ceph/doc/rados/deployment/preflight-checklist.rst

110 lines
3.1 KiB
ReStructuredText

=====================
Preflight Checklist
=====================
.. versionadded:: 0.60
This **Preflight Checklist** will help you prepare an admin node for use with
``ceph-deploy``, and server nodes for use with passwordless ``ssh`` and
``sudo``.
Before you can deploy Ceph using ``ceph-deploy``, you need to ensure that you
have a few things set up first on your admin node and on nodes running Ceph
daemons.
Install an Operating System
===========================
Install a recent release of Debian or Ubuntu (e.g., 16.04 LTS) on
your nodes. For additional details on operating systems or to use other
operating systems other than Debian or Ubuntu, see `OS Recommendations`_.
Install an SSH Server
=====================
The ``ceph-deploy`` utility requires ``ssh``, so your server node(s) require an
SSH server. ::
sudo apt-get install openssh-server
Create a User
=============
Create a user on nodes running Ceph daemons.
.. tip:: We recommend a username that brute force attackers won't
guess easily (e.g., something other than ``root``, ``ceph``, etc).
::
ssh user@ceph-server
sudo useradd -d /home/ceph -m ceph
sudo passwd ceph
``ceph-deploy`` installs packages onto your nodes. This means that
the user you create requires passwordless ``sudo`` privileges.
.. note:: We **DO NOT** recommend enabling the ``root`` password
for security reasons.
To provide full privileges to the user, add the following to
``/etc/sudoers.d/ceph``. ::
echo "ceph ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ceph
sudo chmod 0440 /etc/sudoers.d/ceph
Configure SSH
=============
Configure your admin machine with password-less SSH access to each node
running Ceph daemons (leave the passphrase empty). ::
ssh-keygen
Generating public/private key pair.
Enter file in which to save the key (/ceph-client/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /ceph-client/.ssh/id_rsa.
Your public key has been saved in /ceph-client/.ssh/id_rsa.pub.
Copy the key to each node running Ceph daemons::
ssh-copy-id ceph@ceph-server
Modify your ~/.ssh/config file of your admin node so that it defaults
to logging in as the user you created when no username is specified. ::
Host ceph-server
Hostname ceph-server.fqdn-or-ip-address.com
User ceph
Install ceph-deploy
===================
To install ``ceph-deploy``, execute the following::
wget -q -O- 'https://download.ceph.com/keys/release.asc' | sudo apt-key add -
echo deb http://ceph.com/debian-dumpling/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
sudo apt-get update
sudo apt-get install ceph-deploy
Ensure Connectivity
===================
Ensure that your Admin node has connectivity to the network and to your Server
node (e.g., ensure ``iptables``, ``ufw`` or other tools that may prevent
connections, traffic forwarding, etc. to allow what you need).
Once you have completed this pre-flight checklist, you are ready to begin using
``ceph-deploy``.
.. _OS Recommendations: ../../../start/os-recommendations