: "test-volume"
          readOnly: false

Use kubectl command kubectl create -f file-location.yaml to create each component. In pod definition use name of the shared volume in glusterFS as the path and specify a proper image in container specification. 

Log in to the pod and test that volume is mounted on path /mnt/glusterfs without an issue. 

Monday, September 7, 2015

Transport Data Securely and Reliably over the Internet with AdroitLogic AS2Gateway

Posted by Sudheera Palihakkara On 10:31 PM

Are you looking for a solution to send and receive your business data through the internet, securely and reliably? Applicability Statement 2 (AS2) defines a protocol which ensures such functionality. Using digital certificates and encryption ensures the security aspect of this protocol.

AdroitLogic AS2 Gateway is a cloud based messaging platform that designed to operate on AS2 protocol.  Being a cloud based solution,  AS2Gateway gives you the ability to quickly set up the trading stations and get in to messaging as soon as possible. Here's a quick introduction and setup guide to AS2Gateway written by Manjula.

I'm going to talk about several key features and tools provided by the AS2Gateway in the rest of this blog post. 

Certificate Store

Certificate store is a very useful tool provided by the AS2Gateway, it allows you to import, generate and manage your certificates without using any other tools externally.

(Click on the image to view in full screen)

I'd like to point out some of the useful features in Certificate Store. Refer to the numbers I put on the image.

1. Certificate type : A certificate could be a private key of a station defined in AS2Gateway, a certificate of your trading partner or a  Https certificate of your trading partner.

2. Belongs To : This column specifies the trading station or the trading partner which the certificate is currently assigned to.

3. You can export any of your certificates using this button to PEM or DER formats and download them.

4. Assigning the certificates to partners can be done easily using this button.

5. This gives you the ability to import any certificate in to the certificate store.

6. If you want to generate your own certificate and add it to the store. it can be achieved here with a single click.

Message View

Message view gives you to access various properties of the sent/ received message including the http level headers. To get the message view click on the message subject in inbox or outbox. Refer to the following image. 

(Click on the image to view in full screen)

1. Download the content to your local file system, if the content is consist of several attachments you can download each attachment one by one or as a zip file.

2. Download the raw message as the AS2Gateway receives it.

3. Download the transport level headers. like AS2-From, AS2-To, Content-Type etc

4. Download the MDN(Message Disposition Notification) associated with the message.

Audit Trails

Audit trails gives you the ability to keep track of events that took place in your as2gateway organization profile. You can filter out each audit trail by Trading partner, Trading station, Messages etc. You can even define your own custom tags and filter using those tags.

(Click on the image to view in full screen)

I'll talk about more features of AS2Gateway in the next blog post. Thank you.


Saturday, June 14, 2014

Install fcitx to type sinhala unicode real time in ubuntu

Posted by Sudheera Palihakkara On 12:46 AM

Since Rsinglish developers asked to use fcitx instead of iBus here are some steps to install and config fcitx in linux environment. 

1. To install fcitx, fcitx-config and fcitx-m17n using apt-get simply enter following line in terminal 
 sudo apt-get install fcitx fcitx-config-gtk2 fcitx-m17n   

2. Set the input method for gtk/qt modules and xim programs by setting the environment variables. Open the /etc/environment file in your favourite text editor and add the following lines to the bottom.  
  export GTK_IM_MODULE=fcitx  
  export QT_IM_MODULE=fcitx  
  export XMODIFIERS="@im=fcitx"  

3. Restart the session and you can see the system tray icon of the fcitx. (if not add the startup script, the command as "fcitx")

4. Right click on the fcitx icon on the system tray and click Configure.

5.  In config window click on the small + sign on the bottom-left coner.

6. In the Add input method window uncheck the Only show current Language setting and search for singlish. Select Singlish(m17n) and click OK.

That's it. close the config window and try the input method. The default key combination for switching between the input methods is ctrl+Space. But you can change it using Globle Config tab in config window. Cheers.!

Reference : https://wiki.archlinux.org/index.php/fcitx#Using_FCITX_to_Input

Sunday, June 1, 2014

Install RSinglish-a real time sinhala unicode converter on linux

Posted by Sudheera Palihakkara On 1:33 AM

Update  : Developers of Rsinglish asked to use fcitx instead of m17n alone so this post is outdated, please refer to the next blog post to install fcitx and type Unicode realtime.
Real time Singlish is a real time unicode converter script for Sinhala. Here are few steps to follow in order to install it on Linux mint 16(Petra) and Ubuntu.

