Skip to content

CentOS based setup

Requirements for CentOS based Operation System (CentOS, RedHat).

No package available.

You have to enable the EPEL packages repository on nodes (both deployment server and target servers), use:
sudo yum --enablerepo=extras install epel-release
This command will activate the correct EPEL repository for the CentOS version you are running.
If you are using an offline mirror of standard packages repositories for your OS, please make sure it includes the mirror of the EPEL repository. After this you will be able to install required packages on the deployer node.

Deployer node setup

Install packages

Execute the following packages installation:

sudo yum install \
    wget \
    unzip \
    curl \
    jq \
    sshpass

If jq is not found

jq is normally part of the EPEL system packages repository. If your local repository does not contain it, jq can be found in the punch packaging:

sudo cp <deployer_package>/roles/jq/files/jq-linux64 /usr/bin/jq
Alternatively, you can download a copy of the binary (>=1.5) from jq github page, import it to your deployment environment and copy it on the deployment machine inside your /usr/bin, with 766 access mode.

In addition, if your ansible will use passwords for remote ssh connection to target machines during deployment, then you need to deploy sshpass package.

sudo yum --enablerepo=epel -y install sshpass

This is not needed if you will use keys for remote ssh connection of the deployer to target servers.

vim as an example text editor

In our documentation, we generally expect your platform to use vi or vim as a text editor. If you want to use vim, then install it using sudo yum install vim

Install Python 3.6.8

sudo yum install -y python3-pip python3-venv

Python 3.6.8 from source

If you do not have Python 3.6.8 in the official repository,
you can install Python 3.6.8 from source following this guide

Install Ansible 2.9.7

Install ansible:

# ansible 2.9.7 
sudo pip3 install ansible==2.9.7

Or, if you do not have internet access or local pip repository :

unzip punch-deployer-x.y.z.zip
cd archives
unzip ansible-2.9.7.zip
cd ansible-2.9.7
sudo ./install.sh

Disable SELINUX and Firewalld

Last, perform the following actions:

sudo systemctl disable firewalld
sudo systemctl stop firewalld
sudo vi /etc/sysconfig/selinux

# change the following line :
# SELINUX=enforcing

# by 

# SELINUX=disabled

# and restart the machine 

Specific features

Installing Ceph 13.2.5

Deploying a ceph also requires having the OS of the deployer in Centos or RedHat.

If you plan to deploy a Ceph cluster you need additional steps.
the reason to install the Ceph packages on the deployer is because some of the deployment steps requires Ceph tools

Download the external archives and place it to the corresponding punch-deployer-<version>/archive directory.

Ceph archive naming is important, because the deployer will upload ceph archive to remote servers.

wget https://punchplatform.com/artefacts/ceph/ceph_13.2.5_rpm.tgz -O punch-deployer-<version>/archives/ceph_13.2.5.tgz

and install Ceph archives on your deployment server

cd punch-deployer-<version>/archives
tar -xvf ceph_13.2.5.tgz
sudo yum install -y lttng-ust
sudo yum install -y ceph13.2.5/*

Environment setup

This section will update your PATH so as to have the punchplatform-deployer.sh available.

cd punch-deployer-<version>
echo "export PATH=`pwd`/bin:$PATH" >> ~/.bashrc
source ~/.bashrc

Configuration setup

Next, create your platform configuration directory.
This directory will hold the description of your target platform with the punchplatform-deployment.settings file and resolv.hjson file .

Create configuration directory:

cd ~
mkdir pp-deployment-conf
cd pp-deployment-conf
echo "export PUNCHPLATFORM_CONF_DIR=`pwd`" >> ~/.bashrc

Create logs directory:

cd ~
mkdir pp-deployment-logs
cd pp-deployment-logs
echo "export PUNCHPLATFORM_LOG_DIR=`pwd`" >> ~/.bashrc

Then update your environment

source ~/.bashrc

Check it worked as expected. The result of the env command must look like:

printenv | grep PUNCH
PUNCHPLATFORM_LOG_DIR=/home/vagrant/pp-deployment-logs
PUNCHPLATFORM_CONF_DIR=/home/vagrant/pp-deployment-conf

echo $PATH
PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/home/vagrant/bin:/data/deployer/punch-deployer-<version>/bin

Targeted nodes setup

Check Java OpenJDK version for SSL

The Punchplatform security features that concern SSL connexions require :

  • Java OpenJdk 8 version > 8u252

Check the latest OpenJDK version on your targeted system meets this requirement.

You do not have to check this requirement if your targeted OS is :

  • CentOS 7
  • CentOS 8

Disable SELINUX and Firewalld

Last, perform the following actions:

# disable firewalld on all devices
sudo systemctl disable firewalld
sudo systemctl stop firewalld
sudo vi /etc/sysconfig/selinux
# change the following line :
# SELINUX=enforcing
# by 
# SELINUX=disabled
# and restart the machine 

Specific features

Ceph specific requirements

You must prevent the updatedb process (standard on Debian-like distributions) to scan the whole system, especially to scan the Ceph data partition or the punchplatform data partition. You can do that in several ways

Use the Ansible playbook provided in the official Punchplatform deployer to automatically patch the configuration file on multiple nodes.
This playbook is in updatedb_patch directory, at deployer root directory. Its use is documented in the playbook itself.

# add your ceph nodes in the inventory
vim inventory_updatedb_patch.inv

# apply playbook (ssh access from deployer to all servers required)
ansible-playbook -i inventory_updatedb_patch.inv updatedb_patch.yml

Manual process

You can manually patch the /etc/updatedb.conf configuration file, adding /var/lib/ceph to PRUNEPATHS values on Ceph nodes.

You can manually patch the /etc/updatedb.conf configuration file, adding /data to to PRUNEPATHS values on all servers.

Example of a /etc/updatedb.conf must contains: PRUNEPATHS="/var/lib/ceph" "/data"

Note

Preventing updatedb to scan the whole system is necessary on a server exposing many files (typically the situation on a Ceph server), as the updatedb internal database can quickly and dramatically grow up.