Networking | Tech News, Tutorials & Expert Insights

29 Sep 2016

11 min read

Directory Services

29 Sep 2016

In this article by Gregory Boyce, author Linux Networking Cookbook, we will focus on getting you started by Configuring Samba as an Active Directory compatible directory service and Joining a Linux box to the domain. (For more resources related to this topic, see here.) If you have worked in corporate environments, then you are probably familiar with a directory service such as Active Directory. What you may not realize is that Samba, originally created to be an open source implementation of Windows file sharing (SMB/CIFS), can now operate as an Active Directory compatible directory service. It can even act as a Backup Domain Controller (BDC) in an Active Directory domain. In this article, we will configure Samba to centralize authentication for your network services. We will also configure a Linux client to leverage it for authentication and set up a RADIUS server, which uses the directory server for authentication. Configuring Samba as an Active Directory compatible directory service As of Samba 4.0, Samba has the ability to act as a primary domain controller (PDC) in a manner that is compatible with Active Directory. How to do it… Installing on Ubuntu 14.04: Configure your system with a static IP address and update /etc/hosts to point to that IP address rather than localhost. Make sure that your time is kept up to date by installing an NTP client: sudo apt-get install ntp Pre-emptively disable smbd/nmbd from running automatically: sudo bash -c 'echo "manual" > /etc/init/nmbd.override' sudo bash –c 'echo "manual" > /etc/init/smbd.override' Install Samba and smbclient: sudo apt-get install samba smbclient Remove stock smb.conf: sudo rm /etc/samba/smb.conf Provision the domain:sudo samba-tool domain provision --realm ad.example.org --domain example --use-rfc2307 --option="interfaces=lo eth1" --option="bind interfaces only=yes" --dns-backend BIND9_DLZ Save the randomly generated admin password. Symlink the AD krb5.conf to /etc: sudo ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf Edit /etc/bind/named.conf.local to allow Samba to publish data: dlz "AD DNS Zone" { # For BIND 9.9.0 database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so"; }; Edit /etc/bind/named.conf.options to use the Kerberos keytab within the options stanza: tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; Modify your zone record to allow updates from Samba: zone "example.org" { type master; notify no; file "/var/lib/bind/example.org.db"; update-policy { grant AD.EXAMPLE.ORG ms-self * A AAAA; grant Administrator@AD.EXAMPLE.ORG wildcard * A AAAA SRV CNAME; grant SERVER$@ad.EXAMPLE.ORG wildcard * A AAAA SRV CNAME; grant DDNS wildcard * A AAAA SRV CNAME; }; }; Modify /etc/apparmor.d/usr.sbin.named to allow bind9 access to a few additional resources within the /usr/sbin/named stanza: /var/lib/samba/private/dns/** rw, /var/lib/samba/private/named.conf r, /var/lib/samba/private/named.conf.update r, /var/lib/samba/private/dns.keytab rk, /var/lib/samba/private/krb5.conf r, /var/tmp/* rw, /dev/urandom rw, Reload the apparmor configuration: sudo service apparmor restart Restart bind9: sudo service bind9 restart Restart the samba service: sudo service apparmor restart Installing on CentOS 7: Unfortunately, setting up a domain controller on CentOS 7 is not possible using the default packages provided by the distribution. This is due to Samba utilizing the Heimdal implementation of Kerberos while Red Hat, CentOS, and Fedora using the MIT Kerberos 5 implementation. How it works… The process for provisioning Samba to act as an Active Directory compatible domain is deceptively easy given all that is happening on the backend. Let us look at some of the expectation and see how we are going to meet them as well as what is happening behind the scenes. Active Directory requirements Successfully running an Active Directory Forest has a number of requirements need to be in place: Synchronized time: AD uses Kerberos for authentication, which can be very sensitive to time skews. In our case, we are going to use ntpd, but other options including openntpd or chrony are also available. The ability to manage DNS records: AD automatically generates a number of DNS records, including SRV records that tell clients of the domain how to locate the domain controller itself. A static IP address: Due to a number of pieces of the AD functionality being very dependent on the specific IP address of your domain controller, it is recommended that you use a static IP address. A static DHCP lease may work as long as you are certain the IP address will not change. A rogue DHCP server on the network for example may cause difficulties. Selecting a realm and domain name The Samba team has published some very useful information regarding the proper naming of your realm and your domain along with a link to Microsoft's best practices on the subject. It may be found on: https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ. The short version is that your domain should be globally unique while the realm should be unique within the layer 2 broadcast domain of your network. Preferably, the domain should be a subdomain of a registered domain owned by you. This ensures that you can buy SSL certificates if necessary and you will not experience conflicts with outside resources. Samba-tool will default to using the first part of the domain you specified as the realm, ad from ad.example.org. The Samba group instead recommends using the second part, example in our case, as it is more likely to be locally unique. Using a subdomain of your purchased domain rather than a domain itself makes life easier when splitting internal DNS records, which are managed by your AD instance from the more publicly accessible external names. Using Samba-Tool Samba-tool can work in an automated fashion with command line options, or it can operate in interactive mode. We are going to specify the options that we want to use on the command line: sudo samba-tool domain provision --realm ad.example.org --domain example --use-rfc2307 --option="interfaces=lo eth1" --option="bind interfaces only=yes" --dns-backend BIND9_DLZ The realm and domain options here specify the name for your domain as described above. Since we are going to be supporting Linux systems, we are going to want the AD schema to support RFC2307 settings, which allow for definitions for UID, GID, shell, home directory, and other settings, which Unix systems will require. The pair of options specified on our command-line is used for restricting what interfaces Samba will bind to. While not strictly required, it is a good practice to keep your Samba services bound to the internal interfaces. Finally, samba wants to be able to manage your DNS in order to add systems to the zone automatically. This is handled by a variety of available DNS backends. These include: SAMBA_INTERNAL: This is a built-in method where a samba process acts as a DNS service. This is a good quick option for small networks. BIND9_DLZ: This option allows you to tie your local named/bind9 instance in with your Samba server. It introduces a named plugin for bind versions 9.8.x/9.9.x to support reading host information directly out of the Samba data stores. BIND_FLATFILE: This option is largely deprecated in favor of BIND9_DLZ, but it is still an option if you are running an older version of bind. It causes the Samba services to write out zone files periodically, which Bind may use. Bind configuration Now that Samba is set up to support BIND9_DLZ, we need to configure named to leverage it. There are a few pieces to this support: tkey-gssapi-keytab: This settings in your named options section defines the Kerberos key tab file to use for DNS updates. This allows the Samba server to communicate with the Bind server in order to let it know about zone file changes. dlz setting: This tells bind to load the dynamic module which Samba provides in order to have it read from Samba's data files. Zone updating: In order to be able to update the zone file, you need to switch from an allow-update definition to update-policy, which allows more complex definitions including Kerberos based updates. Apparmor rules changes: Ubuntu uses a Linux Security Module called Apparmor, which allows you to define the allowed actions of a particular executable. Apparmor contains rules restricting the access rights of the named process, but these existing rules do not account for integration with Samba. We need to adjust the existing rules to allow named to access some additional required resources. Joining a Linux box to the domain In order to participate in an AD style domain, you must have the machine joined to the domain using Administrator credentials. This will create the machine's account within the database, and provide credentials to the system for querying the ldap server. How to do it… Install Samba, heimdal-clients, and winbind: sudo apt-get install winbind Populate /etc/samba/smb.conf: [global] workgroup = EXAMPLE realm = ad.example.org security = ads idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes Join the system to the domain: sudo net ads join -U Administrator Configure the system to use winbind for account information in /etc/nsswitch.conf: passwd: compat winbind group: compat winbind How it works… Joining a Linux box to an AD domain, you need to utilize winbind that provides a PAM interface for interacting with Windows RPC calls for user authentication. Winbind requires that you set up your smb.conf file, and then join the domain before it functions. Nsswitch.conf controls how glibc attempts to look up particular types of information. In our case, we are modifying them to talk to winbind for user and group information. Most of the actual logic is in the smb.conf file itself, so let us look: Define the AD Domain we're working with, including both the workgroup/domain and the realm: workgroup = EXAMPLE realm = ad.example.org Now we tell Samba to use Active Directory Services (ADS) security mode: security = ads AD domains use Windows Security IDs (SID) for providing unique user and group identifiers. In order to be compatible with Linux systems, we need to map those SIDs to UIDs and GIDs. Since we're only dealing with a single client for now, we're going to let the local Samba instance map the SIDs to UIDs and GIDs from a range which we provide: idmap uid = 10000-20000 idmap gid = 10000-20000 Some unix utilities such as finger depend on the ability to loop through all of the user/group instances. On a large AD domain, this can be far too many entries so winbind suppresses this capability by default. For now, we're going to want to enable it: winbind enum users = yes winbind enum groups = yes Unless you go through specific steps to populate your AD domain with per-user home directory and shell information, then Winbind will use templates for home directories and shells. We'll want to define these templates in order to avoid the defaults of /home/%D/%U (/home/EXAMPLE/user) and /bin/false: template homedir = /home/%U template shell = /bin/bash The default winbind configuration takes users in the form of username@example.org rather than the more Unix style of user username. Let's override that setting: winbind use default domain = yes Joining a windows box to the domain While not a Linux configuration topic, the most common use for an Active Directory domain is to manage a network of Windows systems. While the overarching topic of managing windows via an AD domain is too large and out of scope for this articl, let's look at how we can join a Windows system to our new domain. How to do it… Click on Start and go to Settings. Click on System. Select About. Select Join a Domain. Type in the name of your domain; ad.example.org in our case. Enter your administrator credentials for the domain. Select a user who will own the system. How it works… When you tell your Windows system to join an AD Domain, it first attempts to find the domain by looking up a series SRV record for the domain, including _ldap._tcp.dc._msdcs.ad.example.org in order to determine what hosts to connect to within the domain for authentication purposes. From there a connection is established. Resources for Article: Further resources on this subject: OpenStack Networking in a Nutshell [article] Zabbix Configuration [article] Supporting hypervisors by OpenNebula [article]

0
0
11497

Packt

04 Jun 2013

5 min read

Quick start – Monitoring hosts and services

Packt

04 Jun 2013

5 min read

0
0
11417

Packt

27 Aug 2013

6 min read

WebSocket – a Handshake!

