Build images

Debian / Ubuntu 14.04 installation

First, you need to install build dependencies:

$ sudo apt-get update
$ sudo apt-get install -y curl git python python-pip python-setuptools make

Next, you need to install node>=4.x and npm. Unfortunately, trusty and debian stable have obsolete versions in their repositories, so follow this guide: https://github.com/nodesource/distributions#debian-and-ubuntu-based-distributions

Also, you need to update setuptools to aversion >=26 (previous versions have critical bugs in building wheels with big sets of package data)

$ sudo pip install 'setuptools>=26'

Ubuntu 16.04 installation

Please follow the same guide as for trusty installation, but you do not need to install external node: valid packages are in the official repository now.

$ sudo apt update
$ sudo apt install -y nodejs nodejs-legacy npm

Updating of setuptools is also required.

$ sudo pip install 'setuptools>=26'

Docker-engine installation

To install docker-engine, please follow the official instructions. Also, please pay attention to the DNS configuration.

Cloning of source code repository

$ git clone --recurse-submodules \
  https://github.com/Mirantis/ceph-lcm.git decapod
$ cd decapod

Inside repository, please check available versions with git tag. To select specific version, please do git checkout {tag} && git submodule update --init --recursive.

Building a development version

There is little difference between production and development build. The difference is only in SSH private keys, SSL certificate and configuration file. In development variant, they are pregenerated and placed in containerization/files directory of the source code.

To build development images, just execute the following command:

$ make build_containers_dev

Actually, there is not big difference between production and development version. Basically, target build_containers_dev is a sequence of 2 targets: copy_example_keys and build_containers. Target copy_example_keys copies hardcoded files, mentioned in Building a production version into correct places.

Since these files are placed in VCS, user has to replace them with private ones on container build.

Building a production version

To build a production version, you need to have your own configuration file, SSH private key for Ansible and SSL certificate for web frontend. Please check the next section for details. After you place required files in the top level directory of the source code repository, execute the following command:

$ make build_containers

As a summary, to build production containers, you need to have the following in the top level directory of your source code repository:

ansible_ssh_keyfile.pem
SSH private key which should be used by Ansible to connect to Ceph nodes.
ssl.key
Private key for SSL/TLS certificate which should be used by web UI.
ssl.crt
Signed certificate for SSL/TLS which should be used by web UI.
ssl-dhparam.pem
Diffie-Hellman ephemeral parameters for SSL/TLS. This enables perfect-forward secrecy for secured connection.
config.yaml
Configuration file for Decapod.
mongodb.pem
SSL/TLS pair of certificate and key, concatenated in one file. Required to use secured connection by MongoDB.

SSH private keys

Warning

Secrecy of the key is on you. Please keep it private.

Decapod uses Ansible to configure remote machines, Ansible uses SSH to connect to remote machines. Therefore, it is required to propagate SSH private key to Decapod. If you don’t have a prepared SSH private key, you may generate a new one using the following guide: https://confluence.atlassian.com/bitbucketserver/creating-ssh-keys-776639788.html

After you generate a new one, copy it to the top level of the source code repository. It has to have name: ansible_ssh_keyfile.pem. The format of the file is PEM [1].

SSL certificate

Warning

Secrecy of the key if on you. Please keep it private. Please do not use self-signed certificates for production installation.

SSL certificate should have 3 parts: private key for certificate, signed certificate and Diffie-Hellman ephemeral parameters.

If you have no such certificates, you may generate new ones using the following instructions:

All SSL keys should be in PEM [1] format.

Please put SSL files in the top level of your source code repository:

  • Private key should be placed as ssl.key;
  • Signed certificate should be placed as ssl.crt;
  • Diffie-Hellman parameters should be placed as ssl-dhparam.pem.

Configuration

Configuration for Decapod is done in YAML [2] format. Please check the example in containerization/files/devconfigs/config.yaml.

MongoDB secured connection

To allow SSL/TLS for MongoDB connection, you have to have generated private key and certificate. Mongo allows to use unified PEM file which contains both items. To get information on generation of such file, please refer official documentation: https://docs.mongodb.com/manual/tutorial/configure-ssl/#pem-file

To allow SSL/TLS on client side, please be sure that config file has ?ssl=true parameter in URI. For example, mongodb://database:27017/db won’t use secured connection, but mongodb://database:27017/db?ssl=true will.

MongoDB authorization/authentication

Note

By default, containers will have no information about users and their passwords.

To use db authentication, please follow the official guide or a community checklist:

After you have a MongoDB running with the required authentication, please make sure that user/password pair is set in config file. URI should look like mongodb://user:password@database:27017/db?ssl=true.

Footnotes

[1](1, 2) https://tools.ietf.org/html/rfc1421
[2]http://www.yaml.org/spec/1.2/spec.html