Versions Compared

Old Version 4

changes.mady.by.user Ashhad Alam

Saved on

compared with

New Version Current

changes.mady.by.user Ashhad Alam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Ansible playbook

The playbook installs the following components:

  • RKE2

  • Rancher

  • Longhorn

  • Prometheus (includes Grafana for centralized monitoring)

  • EFK (for centralized logging)

  • KEDA CRD

  • AC application (can be deployed in HA mode with each microservice running 2 replicas)

Prerequisites

Instances/Components

  • 3 Linux VM machines (minimum configuration required for HA configuration)

  • 1 Jumpbox with internet access and SSH connectivity to the above 3 Linux VM machines

  • Load Balancer on top of 3 Linux VM nodes

Here are the configurations of the 3 Linux VM machines that we used in the development environment:

...

name

...

public IP

private IP

...

memory

...

core

...

disk (SSD)

...

os

...

rancher1

...

3.134.212.46

172.31.33.225

...

32 GB

...

8

...

100 GB

...

Ubuntu

...

rancher2

...

3.131.224.248

172.31.47.85

...

32 GB

...

8

...

100 GB

...

Ubuntu

...

rancher3

...

18.216.242.13

172.31.44.236

...

32 GB

...

8

...

100 GB

...

Ubuntu

...

By default, the AC helm chart requires 250 GB for PV configuration.

When we used the Linux VM machine with 100 GB SSD, we couldn't deploy the AC helm chart correctly until we reduced the PV configuration to 60 GB.

So, the QA team may need to test the Ansible script on Linux VM that have higher disk storage configuration.

Connectivity

SSH connectivity with administrative privileges between the Jumpbox and each Linux VM node

...

For SSH connectivity, you should have a private key file in PEM (Privacy Enhanced Mail) format.

  • We can either use it with or without a passphrase-protected private key.

  • In the case of a passphrase-protected private key, you will be prompted to provide the password.

Software

...

Instance

...

OS

...

Software(s)

...

Jumpbox

...

Linux (Ubuntu/CentOS)

  • Python 2.7 (or higher)

  • PIP (Python Package Manager) 

Python and PIP come preinstalled on most Linux distributions!

  • Ansible 2.5 (or higher)

Code Block
# on Ubuntu/CentOS
$ sudo yum install ansible

# on fedora
$ sudo dnf install ansible

Ports

We need the following inbound ports to be opened on Load Balancer and 3 Linux VM:

  • 9345 - required for RKE2 nodes clustering

  • 6443 - required for Kubernetes API

DNS

We need 2 different DNS (pointing to Load Balancer) for Ingress traffic routing to different components:

1st DNS for:

  • managing the RKE2 cluster

  • routing traffic to the Rancher GUI portal

2nd DNS for routing traffic to:

  • AC Portal

  • AC API Gateway (for REST and SOAP API calls)

  • Kibana dashboard for logging

  • Grafana dashboard for monitoring

...

Ideally, we would have used 1 DNS for traffic routing to all components.

But Rancher has a limitation in that it only supports Ingress routing based on hostname and not via context path. Therefore, we have to use a separate DNS (hostname) for routing traffic to Rancher.

Configuration

Before you begin to install, you need to update the following files available in the downloaded package.

  1. inventory file - defines the hosts (or group of hosts) upon which the playbook will run

  2. vars/general-config.yaml - consists of configuration variables to run the playbook

  3. vars/vault-config.yaml - consists of sensitive configuration variables (like passwords) to run the playbook, this file can be encrypted/decrypted using Ansible Vault

Update inventory file

Steps to update the inventory file:

  1. Find the inventory file in the Ansible package.

  2. Edit the file:

    1. Add the server nodes' domain or IP address under the "servers" group, RKE2 server (or master) will be deployed on these nodes.

    2. Add the agent node domain or IP address under the "agents" group, RKE2 agent (or worker) will be deployed on these nodes.

...

...

Code Block
# rke2 cluster master/server nodes #
[servers]
#172.31.27.98

# rke2 cluster worker/agent nodes #
[agents]
#172.31.29.19

[k8s:children]
servers
agents

[servers:vars]
rke2_type=“server”

[agents:vars]
rke2_type=“agent”

[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }}

Update vars/general-config.yaml

  1. Find the general-config.yaml file from /vars in the Ansible package.

  2. Define the following properties in general-config.yaml

...

Code Block
## SSH configuration to Lunix VM ##
# SSH user
ssh_user: 
# SSH private key file (pem)
ssh_key_path: 
# Sudo password
ansible_sudo_pass: "{{ vault_ansible_sudo_pass }}"

# Rancher domain (domain name mapped with load balancer configured on top of Linux VM)
rancher_lb_domain:
# Application domain (domain name mapped with load balancer configured on top of Linux VM)
app_lb_domain:

## RKE2 configuration ## 
# Pre-shared secret token for node registration
rke2_token: "{{ vault_rke2_token }}"

## Rancher configuration ## 
# rancher bootstrap password
rancher_gui_password: "{{ vault_rancher_gui_password }}"

## AC configuration ##
# Global values YAML file path
ac_global_values_yaml: "../vars/values-adeptia-connect.yaml"

# AC installation mode - set "true" for new AC installation, Or "false" to upgrade the existing environment
execute_static_job: true

