...

Ansible playbook

The playbook installs the following components:

...

RKE2

...

Rancher

...

Longhorn

...

Prometheus (includes Grafana for centralized monitoring)

...

EFK (for centralized logging)

...

KEDA CRD

...

Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.

Adeptia packages Rancher and Security focused Kubernetes (RKE2) along with Adeptia Connect application and other components in Ansible Playbook. You need to download and run this package that deploys the followings in the same order.

• RKE2 – Security focused Kubernetes

• Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment

• Longhorn – Cloud native distributed block storage for Kubernetes

• Prometheus including Grafana – For centralized monitoring

• Elasticsearch, Fluentd, and Kibana (EFK) – For centralized logging

• Kubernetes Event Driven Autoscaler (KEDA) – For pods autoscaling

• Adeptia Connect application (can be deployed in HA mode with each microservice running 2 replicas)

Prerequisites

...

Instances/Components

...

3 Linux VM machines (minimum configuration required for HA configuration)

...

and

Before you begin to run Ansible Playbook, ensure that you have,

• At least three Linux VMs, each with the following minimum configuration:

  • RAM – 32 GB

  • Processor cores – 8

  • Hard disk – 250 GB

• One Jumpbox with internet access and SSH connectivity to with the above 3 Linux VM machines

• Load Balancer on top of 3 Linux VM nodes

Here are the configurations of the 3 Linux VM machines that we used in the development environment:

...

name

...

public IP

private IP

...

memory

...

core

...

disk (SSD)

...

os

...

rancher1

...

3.134.212.46

172.31.33.225

...

32 GB

...

8

...

100 GB

...

Ubuntu

...

rancher2

...

3.131.224.248

172.31.47.85

...

32 GB

...

8

...

100 GB

...

Ubuntu

...

rancher3

...

18.216.242.13

172.31.44.236

...

32 GB

...

8

...

100 GB

...

Ubuntu

...

By default, the AC helm chart requires 250 GB for PV configuration.

When we used the Linux VM machine with 100 GB SSD, we couldn't deploy the AC helm chart correctly until we reduced the PV configuration to 60 GB.

So, the QA team may need to test the Ansible script on Linux VM that have higher disk storage configuration.

Connectivity

...

• Ansible 2.5 (or higher) installed on Jumpbox.
  You can install Ansible on Ubuntu OS by running the following command:

  Code Block
  language powershell
  $ sudo apt install ansible

• Load Balancer on top of 3 Linux VM nodes

• Administrative privileges on Jumpbox and each Linux VM node

...

• SSH Private key in PEM (Privacy Enhanced Mail) format

...

• We can either use it with or without a passphrase-protected private key.

• In the case of a passphrase-protected private key, you will be prompted to provide the password.

Software

...

Instance

...

OS

...

Software(s)

...

Jumpbox

...

Linux (Ubuntu/CentOS)

• Python 2.7 (or higher)

• PIP (Python Package Manager) 
  

Python and PIP come preinstalled on most Linux distributions!

• Ansible 2.5 (or higher)
  

# on Ubuntu/CentOS
$ sudo yum install ansible

# on fedora
$ sudo dnf install ansible

Ports

...

• for communication between the VMs

• Inbound ports opened on Load Balancer and 3 Linux VM:

  • 9345 - required for RKE2 nodes clustering

  • 6443 - required for Kubernetes API

• DNS domain for accessing Rancher UI

• DNS domain for accessing Adeptia Connect portal

=================================================================================

DNS

We need 2 different DNS (pointing to Load Balancer) for Ingress traffic routing to different components:

1st DNS for:

• managing the RKE2 cluster

• routing traffic to the Rancher GUI portal

2nd DNS for routing traffic to:

• AC Portal

• AC API Gateway (for REST and SOAP API calls)

• Kibana dashboard for logging

• Grafana dashboard for monitoring

...

Ideally, we would have used 1 DNS for traffic routing to all components.

But Rancher has a limitation in that it only supports Ingress routing based on hostname and not via context path. Therefore, we have to use a separate DNS (hostname) for routing traffic to Rancher.

Configuration

Before you begin to install, you need to update the following files available in the downloaded package.

...

==============================================================================================

Once you have met the prerequisites, update the following files containing the details of VMs, Load Balancer, ports, DNS, SSH connectivity, and other configuration details required for running Ansible Playbook. These files are available in Ansible Playbook package that you have downloaded.

• inventory file – Defines the hosts (or group of hosts)

...

• on which the

...

• Playbook runs

• vars/general-config.yaml -

...

• Contains the configuration variables to run the

...

• Playbook

• vars/vault-config.yaml -

...

Update inventory file

Steps to update the inventory file:

...

Find the inventory file in the Ansible package.

Edit the file:

...

• Contains sensitive information, such as passwords, required to validate and run the Playbook

Steps to update inventory file

1. Open the inventory file.

2. Add the domain name or IP address of the three VMs under the [servers] group as shown in the example code snippet below.

...

Add the agent node domain or IP address under the "agents" group, RKE2 agent (or worker) will be deployed on these nodes.

...

...

# rke2 cluster master/server nodes #
[servers]

...

xxx.xx.xx.xx
xxx.xx.xx.xx
xxx.xx.xx.xx

# rke2 cluster worker/agent nodes #
[agents]

...

xxx.

...

xx.

...

xx.

...

xx

[k8s:children]
servers
agents

[servers:vars]
rke2_type=“server”

[agents:vars]
rke2_type=“agent”

[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }}

...

You can also add the domain name or IP address of an RKE2 agent under the [agents] group if you have one.

Steps to update vars/general-config.yaml

...

1. Navigate to /vars in the Ansible Playbook.

2. Open the general-config.yaml file from /vars in the Ansible package.

3. Define the Update the following properties in general-config.yaml

...

1. .

Property	Description
ssh_key_path	Name of SSH private key (pem) file.
rancher_lb_domain	Domain name of Rancher
app_lb_domain	Domain name of Adeptia Connect application
rke2_token	Secret token for node registration.
execute_static_job	AC installation mode. Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment.
ac_ha_mode	Enable/Disable High Availability (HA) mode. Possible values are: true false
backend_db_type	Backend database type. Possible values are: MySQL SQL-Server Oracle
backend_db_url	Value for Azure SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Backend Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName> Value for Azure MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true
log_db_type	Log database type. Possible values are: MySQL SQL-Server Oracle
log_db_url	Value for Azure SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName> Value for Azure MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true
tlsCrt	TLS signed certificate in base64 encoding (for Ingress)
tlsKey	TLS private key of certificate in base64 encoding (for ingress)

Update vars/vault-config.yaml

...

vault_ansible_sudo_pass: 
vault_rancher_gui_password: adeptia1243
vault_rke2_token: defaultSecret123456

#envSecret#
vault_backend_db_username: 
vault_backend_db_password: 
vault_log_db_username: 
vault_log_db_password:

• , this file can be encrypted/decrypted using Ansible Vault

...