Pragmatics – Programming Intern
Reston, VA, 6/06/2016 – 8/12/2016
Project Details:
For this internship I worked on creating a repeatable firewall setup and a badging system. The internship also featured a curriculum where I learned how to use the following tools/methodologies:
- Test Driven Development
- Jenkins
- Maven
- Eclipse – unit testing and code coverage
- Mockito, Hamcrest
Firewall Project:
This project was centered around controlling the communication between two private networks and the public network. The two private networks on their own can’t connect to the public network, so to enable communication between all networks I set up a virtual machine to behave like a firewall and router. The term firewall is used because the virtual machine also serves to keep unwanted and potentially malicious connections from going through.
The functionality desired are as follows:
- Machines on both private networks can talk to each other (tested by: ping, ssh).
- Machines on both private networks can talk to the public network (tested by: curl, ping).
- Machines on the public network can’t talk to machines on the private network (tested by: ping, ssh)
- Machines on the public network can’t ssh into the private networks, except for the following case:
- I can ssh into one of the public networks by ssh’ing into the firewall virtual machine on a specific port (test: ssh user@firewallip -p 7777 )
These functionalities were implemented by manipulating various network configuration files as well as using iptables commands. To test for these functionality, I spun up a virtual machine on each private network to direct the pings and ssh’s into. The overarching idea behind this project was to have a repeatable test setup. Rather than doing these tests by hand, I set up systemd and init files to automatically perform these tests every 10 seconds and save them to a file. Next I set up an admin virtual machine and admin network with access to the other machines to compile the results from each VM and display it on a jetty webserver. This setup also had to be repeatable, so using ansible, I wrote scripts that would create and configure all the networks and virtual machines from scratch.
Challenges Overcome:
- Learning how to manipulate iptable rules to allow packet forwarding, ip masking, and port forwarding.
- Setting up the systemd unit files for the tests and webservers on the CentOS 7 virtual machines to have them running and persist across reboots.
- Doing the same as above except through the init files for the CentOS 6 virtual machine.
- Automating the switching between different levels of user privilege for running ansible scripts, running bash scripts, and setting up web servers.
Keywords: ansible, bash, iptables, centos6/7, unit files, private networks, virtualization (kvm/qemu), repeatable test setup.
Badging System:
After finishing the firewall project, I started work on the badging system, which was a project started by the previous years’ interns. While working with my fellow interns, we practiced the Agile methodology: planning poker, stories, stand-ups, pair programming, continuous integration. The idea behind the badging system is to give people badges for accomplishing certain tasks such as: setting up the eclipse IDE on linux, using git, writing a bash script, etc. So that over the course of an internship, an intern can pick up numerous badges indicating their newly gained experiences.
Features we are looking to implement:
- Allow user accounts so that we can keep track of badges earned.
- Keep track of progress towards a specific badge
- See a tree of all achievable badges and their hierarchical structure
All code in the front end are written in clojurescript, while code for the backend was written in clojure.
Challenges Overcome:
- Refactor old code and add missing documentation
- Hooking up the MySQL database and utilizing it to minimize hard coding of badge information
- Figuring out how to retrieve MySQL database query results through a restful service (liberator).
keywords: clojure, clojurescript, MySQL.
David Zhao 