Installing Riak and encrypting it with zNcrypt; aesni enabled on ubuntu

Riak is a bigdata database that is useful to save large amounts of data, the company that offers support for it is named basho.com, there is a lot of tutorials at basho site to install riak and configure.


This is a resume of the steps to setup a quick single node on a riak ring.

It is assumed that zNcrypt is already installed.

To install riak on ubuntu follow steps from:
http://docs.basho.com/riak/latest/tutorials/installation/Installing-on-Debian-and-Ubuntu/

Basically 4 commands are needed:

# curl http://apt.basho.com/gpg/basho.apt.key | sudo apt-key add -

# sudo bash -c "echo deb http://apt.basho.com $(lsb_release -sc) main > /etc/apt/sources.list.d/basho.list"

# sudo apt-get update

# sudo apt-get install riak

Configuring Riak:

You need to modify /etc/riak/app.config and /etc/riak/vm.args

1. Get yout local ip


2. Update vm.args

Change "-name riak@127.0.0." "-name riak@YOUR_IP"

 
3. update app.config

pb_ip: Replace 127.0.0.1 with the IP address of the Riak node.

From
 {pb_ip,   "127.0.0.1" }
Change to:
 {pb_ip,   "xx.xx.xx.xx" }

Then update http to your IP

{http, [ {"127.0.0.1", 8098 } ]} 

change to :

{http, [ {"xx.xx.xx.xx", 8098 } ]},

Where xx.xx.xx.xx is your node ip.

4. Create Riak directories

# mkdir /mnt/r
# mkdir/mnt/r/bitcask

/mnt/r/ring and /mnt/r/kv_node are automatically created when  riak is started

IMPORTANT: If riask has been started reviously, when updating app.config and vm.args you had changed app.config and vm.args this would make changes at your vk_node so the previous stored information about this cluster not is not updated automatically, remove directories ring, kv_node and bitcask/*   (If you already have sensitive data written DON'T remove bitcask/*)




Configuring dmcrypt to encrypt with zNcrypt.

Creating a 1 Gb file:

# sudo dd if=/dev/zero of=1gb.file bs=50M count=20

then losetup

#losetup /dev/loop0 1gb.file

Now prepare device at zNcrypt:

# zncrypt-prepare  /dev/loop0 /mnt/dmcrypted

Now enable aes-ni

root@ip-10-191-34-140:/home/ubuntu/basho_bench# modprobe aesni_intel
root@ip-10-191-34-140:/home/ubuntu/basho_bench# lsmod | grep aesni
 aesni_intel            55664  0
cryptd                 20530  1 aesni_intel
aes_x86_64             17255  1 aesni_intel

then add zncryt acl rule

# zncrypt acl --add --rule="ALLOW @riak  *   /usr/lib/riak/erts-5.9.1/bin/beam.smp"
Type MASTER passphrase:
1 rule(s) were added

and encrypt:

# zncrypt-move encrypt @riak /var/lib/riak /mnt/dmcrypted

Troubleshooting:

Doesn't respond 'riak ping'?

Make sure about 4 things

1.- check thet there is not already an idle riak priocess running

#psaux | grep riak

If there is something kill it.. Muahaha

2.- Make sure that kv_node, riank and bitcask directories are owned by 'riak' user, if not set it up

3. You probably had not removed previous node config, so remove kv_node, ring and bitcask/*

4. /mnt/r/ should be owned by riak user:

# chown riak:riak /mnt/r

Do you need to execute basho_bench?

If it is required to create the graphics you might see follow issue:

ubuntu@ip-10-68-22-201:~/basho_bench$ make results
priv/summary.r -i tests/current
/usr/bin/env: Rscript --vanilla: No such file or directory
make: *** [results] Error 127
ubuntu@ip-10-68-22-201:~/basho_bench$

To resolve it you can find the fix at:
https://github.com/basho/basho_bench

In short
If make results fails with the error /usr/bin/env: Rscript –vanilla: No such file or directory please edit priv/summary.r and replace the first line with the full path to the Rscript binary on your system

In my case it is:

 #!/usr/bin/env Rscript --vanilla

ubuntu@ip-10-68-22-201:~/basho_bench$ Rscript

The program 'Rscript' is currently not installed.  You can install it by typing:

#sudo apt-get install r-base-core
ubuntu@ip-10-68-22-201:~/basho_bench$ apt-get install r-base-core

ubuntu@ip-10-68-22-201:~/basho_bench$ which Rscript
/usr/bin/Rscript


#!/usr/bin/Rscript --vanilla

Then execute:

#sudo make results

If you see an error like:

The downloaded packages are in
    ‘/tmp/RtmplnrfYR/downloaded_packages’
Loading required package: methods
Error: could not find function "getopt"
Execution halted
make: *** [results] Error 1
ubuntu@ip-10-68-22-201:~/basho_bench$

Ths is ok, just try to make results again.

There you go, your graphics are there:

ubuntu@ip-10-68-22-201:~/basho_bench$ ls tests/current/
console.log.0         error.log.0           get_latencies.csv     summary.csv           update_latencies.csv 
crash.log.0           errors.csv            log.sasl.txt          summary.png           voxer300.config 

Enjoy!
P.S. The most important flag we live for, doesn't exist.