CentOS based setup¶
Requirements for CentOS based Operation System (CentOS, RedHat).
No package
You have to enable the EPEL packages repository on nodes (both deployment server and target servers), use:
sudo yum --enablerepo=extras install epel-release
This command will activate the correct EPEL repository for the CentOS version you are running.
If you are using an offline mirror of standard packages repositories for your OS, please make sure it includes the mirror of the EPEL repository.
After this you will be able to install required packages on the deployer node.
Deployer node setup¶
Install packages¶
Execute the following packages installation:
sudo yum install \
wget \
unzip \
curl \
jq \
sshpass
If jq is not found
jq is normally part of the EPEL system packages repository. If your local repository does not contain it, jq can be found in the punch packaging:
sudo cp <deployer_package>/roles/jq/files/jq-linux64 /usr/bin/jq
/usr/bin,
with 766 access mode.
In addition, if your ansible will use passwords for remote ssh connection to target machines during deployment,
then you need to deploy sshpass package.
sudo yum --enablerepo=epel -y install sshpass
This is not needed if you will use keys for remote ssh connection of the deployer to target servers.
vim as an example text editor
In our documentation, we generally expect your platform to use vi or vim as a text editor.
If you want to use vim, then install it using sudo yum install vim
Install Python 3.6.8¶
sudo yum install -y python3-pip python3-venv
Python 3.6.8 from source
If you do not have Python 3.6.8 in the official repository,
you can install Python 3.6.8 from source following this guide
Install Ansible 2.9.7¶
Install ansible:
# ansible 2.9.7
sudo pip3 install ansible==2.9.7
Or, if you do not have internet access or local pip repository :
unzip punch-deployer-x.y.z.zip
cd archives
unzip ansible-2.9.7.zip
cd ansible-2.9.7
sudo ./install.sh
Disable SELINUX and Firewalld¶
Last, perform the following actions:
sudo systemctl disable firewalld
sudo systemctl stop firewalld
sudo vi /etc/sysconfig/selinux
# change the following line :
# SELINUX=enforcing
# by
# SELINUX=disabled
# and restart the machine
Specific features¶
Installing Ceph 13.2.5¶
Deploying a ceph also requires having the OS of the deployer in Centos or RedHat.
If you plan to deploy a Ceph cluster you need additional steps.
the reason to install the Ceph packages on the deployer is because some of the deployment steps requires Ceph tools
Download the external archives and place it to the corresponding punch-deployer-<version>/archive directory.
Ceph archive naming is important, because the deployer will upload ceph archive to remote servers.
wget https://punchplatform.com/artefacts/ceph/ceph_13.2.5_rpm.tgz -O punch-deployer-<version>/archives/ceph_13.2.5.tgz
and install Ceph archives on your deployment server
cd punch-deployer-<version>/archives
tar -xvf ceph_13.2.5.tgz
sudo yum install -y lttng-ust
sudo yum install -y ceph13.2.5/*
Environment setup¶
This section will update your PATH so as to have the punchplatform-deployer.sh available.
cd punch-deployer-<version>
echo "export PATH=`pwd`/bin:$PATH" >> ~/.bashrc
source ~/.bashrc
Configuration setup¶
Next, create your platform configuration directory.
This directory will hold the description of your target platform with the punchplatform-deployment.settings file and resolv.hjson file .
Create configuration directory:
cd ~
mkdir pp-deployment-conf
cd pp-deployment-conf
echo "export PUNCHPLATFORM_CONF_DIR=`pwd`" >> ~/.bashrc
Create logs directory:
cd ~
mkdir pp-deployment-logs
cd pp-deployment-logs
echo "export PUNCHPLATFORM_LOG_DIR=`pwd`" >> ~/.bashrc
Then update your environment
source ~/.bashrc
Check it worked as expected. The result of the env command must look like:
printenv | grep PUNCH
PUNCHPLATFORM_LOG_DIR=/home/vagrant/pp-deployment-logs
PUNCHPLATFORM_CONF_DIR=/home/vagrant/pp-deployment-conf
echo $PATH
PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/home/vagrant/bin:/data/deployer/punch-deployer-<version>/bin
Targeted nodes setup¶
Check Java OpenJDK version for SSL¶
The Punchplatform security features that concern SSL connexions require :
- Java OpenJdk 8 version > 8u252
Check the latest OpenJDK version on your targeted system meets this requirement.
You do not have to check this requirement if your targeted OS is :
- CentOS 7
- CentOS 8
Disable SELINUX and Firewalld¶
Last, perform the following actions:
# disable firewalld on all devices
sudo systemctl disable firewalld
sudo systemctl stop firewalld
sudo vi /etc/sysconfig/selinux
# change the following line :
# SELINUX=enforcing
# by
# SELINUX=disabled
# and restart the machine
Specific features¶
Ceph specific requirements¶
You must prevent the updatedb process (standard on Debian-like distributions) to scan the whole system, especially to scan the Ceph data partition or the punchplatform data partition. You can do that in several ways
Use the Ansible playbook provided in the official Punchplatform deployer to automatically patch the configuration
file on multiple nodes.
This playbook is in updatedb_patch directory, at deployer root directory. Its use is documented in the playbook itself.
# add your ceph nodes in the inventory
vim inventory_updatedb_patch.inv
# apply playbook (ssh access from deployer to all servers required)
ansible-playbook -i inventory_updatedb_patch.inv updatedb_patch.yml
Manual process
You can manually patch the /etc/updatedb.conf configuration
file, adding /var/lib/ceph to PRUNEPATHS values on Ceph
nodes.
You can manually patch the /etc/updatedb.conf configuration
file, adding /data to to PRUNEPATHS values on all
servers.
Example of a /etc/updatedb.conf must contains: PRUNEPATHS="/var/lib/ceph" "/data"
Note
Preventing updatedb to scan the whole system is necessary on a server exposing many files (typically the situation on a Ceph server), as the updatedb internal database can quickly and dramatically grow up.