Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.
...
At least three Linux VMs (to be used as master/server nodes) with internet access, each with the following minimum configuration:
RAM – 32 GB
Processor cores – 8
Hard disk – 250 GB
One Jumpbox with internet access and SSH connectivity with the Linux nodes to download, extract, and run the Playbook.
Ansible 2.12 (or higher) installed on Jumpbox.
You can install Ansible on Ubuntu OS by running the following set of commands in the same order:Code Block language powershell $ sudo apt-add-repository ppa:ansible/ansible $ sudo apt install ansible 2.12.10
...
Load Balancer on the top of Linux nodesVMs.
Administrative privileges on Jumpbox and each nodeLinux VM.
SSH private key in PEM (Privacy Enhanced Mail) format for communication between the VMsone VM to another and with the Jumpbox.
Info |
---|
You can use the PEM file with or without passphrase protection. |
CA/self signed certificates
The following inbound ports opened on the Load Balancer and the nodes:
9345 - required for RKE2 nodes clustering
6443 - required for Kubernetes API
DNS domain load balancer of the Load Balancer for accessing Rancher UI.
DNS domain for accessing Adeptia Connect portal.
...
Open the inventory file.
Add the domain name or IP address of the server nodes VMs and RKE2 agent agents (if you have any) under the [servers] and [agents] groups respectively as shown in the example code snippet below.
Note |
---|
Important! It is recommended that you add three VMs (discussed in the prerequisites) to ensure that if one fails, the available one takes over. |
Info |
---|
|
Code Block | ||
---|---|---|
| ||
# rke2 cluster master/server nodes #
[servers]
xxx.xx.xx.xx
xxx.xx.xx.xx
xxx.xx.xx.xx
# rke2 cluster worker/agent nodes #
[agents]
xxx.xx.xx.xx
To be deleted....
[k8s:children]
servers
agents
[servers:vars]
rke2_type=“server”
[agents:vars]
rke2_type=“agent”
[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }} |
Steps to update general-config.yaml
Navigate to /vars in the Ansible Playbook extracted folder.
Open the general-config.yaml file.
Update the following properties.
Property | Description Give sample values | ||
---|---|---|---|
ssh_key_path | Name of the SSH private key (PEM) file, for example: abc.pem. | ||
rancher_lb_domain | Domain name for Rancher, for example: rancher.company.com Using this domain, you can access the Rancher UI and RKE2. | ||
app_lb_domain | Domain name for Adeptia Connect application, for example: rancher-ac-web.company.com Using this domain, you can access the followings:
| rke2_token | Secret token for node registration. Provide the value for this field in vault. |
execute_static_job | Adeptia Connect installation mode. Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment. The default value is true. | ||
ac_ha_mode | Enable/Disable High Availability (HA) mode. Default false Possible values are:
When set to true, the application is deployed in HA mode with all microservice running at least two replicas. Autoscaling wiiol be enabled by default. may aoutoscale to upto 3 replicas | ||
backend_db_type | Backend database type. Possible values are:
| ||
backend_db_url | Value for SQL Database
Value for Oracle Database
Value for MySQL Database
| ||
log_db_type | Log database type. Possible values are:
| ||
log_db_url | Value for SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<SID/ServiceName> Value for MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true | ||
tlsCrt | TLS signed certificate in base64 encoding (for Ingress). | ||
tlsKey | TLS private key of certificate in base64 encoding (for ingress). |
Steps to update vault-config.yaml
Navigate to /vars in the Ansible Playbook extracted folder.
Open the vault-config.yaml file.
Provide the sensitive information, such as RKE2 token, in the respective properties.
Property | Description Default values, |
---|---|
vault_ansible_sudo_pass | User defined password Password for Jumpbox. |
vault_rancher_gui_password | User defined password Password for rancher GUI. |
vault_rke2_token | <User defined RKE2 token>token. |
vault_backend_db_username | <User defined Backend DB username>username. |
vault_backend_db_password | <User defined Backend DB password>password. |
vault_log_db_username | <User defined Log DB username>username. |
vault_log_db_password | <User defined Log DB password> |
Encrypting/Decrypting vault-config.yaml
...
password. |
If you want, you can encrypt the sensitive information specified in the vault-config.yaml file by using Ansible Vault.
Encrypting vault-config.yaml
To encrypt the file, navigate do the followings:
Navigate to the /vars folder,
...
Run the following command:
Code Block language powershell $ ansible-vault encrypt vault-config.yaml
...
Provide a password for the file.
Confirm the password.
Once you have confirmed the password, a message “Encryption successful” confirming the encryption will be displayed.
...
Info |
---|
...
To view (content) or decrypt the vault-config.yaml file, navigate to the /vars folder, and then run |
...
the respective commands. Following are the commands to view or decrypt the file:
|
...
|
...
|
...
After you run the command, you will need to enter the encryption password that you had set for |
...
the file |
...
. |
Executing the Ansible Playbook
You can run the Ansible Playbook by executing the adeptia-connect.sh shell file (with appropriate arguments) after you have fulfilled all the prerequisites. Here are the steps to run the adeptia-connect.sh file in default mode by following which all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, and Adeptia Connect get installed.
Log in to the Jumpbox.
Run the following command to set Read/Write permission on the SSH private key file (PEM):
Code Block $ chmod 0600 <pem file>
Run the following command to set executable permission on the adeptia-connect.sh shell file:
Code Block $ chmod +x adeptia-connect.sh
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
Code Block $ sudo ./adeptia-connect.sh
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Important! If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file as shown in the example below:
|
You can use the tag argument while running the command to execute the shell file for installing different components as per your requirement. For example, if you want to install all the components except for the Adeptia Connect application, run the following command:
...
Following table contains the the list of some tags and their description:
If same cluster but different namespaces for different env
Tag | Description | ||
---|---|---|---|
--tag=install-all | Installs all the components
| ||
--tag=install-basic | Installs all the components | ||
--tag=install-ac | Installs Adeptia Connect application only. |
...
Here are the steps to uninstall all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect.
Log in to the Jumpbox.
Run the following command to set Read/Write permission on the SSH private key file (PEM):
Code Block $ chmod 0600 <pem file>
Run the following command to set executable permission on theexecute the shell file, adeptia-connect.sh shell file, available in the Ansible Playbook:Code Block $ chmod +x sudo ./adeptia-connect.sh
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
Code Block $ sudo --tag=uninstall-all
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Important! If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file as shown in the example below:
|
...
|
...
|
...
|
This uninstalls all the components. If you want to install different components based on your requirement, you can use the tag argument while executing the shell file. For example, if you want to uninstall Adeptia Connect application only, run the following command:
Code Block |
---|
$ sudo ./adeptia-connect.sh --tag=uninstall-ac |
...
bgColor | #FFFAE6 |
---|
Important!
place this in install as well
If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file (during install or uninstall) as shown in the example below:
...