Packt

27 Aug 2013

6 min read

(For more resources related to this topic, see here.) WebSockets define a persistent two-way communication between web servers and web clients, meaning that both parties can exchange message data at the same time. WebSockets introduce true concurrency, they are optimized for high performance, and result in much more responsive and rich web applications. The following diagram shows a server handshake with multiple clients: For the record, the WebSocket protocol has been standardized by the Internet Engineering Task Force (IETF) and the WebSocket API for web browsers is currently being standardized by the World Wide Web Consortium (W3C)— yes, it's a work in progress. No, you do not need to worry about enormous changes, as the current specification has been published as "proposed standard". Life before WebSocket Before diving into the WebSockets' world, let's have a look at the existing techniques used for bidirectional communication between servers and clients. Polling Web engineers initially dealt with the issue using a technique called polling. Polling is a synchronous method (that is, no concurrency) that performs periodic requests, regardless whether data exists for transmission. The client makes consecutive requests after a specified time interval. Each time, the server responds with the available data or with a proper warning message. Though polling "just works", it is easy to understand that this method is overkill for most situations and extremely resource consuming for modern web apps. Long polling Long polling is a similar technique where, as its name indicates, the client opens a connection and the server keeps the connection active until some data is fetched or a timeout occurs. The client can then start over and perform a sequential request. Long polling is a performance improvement over polling, but the constant requests might slow down the process. Streaming Streaming seemed like the best option for real-time data transmission. When using streaming, the client performs a request and the server keeps the connection open indefinitely, fetching new data when ready. Although this is a big improvement, streaming still includes HTTP headers, which increase file size and cause unnecessary delays. Postback and AJAX The web has been built around the HTTP request-response model. HTTP is a stateless protocol, meaning that the communication between two parts consists of independent pairs of requests and responses. In plain words, the client asks the server for some information, the server responds with the proper HTML document and the page is refreshed (that's actually called a postback). Nothing happens in between, until a new action is performed (such as the click of a button or a selection from a drop-down menu). Any page load is followed by an annoying)(in terms of user experience) flickering effect. It was not until 2005 that the postback flickering was bypassed thanks to Asynchronous JavaScript and XML (AJAX). AJAX is based on the JavaScript's XmlHttpRequest Object and allows asynchronous execution of JavaScript code without interfering with the rest of the user interface. Instead of reloading the whole page, AJAX sends and receives back only a portion of the web page. Imagine you are using Facebook and want to post a comment on your Timeline. You type a status update in the proper text field, hit Enter and...voila! Your comment is automatically published without a single page load. Unless Facebook used AJAX, the browser would need to refresh the whole page in order to display your new status. AJAX, accompanied with popular JavaScript libraries such as jQuery, has strongly improved the end user experience and is widely considered as a must-have attribute for every website. It was only after AJAX that JavaScript became a respectable programming language, instead of being thought of as a necessary evil. But it's still not enough. Long polling is a useful technique that makes it seem like your browser maintains a persistent connection, while the truth is that the client makes continuous calls! This might be extremely resource-intensive, especially in mobile devices, where speed and data size really matter. All of the methods previously described provide real-time bidirectional communication, but have three obvious disadvantages in comparison with WebSockets: They send HTTP headers, making the total file size larger The communication type is half duplex, meaning that each party (client/server) must wait for the other one to finish The web server consumes more resources The postback world seems like a walkie-talkie—you need to wait for the other guy to finish speaking (half-duplex). In the WebSocket world, the participants can speak concurrently (full-duplex)! The web was initially built for displaying text documents, but think how it is used today. We display multimedia content, add location capabilities, accomplish complex tasks and, hence, transmit data different than text. AJAX and browser plugins such as Flash are all great, but a more native way of doing things is required. The way we use the web nowadays bears the need for a holistic new application development framework. Then came HTML5 HTML5 makes a huge, yet justifiable, buzz nowadays as it introduces vital solutions to the problems discussed previously. If you are already familiar with HTML5, feel free to skip this section and move on. HTML5 is a robust framework for developing and designing web applications. HTML5 is not just a new markup or some new styling selectors, neither is it a new programming language. HTML5 stands for a collection of technologies, programming languages and tools, each of which has a discrete role and all of these together accomplish a specific task—that is, to build rich web apps for any kind of device. The main HTML5 pillars include Markup, CSS3, and JavaScript APIs, together. The following diagram shows HTML5 components: Here are the dominant members of the HTML5 family. As this book does not cover the whole set of HTML5, I suggest you visit html5rocks.com and get started with hands-on examples and demos. Markup Structural elements Form elements Attributes Graphics Style sheets Canvas SVG WebGL Multimedia Audio Video Storage Cache Local storage Web SQL Connectivity WebMessaging WebSocket WebWorkers Location Geolocation Although Storage and Connectivity are supposed to be the most advanced topics, you do not need to worry if you are not an experienced web developer. Moreover, managing WebSockets via the HTML5 API is pretty simple to grasp, so take a deep breath and dive in with no fear. Summary This article has helped you understand the basics of WebSocket. It also helped you get an overview of life before WebSocket. It explained Postback and AJAX and then explained the topic of HTML5 Resources for Article: Further resources on this subject: Building HTML5 Pages from Scratch [Article] Basic use of Local Storage [Article] Scalability, Limitations, and Effects [Article]

0
0
11314

article-image-network-monitoring-essentials

Packt

06 Aug 2013

20 min read

Network Monitoring Essentials

Packt

06 Aug 2013

20 min read

0
0
11122

Packt

03 Sep 2015

3 min read

Creating a Web Server

Packt

03 Sep 2015

3 min read

In this article by Marco Schwartz, author of the book Intel Galileo Networking Cookbook, we will cover the recipe, Reading pins via a web server. (For more resources related to this topic, see here.) Reading pins via a web server We are now going to see how to use a web server for useful things. For example, we will see here how to use a web server to read the pins of the Galileo board, and then how to display these readings on a web page. Getting ready For this chapter, you won't need to do much with your Galileo board, as we just want to see if we can read the state of a pin from a web server. I simply connected pin number 7 of the Galileo board to the VCC pin, as shown in this picture: How to do it... We are now going to see how to read the state from pin number 7, and display this state on a web page. This is the complete code: // Required modules var m = require("mraa"); var util = require('util'); var express = require('express'); var app = express(); // Set input on pin 7 var myDigitalPin = new m.Gpio(7); myDigitalPin.dir(m.DIR_IN); // Routes app.get('/read', function (req, res) { var myDigitalValue = myDigitalPin.read(); res.send("Digital pin 7 value is: " + myDigitalValue); }); // Start server var server = app.listen(3000, function () { console.log("Express app started!"); }); You can now simply copy this code and paste it inside a blank Node.js project. Also make sure that the package.json file includes the Express module. Then, as usual, upload, build, and run the application using Intel XDK. You should see the confirmation message inside the XDK console. Then, use a browser to access your board on port 3000, at the /read route. You should see the following message, which is the reading from pin number 7: If you can see this, congratulations, you can now read the state of the pins on your board, and display this on your web server! How it works... In this recipe, we combined two things that we saw in previous recipes. We again used the mraa module to read from pins, here from pin number 7 of the board. You can find out more about the mraa module at: https://github.com/intel-iot-devkit/mraa Then, we combined this with a web server using the Express framework, and we defined a new route called /read that reads the state of the pin, and sends it back so that it can be displayed inside a web browser, with this code: app.get('/read', function (req, res) { var myDigitalValue = myDigitalPin.read(); res.send("Digital pin 7 value is: " + myDigitalValue); }); See also You can now check the next recipe to see how to control a pin from the Node.js server running on the Galileo board. Summary In this recipe, we saw how to read the state from pin number 7, and display this state on a web page. If you liked this article please buy the book Intel Galileo Networking Cookbook, Packt Publishing, to learn over 45 Galileo recipes. Resources for Article: Further resources on this subject: Arduino Development[article] Integrating with Muzzley[article] Getting Started with Intel Galileo [article]

0
0
11060

article-image-getting-started-cloud-only-scenario

Packt

13 Sep 2016

23 min read

Getting Started with a Cloud-Only Scenario

Packt

13 Sep 2016

23 min read

0
0
10914

Packt

19 Aug 2014

2 min read

Internet of Things with Xively

Packt

19 Aug 2014

2 min read

In this article by Marco Schwartz, author of the book Arduino Networking, we will visualize the data we recorded with Xively. (For more resources related to this topic, see here.) Visualizing the recorded data We are now going to visualize the data we recorded with Xively. You can go over again to the device page on the Xively website. You should see that some data has been recorded in different channels, as shown in the following screenshot: By clicking on one of these channels, you can also display the data graphically. For example, the following screenshot shows the temperature channel after a few measurements: After a while, you will have more points for the temperature measurements, as shown in the following screenshot: You can also do the same for the humidity measurements; the following screenshot shows the humidity measurements: Note that by clicking on the time icon, you can change the time axis and display a longer or shorter time range. If you don't see any data being displayed, you need to go back to the Arduino IDE and make sure that the answer coming from the Xively server is a 200 OK message, like we saw in the previous section. Summary In this article, we went to the Xively website to visualize the data and learned how to visualize the data graphically, and saw this data arrive in real time. Resources for Article: Further resources on this subject: Avoiding Obstacles Using Sensors [Article] Hardware configuration [Article] Writing Tag Content [Article]

