...
Ansible playbook
The playbook installs the following components:
...
RKE2
...
Rancher
...
Longhorn
...
Prometheus (includes Grafana for centralized monitoring)
...
EFK (for centralized logging)
...
KEDA CRD
...
Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.
Adeptia packages Rancher and Security focused Kubernetes (RKE2) along with Adeptia Connect application and other components in Ansible Playbook. You need to download and run this package that deploys the followings in the same order.
RKE2 – Security focused Kubernetes
Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment
Longhorn – Cloud native distributed block storage for Kubernetes
Prometheus including Grafana – For centralized monitoring
Elasticsearch, Fluentd, and Kibana (EFK) – For centralized logging
Kubernetes Event Driven Autoscaler (KEDA) – For pods autoscaling
Adeptia Connect application (can be deployed in HA mode with each microservice running 2 replicas)
Prerequisites
...
Instances/Components
...
3 Linux VM machines (minimum configuration required for HA configuration)
...
and
Before you begin to run Ansible Playbook, ensure that you have,
At least three Linux VMs, each with the following minimum configuration:
RAM – 32 GB
Processor cores – 8
Hard disk – 250 GB
One Jumpbox with internet access and SSH connectivity to with the above 3 Linux VM machines
Load Balancer on top of 3 Linux VM nodes
Here are the configurations of the 3 Linux VM machines that we used in the development environment:
...
name
...
public IP
private IP
...
memory
...
core
...
disk (SSD)
...
os
...
rancher1
...
3.134.212.46
172.31.33.225
...
32 GB
...
8
...
100 GB
...
Ubuntu
...
rancher2
...
3.131.224.248
172.31.47.85
...
32 GB
...
8
...
100 GB
...
Ubuntu
...
rancher3
...
18.216.242.13
172.31.44.236
...
32 GB
...
8
...
100 GB
...
Ubuntu
...
By default, the AC helm chart requires 250 GB for PV configuration.
When we used the Linux VM machine with 100 GB SSD, we couldn't deploy the AC helm chart correctly until we reduced the PV configuration to 60 GB.
So, the QA team may need to test the Ansible script on Linux VM that have higher disk storage configuration.
Connectivity
...
Ansible 2.5 (or higher) installed on Jumpbox.
You can install Ansible on Ubuntu OS by running the following command:Code Block language powershell $ sudo apt install ansible
Load Balancer on top of 3 Linux VM nodes
Administrative privileges on Jumpbox and each Linux VM node
...
SSH Private key in PEM (Privacy Enhanced Mail) format
...
We can either use it with or without a passphrase-protected private key.
In the case of a passphrase-protected private key, you will be prompted to provide the password.
Software
...
Instance
...
OS
...
Software(s)
...
Jumpbox
...
Linux (Ubuntu/CentOS)
Python 2.7 (or higher)
PIP (Python Package Manager)
Python and PIP come preinstalled on most Linux distributions!
Ansible 2.5 (or higher)
Code Block |
---|
# on Ubuntu/CentOS
$ sudo yum install ansible
# on fedora
$ sudo dnf install ansible |
Ports
...
for communication between the VMs
Info |
---|
You can use the PEM file with or without passphrase protection. |
Inbound ports opened on Load Balancer and 3 Linux VM:
9345 - required for RKE2 nodes clustering
6443 - required for Kubernetes API
DNS domain for accessing Rancher UI
DNS domain for accessing Adeptia Connect portal
=================================================================================
DNS
We need 2 different DNS (pointing to Load Balancer) for Ingress traffic routing to different components:
1st DNS for:
managing the RKE2 cluster
routing traffic to the Rancher GUI portal
2nd DNS for routing traffic to:
AC Portal
AC API Gateway (for REST and SOAP API calls)
Kibana dashboard for logging
Grafana dashboard for monitoring
...
Ideally, we would have used 1 DNS for traffic routing to all components.
But Rancher has a limitation in that it only supports Ingress routing based on hostname and not via context path. Therefore, we have to use a separate DNS (hostname) for routing traffic to Rancher.
Configuration
Before you begin to install, you need to update the following files available in the downloaded package.
...
==============================================================================================
Once you have met the prerequisites, update the following files containing the details of VMs, Load Balancer, ports, DNS, SSH connectivity, and other configuration details required for running Ansible Playbook. These files are available in Ansible Playbook package that you have downloaded.
inventory file – Defines the hosts (or group of hosts)
...
on which the
...
Playbook runs
vars/general-config.yaml -
...
Contains the configuration variables to run the
...
Playbook
vars/vault-config.yaml -
...
Update inventory file
Steps to update the inventory file:
...
Find the inventory file in the Ansible package.
Edit the file:
...
Contains sensitive information, such as passwords, required to validate and run the Playbook
Steps to update inventory file
Open the inventory file.
Add the domain name or IP address of the three VMs under the [servers] group as shown in the example code snippet below.
Info |
---|
RKE2 server (or master) will be deployed on these nodes. |
...
Add the agent node domain or IP address under the "agents" group, RKE2 agent (or worker) will be deployed on these nodes.
...
...
Code Block | ||
---|---|---|
| ||
# rke2 cluster master/server nodes #
[servers]
|
...
xxx.xx.xx.xx xxx.xx.xx.xx xxx.xx.xx.xx # rke2 cluster worker/agent nodes # [agents] |
...
xxx. |
...
xx. |
...
xx. |
...
xx [k8s:children] servers agents [servers:vars] rke2_type=“server” [agents:vars] rke2_type=“agent” [all:vars] ansible_user={{ ssh_user }} ansible_ssh_private_key_file={{ ssh_key_path }} |
...
You can also add the domain name or IP address of an RKE2 agent under the [agents] group if you have one.
Info |
---|
RKE2 agent (or worker) will be deployed on these nodes. |
Steps to update vars/general-config.yaml
...
Navigate to /vars in the Ansible Playbook.
Open the general-config.yaml file from /vars in the Ansible package.
Define the Update the following properties in general-config.yaml
...
.
Property | Description |
---|---|
ssh_key_path | Name of SSH private key (pem) file. |
rancher_lb_domain | Domain name of Rancher |
app_lb_domain | Domain name of Adeptia Connect application |
rke2_token | Secret token for node registration. |
execute_static_job | AC installation mode. Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment. |
ac_ha_mode | Enable/Disable High Availability (HA) mode. Possible values are:
|
backend_db_type | Backend database type. Possible values are:
|
backend_db_url | Value for Azure SQL Database
Value for Oracle Database
Value for Azure MySQL Database
|
log_db_type | Log database type. Possible values are:
|
log_db_url | Value for Azure SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName> Value for Azure MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true |
tlsCrt | TLS signed certificate in base64 encoding (for Ingress) |
tlsKey | TLS private key of certificate in base64 encoding (for ingress) |
Update vars/vault-config.yaml
...
|
, this file can be encrypted/decrypted using Ansible Vault
For added security, you can encrypt the sensitive information specified inside the vars/vault-config.yaml file. |
...