## AC HA configuration ##
# Enable/Disable HA mode - true, false
ac_ha_mode: false

# backend database configuration
# backend database type, possible values are: MySQL, SQL-Server, Oracle
backend_db_type: 
backend_db_url: 
backend_db_username: "{{vault_backend_db_username}}"
backend_db_password: "{{vault_backend_db_password}}"

# log database configuration
# log database type, possible values are: MySQL, SQL-Server, Oracle
log_db_type: 
log_db_url: 
log_db_username: "{{vault_log_db_username}}"
log_db_password: "{{vault_log_db_password}}"

## Ingress SSL configuration ##
# TLS signed certificate in base64 encoding
tlsCrt: 
# TLS private key of certificate in base64 encoding
tlsKey:

Update vars/vault-config.yaml

  1. Find the vault-config.yaml file from /vars in Ansible extracted folder.

  2. Define the sensitive information (like passwords) in the vault-config.yaml.

...

Code Block
vault_ansible_sudo_pass: 
vault_rancher_gui_password: adeptia1243
vault_rke2_token: defaultSecret123456

#envSecret#
vault_backend_db_username: 
vault_backend_db_password: 
vault_log_db_username: 
vault_log_db_password:

...

For added security, you can encrypt the sensitive information specified inside the vars/vault-config.yaml file.

Encrypt/Decrypt with Ansible Vault

Encrypting the file

To encrypt with Vault, use the ansible-vault encrypt command.

...

Code Block
$ ansible-vault encrypt vault-config.yaml

Again, you will be prompted to provide and confirm a password. Afterward, a message will confirm the encryption:

...

Viewing Encrypted File

The ansible-vault view command feeds the contents of a file to standard out. By default, this means that the contents are displayed in the terminal.

...

Code Block
$ ansible-vault view vault-config.yaml

You will be asked for the file’s password. After entering it successfully, the contents will be displayed:

...

As you can see, the password prompt is mixed into the output of file contents.

Decrypting Encrypted Files

To decrypt a vault-encrypted file, use the ansible-vault decrypt command.

...

Code Block
$ ansible-vault decrypt vault-config.yaml

You will be prompted for the encryption password for the file. Once you enter the correct password, the file will be decrypted and you will see decryption successfully message.

Execution

The package contains a shell file (adeptia-connect.sh) that can be run to execute the Ansible playbook with appropriate arguments.

Install

...

Login into the Jump Box.

...

Download and extract the Ansible Playbook package.

...

Update the Ansible playbook configurations as per the instructions.

Run the shell file (adeptia-connect.sh) to deploy the Rancher and AC application with the required dependencies.

Code Block
# set RW permission to the ssh private file (pem)
$ chmod 0600 <pem file>
# set executable permission to the shell file(adeptia-connect.sh)
$ chmod +x adeptia-connect.sh
# run the shell file
$ ./adeptia-connect.sh

You have the flexibility to pass the tag argument during the execution of the shell file to install different components as per requirement.

tagComponents--tag=install-all

Install all the components including RKE2, Rancher, AC, EFK, Prometheus, etc.

This is the default mode (if you don't provide any tag argument during the execution of the shell file)

--tag=install-basicInstalls all the components (RKE2, Rancher, AC, EFK, Prometheus, etc.) except the AC application--tag=install-acInstalls only AC application--tag=install-rke2Installs only RKE2 (server/agent)--tag=install-prometheusInstalls only Prometheus (and Grafana)--tag=install-efkInstalls only EFK

Code Block
# to deploy only AC application
$ ./adeptia-connect.sh --tag=install-ac

# to run multiple tags, provide comma separated values
$ ./adeptia-connect.sh --tag=install-basic,install-ac

Using Ansible Vault encryption

You need to pass the argument --ask-vault-pass with the command to run the shell file (adeptia-connect.sh).

Ansible will prompt you for a password which it will use to decrypt any vault-protected content it finds.

...

Code Block
$ ./adeptia-connect.sh --ask-vault-pass

Uninstall

...

Description

...

Command

...

Uninstall the complete package:

  • RKE2

  • Rancher

  • Longhorn

  • Prometheus (and Grafana)

  • EFK

  • AC

Code Block
$ ./adeptia-connect.sh --tag=uninstall-all

...

Uninstall only AC

Code Block
$ ./adeptia-connect.sh --tag=uninstall-ac

vault-pAdeptia enables you to deploy the Adeptia Connect application using Rancher which is useful when you want to use your own VMs for Kubernetes cluster instead of using a managed Kubernetes cluster such as AKS.

Rancher is an open-source multi-cluster orchestration platform that makes it easy for you to manage an application on Kubernetes cluster created by Rancher Kubernetes Engine (RKE2).

Adeptia packages Rancher and Rancher Kubernetes Engine (RKE2) along with Adeptia Connect application and other components in Adeptia Connect Rancher package. This package helps you deploy the followings in the same order.

  • RKE2 – Rancher Kubernetes Engine to set up Kubernetes environment.

  • Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment.

  • Longhorn – To implement distributed block storage for Kubernetes.

  • Prometheus including Grafana – To monitor the system and its execution environment holistically, for example, CPU usage.

  • Elasticsearch, Fluentd, and Kibana (EFK) – To view the logs for each microservice.

  • Adeptia Connect application

To deploy the application and the other components, you need to refer to the following pages sequentially.