0
0
10832

article-image-client-and-server-applications

Packt

16 Jun 2015

27 min read

Client and Server Applications

Packt

16 Jun 2015

27 min read

In this article by, Sam Washington and Dr. M. O. Faruque Sarker, authors of the book Learning Python Network Programming, we're going to use sockets to build network applications. Sockets follow one of the main models of computer networking, that is, the client/server model. We'll look at this with a focus on structuring server applications. We'll cover the following topics: Designing a simple protocol Building an echo server and client (For more resources related to this topic, see here.) The examples in this article are best run on Linux or a Unix operating system. The Windows sockets implementation has some idiosyncrasies, and these can create some error conditions, which we will not be covering here. Note that Windows does not support the poll interface that we'll use in one example. If you do use Windows, then you'll probably need to use ctrl + break to kill these processes in the console, rather than using ctrl - c because Python in a Windows command prompt doesn't respond to ctrl – c when it's blocking on a socket send or receive, which will be quite often in this article! (and if, like me, you're unfortunate enough to try testing these on a Windows laptop without a break key, then be prepared to get very familiar with the Windows Task Manager's End task button). Client and server The basic setup in the client/server model is one device, the server that runs a service and patiently waits for clients to connect and make requests to the service. A 24-hour grocery shop may be a real world analogy. The shop waits for customers to come in and when they do, they request certain products, purchase them and leave. The shop might advertise itself so people know where to find it, but the actual transactions happen while the customers are visiting the shop. A typical computing example is a web server. The server listens on a TCP port for clients that need its web pages. When a client, for example a web browser, requires a web page that the server hosts, it connects to the server and then makes a request for that page. The server replies with the content of the page and then the client disconnects. The server advertises itself by having a hostname, which the clients can use to discover the IP address so that they can connect to it. In both of these situations, it is the client that initiates any interaction – the server is purely responsive to that interaction. So, the needs of the programs that run on the client and server are quite different. Client programs are typically oriented towards the interface between the user and the service. They retrieve and display the service, and allow the user to interact with it. Server programs are written to stay running for indefinite periods of time, to be stable, to efficiently deliver the service to the clients that are requesting it, and to potentially handle a large number of simultaneous connections with a minimal impact on the experience of any one client. In this article, we will look at this model by writing a simple echo server and client, which can handle a session with multiple clients. The socket module in Python perfectly suits this task. An echo protocol Before we write our first client and server programs, we need to decide how they are going to interact with each other, that is we need to design a protocol for their communication. Our echo server should listen until a client connects and sends a bytes string, then we want it to echo that string back to the client. We only need a few basic rules for doing this. These rules are as follows: Communication will take place over TCP. The client will initiate an echo session by creating a socket connection to the server. The server will accept the connection and listen for the client to send a bytes string. The client will send a bytes string to the server. Once it sends the bytes string, the client will listen for a reply from the server When it receives the bytes string from the client, the server will send the bytes string back to the client. When the client has received the bytes string from the server, it will close its socket to end the session. These steps are straightforward enough. The missing element here is how the server and the client will know when a complete message has been sent. Remember that an application sees a TCP connection as an endless stream of bytes, so we need to decide what in that byte stream will signal the end of a message. Framing This problem is called framing, and there are several approaches that we can take to handle it. The main ones are described here: Make it a protocol rule that only one message will be sent per connection, and once a message has been sent, the sender will immediately close the socket. Use fixed length messages. The receiver will read the number of bytes and know that they have the whole message. Prefix the message with the length of the message. The receiver will read the length of the message from the stream first, then it will read the indicated number of bytes to get the rest of the message. Use special character delimiters for indicating the end of a message. The receiver will scan the incoming stream for a delimiter, and the message comprises everything up to the delimiter. Option 1 is a good choice for very simple protocols. It's easy to implement and it doesn't require any special handling of the received stream. However, it requires the setting up and tearing down of a socket for every message, and this can impact performance when a server is handling many messages at once. Option 2 is again simple to implement, but it only makes efficient use of the network when our data comes in neat, fixed-length blocks. For example in a chat server the message lengths are variable, so we will have to use a special character, such as the null byte, to pad messages to the block size. This only works where we know for sure that the padding character will never appear in the actual message data. There is also the additional issue of how to handle messages longer than the block length. Option 3 is usually considered as one of the best approaches. Although it can be more complex to code than the other options, the implementations are still reasonably straightforward, and it makes efficient use of bandwidth. The overhead imposed by including the length of each message is usually minimal as compared to the message length. It also avoids the need for any additional processing of the received data, which may be needed by certain implementations of option 4. Option 4 is the most bandwidth-efficient option, and is a good choice when we know that only a limited set of characters, such as the ASCII alphanumeric characters, will be used in messages. If this is the case, then we can choose a delimiter character, such as the null byte, which will never appear in the message data, and then the received data can be easily broken into messages as this character is encountered. Implementations are usually simpler than option 3. Although it is possible to employ this method for arbitrary data, that is, where the delimiter could also appear as a valid character in a message, this requires the use of character escaping, which needs an additional round of processing of the data. Hence in these situations, it's usually simpler to use length-prefixing. For our echo and chat applications, we'll be using the UTF-8 character set to send messages. The null byte isn't used in any character in UTF-8 except for the null byte itself, so it makes a good delimiter. Thus, we'll be using method 4 with the null byte as the delimiter to frame our messages. So, our last rule which is number 8 will become: Messages will be encoded in the UTF-8 character set for transmission, and they will be terminated by the null byte. Now, let's write our echo programs. A simple echo server As we work through this article, we'll find ourselves reusing several pieces of code, so to save ourselves from repetition, we'll set up a module with useful functions that we can reuse as we go along. Create a file called tincanchat.py and save the following code in it: import socket HOST = '' PORT = 4040 def create_listen_socket(host, port): """ Setup the sockets our server will receive connection requests on """ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.bind((host, port)) sock.listen(100) return sock def recv_msg(sock): """ Wait for data to arrive on the socket, then parse into messages using b' ' as message delimiter """ data = bytearray() msg = '' # Repeatedly read 4096 bytes off the socket, storing the bytes # in data until we see a delimiter while not msg: recvd = sock.recv(4096) if not recvd: # Socket has been closed prematurely raise ConnectionError() data = data + recvd if b' ' in recvd: # we know from our protocol rules that we only send # one message per connection, so b' ' will always be # the last character msg = data.rstrip(b' ') msg = msg.decode('utf-8') return msg def prep_msg(msg): """ Prepare a string to be sent as a message """ msg += ' ' return msg.encode('utf-8') def send_msg(sock, msg): """ Send a string over a socket, preparing it first """ data = prep_msg(msg) sock.sendall(data) First we define a default interface and a port number to listen on. The empty '' interface, specified in the HOST variable, tells socket.bind() to listen on all available interfaces. If you want to restrict access to just your machine, then change the value of the HOST variable at the beginning of the code to 127.0.0.1. We'll be using create_listen_socket() to set up our server listening connections. This code is the same for several of our server programs, so it makes sense to reuse it. The recv_msg() function will be used by our echo server and client for receiving messages from a socket. In our echo protocol, there isn't anything that our programs may need to do while they're waiting to receive a message, so this function just calls socket.recv() in a loop until it has received the whole message. As per our framing rule, it will check the accumulated data on each iteration to see if it has received a null byte, and if so, then it will return the received data, stripping off the null byte and decoding it from UTF-8. The send_msg() and prep_msg() functions work together for framing and sending a message. We've separated the null byte termination and the UTF-8 encoding into prep_msg() because we will use them in isolation later on. Handling received data Note that we're drawing ourselves a careful line with these send and receive functions as regards string encoding. Python 3 strings are Unicode, while the data that we receive over the network is bytes. The last thing that we want to be doing is handling a mixture of these in the rest of our program code, so we're going to carefully encode and decode the data at the boundary of our program, where the data enters and leaves the network. This will ensure that any functions in the rest of our code can assume that they'll be working with Python strings, which will later on make things much easier for us. Of course, not all the data that we may want to send or receive over a network will be text. For example, images, compressed files, and music, can't be decoded to a Unicode string, so a different kind of handling is needed. Usually this will involve loading the data into a class, such as a Python Image Library (PIL) image for example, if we are going to manipulate the object in some way. There are basic checks that could be done here on the received data, before performing full processing on it, to quickly flag any problems with the data. Some examples of such checks are as follows: Checking the length of the received data Checking the first few bytes of a file for a magic number to confirm a file type Checking values of higher level protocol headers, such as the Host header in an HTTP request This kind of checking will allow our application to fail fast if there is an obvious problem. The server itself Now, let's write our echo server. Open a new file called 1.1-echo-server-uni.py and save the following code in it: import tincanchat HOST = tincanchat.HOST PORT = tincanchat.PORT def handle_client(sock, addr): """ Receive data from the client via sock and echo it back """ try: msg = tincanchat.recv_msg(sock) # Blocks until received # complete message print('{}: {}'.format(addr, msg)) tincanchat.send_msg(sock, msg) # Blocks until sent except (ConnectionError, BrokenPipeError): print('Socket error') finally: print('Closed connection to {}'.format(addr)) sock.close() if __name__ == '__main__': listen_sock = tincanchat.create_listen_socket(HOST, PORT) addr = listen_sock.getsockname() print('Listening on {}'.format(addr)) while True: client_sock, addr = listen_sock.accept() print('Connection from {}'.format(addr)) handle_client(client_sock, addr) This is about as simple as a server can get! First, we set up our listening socket with the create_listen_socket() call. Second, we enter our main loop, where we listen forever for incoming connections from clients, blocking on listen_sock.accept(). When a client connection comes in, we invoke the handle_client() function, which handles the client as per our protocol. We've created a separate function for this code, partly to keep the main loop tidy, and partly because we'll want to reuse this set of operations in later programs. That's our server, now we just need to make a client to talk to it. A simple echo client Create a file called 1.2-echo_client-uni.py and save the following code in it: import sys, socket import tincanchat HOST = sys.argv[-1] if len(sys.argv) > 1 else '127.0.0.1' PORT = tincanchat.PORT if __name__ == '__main__': while True: try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((HOST, PORT)) print('nConnected to {}:{}'.format(HOST, PORT)) print("Type message, enter to send, 'q' to quit") msg = input() if msg == 'q': break tincanchat.send_msg(sock, msg) # Blocks until sent print('Sent message: {}'.format(msg)) msg = tincanchat.recv_msg(sock) # Block until # received complete # message print('Received echo: ' + msg) except ConnectionError: print('Socket error') break finally: sock.close() print('Closed connection to servern') If we're running our server on a different machine from the one on which we are running the client, then we can supply the IP address or the hostname of the server as a command line argument to the client program. If we don't, then it will default to trying to connect to the localhost. The third and forth lines of the code check the command line arguments for a server address. Once we've determined which server to connect to, we enter our main loop, which loops forever until we kill the client by entering q as a message. Within the main loop, we first create a connection to the server. Second, we prompt the user to enter the message to send and then we send the message using the tincanchat.send_msg() function. We then wait for the server's reply. Once we get the reply, we print it and then we close the connection as per our protocol. Give our client and server a try. Run the server in a terminal by using the following command: $ python 1.1-echo_server-uni.py Listening on ('0.0.0.0', 4040) In another terminal, run the client and note that you will need to specify the server if you need to connect to another computer, as shown here: $ python 1.2-echo_client.py 192.168.0.7 Type message, enter to send, 'q' to quit Running the terminals side by side is a good idea, because you can simultaneously see how the programs behave. Type a few messages into the client and see how the server picks them up and sends them back. Disconnecting with the client should also prompt a notification on the server. Concurrent I/O If you're adventurous, then you may have tried connecting to our server using more than one client at once. If you tried sending messages from both of them, then you'd have seen that it does not work as we might have hoped. If you haven't tried this, then give it a go. A working echo session on the client should look like this: Type message, enter to send. 'q' to quit hello world Sent message: hello world Received echo: hello world Closed connection to server However, when trying to send a message by using a second connected client, we'll see something like this: Type message, enter to send. 'q' to quit hello world Sent message: hello world The client will hang when the message is sent, and it won't get an echo reply. You may also notice that if we send a message by using the first connected client, then the second client will get its response. So, what's going on here? The problem is that the server can only listen for the messages from one client at a time. As soon as the first client connects, the server blocks at the socket.recv() call in tincanchat.recv_msg(), waiting for the first client to send a message. The server isn't able to receive messages from other clients while this is happening and so, when another client sends a message, that client blocks too, waiting for the server to send a reply. This is a slightly contrived example. The problem in this case could easily be fixed in the client end by asking the user for an input before establishing a connection to the server. However in our full chat service, the client will need to be able to listen for messages from the server while simultaneously waiting for user input. This is not possible in our present procedural setup. There are two solutions to this problem. We can either use more than one thread or process, or use non-blocking sockets along with an event-driven architecture. We're going to look at both of these approaches, starting with multithreading. Multithreading and multiprocessing Python has APIs that allow us to write both multithreading and multiprocessing applications. The principle behind multithreading and multiprocessing is simply to take copies of our code and run them in additional threads or processes. The operating system automatically schedules the threads and processes across available CPU cores to provide fair processing time allocation to all the threads and processes. This effectively allows a program to simultaneously run multiple operations. In addition, when a thread or process blocks, for example, when waiting for IO, the thread or process can be de-prioritized by the OS, and the CPU cores can be allocated to other threads or processes that have actual computation to do. Here is an overview of how threads and processes relate to each other: Threads exist within processes. A process can contain multiple threads but it always contains at least one thread, sometimes called the main thread. Threads within the same process share memory, so data transfer between threads is just a case of referencing the shared objects. Processes do not share memory, so other interfaces, such as files, sockets, or specially allocated areas of shared memory, must be used for transferring data between processes. When threads have operations to execute, they ask the operating system thread scheduler to allocate them some time on a CPU, and the scheduler allocates the waiting threads to CPU cores based on various parameters, which vary from OS to OS. Threads in the same process may run on separate CPU cores at the same time. Although two processes have been displayed in the preceding diagram, multiprocessing is not going on here, since the processes belong to different applications. The second process is displayed to illustrates a key difference between Python threading and threading in most other programs. This difference is the presence of the GIL. Threading and the GIL The CPython interpreter (the standard version of Python available for download from www.python.org) contains something called the Global Interpreter Lock (GIL). The GIL exists to ensure that only a single thread in a Python process can run at a time, even if multiple CPU cores are present. The reason for having the GIL is that it makes the underlying C code of the Python interpreter much easier to write and maintain. The drawback of this is that Python programs using multithreading cannot take advantage of multiple cores for parallel computation. This is a cause of much contention; however, for us this is not so much of a problem. Even with the GIL present, threads that are blocking on I/O are still de-prioritized by the OS and put into the background, so threads that do have computational work to do can run instead. The following figure is a simplified illustration of this: The Waiting for GIL state is where a thread has sent or received some data and so is ready to come out of the blocking state, but another thread has the GIL, so the ready thread is forced to wait. In many network applications, including our echo and chat servers, the time spent waiting on I/O is much higher than the time spent processing data. As long as we don't have a very large number of connections (a situation we'll discuss later on when we come to event driven architectures), thread contention caused by the GIL is relatively low, and hence threading is still a suitable architecture for these network server applications. With this in mind, we're going to use multithreading rather than multiprocessing in our echo server. The shared data model will simplify the code that we'll need for allowing our chat clients to exchange messages with each other, and because we're I/O bound, we don't need processes for parallel computation. Another reason for not using processes in this case is that processes are more "heavyweight" in terms of the OS resources, so creating a new process takes longer than creating a new thread. Processes also use more memory. One thing to note is that if you need to perform an intensive computation in your network server application (maybe you need to compress a large file before sending it over the network), then you should investigate methods for running this in a separate process. Because of quirks in the implementation of the GIL, having even a single computationally intensive thread in a mainly I/O bound process when multiple CPU cores are available can severely impact the performance of all the I/O bound threads. For more details, go through the David Beazley presentations linked to in the following information box: Processes and threads are different beasts, and if you're not clear on the distinctions, it's worthwhile to read up. A good starting point is the Wikipedia article on threads, which can be found at http://en.wikipedia.org/wiki/Thread_(computing). A good overview of the topic is given in Chapter 4 of Benjamin Erb's thesis, which is available at http://berb.github.io/diploma-thesis/community/. Additional information on the GIL, including the reasoning behind keeping it in Python can be found in the official Python documentation at https://wiki.python.org/moin/GlobalInterpreterLock. You can also read more on this topic in Nick Coghlan's Python 3 Q&A, which can be found at http://python-notes.curiousefficiency.org/en/latest/python3/questions_and_answers.html#but-but-surely-fixing-the-gil-is-more-important-than-fixing-unicode. Finally, David Beazley has done some fascinating research on the performance of the GIL on multi-core systems. Two presentations of importance are available online. They give a good technical background, which is relevant to this article. These can be found at http://pyvideo.org/video/353/pycon-2010--understanding-the-python-gil---82 and at https://www.youtube.com/watch?v=5jbG7UKT1l4. A multithreaded echo server A benefit of the multithreading approach is that the OS handles the thread switches for us, which means we can continue to write our program in a procedural style. Hence we only need to make small adjustments to our server program to make it multithreaded, and thus, capable of handling multiple clients simultaneously. Create a new file called 1.3-echo_server-multi.py and add the following code to it: import threading import tincanchat HOST = tincanchat.HOST PORT = tincanchat.PORT def handle_client(sock, addr): """ Receive one message and echo it back to client, then close socket """ try: msg = tincanchat.recv_msg(sock) # blocks until received # complete message msg = '{}: {}'.format(addr, msg) print(msg) tincanchat.send_msg(sock, msg) # blocks until sent except (ConnectionError, BrokenPipeError): print('Socket error') finally: print('Closed connection to {}'.format(addr)) sock.close() if __name__ == '__main__': listen_sock = tincanchat.create_listen_socket(HOST, PORT) addr = listen_sock.getsockname() print('Listening on {}'.format(addr)) while True: client_sock,addr = listen_sock.accept() # Thread will run function handle_client() autonomously # and concurrently to this while loop thread = threading.Thread(target=handle_client, args=[client_sock, addr], daemon=True) thread.start() print('Connection from {}'.format(addr)) You can see that we've just imported an extra module and modified our main loop to run our handle_client() function in separate threads, rather than running it in the main thread. For each client that connects, we create a new thread that just runs the handle_client() function. When the thread blocks on a receive or send, the OS checks the other threads to see if they have come out of a blocking state, and if any have, then it switches to one of them. Notice that we have set the daemon argument in the thread constructor call to True. This will allow the program to exit if we hit ctrl - c without us having to explicitly close all of our threads first. If you try this echo server with multiple clients, then you'll see that a second client that connects and sends a message will immediately get a response. Summary We looked at how to develop network protocols while considering aspects such as the connection sequence, framing of the data on the wire, and the impact these choices will have on the architecture of the client and server programs. We worked through different architectures for network servers and clients, demonstrating the multithreaded models by writing a simple echo server. Resources for Article: Further resources on this subject: Importing Dynamic Data [article] Driving Visual Analyses with Automobile Data (Python) [article] Preparing to Build Your Own GIS Application [article]

0
0
10661

article-image-extending-applications-tcl

Packt

06 Jul 2010

12 min read

Extending Applications in Tcl

Packt

06 Jul 2010

12 min read

(For more resources on Tcl, see here.) Very often applications need to be extended with additional functionalities. In many cases it is also necessary to run different code on various types of machines. A good solution to this problem is to introduce extensibility to our application. We'll want to allow additional modules to be deployed to specified clients—this means delivering modules to clients, keeping them up to date, and handling loading and unloading of modules. The following sections will introduce how Starkits and Tcl's VFS can be used to easily create modules for our application, and how these can be used to deploy additional code. We'll also introduce a simple implementation of handling modules, both on server side and client side. This requires creating code for downloading modules themselves, loading them, and the mechanism for telling clients what actions they should be performing. The server will be responsible for telling clients when they should load or unload any of the modules. They will also inform clients if any of the modules are out of date. Clients will use this information to make sure modules that are loaded are consistent, with what server expects. The following steps will be performed by the client: The client sends a list of loaded modules and a list of all available modules along with their MD5 checksums to server The server responds with the list of modules to load, unload, and which need to be downloaded The client downloads modules that it needs to download; if the client already has downloaded all modules it needs, no action is taken The client unloads modules that it should unload and loads modules that it should load; if the client has already loaded all modules it should have, no action is taken Handling security is an additional consideration when creating pluggable applications. Clients should check if files are authentic whenever they download any code, which will be run on the client. This can be achieved using SSL and Certificate Authorities. Starkits as extensions One of the features Tcl offers is its VFS and using single file archives for staging entire archives. We've used these technologies to create our clients as single file executables. Now we'll reuse similar mechanisms to create modules for our application. All modules will simply be a Starkit VFS—this will allow embedding all types of files, creating complex scripts, and easily manage whatever a module contains. Our modules will have their MD5 checksum calculated, similar to the automatic update feature. This will allow the application to easily check whether a module needs to be updated or not. In order to deliver modules to a client, the server will allow downloading modules, similar to retrieving binaries for automatic update. Building modules Our modules will be built similar to how binaries were built, with a minor exception. Modules will have their MD5 checksum stored as the first 32 bytes of the file; this does not cause problems for MK4 VFS package and allows easy checking of whether a package is up to date or not. The source code for each module will be stored in the mod-<modulename> directories. For the purpose of this implementation, clients will source the load.tcl script when loading the package and will source the unload.tcl script when unloading it. It will be up to the module to initialize and finalize itself properly. The directory and file structure in the following screenshot show how files for modules are laid out. It is based on previous example and only the mod-comm and mod-helloworld directories are new. We'll need to modify the build.tcl script and the add code responsible for building of modules. We can do this after the initial binaries have been built. First let's create the modules directory: file mkdir modules Then we'll iterate over each module to build and create name of the target file: foreach module {helloworld comm} { set modfile [file join modules $module.kit] W e'll start off by creating a 32 byte file: set fh [open $modfile w]fconfigure $fh -translation binaryputs -nonewline $fh [string repeat " " 32]close $fh Next we'll create the VFS, copy the source code of the module, and unmount it: vfs::mk4::Mount $modfile $modfile docopy mod-$module $modfile vfs::unmount $modfile Now, calculate the MD5 checksum of the newly created module: set md5 [md5::md5 -hex -file $modfile] And set the first 32 bytes to the checksum: set fh [open $modfile r+] fconfigure $fh -translation binary seek $fh 0 start puts -nonewline $fh $md5 close $fh } We'll create two modules—helloworld and comm. The first one will simply log "Hello world!" every 30 seconds. The second one will set up a comm interface that can be used for testing and debugging purposes. Let's start with creating the mod-helloworld/load.tcl script which will be responsible for initializing the helloworld module: csa::log::info "Loading helloworld module"namespace eval helloworld {}proc helloworld::hello {} { csa::log::info "Hello world!" after cancel helloworld::hello after 30000 helloworld::hello}helloworld::hello Our module will log the information that it has been loaded ,and write out hello world to the log. The helloworld::hello command also schedules itself to be run every 30 seconds. The mod-helloworld/unload.tcl script that cleans up the module looks like this: csa::log::info "Unloading helloworld module"after cancel helloworld::hellonamespace delete helloworld This will log information about the unloading of a module, cancel the next invocation of the helloworld::hello command, and remove the entire helloworld namespace. Implementing the comm module is also simple. The mod-comm/load.tcl script is as follows: csa::log::info "Loading comm module"package require commcomm::comm configure -port 1992 -listen 1 -local 1 This script simply loads the comm package, sets it up to listen on port 1992, and only accepts connections on the local interface. Unloading the package (in mod-comm/load.tcl) will configure the comm interface not to listen for incoming connections: csa::log::info "Unloading comm module"comm::comm configure -listen 0 As the comm package cannot be simply unloaded, the best solution is for load.tcl to configure it to listen for connections and unload.tcl to disable listening. Server side The server side of extensibility needs to perform several activities. First of all we need to track which clients should be using which modules. The second function is providing clients with modules to download. The third functionality is telling clients which modules they need to fetch from the server, and which ones that they need to load or unload from the environment. Let's start off with adding initialization of the modules directory to our server. We need to add it to src-server/main.tcl: set csa::binariesdirectory [file join [pwd] binaries]set csa::modulesdirectory [file join [pwd] modules]set csa::datadirectory [file join [pwd] data] We'll also need to load an additional script for handling this functionality: csa::log::debug "Sourcing remaining files"source [file join $starkit::topdir commapi.tcl]source [file join $starkit::topdir database.tcl]source [file join $starkit::topdir clientrequest.tcl]source [file join $starkit::topdir autoupdate.tcl]source [file join $starkit::topdir clientmodules.tcl] Next we'll also need to modify src-server/database.tcl to add support for storing the modules list. We'll need to add a new table definition to script that creates all tables: CREATE TABLE clientmodules ( client CHAR(36) NOT NULL, module VARCHAR(255) NOT NULL ); In order to work on the data we'll also need commands to add or remove a module for a specified client: proc csa::setClientModule {client module enabled} { if {[llength [db eval {SELECT guid FROM clients WHERE guid=$client AND status=1}]] == 0} { return false } db eval {DELETE FROM clientmodules WHERE client=$client AND module=$module} if {$enabled} { db eval {INSERT INTO clientmodules (client, module) VALUES($client, $module)} } return true} Our command starts off by checking if a client exists and returns immediately if it does not. In the next step, we delete any existing entries and insert a new row if we've been asked to enable a particular module for a specified client. We'll also need to be able to list modules associated with a particular client, which means executing a simple SQL query to list modules: proc csa::getClientModules {client} { return [lsort [db eval {SELECT module FROM clientmodules WHERE client=$client}]]} Then we'll need to create the clientmodules.tcl file that will have functionality related to handling modules, and providing them to clients. The first thing required is a function to read MD5 checksums from modules. We'll first check if the file exists and return an empty string if it does not, otherwise we'll read and return the first 32 bytes of the file: proc csa::getModuleMD5 {name} { variable modulesdirectory set filename [file join $modulesdirectory $name] if {![file exists $filename]} { return "" } set fh [open $filename r] fconfigure $fh -translation binary set md5 [read $fh 32] close $fh return $md5} Next we'll create a function that takes a client identifier, queries the database for modules for that client and returns a list of module-md5sum pairs, which can be treated as a dictionary – where the key is the module name and the value is its md5 checksum. proc csa::getClientModulesMD5 {client} { set rc [list] foreach module [getClientModules $client] { lappend rc $module [getModuleMD5 $module] } return $rc} Another function will handle requests for a particular module. Similar to how it is implemented for automatic updates, we'll provide files only from a single directory and handle cases where a file does not exist, and register a prefix for the requests in TclHttpd: proc csa::handleClientModule {sock suffix} { variable modulesdirectory set filename [file join $modulesdirectory [file tail $suffix]] log::debug "handleClientModule: File name: $filename" if {[file exists $filename]} { Httpd_ReturnFile $sock application/octet-stream $filename } else { log::warn "handleClientModule: $filename not found" Httpd_Error $sock 404 }}Url_PrefixInstall /client/module csa::handleClientModule For communication with the clients, we'll reuse the protocol for requesting jobs. We also need a function that given a client identifier, request dictionary, and name of the response variable will provide information to the client. It will also return whether a client should be provided with a list of jobs or not. If a client will need to download new or updated modules first, we do not need to provide a list of jobs as the client will need to have updated modules first. Let's start by making sure that both the modules available on the client and the list of loaded modules has been sent to the client: proc csa::csaHandleClientModules {guid req responsevar} { upvar 1 $responsevar response set ok true if {[dict exists $req availableModules] && [dict exists $req loadedModules]} { Then we copy the values to local variables for convenience, and get a list of modules that a client should have along with their MD5 checksums. set rAvailable [dict get $req availableModules] set rLoaded [dict get $req loadedModules] set lAvailable [getClientModulesMD5 $guid] We'll also create a list of actions we want to pass back to the client— the list of modules it needs to download and the list of modules to load and unload. By default, all lists are empty and we'll add items only if we detect that the client should perform actions: set downloadList [list] set loadList [list] set unloadList [list] As the first step, we'll iterate over the modules that the client should have and check if it has them—if the client either does not have a module or its checksum differs, we'll tell the client to download it. foreach {module md5} $lAvailable { if {(![dict exists $rAvailable $module]) || ([dict get $rAvailable $module] != $md5)} { lappend downloadList $module } After this we check if the client has already loaded this module. If not, we'll tell him to load the module. if {[lsearch -exact $rLoaded $module] < 0} { lappend loadList $module } } We'll also iterate over the modules that the client currently has loaded and if any of them should not be loaded according to our list, we'll tell the client to unload it. foreach module $rLoaded { if {![dict exists $lAvailable $module]} { lappend unloadList $module } } Once we've conducted our comparison, we tell the agent what should be done. If he needs to download any modules, we only return this information and return that there is no point in providing the list of jobs to perform: if {[llength $downloadList] > 0} { dict set response moduleDownload $downloadList set ok false } else { Otherwise if all modules on the client are updated, we provide a list of modules to load or unload if this is needed. if {[llength $loadList] > 0} { dict set response moduleLoad $loadList } if {[llength $unloadList] > 0} { dict set response moduleUnload $unloadList } } Finally, we return whether or not we should provide the client with a list of jobs to perform or not: } return $ok} Now we'll need to modify the csa::handleClientProtocol command in the src-server/clientrequest.tcl file to invoke our newly created csa::csaHandleClientModules command: if {[csaHandleClientModules $guid $req response]} { # only specify jobs if client # has all the modules if {[dict exists $req joblimit]} { set joblimit [dict get $req joblimit] } else { set joblimit 10 } dict set response jobs [getJobs $guid $joblimit] log::debug "handleClientProtocol: Jobs: [llength [dict get $response jobs]]"} This will cause jobs to be added only if the csaHandleClientModules command returned true. We can also modify the csa::apihandle command in the src-server/commapi.tcl file to allow adding or removing a module from a client. The following needs to be added inside the main switch responsible for handling commands: switch -- $cmd { addClientModule { lassign $command cmd client module return [setClientModule $client $module 1] } removeClientModule { lassign $command cmd client module return [setClientModule $client $module 0] } These commands simply invoke the csa::setClientModule command created earlier.

