Versions Compared

Old Version 19

changes.mady.by.user Ashhad Alam

Saved on

compared with

New Version 20

changes.mady.by.user Ashhad Alam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.

...

  • At least three Linux VMs (to be used as master/server nodes) with internet access, each with the following minimum configuration:

    • RAM – 32 GB

    • Processor cores – 8

    • Hard disk – 250 GB

  • One Jumpbox with internet access and SSH connectivity with the Linux nodes to download, extract, and run the Playbook.

  • Ansible 2.12 (or higher) installed on Jumpbox.
    You can install Ansible on Ubuntu OS by running the following set of commands in the same order:

    Code Block
    languagepowershell
    $ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt install ansible 2.12.10

...

  • Load Balancer on the top of Linux nodesVMs.

  • Administrative privileges on Jumpbox and each nodeLinux VM.

  • SSH private key in PEM (Privacy Enhanced Mail) format for communication between the VMsone VM to another and with the Jumpbox.

Info

You can use the PEM file with or without passphrase protection.

  • CA/self signed certificates

  • The following inbound ports opened on the Load Balancer and the nodes:

    • 9345 - required for RKE2 nodes clustering

    • 6443 - required for Kubernetes API

  • DNS domain load balancer of the Load Balancer for accessing Rancher UI.

  • DNS domain for accessing Adeptia Connect portal.

...

  1. Open the inventory file.

  2. Add the domain name or IP address of the server nodes VMs and RKE2 agent agents (if you have any) under the [servers] and [agents] groups respectively as shown in the example code snippet below.

Note

Important!

It is recommended that you add three VMs (discussed in the prerequisites) to ensure that if one fails, the available one takes over.

Info

  • RKE2 server (or master) will be deployed on

these nodes. For HA, 3 VMs. [agents] groups re

  • the VMs whose IP addresses or domain name you enter under the [servers] group.

  • RKE2 agent will be deployed on the VMs whose IP addresses or domain name you enter under the [agents] group.

Code Block
languagepowershell
# rke2 cluster master/server nodes #
[servers]
xxx.xx.xx.xx
xxx.xx.xx.xx
xxx.xx.xx.xx

# rke2 cluster worker/agent nodes #
[agents]
xxx.xx.xx.xx


To be deleted....
[k8s:children]
servers
agents

[servers:vars]
rke2_type=“server”

[agents:vars]
rke2_type=“agent”

[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }}

Steps to update general-config.yaml

  1. Navigate to /vars in the Ansible Playbook extracted folder.

  2. Open the general-config.yaml file.

  3. Update the following properties.

Property

Description Give sample values

ssh_key_path

Name of the SSH private key (PEM) file, for example:

abc.pem.

rancher_lb_domain

Domain name for Rancher, for example:

rancher.company.com

Using this domain, you can access the Rancher UI and RKE2.

app_lb_domain

Domain name for Adeptia Connect application, for example:

rancher-ac-web.company.com

Using this domain, you can access the followings:

  • Adeptia Connect Portal

  • Adeptia Connect API Gateway (for REST and SOAP API calls)

  • Kibana dashboard

  • Grafana dashboard

rke2_token

Secret token for node registration. Provide the value for this field in vault.

execute_static_job

Adeptia Connect installation mode.

Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment.

The default value is true.

ac_ha_mode

Enable/Disable High Availability (HA) mode. Default false

Possible values are:

  • true

  • false

When set to true, the application is deployed in HA mode with all microservice running at least two replicas.

Autoscaling wiiol be enabled by default. may aoutoscale to upto 3 replicas

backend_db_type

Backend database type.

Possible values are:

  • MySQL

  • SQL-Server

  • Oracle

backend_db_url

Value for SQL Database

  • jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Backend Database Name>

Value for Oracle Database

  • jdbc:oracle:thin:@<hostName>:<portNumber>:<SID/ServiceName>

Value for MySQL Database

  • jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true

log_db_type

Log database type.

Possible values are:

  • MySQL

  • SQL-Server

  • Oracle

log_db_url

Value for SQL Database

jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name>

Value for Oracle Database

jdbc:oracle:thin:@<hostName>:<portNumber>:<SID/ServiceName>

Value for MySQL Database

jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true

tlsCrt

TLS signed certificate in base64 encoding (for Ingress).

tlsKey

TLS private key of certificate in base64 encoding (for ingress).

