Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.
Adeptia packages Rancher and Security focused Kubernetes (RKE2) along with Adeptia Connect application and other components in Ansible Playbook. You need to download, extract,and run this package that deploys the followings in the same order.
RKE2 – Security focused Kubernetes
Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment
Longhorn – Cloud native distributed block storage for Kubernetes
Prometheus including Grafana – For centralized monitoring
Elasticsearch, Fluentd, and Kibana (EFK) – For centralized logging
Kubernetes Event Driven Autoscaler (KEDA) – For pods autoscaling
Adeptia Connect application (can be deployed in HA mode with each microservice running 2 replicas)
Prerequisites and configurations for Playbook execution
Before you begin to run Ansible Playbook, ensure that you have,
At least three Linux VMs, each with the following minimum configuration:
RAM – 32 GB
Processor cores – 8
Hard disk – 250 GB
One Jumpbox with internet access and SSH connectivity with the above 3 Linux VM machines.
Ansible 2.5 (or higher) installed on Jumpbox.
You can install Ansible on Ubuntu OS by running the following command:Code Block language powershell $ sudo apt install ansible
Load Balancer on top of 3 Linux VM nodes.
Administrative privileges on Jumpbox and each Linux VM node.
SSH Private key in PEM (Privacy Enhanced Mail) format for communication between the VMs.
Info |
---|
You can use the PEM file with or without passphrase protection. |
Inbound The following inbound ports opened on Load Balancer and 3 Linux VM:
9345 - required for RKE2 nodes clustering
6443 - required for Kubernetes API
DNS domain for accessing Rancher UI.
DNS domain for accessing Adeptia Connect portal.
=================================================================================
...
We need 2 different DNS (pointing to Load Balancer) for Ingress traffic routing to different components:
1st DNS for:
managing the RKE2 cluster
routing traffic to the Rancher GUI portal
2nd DNS for routing traffic to:
AC Portal
AC API Gateway (for REST and SOAP API calls)
Kibana dashboard for logging
Grafana dashboard for monitoring
==============================================================================================
...
Once you have met the prerequisites, update the following files containing the details of VMs, Load Balancer, ports, DNS, SSH connectivity, and other configuration details required for running Ansible PlaybookAdeptia Connect installation. These files are available in Ansible Playbook package that you have downloaded and extracted.
inventory file – Defines the hosts (or group of hosts) on which the Playbook runs.
vars/general-config.yaml - Contains the configuration variables to run the Playbook for Adeptia Connect installation.
vars/vault-config.yaml - Contains sensitive information, such as passwords, required to validate and run the Playbook.
Steps to update inventory file
Open the inventory file.
Add the domain name or IP address of the three VMs under the [servers] group as shown in the example code snippet below.
...
Info |
---|
RKE2 agent (or worker) will be deployed on these nodes. |
Steps to update
...
general-config.yaml
Navigate to /vars in the Ansible Playbook extracted folder.
Open the general-config.yaml file.
Update the following properties.
Property | Description |
---|---|
ssh_key_path | Name of SSH private key (pem) file. |
rancher_lb_domain | Domain name of Rancher |
app_lb_domain | Domain name of Adeptia Connect application |
rke2_token | Secret token for node registration. |
execute_static_job | AC installation mode. Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment. |
ac_ha_mode | Enable/Disable High Availability (HA) mode. Possible values are:
|
backend_db_type | Backend database type. Possible values are:
|
backend_db_url | Value for Azure SQL Database
Value for Oracle Database
Value for Azure MySQL Database
|
log_db_type | Log database type. Possible values are:
|
log_db_url | Value for Azure SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName> Value for Azure MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true |
tlsCrt | TLS signed certificate in base64 encoding (for Ingress) |
tlsKey | TLS private key of certificate in base64 encoding (for ingress) |
...
Steps to update vault-config.yaml
Find the vault-config.yaml file from Navigate to /vars in the Ansible Playbook extracted folder.
Define the sensitive information (like passwords) in Open the vault-config.yaml file.
Provide the sensitive information, such as RKE2 token, in the respective properties.
Property | Value |
---|---|
vault_ansible_sudo_pass |
<User defined password for > | |
vault_rancher_gui_password |
<User defined password for rancher GUI> | |
vault_rke2_token |
<User defined RKE2 token> | |
vault_backend_db_username |
<User defined Backend DB username> | |
vault_backend |
, this file can be encrypted/decrypted using Ansible Vault
_db_password | <User defined Backend DB password> |
vault_log_db_username | <User defined Log DB username> |
vault_log_db_password | <User defined Log DB password> |
vault_quartz_db_username | <User defined Quartz DB username (if Quartz and Backend DB are separate)> |
vault_quartz_db_password | <User defined Quartz DB password (if Quartz and Backend DB are separate)> |
vault_log_archive_db_username | <User defined Log archive DB username (if Log and Log archive DB are separate)> |
vault_log_archive_db_password | <User defined Log archive DB password (if Log and Log archive DB are separate)> |
Encrypting/Decrypting vault-config.yaml
You can encrypt the sensitive information specified
...
in the
...
vault-config.yaml file
...
by using Ansible Vault.
