[ceph.git] / ceph / doc / rados / deployment / preflight-checklist.rst

=====================
 Preflight Checklist
=====================

.. versionadded:: 0.60

This **Preflight Checklist** will help you prepare an admin node for use with
``ceph-deploy``,  and server nodes for use with passwordless ``ssh`` and
``sudo``.

Before you can deploy Ceph using ``ceph-deploy``, you need to ensure that you
have a few things set up first on your admin node and on nodes running Ceph
daemons.
 

Install an Operating System
===========================

Install a recent release of Debian or Ubuntu (e.g., 16.04 LTS) on
your nodes. For additional details on operating systems or to use other
operating systems other than Debian or Ubuntu, see `OS Recommendations`_.


Install an SSH Server
=====================

The ``ceph-deploy`` utility requires ``ssh``, so your server node(s) require an
SSH server. ::

	sudo apt-get install openssh-server


Create a User
=============

Create a user on nodes running Ceph daemons. 

.. tip:: We recommend a username that brute force attackers won't
   guess easily (e.g., something other than ``root``, ``ceph``, etc).

::

	ssh user@ceph-server
	sudo useradd -d /home/ceph -m ceph
	sudo passwd ceph


``ceph-deploy`` installs packages onto your nodes. This means that
the user you create requires passwordless ``sudo`` privileges. 

.. note:: We **DO NOT** recommend enabling the ``root`` password 
   for security reasons. 

To provide full privileges to the user, add the following to 
``/etc/sudoers.d/ceph``. ::

	echo "ceph ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ceph
	sudo chmod 0440 /etc/sudoers.d/ceph


Configure SSH
=============

Configure your admin machine with password-less SSH access to each node
running Ceph daemons (leave the passphrase empty). ::

	ssh-keygen
	Generating public/private key pair.
	Enter file in which to save the key (/ceph-client/.ssh/id_rsa):
	Enter passphrase (empty for no passphrase):
	Enter same passphrase again:
	Your identification has been saved in /ceph-client/.ssh/id_rsa.
	Your public key has been saved in /ceph-client/.ssh/id_rsa.pub.

Copy the key to each node running Ceph daemons:: 

	ssh-copy-id ceph@ceph-server

Modify your ~/.ssh/config file of your admin node so that it defaults 
to logging in as the user you created when no username is specified. ::

	Host ceph-server
		Hostname ceph-server.fqdn-or-ip-address.com
		User ceph


Install ceph-deploy
===================

To install ``ceph-deploy``, execute the following:: 

	wget -q -O- 'https://download.ceph.com/keys/release.asc' | sudo apt-key add -
	echo deb https://download.ceph.com/debian-nautilus/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
	sudo apt-get update	
	sudo apt-get install ceph-deploy


Ensure Connectivity
===================

Ensure that your Admin node has connectivity to the network and to your Server
node (e.g., ensure ``iptables``, ``ufw`` or other tools that may prevent
connections, traffic forwarding, etc. to allow what you need).


Once you have completed this pre-flight checklist, you are ready to begin using
``ceph-deploy``.

.. _OS Recommendations: ../../../start/os-recommendations
Commit	Line	Data
7c673cae FG	1	=====================
	2	Preflight Checklist
	3	=====================
	4
	5	.. versionadded:: 0.60
	6
	7	This Preflight Checklist will help you prepare an admin node for use with
	8	``ceph-deploy``, and server nodes for use with passwordless ``ssh`` and
	9	``sudo``.
	10
	11	Before you can deploy Ceph using ``ceph-deploy``, you need to ensure that you
	12	have a few things set up first on your admin node and on nodes running Ceph
	13	daemons.
	14
	15
	16	Install an Operating System
	17	===========================
	18
11fdf7f2	19	Install a recent release of Debian or Ubuntu (e.g., 16.04 LTS) on
7c673cae FG	20	your nodes. For additional details on operating systems or to use other
	21	operating systems other than Debian or Ubuntu, see `OS Recommendations`_.
	22
	23
	24	Install an SSH Server
	25	=====================
	26
	27	The ``ceph-deploy`` utility requires ``ssh``, so your server node(s) require an
	28	SSH server. ::
	29
	30	sudo apt-get install openssh-server
	31
	32
	33	Create a User
	34	=============
	35
	36	Create a user on nodes running Ceph daemons.
	37
	38	.. tip:: We recommend a username that brute force attackers won't
	39	guess easily (e.g., something other than ``root``, ``ceph``, etc).
	40
	41	::
	42
	43	ssh user@ceph-server
	44	sudo useradd -d /home/ceph -m ceph
	45	sudo passwd ceph
	46
	47
	48	``ceph-deploy`` installs packages onto your nodes. This means that
	49	the user you create requires passwordless ``sudo`` privileges.
	50
	51	.. note:: We DO NOT recommend enabling the ``root`` password
	52	for security reasons.
	53
	54	To provide full privileges to the user, add the following to
	55	``/etc/sudoers.d/ceph``. ::
	56
	57	echo "ceph ALL = (root) NOPASSWD:ALL" \| sudo tee /etc/sudoers.d/ceph
	58	sudo chmod 0440 /etc/sudoers.d/ceph
	59
	60
	61	Configure SSH
	62	=============
	63
	64	Configure your admin machine with password-less SSH access to each node
	65	running Ceph daemons (leave the passphrase empty). ::
	66
	67	ssh-keygen
	68	Generating public/private key pair.
	69	Enter file in which to save the key (/ceph-client/.ssh/id_rsa):
	70	Enter passphrase (empty for no passphrase):
	71	Enter same passphrase again:
	72	Your identification has been saved in /ceph-client/.ssh/id_rsa.
	73	Your public key has been saved in /ceph-client/.ssh/id_rsa.pub.
	74
	75	Copy the key to each node running Ceph daemons::
	76
	77	ssh-copy-id ceph@ceph-server
	78
	79	Modify your ~/.ssh/config file of your admin node so that it defaults
	80	to logging in as the user you created when no username is specified. ::
	81
	82	Host ceph-server
	83	Hostname ceph-server.fqdn-or-ip-address.com
84	User ceph
85
86
87	Install ceph-deploy
88	===================
89
90	To install ``ceph-deploy``, execute the following::
91
92	wget -q -O- 'https://download.ceph.com/keys/release.asc' \| sudo apt-key add -
9f95a23c	93	echo deb https://download.ceph.com/debian-nautilus/ $(lsb_release -sc) main \| sudo tee /etc/apt/sources.list.d/ceph.list
7c673cae FG	94	sudo apt-get update
	95	sudo apt-get install ceph-deploy
	96
	97
	98	Ensure Connectivity
	99	===================
	100
	101	Ensure that your Admin node has connectivity to the network and to your Server
	102	node (e.g., ensure ``iptables``, ``ufw`` or other tools that may prevent
	103	connections, traffic forwarding, etc. to allow what you need).
	104
	105
	106	Once you have completed this pre-flight checklist, you are ready to begin using
	107	``ceph-deploy``.
	108
	109	.. _OS Recommendations: ../../../start/os-recommendations