Steps to update vault-config.yaml

  1. Navigate to /vars in the Ansible Playbook extracted folder.

  2. Open the vault-config.yaml file.

  3. Provide the sensitive information, such as RKE2 token, in the respective properties.

Property

Description Default values,

vault_ansible_sudo_pass

User defined password Password for Jumpbox.

vault_rancher_gui_password

User defined password Password for rancher GUI.

vault_rke2_token

<User defined RKE2 token>token.

vault_backend_db_username

<User defined Backend DB username>username.

vault_backend_db_password

<User defined Backend DB password>password.

vault_log_db_username

<User defined Log DB username>username.

vault_log_db_password

<User defined Log DB password>

Encrypting/Decrypting vault-config.yaml

...

password.

If you want, you can encrypt the sensitive information specified in the vault-config.yaml file by using Ansible Vault.

Encrypting vault-config.yaml

To encrypt the file, navigate do the followings:

  1. Navigate to the /vars folder,

...

  2. Run the following command:

    Code Block
    languagepowershell
    $ ansible-vault encrypt vault-config.yaml

...

  1. Provide a password for the file.

  2. Confirm the password.
    Once you have confirmed the password, a message “Encryption successful” confirming the encryption will be displayed.

...

Info

...

To view (content) or decrypt the vault-config.yaml file, navigate to the /vars folder, and then run

...

the respective commands.

Following are the commands to view or decrypt the file:

  • To view
    $ ansible-vault view vault-config.yaml

  • To decrypt
    $ ansible-vault

...

  • decrypt

...

  • vault-config.yaml

...

After you run the command, you will need to enter the encryption password that you had set for

...

the file

...

.

Executing the Ansible Playbook

You can run the Ansible Playbook by executing the adeptia-connect.sh shell file (with appropriate arguments) after you have fulfilled all the prerequisites. Here are the steps to run the adeptia-connect.sh file in default mode by following which all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, and Adeptia Connect get installed.

  1. Log in to the Jumpbox.

  2. Run the following command to set Read/Write permission on the SSH private key file (PEM):

    Code Block
    $ chmod 0600 <pem file>

  3. Run the following command to set executable permission on the adeptia-connect.sh shell file:

    Code Block
    $ chmod +x adeptia-connect.sh

  4. Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:

    Code Block
    $ sudo ./adeptia-connect.sh
Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#FFEBE6

Important!

If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file as shown in the example below:

$ sudo ./adeptia-connect.sh --ask-vault-pass

You can use the tag argument while running the command to execute the shell file for installing different components as per your requirement. For example, if you want to install all the components except for the Adeptia Connect application, run the following command:

...

Following table contains the the list of some tags and their description:

If same cluster but different namespaces for different env

Tag

Description

--tag=install-all

Installs all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect in one go.

Info

This is the default tag considered by the system when you do not use any tag while executing the adeptia-connect.sh file.

--tag=install-basic

Installs all the components (RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA) except for the Adeptia Connect application. recommended

--tag=install-ac

Installs Adeptia Connect application only.

...

Here are the steps to uninstall all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect.

  1. Log in to the Jumpbox.

  2. Run the following command to set Read/Write permission on the SSH private key file (PEM):

    Code Block
    $ chmod 0600 <pem file>

    Run the following command to set executable permission on the execute the shell file, adeptia-connect.sh shell file, available in the Ansible Playbook:

    Code Block
    $ chmod +x sudo ./adeptia-connect.sh

    Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:

    Code Block
    $ sudo  --tag=uninstall-all
Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#FFEBE6

Important!

If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file as shown in the example below:

$ sudo ./adeptia-connect.sh

...

--ask-

...

vault-

...

pass

This uninstalls all the components. If you want to install different components based on your requirement, you can use the tag argument while executing the shell file. For example, if you want to uninstall Adeptia Connect application only, run the following command:

Code Block
$ sudo ./adeptia-connect.sh --tag=uninstall-ac

...

bgColor#FFFAE6

Important!

place this in install as well

If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file (during install or uninstall) as shown in the example below:

...