...
To encrypt the file
...
To encrypt with Vault, use the ansible-vault encrypt
command.
...
, run the following command:
|
Again, you You will be prompted to provide and confirm a password . Afterward, a message will confirm the encryption:
...
Viewing Encrypted File
The ansible-vault view
command feeds the contents of a file to standard out. By default, this means that the contents are displayed in the terminal.
...
Code Block |
---|
$ ansible-vault view vault-config.yaml |
You will be asked for the file’s password. After entering it successfully, the contents will be displayed:
...
As you can see, the password prompt is mixed into the output of file contents.
Decrypting Encrypted Files
To decrypt a vault-encrypted file, use the ansible-vault decrypt
command.for the file. Once you have confirmed the password, a message “Encryption successful” confirming the encryption will be displayed.
To decrypt the file, run the following command:
|
You will be prompted for to enter the encryption password that you had set for the file. Once you enter the correct password, the file will be decrypted and you will see a message confirming the decryption successfully message.
Execution
The package contains a shell file (adeptia-connect.sh) that can be run to execute the Ansible playbook with appropriate arguments.
Install
...
Login into the Jump Box.
...
Download and extract the Ansible Playbook package.
...
Update the Ansible playbook configurations as per the instructions.
Run the shell file (adeptia-connect.sh) to deploy the Rancher and AC application with the required dependencies.
...
Executing the Ansible Playbook
After you have met all the prerequisites and configured the inventory, general-config.yaml, and vault-config.yaml files, you are ready to run the Ansible Playbook by executing the adeptia-connect.sh shell file (with appropriate arguments). Here are the steps to run the adeptia-connect.sh file in default mode by which all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect get installed.
Log in to the Jumpbox.
Run the following command to set Read/Write permission on the SSH private key file (PEM):
Code Block $ chmod 0600 <pem file> # set executable permission to the shell file(
Run the following command to set executable permission on the adeptia-connect.sh
)shell file:
Code Block $ chmod +x adeptia-connect.sh # run the shell file
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
Code Block $ ./adeptia-connect.sh
You
...
can use the tag argument
...
while running the command to execute the shell file to install different components as per your requirement. For example, if you want to install all the components except for the Adeptia Connect application, run the following command:
Code Block |
---|
$ ./adeptia-connect.sh --tag=install-basic |
Tip |
---|
To run multiple tags, provide comma separated values as shown below:
|
...
|
Following table contains the the list describing some tags that you can use:
Tag | Description |
---|---|
--tag=install-all |
Installs all the components including RKE2, Rancher, Longhorn, |
Prometheus, EFK, |
KEDA, and Adeptia Connect in one go.
|
| |
--tag=install- |
basic | Installs all the components (RKE2, Rancher, Longhorn, |
Prometheus, EFK, |
KEDA) except for the |
Adeptia Connect application. |
--tag=install- |
ac | Installs Adeptia Connect application only. |
--tag=install- |
rke2 | Installs RKE2 (server/agent) only. |
--tag=install- |
prometheus | Installs Prometheus ( |
including Grafana) only |
--tag=install- |
efk | Installs EFK only. |
Uninstalling the Ansible Playbook
Here are the steps to uninstall all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect.
Log in to the Jumpbox.
Run the following command to set Read/Write permission on the SSH private key file (PEM):
Code Block $ chmod 0600 <pem file>
Run the following command to set executable permission on the adeptia-connect.sh shell file:
Code Block $ chmod +x adeptia-connect.sh
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
Code Block $ ./adeptia-connect.sh --tag=
...
Using Ansible Vault encryption
You need to pass the argument --ask-vault-pass with the command to run the shell file (adeptia-connect.sh).
...
uninstall-all
This uninstalls all the components. If you want to install different components based on your requirement, you can use the tag argument while executing the shell file. For example, if you want to uninstall Adeptia Connect application only, run the following command:
Code Block |
---|
$ ./adeptia-connect.sh -- |
...
Uninstall
...
Description
...
Command
...
Uninstall the complete package:
RKE2
Rancher
Longhorn
Prometheus (and Grafana)
EFK
AC
...
tag=uninstall-ac |
Tip |
---|
To run multiple tags, provide comma separated values as shown below:
|
...
|
...
Uninstall only AC
...
|
Panel | ||
---|---|---|
| ||
Important! If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file (during install or uninstall) as shown in the example below:
|
...
|
...
|
...
|
|