0
0
10618

article-image-whats-new-ubuntu-910-karmic-koala

Packt

19 Nov 2009

5 min read

What's New In Ubuntu 9.10 "Karmic Koala"

Packt

19 Nov 2009

5 min read

Upstart The first new technology that I would like to outline is called Upstart. I thought it was fitting to outline this feature first because it is integral within the boot process. Without the improvements in Upstart, Ubuntu would not be able to boot as fast as it currently does. Upstart has been used, incrementally, in Ubuntu since version 6.10 but with Ubuntu 9.10 it has made the transition complete. Without going into too much detail, Upstart was designed to replace the aging System-V init system that is commonly found on Linux distributions. The idea behind Upstart is that modern systems are more dynamic and event-driven, as opposed to static and pre-defined, and the boot process should make use of that. With the previous system, System-V, each service that is started at boot-time was defined an ordered number in which to start. This has worked well enough for many years, but it can cause problems for maintainers as they have to make sure that the boot order of services is globally compatible. For example, networking needs to be enabled before network services are enabled. If these (as a simple example) get out of order, services will not be available as expected after the machine has booted. Upstart takes the simple idea that certain services rely on other services and redefines them into event-driven tasks. It is very exciting news that Ubuntu has finally completed the transition to Upstart after so many releases. This is a big step toward improving bootup performance on Ubuntu 9.10. You can read much more about Upstart at http://upstart.ubuntu.com. XSplash Ubuntu has also made another big change to the boot process with XSplash. XSplash is replacing the previous USplash, which was known to cause issues. I have noticed that XSplash seems faster, as well as addressing the compatibility issues caused by its predecessor. I think you'll also enjoy the new bootup graphic. This is another step towards Ubuntus goal of a ten-second boot process by Ubuntu 10.04, which is due out in April of 2010. While both Upstart and XSplash contribute to improved boot performance all other changes should be transparent to the end-user. All other boot related services should perform as expected, with no migration or customization on the user's part. Linux Kernel: 2.6.31 Ubuntu 9.10 "Karmic Koala" has also upgraded the Linux Kernel to version 2.6.31. This version ships with Kernel Mode Settings enabled for Intel graphics cards as well as some impressive security features. Kernel mode-setting (KMS) shifts responsibility for selecting and setting up the graphics mode from the X window system to the Linux Kernel itself. When X is started, it then detects and uses the mode without any further mode changes. This promises to make booting faster, improves graphical performance and reduces screen flickering. In regards to security features, Ubuntu 9.10 enables non-exec memory in this latest version of the Linux Kernel. What does this mean? Most modern CPUs protect against executing non-executable memory regions such as heap or stacks, but require that the Linux Kernel use "PAE" addressing. This is known either as Non-eXecute (NX) or eXecute-Disable (XD). This is the default for 64bit and generic-pae kernels and this protection reduces the areas an attacker can use to perform arbitrary code execution. The protection is now partially emulated on 32-bit kernels without PAE starting in Ubuntu 9.10. In addition, Ubuntu 9.10 has also made it possible to disable the loading of any additional kernel modules once the system is running. This adds yet another layer of protections against attackers loading kernel rootkits. This feature can be enabled by setting the value of /proc/sys/kernel/modules_disabled to 1. With these security and performance additions in the 2.6.31 version of the Linux Kernel, Ubuntu promises to become a better contender on both the Desktop and the Server environments! EXT4 Filesystem The previous version of Ubuntu, version 9.04, offered the ext4 filesystem as an option, but not as a default. After six-months of testing and stabilization I am also happy to announce that ext4 will be enabled by default in Ubuntu 9.10. I have been very happy with the ext4 filesystem. I have seen impressive speed improvements over ext3, and now use ext4 on each of my systems that supports it. Again, another impressive step toward a faster and more performance-driven Ubuntu experience. AppArmor The AppArmor system in Ubuntu 9.10 features an improved parser engine that uses cache files. This greatly improves the time taken to initialize AppArmor at boot time. AppArmor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if not. If you're not familiar with AppArmor, it is a Mandatory Access Control application originally designed at Novell. It is now primarily community-driven, but has been the default in Ubuntu for a few releases. It continues to mature, and security profiles are pre-defined and applicable for many common applications. To find out more about AppArmor you can read the Ubuntu community documentation on using it at: https://help.ubuntu.com/community/AppArmor