1. Install IBus and Ibus-m17n using following commands

 sudo apt-get install ibus  
 sudo apt-get install ibus-m17n  

2. Go to Language Support and click on Install/Remove Languages.

3.  Select Sinhala from the list and select Apply Changes

4. Select Keyboard input method system as IBus in Language Support and click Apply System wide button.

5. In control center go to Input Methods(or just search in the start menu), it will bring up a wizard. Activate Ibus daemon by proceeding through the wizard.

6. Ibus will start in your system tray now (The small  keyboard icon) if not use following command to start IBus.

 /usr/bin/ibus-daemon -d  

7. Go to IBus preference by right clicking the IBus icon at the system tray

 8.In the Input methods tab check the custermize active input methods and click on the drop-down menu. Click on show all input methods on the bottom of the drop-down list. Now select the sinhala; Sinhalese from the list and then Singlish(m17n). See the image below. After that click Add  button.

9. All set, restart the machine and left-click on the system tray IBus icon. (if it isn't there just run once and add the command listed in step 6 to Startup Applications). 

You can now select between Singlish and English. Form the preference of IBus you can configure a key combination for faster switching between the input methods.

Here's the letter-map

  Reference : 

[1] http://0xdeafc0de.wordpress.com/rsinglish/
[2] http://0xdeafc0de.wordpress.com/rsinglish/linux-rsinglish-installation/

P.S : Developers of Rsinglish asked to use fcitx instead of m17n alone so please refer to the next blog post to install fcitx

Thursday, March 27, 2014

Create self signed SSL certificates with crl/ocsp X509 Extensions using openssl

Posted by Sudheera Palihakkara On 12:57 AM

(image source : https://ssl.trustwave.com/support/support-how-ssl-works.php)

In order to test Ocsp/Crl validation we need to send the client request with ssl certificates that have information about CRL and OCSP. For that we can add authorityInfoAccess and crlDistributionPoints extensions to certificates. Here I'm using openssl tool on linux terminal to create required certificates.

what we need to create:

step 1. RSA key to root CA
step 2. Root CA certificate
step 3.  RSA key to subordinate(client)
step 4.  subordinate certificate
and then we can get the subordinate signed by root CA.

step 1
create 4096 long RSA key names ca.key

openssl genrsa -out ca.key 4096

step 2
create root CA using the generated key. Enter following line and provide information for your root CA that may be asked.

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt 

step 3
create RSA key for subordinate

openssl genrsa -out ia.key 4096   

step 4

openssl req -new -key ia.key -out ia.csr

Ok. Now we have to add the required extension before giving Certificate Signing Request. First create a file named my.cnf with the following data.

authorityInfoAccess = OCSP;URI: http://ocsp.digicert.com

Now we can execute following command with the extension of above created file.

openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt -extfile my.cnf

we have ia.crt certificate signed by ca.crt .

Next blog post will be about how to test the ocsp/crl verification at the transport listener using CURL.

resources :

Wednesday, March 26, 2014

WSO2 ESB OCSP/CRL Verification implementation in transport Listner

Posted by Sudheera Palihakkara On 11:25 PM

 (image source : http://support.f5.com/techdocs/home/bigip/manuals/bigip4_5/bigip4_5features/images/BIGip_OCSPa.gif)

During the SSL handshake a server invokes OCSP/CRL protocols to verify that the client’s X509 Certificate is not revoked by its issuer. Those protocols needs to make a http call to servers at CA in order to do the verification.  The responses include information about the revocation of the certificates. The SSL connection can’t be establish any further if the response indicate that the certificates are revoked. If not then the server can perform the SSL handshake.

In ESB 4.8.1 this feature is already implemented for transport sender. I have implemented it for the transport listener.

In order to enable this feature you have to add the following configuration to “Transport Ins (Listeners)”  section in axis2.xml file.

<parameter name="SSLVerifyClient">require</parameter>
            <!--supports optional|require or defaults to none -->
        <parameter name="CertificateRevocationVerifier" enable="true">
                <!-- In minutes -->

There is automatically managed cache associated with both ocsp and crl verifications. 

