Installation Prerequisites
Before installing the Lyft Data server or workers, make sure each host meets the baseline requirements below. These checks keep the platform secure, ensure upgrades go smoothly, and reduce duplicated setup steps across operating systems.
Readiness checklist
| Task | Primary owner | Typical effort |
|---|---|---|
| Confirm host OS, CPU architecture, and service manager support | Infrastructure / IT | 5 minutes |
| Create non-interactive service account and dedicated data directory | Infrastructure / IT | 10–15 minutes per host |
Open server port 3000 (or desired alternative) and validate DNS reachability | Networking / Security | 10 minutes |
| Collect staging path, admin bootstrap password, and license acceptance decision | Platform team | 5 minutes |
| Download and stage the Lyft Data binary (see Prepare the binary) | Platform / DevOps | 10 minutes |
Collect these details before touching the platform-specific guides so the install can proceed without handoffs or rework.
Supported platforms
- Linux: 64-bit Linux distributions that use
systemd. Tested regularly on Ubuntu 22.04 LTS and Debian 12. - macOS: macOS 12 (Monterey) or later with administrator access for
launchctl. - Windows: Windows 10/11 or Windows Server 2016+ with PowerShell 5.1 or later.
All platforms use the same Lyft Data binary. Download it once per host via Prepare the binary and confirm lyftdata --version prints the expected build.
Accounts and directories
Create a dedicated service account on every host before you register it as a server or worker. The account should:
- Run without interactive logins (
/usr/bin/falseshell on Unix,PasswordNeverExpireson Windows). - Own a writable data directory (for example
/var/lib/lyftdata-server,/var/lib/lyftdata-worker, orC:\\ProgramData\\LyftData\\server). - Restrict permissions to the service account (
chmod 700on Unix, explicit ACLs on Windows).
Co-locating multiple services on the same host is supported, but create separate accounts and directories per role to maintain isolation.
Linux service accounts
sudo adduser --system --home /var/lib/lyftdata --disabled-login --group <user>sudo mkdir -p /var/lib/lyftdatasudo chown <user>:<user> /var/lib/lyftdatasudo chmod 700 /var/lib/lyftdataReplace <user> with the service name (for example lyftdata for the server or lyftdata-worker for external workers) and update the home directory to match your staging path (e.g., /var/lib/lyftdata-server).
macOS service accounts
sudo sysadminctl -addUser <user> -shell /usr/bin/false -home /var/lib/<dir> -password -sudo mkdir -p /var/lib/<dir>sudo chown <user>:staff /var/lib/<dir>sudo chmod 700 /var/lib/<dir>Substitute <user> and <dir> for the role you are provisioning (for example lyftdata / lyftdata-server for the server).
Windows service accounts
New-LocalUser -Name "<user>" -Description "Lyft Data service" -PasswordNeverExpires -UserMayNotChangePasswordAdd-LocalGroupMember -Group "Users" -Member "<user>"New-Item -ItemType Directory -Path "C:\ProgramData\LyftData\<dir>" -Force$acl = Get-Acl "C:\ProgramData\LyftData\<dir>"$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("<user>","FullControl","ContainerInherit,ObjectInherit","None","Allow")$acl.SetAccessRule($rule)Set-Acl "C:\ProgramData\LyftData\<dir>" $aclReplace <user> / <dir> with values such as lyftdata / server or lyftdata-worker / worker, and keep the data directory permissions scoped to the service principal.
LYFTDATA_STAGING_DIR (server) and LYFTDATA_JOBS_DIR (worker) must point at these directories when you configure the services.
Network and firewall
| Component | Default listener | Purpose |
|---|---|---|
| Server UI & API | 127.0.0.1:3000 | Web UI, CLI, worker coordination |
Adjust firewall rules so the server port is reachable from browsers, the CLI, and any remote workers. For production, document who owns the rule change and track the approval in your rollout plan.
Licensing and secrets
- Accept the EULA once per host by setting
LYFTDATA_LICENSE_EULA_ACCEPT=yesfor both server and worker services. - Licensed deployments must provide a valid license before production; evaluation allows one external worker. See Licensing for options.
- Never hard-code API keys in scripts. Store worker API keys in scoped environment files or secret stores and limit access to administrators.
Required environment variables
Configure these variables before starting services so unit files and launch daemons can read them automatically.
| Role | Required variables | Purpose |
|---|---|---|
| Server | LYFTDATA_STAGING_DIR | Directory for job definitions, logs, and metrics |
LYFTDATA_LICENSE_EULA_ACCEPT | Accepts the end-user license agreement once per host | |
LYFTDATA_ADMIN_INIT_PASSWORD (optional but recommended) | Sets the initial admin password; otherwise it is logged on first run | |
| Worker | LYFTDATA_WORKER_ID | Unique identifier matching the server registration |
LYFTDATA_WORKER_API_KEY | Authenticates the worker against the server | |
LYFTDATA_URL | Base URL for the server (http://host:3000 by default) | |
LYFTDATA_JOBS_DIR | Local path for cached job definitions | |
LYFTDATA_LICENSE_EULA_ACCEPT | Accepts the end-user license agreement once per host |
Configure optional settings—LYFTDATA_BIND_ADDRESS, LYFTDATA_LOG_RETENTION_DAYS, and LYFTDATA_DB_DISK_USE_MAX_PERCENT—only when you need to expose additional interfaces or adjust retention defaults.
Windows-only tools
Windows deployments rely on NSSM to install the binary as a service. Download NSSM before you start the server or worker guide and make sure the executable is on PATH for the elevated PowerShell session.
Next steps
- Validate the prerequisites on every host.
- Follow Prepare the binary to fetch and verify the executable.
- Continue with the platform-specific server or worker guide to wire up the service manager.