0
0
10608

Packt

11 Aug 2015

17 min read

Ext JS 5 – an Introduction

Packt

11 Aug 2015

17 min read

In this article by Carlos A. Méndez, the author of the book Learning Ext JS - Fourth Edition, we will see some of the important features in Ext JS. When learning a new technology such as Ext JS, some developers face a hard time to begin with, so this article will cover up certain important points that have been included in the recent version of Ext JS. We will be referencing certain online documentations, blogs and forums looking for answers, trying to figure out how the library and all the components work together. Even though there are tutorials in the official learning center, it would be great to have a guide to learn the library from the basics to a more advanced level. Ext JS is a state-of-the-art framework to create Rich Internet Applications (RIAs). The framework allows us to create cross-browser applications with a powerful set of components and widgets. The idea behind the framework is to create user-friendly applications in rapid development cycles, facilitate teamwork (MVC or MVVM), and also have a long-term maintainability. Ext JS is not just a library of widgets anymore; the brand new version is a framework full of new exciting features for us to play with. Some of these features are the new class system, the loader, the new application package, which defines a standard way to code our applications, and much more awesome stuff. The company behind the Ext JS library is Sencha Inc. They work on great products that are based on web standards. Some of the most famous products that Sencha also have are Sencha Touch and Sencha Architect. In this article, we will cover some of the basic concepts of the framework of version 5 and take a look at some of the new features in Ext JS 5. (For more resources related to this topic, see here.) Considering Ext JS for your next project Ext JS is a great library to create RIAs that require a lot of interactivity with the user. If you need complex components to manage your information, then Ext is your best option because it contains a lot of widgets such as the grid, forms, trees, panels, and a great data package and class system. Ext JS is best suited for enterprise or intranet applications; it's a great tool to develop an entire CRM or ERP software solution. One of the more appealing examples is the Desktop sample (http://dev.sencha.com/ext/5.1.0/examples/desktop/index.html). It really looks and feels like a native application running in the browser. In some cases, this is an advantage because the users already know how to interact with the components and we can improve the user experience. Ext JS 5 came out with a great tool to create themes and templates in a very simple way. The framework for creating themes is built on top of Compass and Sass, so we can modify some variables and properties and in a few minutes we can have a custom template for our Ext JS applications. If we want something more complex or unique, we can modify the original template to suit our needs. This might be more time-consuming depending on our experience with Compass and Sass. Compass and Sass are extensions for CSS. We can use expressions, conditions, variables, mixins, and many more awesome things to generate well-formatted CSS. You can learn more about Compass on their website at http://compass-style.org/. The new class system allows us to define classes incredibly easily. We can develop our application using the object-oriented programming paradigm and take advantage of the single and multiple inheritances. This is a great advantage because we can implement any of the available patterns such as MVC, MVVM, Observable, or any other. This will allow us to have a good code structure, which leads us to have easy access for maintenance. Another thing to keep in mind is the growing community around the library; there are lot of people around the world that are working with Ext JS right now. You can even join the meeting groups that have local reunions frequently to share knowledge and experiences; I recommend you to look for a group in your city or create one. The new loader system is a great way to load our modules or classes on demand. We can load only the modules and applications that the user needs just in time. This functionality allows us to bootstrap our application faster by loading only the minimal code for our application to work. One more thing to keep in mind is the ability to prepare our code for deployment. We can compress and obfuscate our code for a production environment using the Sencha Command, a tool that we can run on our terminal to automatically analyze all the dependencies of our code and create packages. Documentation is very important and Ext JS has great documentation, which is very descriptive with a lot of examples, videos, and sample code so that we can see it in action right on the documentation pages, and we can also read the comments from the community. What's new in Ext JS 5 Ext JS 5 introduces a great number of new features, and we'll briefly cover a few of the significant additions in version 5 as follows: Tablet support and new themes: This has introduced the ability to create apps compatible with touch-screen devices (touch-screen laptops, PCs, and tablets). The Crisp theme is introduced and is based on the Neptune theme. Also, there are new themes for tablet support, which are Neptune touch and Crisp touch. New application architecture – MVVM: Adding a new alternative to MVC Sencha called MVVM (which stands for Model-View-ViewModel), this new architecture has data binding and two-way data binding, allowing us to decrease much of the extra code that some of us were doing in past versions. This new architecture introduces: Data binding View controllers View models Routing: Routing provides deep linking of application functionality and allows us to perform certain actions or methods in our application by translating the URL. This gives us the ability to control the application state, which means that we can go to a specific part or a direct link to our application. Also, it can handle multiple actions in the URL. Responsive configurations: Now we have the ability to set the responsiveConfig property (new property) to some components, which will be a configuration object that represents conditions and criteria on which the configurations set will be applied, if the rule meets these configurations. As an example: responsiveConfig: { 'width > 800': { region: 'west' }, 'width <= 800':{ region: 'north' } } Data package improvements: Some good changes came in version 5 relating to data handling and data manipulation. These changes allowed developers an easier journey in their projects, and some of the new things are: Common Data (the Ext JS Data class, Ext.Data, is now part of the core package) Many-to-many associations Chained stores Custom field types Event system: The event logic was changed, and is now a single listener attached at the very top of the DOM hierarchy. So this means when a DOM element fires an event, it bubbles to the top of the hierarchy before it's handled. So Ext JS intercepts this and checks the relevant listeners you added to the component or store. This reduces the number of interactions on the DOM and also gives us the ability to enable gestures. Sencha Charts: Charts can work on both Ext JS and Sencha Touch, and have enhanced performance on tablet devices. Legacy Ext JS 4 charts were converted into a separate package to minimize the conversion/upgrade. In version 5, charts have new features such as: Candlestick and OHLC series Pan, zoom, and crosshair interactions Floating axes Multiple axes SVG and HTML Canvas support Better performance Greater customization Chart themes Tab Panels: Tab panels have more options to control configurations such as icon alignment and text rotation. Thanks to new flexible Sass mixins, we can easily control presentation options. Grids: This component, which has been present since version 2x, is one of the most popular components, and we may call it one of the cornerstones of this framework. In version 5, it got some awesome new features: Components in Cells Buffered updates Cell updaters Grid filters (The popular "UX" (user extension) has been rewritten and integrated into the framework. Also filters can be saved in the component state.) Rendering optimizations Widgets: This is a lightweight component, which is a middle ground between Ext.Component and the Cell renderer. Breadcrumb bars: This new component displays the data of a store (a specific data store for the tree component) in a toolbar form. This new control can be a space saver on small screens or tablets. Form package improvements: Ext JS 5 introduces some new controls and significant changes on others: Tagfield: This is a new control to select multiple values. Segmented buttons: These are buttons with presentation such as multiple selection on mobile interfaces. Goodbye to TriggerField: In version 5, TriggerField is deprecated and now the way to create triggers is by using the Text field and implementing the triggers on the TextField configuration. (TriggerField in version 4 is a text field with a configured button(s) on the right side.) Field and Form layouts: Layouts were refactored using HTML and CSS, so there is improvement as the performance is now better. New SASS Mixins (http://sass-lang.com/): Several components that were not able to be custom-themed now have the ability to be styled in multiple ways in a single theme or application. These components are: Ext.menu.Menu Ext.form.Labelable Ext.form.FieldSet Ext.form.CheckboxGroup Ext.form.field.Text Ext.form.field.Spinner Ext.form.field.Display Ext.form.field.Checkbox The Sencha Core package: The core package contains code shared between Ext JS and Sencha Touch and in the future, this core will be part of the next major release of Sencha Touch. The Core includes: Class system Data Events Element Utilities Feature/environment detection Preparing for deployment So far, we have seen a few features that helps to architect a JavaScript code; but we need to prepare our application for a production environment. So initially, when an application is in the development environment, we need to make sure that Ext JS classes (also our own classes) are dynamically loaded when the application requires to use them. In this environment, it's really helpful to load each class in a separate file. This will allow us to debug the code easily, and find and fix bugs. Now, before the application is compiled, we must know the three basic parts of an application, as marked here: app.json: This file contains specific details about our application. Also, Sencha CMD processes this file first. build.xml: This file contains a minimal initial Ant script, and imports a task file located at .sencha/app/build-impl.xml. .sencha: This folder contains many files related to, and are to be used for, the build process. The app.json file As we said before, the app.json file contains the information about the settings of the application. Open the file and take a look. We can make changes to this file, such as the theme that our application is going to use. For example, we can use the following line of code: "theme": "my-custom-theme-touch", Alternatively, we can use a normal theme: "theme": "my-custom-theme", We can also use the following for using charts: "requires": [ "sencha-charts" ], This was to specify that we are going to use the charts or draw classes in our application (the chart package for Ext JS 5). Now, at the end of the file, there is an ID for the application: "id": "7833ee81-4d14-47e6-8293-0cb8120281ab" After this ID, we can add other properties. As an example, suppose the application will be generated for Central and South America. Then we need to include the locale (ES or PT), so we can add the following: ,"locales":["es"] We can also add multiple languages: ,"locales":["es","pt","en"] This will cause the compilation process to include the corresponding locale files located at ext/packages/ext-locale/build. However, this article can't cover each property in the file, so it's recommended that you take a deep look into the Sencha CMD documentation at: http://docs-origin.sencha.com/cmd/5.x/microloader.html to learn more about the app.json file. The Sencha command To create our production build, we need to use the Sencha Command. This tool will help us in our purpose. If you are running Sencha CMD on Windows 7 or Windows 8, it's recommended that you run the tool with "administrator privileges". So let's type this in our console tool: [path of my app]\sencha app build In my case (Windows OS 7; 64-bit), I typed: K:\x_extjsdev\app_test\myapp>sencha app build After the command runs, you will see something like this in your console tool: So, let's check out the build folder inside our application folder. We may have the following list of files: Notice that the build process has created these: resources: This file will contain a copy of our resources folder, plus one or more CSS files starting with myApp-all app.js: This file contains all of the necessary JS (Ext JS core classes, components, and our custom application classes) app.json: This is a small manifest file compressed index.html: This file is similar to our index file in development mode, except for the line: <script id="microloader" type="text/javascript" src="bootstrap.js"></script> This was replaced by some compressed JavaScript code, which will act in a similar way to the micro loader. Notice that the serverside folder, where we use some JSON files (other cases can be PHP, ASP, and so on), does not exist in the production folder. Well, the reason is that that folder is not part of what Sencha CMD and build files consider. Normally, many developers will say, "Hey, let's copy the folder and let's move on." However, the good news is that we can include that folder with an Apache Ant task Customizing the build.xml file We can add custom code (Apache Ant style) to perform new tasks and things we need in order to make our application build even better. Let's open the build.xml file. You will see something like this: <?xml version="1.0" encoding="utf-8"?> <project name="myApp" default=".help">  <import file="${basedir}/.sencha/app/build-impl.xml"/>  </project> So, let's place the following code before </project>: <target name="-after-build" depends="init"> <copy todir="${build.out.base.path}/serverside" overwrite="false"> <fileset dir="${app.dir}/serverside" includes="**/*"/> </copy> </target> </project> This new code inside the build.xml file establishes that after making the whole building process, if there is no error during the Init process then it will copy the (${app.dir}/ serverside) folder to the (${build.out.base.path}/serverside) output path. So now, let's type the command for building the application again: sencha app build –c In this case, we added -c to first clean the build/production folder and create a new set of files. After the process completes, take a look at the folder contents, and you will see this: Notice that now the serverside folder has been copied to the production build folder, thanks to the custom code we placed in build.xml file. Compressing the code After building our application, let's open the app.js file. We may see something like what is shown here: By default, the build process uses the YUI compressor to compact the JS code (http://yui.github.io/yuicompressor/). Inside the .sencha folder, there are many files, and depending on the type of build we are creating, there are some files such as the base file, where the properties are defined in defaults.properties. This file must not be changed whatsoever; for that, we have other files that can override the values defined in this file. As an example for the production build, we have the following files: production.defaults.properties: This file will contain some properties/variables that will be used for the production build. production.properties: This file has only comments. The idea behind this file is that developers place the variables they want in order to customize the production build. By default, in the production.defaults.properties file, you will see something like the following code: # Comments ...... # more comments...... build.options.logger=no build.options.debug=false # enable the full class system optimizer app.output.js.optimize=true build.optimize=${build.optimize.enable} enable.cache.manifest=true enable.resource.compression=true build.embedded.microloader.compressor=-closure Now, as an example of compression, let's make a change and place some variables inside the production.properties file. The code we will place here will override the properties set in defaults.properties and production.defaults.properties. So, let's write the following code after the comments: build.embedded.microloader.compressor=-closure build.compression.yui=0 build.compression.closure=1 build.compression=-closure With this code, we are setting up the build process to use closure as the JavaScript compressor and also for the micro loader. Now save the file and use the Sencha CMD tool once again: sencha app build Wait for the process to end and take a look at app.js. You can notice that the code is quite different. This is because the code compiler (closure) was the one that made the compression. Run the app and you will notice no change in the behavior and use of the application. As we have used the production.properties file in this example, notice that in the .sencha folder, we have some other files for different environments, such as: Environment File (or files) Testing testing.defaults.properties and testing.properties Development development.defaults.properties and development.properties Production production.defaults.properties and production.properties It's not recommended that you change the *.default.properties file. That's the reason of the *.properties file, so that you can set your own variables, and doing this will override the settings on default file. Packaging and deploying Finally, after we have built our application, we have our production build/package ready to be deployed. We will have the following structure in our folder: Now we have all the files required to make our application work on a public server. We don't need to upload anything from the Ext JS folder because we have all that we need in app.js (all of the Ext JS code and our code). Also, the resources file contains the images, CSS (the theme used in the app), and of course our serverside folder. So now, we need to upload all of the content to the server: And we are ready to test the production in a public server. Summary In this article, you learned the reasons that will make us to consider using Ext JS 5 for developing projects. We briefly mentioned some of the significant additional features in version 5 that are instrumental in developing applications. Later, we talked about compiling and preparing an application for a production environment. Using Sencha CMD and also configuring JSON or XML files to build a project can sometimes be an overwhelming situation, but don't panic! Check out the documentation of Sencha and Apache. Do remember that there's no reason to be afraid of testing and playing with the configurations. It's all part of learning and knowing how to use Sencha Ext JS. Resources for Article: Further resources on this subject: The Login Page using Ext JS [Article] So, what is Ext JS? [Article] AngularJS Performance [Article]

0
0
9996

article-image-installing-openvpn-linux-and-unix-systems-part-1

Packt

31 Dec 2009

10 min read

Installing OpenVPN on Linux and Unix Systems: Part 1

Packt

31 Dec 2009

10 min read

0
0
9773

article-image-automating-your-system-administration-and-deployment-tasks-over-ssh

Packt

20 Mar 2014

7 min read

Automating Your System Administration and Deployment Tasks Over SSH

Packt

20 Mar 2014

7 min read

(For more resources related to this topic, see here.) Executing a remote shell command using telnet If you need to connect an old network switch or router via telnet, you can do so from a Python script instead of using a bash script or an interactive shell. This recipe will create a simple telnet session. It will show you how to execute shell commands to the remote host. Getting ready You need to install the telnet server on your machine and ensure that it's up and running. You can use a package manager that is specific to your operating system to install the telnet server package. For example, on Debian/Ubuntu, you can use apt-get or aptitude to install the telnetd package, as shown in the following command: $ sudo apt-get install telnetd $ telnet localhost How to do it... Let us define a function that will take a user's login credentials from the command prompt and connect to a telnet server. Upon successful connection, it will send the Unix 'ls' command. Then, it will display the output of the command, for example, listing the contents of a directory. Listing 7.1 shows the code for a telnet session that executes a Unix command remotely as follows: #!/usr/bin/env python # Python Network Programming Cookbook -- Chapter - 7 # This program is optimized for Python 2.7. # It may run on any other version with/without modifications. import getpass import sys import telnetlib def run_telnet_session(): host = raw_input("Enter remote hostname e.g. localhost:") user = raw_input("Enter your remote account: ") password = getpass.getpass() session = telnetlib.Telnet(host) session.read_until("login: ") session.write(user + "n") if password: session.read_until("Password: ") session.write(password + "n") session.write("lsn") session.write("exitn") print session.read_all() if __name__ == '__main__': run_telnet_session() If you run a telnet server on your local machine and run this code, it will ask you for your remote user account and password. The following output shows a telnet session executed on a Debian machine: $ python 7_1_execute_remote_telnet_cmd.py Enter remote hostname e.g. localhost: localhost Enter your remote account: faruq Password: ls exit Last login: Mon Aug 12 10:37:10 BST 2013 from localhost on pts/9 Linux debian6 2.6.32-5-686 #1 SMP Mon Feb 25 01:04:36 UTC 2013 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. You have new mail. faruq@debian6:~$ ls down Pictures Videos Downloads projects yEd Dropbox Public env readme.txt faruq@debian6:~$ exit logout How it works... This recipe relies on Python's built-in telnetlib networking library to create a telnet session. The run_telnet_session() function takes the username and password from the command prompt. The getpass module's getpass() function is used to get the password as this function won't let you see what is typed on the screen. In order to create a telnet session, you need to instantiate a Telnet() class, which takes a hostname parameter to initialize. In this case, localhost is used as the hostname. You can use the argparse module to pass a hostname to this script. The telnet session's remote output can be captured with the read_until() method. In the first case, the login prompt is detected using this method. Then, the username with a new line feed is sent to the remote machine by the write() method (in this case, the same machine accessed as if it's remote). Similarly, the password was supplied to the remote host. Then, the ls command is sent to be executed. Finally, to disconnect from the remote host, the exit command is sent, and all session data received from the remote host is printed on screen using the read_all() method. Copying a file to a remote machine by SFTP If you want to upload or copy a file from your local machine to a remote machine securely, you can do so via Secure File Transfer Protocol (SFTP). Getting ready This recipe uses a powerful third-party networking library, Paramiko, to show you an example of file copying by SFTP, as shown in the following command. You can grab the latest code of Paramiko from GitHub (https://github.com/paramiko/paramiko) or PyPI: $ pip install paramiko How to do it... This recipe takes a few command-line inputs: the remote hostname, server port, source filename, and destination filename. For the sake of simplicity, we can use default or hard-coded values for these input parameters. In order to connect to the remote host, we need the username and password, which can be obtained from the user from the command line. Listing 7.2 explains how to copy a file remotely by SFTP, as shown in the following code: #!/usr/bin/env python # Python Network Programming Cookbook -- Chapter - 7 # This program is optimized for Python 2.7. # It may run on any other version with/without modifications. import argparse import paramiko import getpass SOURCE = '7_2_copy_remote_file_over_sftp.py' DESTINATION ='/tmp/7_2_copy_remote_file_over_sftp.py ' def copy_file(hostname, port, username, password, src, dst): client = paramiko.SSHClient() client.load_system_host_keys() print " Connecting to %s n with username=%s... n" %(hostname,username) t = paramiko.Transport((hostname, port)) t.connect(username=username,password=password) sftp = paramiko.SFTPClient.from_transport(t) print "Copying file: %s to path: %s" %(SOURCE, DESTINATION) sftp.put(src, dst) sftp.close() t.close() if __name__ == '__main__': parser = argparse.ArgumentParser(description='Remote file copy') parser.add_argument('--host', action="store", dest="host", default='localhost') parser.add_argument('--port', action="store", dest="port", default=22, type=int) parser.add_argument('--src', action="store", dest="src", default=SOURCE) parser.add_argument('--dst', action="store", dest="dst", default=DESTINATION) given_args = parser.parse_args() hostname, port = given_args.host, given_args.port src, dst = given_args.src, given_args.dst username = raw_input("Enter the username:") password = getpass.getpass("Enter password for %s: " %username) copy_file(hostname, port, username, password, src, dst) If you run this script, you will see an output similar to the following: $ python 7_2_copy_remote_file_over_sftp.py Enter the username:faruq Enter password for faruq: Connecting to localhost with username=faruq... Copying file: 7_2_copy_remote_file_over_sftp.py to path: /tmp/7_2_copy_remote_file_over_sftp.py How it works... This recipe can take the various inputs for connecting to a remote machine and copying a file over SFTP. This recipe passes the command-line input to the copy_file() function. It then creates a SSH client calling the SSHClient class of paramiko. The client needs to load the system host keys. It then connects to the remote system, thus creating an instance of the transport class. The actual SFTP connection object, sftp, is created by calling the SFTPClient.from_transport() function of paramiko. This takes the transport instance as an input. After the SFTP connection is ready, the local file is copied over this connection to the remote host using the put() method. Finally, it's a good idea to clean up the SFTP connection and underlying objects by calling the close() method separately on each object.

0
0
9687

article-image-connecting-backend-servers-should-know

Packt

27 May 2013

5 min read

Connecting to backend servers (Should know)

Packt

27 May 2013

5 min read

(For more resources related to this topic, see here.) Getting ready If you have a server architecture diagram, that's a good place to start listing all the required servers and grouping them, but you'll also need some technical data about those servers. You may find this information in a server monitoring diagram, where you will find the IP addresses, ports, and luckily a probing URL for health checks. In our case, the main VCL configuration file default.vcl is located at /etc/varnish and defines the configuration that the Varnish Cache will use during the life cycle of the request, including the backend servers list. How to do it... Open the default vcl file by using the following command: # sudo vim /etc/varnish/default.vcl A simple backend declaration would be: backend server01 {.host = "localhost";.port = "8080";} This small block of code indicates the name of the backend (server01), and also the hostname or IP, and which port to connect to. Save the file and reload the configuration using the following command: # sudo service varnish reload At this point, Varnish will proxy every request to the first declared backend using its default VCL file. Give it a try and access a known URL (like the index of your website) through the Varnish Cache and make sure that the content is delivered as it would be without Varnish. For testing purposes, this is an okay backend declaration, but we need to make sure that our backend servers are up and waiting for requests before we really start to direct web traffic to them. Let's include a probing request to our backend: backend website {.host = "localhost";.port = "8080";.probe = {.url = "/favicon.ico";.timeout = 60ms;.interval = 2s;.window = 5;.threshold = 3;}} Varnish will now probe the backend server using the provided URL with a timeout of 60 ms, every couple of seconds. To determine if a backend is healthy, it will analyze the last five probes. If three of them result in 200 – OK, the backend is marked as Healthy and the requests are forwarded to this backend; if not, the backend is marked as Sick and will not receive any incoming requests until it's Healthy again. Probe the backend servers that require additional information: In case your backend server requires extra headers or has an HTTP basic authentication, you can change the probing from URL to Request and specify a raw HTTP request. When using the Request probe, you'll always need to provide a Connection: close header or it will not work. This is shown in the following code snippet: backend api {.host = "localhost";.port = "8080";.probe = {.request ="GET /status HTTP/1.1""Host: www.yourhostname.com""Connection: close""X-API-Key: e4d909c290d0fb1ca068ffaddf22cbd0""Accept: application/json".timeout = 60ms;.interval = 2s;.window = 5;.threshold = 3;}} Choose a backend server based on incoming data: After declaring your backend servers, you can start directing the clients' requests. The most common way to choose which backend server will respond to a request is according to the incoming URL, as shown in the following code snippet: vcl_recv {if ( req.url ~ "/api/") {set req.backend = api;} else {Set req.backend = website;}} Based on the preceding configuration, all requests that contain /api/ (www.yourdomain.com/api/) in the URL will be sent to the backend named api and the others will reach the backend named website. You can also pick the correct backend server, based on User-agent header, Client IP (geo-based), and pretty much every information that comes with the request. How it works... By probing your backend servers, you can automate the removal of a sick backend from your cluster, and by doing so, you avoid delivering a broken page to your customer. As soon as your backend starts to behave normally, Varnish will add it back to the cluster pool. Directing requests to the appropriate backend server is a great way to make sure that every request reaches its destination, and gives you the flexibility to provide content based on the incoming data, such as a mobile device or an API request. There's more... If you have lots of servers to be declared as backend, you can declare probes as a separated configuration block and make reference to that block later at the backend specifications, avoiding repetition and improving the code's readability. probe favicon {.url = "/favicon.ico";.timeout = 60ms;.interval = 2s;.window = 5;.threshold = 3;}probe robots {.url = "/robots.txt";.timeout = 60ms;.interval = 2s;.window = 5;.threshold = 3;}backend server01 {.host = "localhost";.port = "8080";.probe = favicon;}backend server02 {.host = "localhost";.port = "8080";.probe = robots;} The server01 server will use the probe named favicon, and the server02 server will use the probe named robots. Summary This article explained how to connect to backend servers. Resources for Article : Further resources on this subject: Security in Plone Sites [Article] Professional Plone Development: Foreword by Alexander Limi [Article] Microsoft SQL Server 2008 High Availability: Understanding Domains, Users, and Security [Article]