Testing ocsp/crl validation by creating self signed certificates will be explained in next blog post.

Monday, January 21, 2013

TankGame 03 - Java 2D game development tutorial with Slick, MarteEngine, Lwjgl

Posted by Sudheera Palihakkara On 7:50 AM

Now we have configured the environment,(If not, please refer the previous post) so we can create the game world with the entities in it. In my Netbeans project I have several Java classes representing various entities in the game. First we need to setup the "game world" which contains  all the players, blocks etc, 

So for the game application we need several types of java classes to handle various  tasks of the game. In my project I have divided the entire task into four parts. This approach is makes life easy for programmer. I have four software packages in my project.

Communicator package handles the communication and provide interface to get/send data for the rest of program. Configuration package contain all the configuration data including socket numbers foe communication etc. All the entities we have used in the application are list under the entities package. Game world class and other main classes are located inside the other package.

  OK now let's do coding. You can take a look at the code developed so far by me by following this link : github

First Step : Create the game container

The class with the main method (view here)should look like this way. It should extend the StateBasedGame. And in the main method it should initiate a  Application game container like this.

 AppGameContainer app = new AppGameContainer(new TankGametest02_GUI("Tank Game"));  

And then we can set the display mode of the game window, and the refresh rate. after that we can start the application.

 app.setDisplayMode(1280, 650, false);  

When we  start the game we need to initiate some sates, like load some configuration data into the program or load images from storage which we plan to include in the game later. This requirements can be achieved by overriding the method  initStatesList() .

1:    @Override  
2:    public void initStatesList(GameContainer gc) throws SlickException {  
3:      try {  
4:        ResourceManager.loadResources("data/resources.xml");  
5:        config.loadData();  
6:      } catch (IOException ex) {  
7:        Logger.getLogger(TankGametest02_GUI.class.getName()).log(Level.SEVERE, null, ex);  
8:      }  
9:      addState(new GameWorld(GAME_STATE, gc));  
10:      enterState(GAME_STATE);  
11:    }  

In line number 4, I have loaded the images using resource manager, take a look at the resources.xml file here. And  in the 5th line I have initiate the variables in config class using the configuration data entered in configuration property file located inside the configuration folder. take a look. That's all for this class. It just creates the game container and starts it.

Second Step : Create the game world
We need a "world" for all these tanks, bricks, stones and all to live in.  So here we create the GameWorld class by extending world class. 

Here in this class we need to override several methods in order to keep up the functionalists of the game world. These methods are called by the game engine so we don't have to worry about it.

1. Enter the game. Here in this example enter method doesn't do anything useful.

   public void enter(GameContainer container, StateBasedGame game) throws SlickException {  
     super.enter(container, game);  

2. Initi() method can be used to initiate game world details. I have used it here to create the background image(Load from the resource manager) and set up the bricks, stones and water in the tanks game.(non moveable objects)

   public void init(GameContainer gc, StateBasedGame game) throws SlickException {  
     super.init(gc, game);  
     //create background  
     try {  
     } catch (IOException ex) {  
       Logger.getLogger(GameWorld.class.getName()).log(Level.SEVERE, null, ex);  
       System.out.println("IOException @setup()" + ex.toString());  

3. render method will render graphics you can draw images, lines, text etc which will render throughout the game. I rendered the background and the grid.
   public void render(GameContainer gc, StateBasedGame game, Graphics g) throws SlickException {  
     //render background  
     g.drawImage(background, 0, -130);  
     g.drawImage(arenaImage, 20, 20);  
     super.render(gc, game, g);  
     //render Points table  

4.This is the most important method. The update method will be called by the game engine while the game is running couple of milliseconds apart. Number of milliseconds between two calls to the update method is given by delta, which send as an parameter to the update method by the engine. Inside this method we can specify the thing we want to do during the game time.

   public void update(GameContainer gc, StateBasedGame game, int delta) throws SlickException {  
     super.update(gc, game, delta);  
     String reciveData = com.reciveData();  
     String[] section = reciveData.split(":");  
     if (section[0].equals("C")) {  
     } else if (section[0].equals("L")) {  
     } else if (section[0].equals("G")) {  

All other methods for just keep above four method body clean and simple.

So I guess that's all for this post, we will discuss about entities in the next post... :-)


Follow by Email