docs/content/stable/yugabyte-platform/prepare/server-nodes-software/_index.md
The Linux OS and other software components on each database cluster node must meet the following minimum software requirements.
Depending on the provider type and permissions you grant, you may have to install all of these requirements manually, or YugabyteDB Anywhere will install it all automatically.
{{< warning title="Using disk encryption software with YugabyteDB" >}} If you are using third party disk encryption software (such as Vormetric or CipherTrust), the disk encryption service must be up and running on the node before starting any YugabyteDB services. If YugabyteDB processes start before the encryption service, restarting an already encrypted node can result in data corruption.
To avoid problems, pause the universe before enabling or disabling the disk encryption service on universe nodes. {{< /warning >}}
YugabyteDB Anywhere supports deploying YugabyteDB on a variety of operating systems.
AlmaLinux OS 8 disk images are used by default, but you can specify a custom disk image and OS.
On Red Hat Enterprise Linux 8-based systems (Red Hat Enterprise Linux 8, Oracle Enterprise Linux 8.x, Amazon Linux 2), additionally, add the following line to /etc/systemd/system.conf and /etc/systemd/user.conf:
DefaultLimitNOFILE=1048576
You must reboot the system for these two settings to take effect.
Note: Only perform this step for legacy provisioning. This step is performed automatically during automatic provisioning.
Transparent hugepages (THP) should be enabled for optimal performance. Download and run the following script as root:
You must reboot the system for these settings to take effect.
<details> <summary>More information</summary>The script performs the following steps:
Create a one-shot systemd service for configuring THP settings.
unit_filename="yb-enable-transparent-huge-pages.service"
unit_filepath="/etc/systemd/system/"
unit_file_full_path=${unit_filepath}${unit_filename}
unit_file_definition=$(cat <<EOF
[Unit]
Description=YugabyteDB Enable Transparent Hugepages (THP)
DefaultDependencies=no
After=local-fs.target
Before=sysinit.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c '\
echo always > /sys/kernel/mm/transparent_hugepage/enabled && \
echo defer+madvise > /sys/kernel/mm/transparent_hugepage/defrag && \
echo 0 > /sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none'
[Install]
WantedBy=basic.target
EOF
)
# Always perform this, because if we update settings, we always apply.
echo "Configuring ${unit_file_full_path}"
echo "${unit_file_definition}" > ${unit_file_full_path}
This creates a one-shot systemd unit file under /etc/systemd/system/yb-enable-transparent-huge-pages.service.
Load all the services on the system and check the status of the newly created service.
# Load the services
echo "Loading and enabling service"
systemctl daemon-reload
systemctl enable ${unit_filename}
systemctl start ${unit_filename}
systemctl --no-pager status ${unit_filename}
status=$(systemctl show yb-enable-transparent-huge-pages.service \
--property=ExecMainStatus,ActiveState)
exec_main_status=$(echo "$status" | grep ExecMainStatus | cut -d= -f2)
active_state=$(echo "$status" | grep ActiveState | cut -d= -f2)
if [[ "$exec_main_status" -ne 0 || "$active_state" != "active" ]]; then
echo "Service failed: ExecMainStatus=$exec_main_status, ActiveState=$active_state"
echo "Check status/logs for ${unit_file_full_path}"
fi
Ensure that all the THP settings are correctly set.
cat /sys/kernel/mm/transparent_hugepage/enabled
Should return "always".
cat /sys/kernel/mm/transparent_hugepage/defrag
Should return "defer+madvise".
cat /sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none 0
Should return 0.
YugabyteDB Anywhere requires the following additional software to be pre-installed on nodes:
Install Python 3.6-3.12 on the database nodes. (If you are using Legacy on-premises provisioning, Python 3.5-3.9 is supported, and 3.6 is recommended.)
Install the Python SELinux package corresponding to your version of Python. You can use pip to do this. Ensure the version of pip matches the version of Python.
For example, you can install Python as follows:
sudo yum install python38
sudo pip3.8 install selinux
sudo ln -s /usr/bin/python3.8 /usr/bin/python
sudo rm /usr/bin/python3
sudo ln -s /usr/bin/python3.8 /usr/bin/python3
python3 -c "import selinux; import sys; print(sys.version)"
> 3.8.19 (main, Sep 11 2024, 00:00:00)
> [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)]
Alternately, if you are using the default version of python3, you might be able to install the python3-libselinux package.
By default, YugabyteDB Anywhere can automatically generate and copy self-signed TLS certificates used for node-to-node encryption in transit to universe nodes when the universe is created.
However, if you want to use your own CA certificates, you must manually copy them to universe nodes. (CA certificates can only be used with on-premises universes.)
In your certificate authority UI (for example, Venafi), generate the following:
Server certificates to use for node-to-node encryption; that is, for the VMs to be used for universes.
These certificates must be copied to each of the VMs you will use in your universes.
A certificate to use for client-to-node encryption; that is, for encrypting traffic between the database cluster and applications and clients.
This certificate must also be copied to your application client.
In addition, you add the certificates to YugabyteDB Anywhere.
For more information, refer to CA certificates.
Additionally, if not connected to the public Internet (that is, airgapped); and not connected to a local Yum repository that contains the additional software, database cluster nodes must also have the following additional software pre-installed: