+.. _cephadm_deploying_new_cluster:
+
============================
Deploying a new Ceph cluster
============================
.. highlight:: console
-
.. _cephadm-host-requirements:
Requirements
Install cephadm
===============
-The ``cephadm`` command can
-
-#. bootstrap a new cluster
-#. launch a containerized shell with a working Ceph CLI
-#. aid in debugging containerized Ceph daemons
-
There are two ways to install ``cephadm``:
#. a :ref:`curl-based installation<cephadm_install_curl>` method
#. :ref:`distribution-specific installation methods<cephadm_install_distros>`
+
.. _cephadm_install_curl:
curl-based installation
-----------------------
* Use ``curl`` to fetch the most recent version of the
- standalone script.
-
+ standalone script.
+
.. prompt:: bash #
:substitutions:
Run the ``ceph bootstrap`` command:
-.. prompt:: bash #
+.. prompt:: bash #
cephadm bootstrap --mon-ip *<mon-ip>*
with this label will (also) get a copy of ``/etc/ceph/ceph.conf`` and
``/etc/ceph/ceph.client.admin.keyring``.
-Further information about cephadm bootstrap
+Further information about cephadm bootstrap
-------------------------------------------
The default bootstrap behavior will work for most users. But if you'd like
-immediately to know more about ``cephadm bootstrap``, read the list below.
+immediately to know more about ``cephadm bootstrap``, read the list below.
Also, you can run ``cephadm bootstrap -h`` to see all of ``cephadm``'s
available options.
EOF
$ ./cephadm bootstrap --config initial-ceph.conf ...
-* The ``--ssh-user *<user>*`` option makes it possible to choose which ssh
- user cephadm will use to connect to hosts. The associated ssh key will be
- added to ``/home/*<user>*/.ssh/authorized_keys``. The user that you
+* The ``--ssh-user *<user>*`` option makes it possible to choose which SSH
+ user cephadm will use to connect to hosts. The associated SSH key will be
+ added to ``/home/*<user>*/.ssh/authorized_keys``. The user that you
designate with this option must have passwordless sudo access.
* If you are using a container on an authenticated registry that requires
login, you may add the argument:
- * ``--registry-json <path to json file>``
+ * ``--registry-json <path to json file>``
example contents of JSON file with login info::
{"url":"REGISTRY_URL", "username":"REGISTRY_USERNAME", "password":"REGISTRY_PASSWORD"}
-
+
Cephadm will attempt to log in to this registry so it can pull your container
and then store the login info in its config database. Other hosts added to
the cluster will then also be able to make use of the authenticated registry.
Confirm that the ``ceph`` command is accessible with:
.. prompt:: bash #
-
+
ceph -v
are maintained in ``/etc/ceph`` on all hosts with the ``_admin`` label, which is initially
applied only to the bootstrap host. We usually recommend that one or more other hosts be
given the ``_admin`` label so that the Ceph CLI (e.g., via ``cephadm shell``) is easily
-accessible on multiple hosts. To add the ``_admin`` label to additional host(s),
+accessible on multiple hosts. To add the ``_admin`` label to additional host(s):
.. prompt:: bash #
Adding Storage
==============
-To add storage to the cluster, either tell Ceph to consume any
-available and unused device:
+To add storage to the cluster, you can tell Ceph to consume any
+available and unused device(s):
.. prompt:: bash #
Single host
-----------
-To configure a Ceph cluster to run on a single host, use the ``--single-host-defaults`` flag when bootstrapping. For use cases of this, see :ref:`one-node-cluster`.
+To configure a Ceph cluster to run on a single host, use the
+``--single-host-defaults`` flag when bootstrapping. For use cases of this, see
+:ref:`one-node-cluster`.
The ``--single-host-defaults`` flag sets the following configuration options::
global/osd_pool_default_size = 2
mgr/mgr_standby_modules = False
-For more information on these options, see :ref:`one-node-cluster` and ``mgr_standby_modules`` in :ref:`mgr-administrator-guide`.
+For more information on these options, see :ref:`one-node-cluster` and
+``mgr_standby_modules`` in :ref:`mgr-administrator-guide`.
+
+.. _cephadm-airgap:
Deployment in an isolated environment
-------------------------------------
-You can install Cephadm in an isolated environment by using a custom container registry. You can either configure Podman or Docker to use an insecure registry, or make the registry secure. Ensure your container image is inside the registry and that you have access to all hosts you wish to add to the cluster.
+You might need to install cephadm in an environment that is not connected
+directly to the internet (such an environment is also called an "isolated
+environment"). This can be done if a custom container registry is used. Either
+of two kinds of custom container registry can be used in this scenario: (1) a
+Podman-based or Docker-based insecure registry, or (2) a secure registry.
-Run a local container registry:
+The practice of installing software on systems that are not connected directly
+to the internet is called "airgapping" and registries that are not connected
+directly to the internet are referred to as "airgapped".
-.. prompt:: bash #
+Make sure that your container image is inside the registry. Make sure that you
+have access to all hosts that you plan to add to the cluster.
- podman run --privileged -d --name registry -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always registry:2
+#. Run a local container registry:
-If you are using an insecure registry, configure Podman or Docker with the hostname and port where the registry is running.
+ .. prompt:: bash #
-.. note:: For every host which accesses the local insecure registry, you will need to repeat this step on the host.
+ podman run --privileged -d --name registry -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always registry:2
-Next, push your container image to your local registry.
+#. If you are using an insecure registry, configure Podman or Docker with the
+ hostname and port where the registry is running.
-Then run bootstrap using the ``--image`` flag with your container image. For example:
+ .. note:: You must repeat this step for every host that accesses the local
+ insecure registry.
-.. prompt:: bash #
+#. Push your container image to your local registry. Here are some acceptable
+ kinds of container images:
+
+ * Ceph container image. See :ref:`containers`.
+ * Prometheus container image
+ * Node exporter container image
+ * Grafana container image
+ * Alertmanager container image
+
+#. Create a temporary configuration file to store the names of the monitoring
+ images. (See :ref:`cephadm_monitoring-images`):
+
+ .. prompt:: bash $
+
+ cat <<EOF > initial-ceph.conf
+
+ ::
+
+ [mgr]
+ mgr/cephadm/container_image_prometheus *<hostname>*:5000/prometheus
+ mgr/cephadm/container_image_node_exporter *<hostname>*:5000/node_exporter
+ mgr/cephadm/container_image_grafana *<hostname>*:5000/grafana
+ mgr/cephadm/container_image_alertmanager *<hostname>*:5000/alertmanger
+
+#. Run bootstrap using the ``--image`` flag and pass the name of your
+ container image as the argument of the image flag. For example:
- cephadm --image *<hostname>*:5000/ceph/ceph bootstrap --mon-ip *<mon-ip>*
+ .. prompt:: bash #
+ cephadm --image *<hostname>*:5000/ceph/ceph bootstrap --mon-ip *<mon-ip>*
.. _cluster network: ../rados/configuration/network-config-ref#cluster-network
projects / ceph.git / blobdiff