0
0
9433

article-image-networking-tcl-using-udp-sockets

Packt

29 Jun 2010

10 min read

Networking in Tcl: Using UDP Sockets

Packt

29 Jun 2010

10 min read

(For more resources on Tcl, see here.) TCP support is built in to the core of the Tcl interpreter. To be able to use the UDP protocol, you have to use an external package. The default choice is usually the TclUDP extension, which is available from http://sourceforge.net/projects/tcludp/ (it also comes as a part of ActiveTcl bundle; if you don't have it, install it with teacup install udp). In contrast to TCP, which is a connection-oriented protocol, UDP is connection-less. This means that every data package (datagram) travels from one peer to another on its own, without a return acknowledgement or retransmission in the case of lost packets. What is more, one of the peers may send packages that are never received (for example if the second peer is not listening at the moment), and there is no feedback information that something is going wrong. This implies a difference in the design for handling the transmission, which will be illustrated in the following example. Creating a UDP-based client Lets consider a simple 'time server', where the server sends the current time to any client application that subscribes for such notifications, of course using UDP connectivity. The format of each datagram will be rather simple: it will contain only the current time expressed in seconds. First let's have a look on client code: package require udpset s [udp_open]fconfigure $s -buffering nonefconfigure $s -remote [list 127.0.0.1 9876]puts -nonewline $s "subscribe"proc readTime {channel} { puts "Time from server: [read $channel]"}fileevent $s readable [list readTime $s]vwait foreverclose $s As you have probably figured out, the first line loads the TclUDP extension. The next line creates a UDP socket, using the udp_open command, and stores its reference in the s variable. The UDP protocol uses ports in the same way as TCP. If we executed udp_open 1234, the port value 1234 would be specified, but if omitted, the operating system would assign a random port. Note that if you specify a port that is already being used by any other program, an error will be generated. Next, we set the buffering mode to none, meaning that the output buffer will be automatically flushed after every output operation. We will discuss buffering issues more deeply later in this example. The newly created UDP socket is not connected to anything, as the UDP is connection-less. Such a socket is able to receive packets as they arrive at any time from any source, without establishing a data connection of any type. To have datagrams be sent to a specific destination, you should use the fconfigure command with a new option (introduced by TclUDP) –remote, along with a two-item list containing the target address and port: fconfigure $s -remote [list 127.0.0.1 9876]. In this example the server will be executed on local host (so you are able to run it even if you are not part of a network). Note that you can call this command any time you wish, causing successive datagrams to be sent to different peers. Now it is time to send a message to the server – in this case simply a string containing 'subscribe'. If –nonewline is omitted, puts would generate 2 datagrams (the second one containing the newline character) – it is likely that the puts implementation will write data twice to the buffer (the message, and then the new line character), and as the buffering is set to none, it is flushed immediately after each write. The other solution would be to set buffering to full and call flush $s after each socket write. The handling of incoming data is implemented based on event programming. The line: fileevent $s readable [list readTime $s] defines that every time the socket has some data to read (is readable), the command readTime with $s as an argument is called. The command itself is simple – it prints to the screen every piece of data that comes from the socket, read with the read $s command. Implementing service using UDP The code for the server is a bit more complicated, due to a need to track subscribed clients: package require udpset clients [list]proc registerClient {s} { global clients lappend clients [fconfigure $s -peer]}proc sendTime {s} { global clients foreach peer $clients { puts "sending to $peer" fconfigure $s -remote $peer puts -nonewline $s [clock seconds] } after 1000 [list sendTime $s]}set server [udp_open 9876]fconfigure $server -buffering nonefileevent $server readable [list registerClient $server]sendTime $servervwait forever The list named clients will hold an entry for each subscribed client; each entry is also a list containing IP address and port, so it suits perfectly for the fconfigure $s –remote command. The server opens a UDP socket on port 9876. We would like to avoid the word 'listens' in this context, as this socket does not differ in any way from the one used by the client. By contrast, TCP requires a special server type socket, for listening purposes. On every incoming data even, the registerClient procedure is executed. The command appends to the client's list information about the originator of the data (usually referred to as a peer) that has just arrived. This information is retrieved with fconfigure $s –peer. Although it may seem that this data is defined for the socket (represented by $s), in reality it refers to the most recent datagram received by this socket. Every one second the procedure sendTime is called. The purpose of this command is to send the current time to all subscribed clients, so it iterates over the clients list, and for each one it first configures the socket with the target address and port (fconfigure $s -remote $peer), and then sends a datagram containing the time in the form of the output from the clock seconds command. The server code is simple, it runs forever and there is no way to unsubscribe from receiving the data, but it demonstrates how to work with UDP in Tcl. The following picture shows an example of the execution of the server (timeServer.tcl)and two clients (timeClient.tcl): The first client connects from the port 4508, and the second one (started a few seconds later) from 4509. The most important observation is that UDP sockets are handled identically on both the client and server, so the name 'server' is actually contractual. It is worth mentioning that TclUDP supports multicasting and broadcasting of UDP packets. For details of how to perform this, please consult the package's manual. Sending reliable messages The UDP protocol lacks reliability, which is one of its main differences compared to TCP. Applications using UDP must either accept the fact that some of the datagrams may be lost, or implement equivalent functionality on their own. The same is true of topics like the order of incoming packets and data integrity. The implementation of such logic could be as follows in the following example that follows — the sender calculates the MD5 checksum of the data, and sends both to the receiver. The receiver calculates the checksum again and compares it to the received one – and in the case of equality, sends acknowledgment (in this example, the checksum is sent back). The sender will repeatedly attempt to send the data until the confirmation is received, or the permitted number of attempts has been reached. The sender code is as follows: package require udppackage require md5set s [udp_open]fconfigure $s -buffering nonefconfigure $s -remote [list 127.0.0.1 9876]proc randomData {length} { set result "" for {set x 0} {$x<$length} {incr x} { set result "$result[expr { int(2 * rand()) }]" } return $result}proc sendPacket {chan contents {retryCount 3}} { variable ackArray if {$retryCount < 1} { puts "packet delivery failure" return } set md5 [md5::md5 -hex $contents] # if ack received, remove ack and do not send again if {[info exists ackArray($md5)]} { puts "packet successfully delivered" unset ackArray($md5) return } puts "sending packet, # of retries: $retryCount" puts "packet content: $md5$contents" puts -nonewline $chan "$md5$contents" flush $chan # handle retries incr retryCount -1 after 1000 sendPacket [list $chan $contents $retryCount]}proc recvAckPacket {chan} { variable ackArray set md5 [read $chan] puts "received ack: $md5" set ackArray($md5) 1 }sendPacket $s [randomData 48]after 5000 sendPacket $s [randomData 48]after 10000 sendPacket $s [randomData 48]fileevent $s readable [list recvAckPacket $s]vwait forever The main logic is located in the sendPacket procedure. The last parameter is the number of retries left to deliver the data. The procedure calculates the MD5 checksum of the data to be sent (stored in contents variable) and first checks if the appropriate acknowledgment has already been received – if the array ackArray contains the entry for the checksum (that is concurrently an acknowledgment), it is removed and the datagram is considered to have been delivered. If it is not, then the checksum along with the data is sent to the receiver, and a sendPacket is scheduled to be executed again after one second, every time with retries counter decreased. If the procedure is called when the counter is equal to zero, the delivery is considered to be negative. The acknowledgments are received by the procedure recvAckPacket, which simply stores it into ackArray, allowing sendPacket to find it and react appropriately. The helper procedure randomData allows the generation of a random string of zeroes and ones of a given length. Note that this example does not cover the topic of received packets order. The receiver code: package require udppackage require md5 set server [udp_open 9876]fconfigure $server -buffering nonefileevent $server readable [list recvPacket $server]proc recvPacket {chan} { variable readPackets set data [read $chan] puts "received: $data" set md5 [string range $data 0 31] set contents [string range $data 32 end] if {$md5 != [md5::md5 -hex $contents]} { #the data are malformed puts "malformed data" return } # send an ack anyway, because original # might not have been received by other peer fconfigure $chan -remote [fconfigure $chan -peer] #simulate the ack package lost over network if {10*rand() > 7} { puts -nonewline $chan $md5 flush $chan } # check if this packet is not a duplicate if {[info exists readPackets($md5)]} { return } set readPackets($md5) [clock seconds] # handle packet here...}proc periodicCleanup {} { variable readPackets set limit [clock scan "-300 seconds"] foreach {md5 clock} [array get readPackets] { if {$clock < $limit} { unset readPackets($md5) } } after 60000 periodicCleanup}vwait forever The receiver will send back the acknowledgement each time the correct datagram is received, that is when the checksums sent (first 32 chars) and calculated locally are equal. It also stores in the readPackets array the time of arrival of each packet, which allows us to detect duplicated data and processing it only once. To make the example more vivid, about 70% of data loss is simulated by randomly not sending confirmations. The receiver also implements some simple logic for periodic clean up of the received datagrams log, to prevent it from becoming too huge and memory consumptive. The result of running the example can be as depicted: In this example, the first datagram was delivered successfully on the first attempt, the second one's delivery failed despite 3 attempts, and the last one was delivered on the second try. Summary In this article we saw how to handle the UDP communication in Tcl, with TclUDP extension as the implementation. Further resources on this subject: Tcl: Handling Email [article] Extending Applications in Tcl [article] Managing Certificates from Tcl [article]

0
0
9185

How-To Tutorials - Networking

Directory Services

Quick start – Monitoring hosts and services

WebSocket – a Handshake!

Network Monitoring Essentials

Creating a Web Server

Getting Started with a Cloud-Only Scenario

Internet of Things with Xively

Client and Server Applications

Extending Applications in Tcl

What's New In Ubuntu 9.10 "Karmic Koala"

Trending Topics

Ext JS 5 – an Introduction

Installing OpenVPN on Linux and Unix Systems: Part 1

Automating Your System Administration and Deployment Tasks Over SSH

Connecting to backend servers (Should know)

Networking in Tcl: Using UDP Sockets

Create a Free Account To Continue Reading

Sign in to activate your 7-day free access