...
Ansible playbook
The playbook installs the following components:
RKE2
Rancher
Longhorn
Prometheus (includes Grafana for centralized monitoring)
EFK (for centralized logging)
KEDA CRD
AC application (can be deployed in HA mode with each microservice running 2 replicas)
Prerequisites
Instances/Components
3 Linux VM machines (minimum configuration required for HA configuration)
1 Jumpbox with internet access and SSH connectivity to the above 3 Linux VM machines
Load Balancer on top of 3 Linux VM nodes
Here are the configurations of the 3 Linux VM machines that we used in the development environment:
...
name
...
public IP
private IP
...
memory
...
core
...
disk (SSD)
...
os
...
rancher1
...
3.134.212.46
172.31.33.225
...
32 GB
...
8
...
100 GB
...
Ubuntu
...
rancher2
...
3.131.224.248
172.31.47.85
...
32 GB
...
8
...
100 GB
...
Ubuntu
...
rancher3
...
18.216.242.13
172.31.44.236
...
32 GB
...
8
...
100 GB
...
Ubuntu
...
By default, the AC helm chart requires 250 GB for PV configuration.
When we used the Linux VM machine with 100 GB SSD, we couldn't deploy the AC helm chart correctly until we reduced the PV configuration to 60 GB.
So, the QA team may need to test the Ansible script on Linux VM that have higher disk storage configuration.
Connectivity
SSH connectivity with administrative privileges between the Jumpbox and each Linux VM node
...
For SSH connectivity, you should have a private key file in PEM (Privacy Enhanced Mail) format.
We can either use it with or without a passphrase-protected private key.
In the case of a passphrase-protected private key, you will be prompted to provide the password.
Software
...
Instance
...
OS
...
Software(s)
...
Jumpbox
...
Linux (Ubuntu/CentOS)
Python 2.7 (or higher)
PIP (Python Package Manager)
Python and PIP come preinstalled on most Linux distributions!
Ansible 2.5 (or higher)
Code Block |
---|
# on Ubuntu/CentOS
$ sudo yum install ansible
# on fedora
$ sudo dnf install ansible |
Ports
We need the following inbound ports to be opened on Load Balancer and 3 Linux VM:
9345 - required for RKE2 nodes clustering
6443 - required for Kubernetes API
DNS
We need 2 different DNS (pointing to Load Balancer) for Ingress traffic routing to different components:
1st DNS for:
managing the RKE2 cluster
routing traffic to the Rancher GUI portal
2nd DNS for routing traffic to:
AC Portal
AC API Gateway (for REST and SOAP API calls)
Kibana dashboard for logging
Grafana dashboard for monitoring
...
Ideally, we would have used 1 DNS for traffic routing to all components.
But Rancher has a limitation in that it only supports Ingress routing based on hostname and not via context path. Therefore, we have to use a separate DNS (hostname) for routing traffic to Rancher.
Configuration
Before you begin to install, you need to update the following files available in the downloaded package.
inventory file - defines the hosts (or group of hosts) upon which the playbook will run
vars/general-config.yaml - consists of configuration variables to run the playbook
vars/vault-config.yaml - consists of sensitive configuration variables (like passwords) to run the playbook, this file can be encrypted/decrypted using Ansible Vault
Update inventory file
Steps to update the inventory file:
Find the inventory file in the Ansible package.
Edit the file:
Add the server nodes' domain or IP address under the "servers" group, RKE2 server (or master) will be deployed on these nodes.
Add the agent node domain or IP address under the "agents" group, RKE2 agent (or worker) will be deployed on these nodes.
...
...
Code Block |
---|
# rke2 cluster master/server nodes #
[servers]
#172.31.27.98
# rke2 cluster worker/agent nodes #
[agents]
#172.31.29.19
[k8s:children]
servers
agents
[servers:vars]
rke2_type=“server”
[agents:vars]
rke2_type=“agent”
[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }} |
Update vars/general-config.yaml
Find the general-config.yaml file from /vars in the Ansible package.
Define the following properties in general-config.yaml
...
Code Block |
---|
## SSH configuration to Lunix VM ##
# SSH user
ssh_user:
# SSH private key file (pem)
ssh_key_path:
# Sudo password
ansible_sudo_pass: "{{ vault_ansible_sudo_pass }}"
# Rancher domain (domain name mapped with load balancer configured on top of Linux VM)
rancher_lb_domain:
# Application domain (domain name mapped with load balancer configured on top of Linux VM)
app_lb_domain:
## RKE2 configuration ##
# Pre-shared secret token for node registration
rke2_token: "{{ vault_rke2_token }}"
## Rancher configuration ##
# rancher bootstrap password
rancher_gui_password: "{{ vault_rancher_gui_password }}"
## AC configuration ##
# Global values YAML file path
ac_global_values_yaml: "../vars/values-adeptia-connect.yaml"
# AC installation mode - set "true" for new AC installation, Or "false" to upgrade the existing environment
execute_static_job: true
## AC HA configuration ##
# Enable/Disable HA mode - true, false
ac_ha_mode: false
# backend database configuration
# backend database type, possible values are: MySQL, SQL-Server, Oracle
backend_db_type:
backend_db_url:
backend_db_username: "{{vault_backend_db_username}}"
backend_db_password: "{{vault_backend_db_password}}"
# log database configuration
# log database type, possible values are: MySQL, SQL-Server, Oracle
log_db_type:
log_db_url:
log_db_username: "{{vault_log_db_username}}"
log_db_password: "{{vault_log_db_password}}"
## Ingress SSL configuration ##
# TLS signed certificate in base64 encoding
tlsCrt:
# TLS private key of certificate in base64 encoding
tlsKey: |
Update vars/vault-config.yaml
Find the vault-config.yaml file from /vars in Ansible extracted folder.
Define the sensitive information (like passwords) in the vault-config.yaml.
...
Code Block |
---|
vault_ansible_sudo_pass:
vault_rancher_gui_password: adeptia1243
vault_rke2_token: defaultSecret123456
#envSecret#
vault_backend_db_username:
vault_backend_db_password:
vault_log_db_username:
vault_log_db_password: |
...
For added security, you can encrypt the sensitive information specified inside the vars/vault-config.yaml file.
Encrypt/Decrypt with Ansible Vault
Encrypting the file
To encrypt with Vault, use the ansible-vault encrypt
command.
...
Code Block |
---|
$ ansible-vault encrypt vault-config.yaml |
Again, you will be prompted to provide and confirm a password. Afterward, a message will confirm the encryption:
...
Viewing Encrypted File
The ansible-vault view
command feeds the contents of a file to standard out. By default, this means that the contents are displayed in the terminal.
...
Code Block |
---|
$ ansible-vault view vault-config.yaml |
You will be asked for the file’s password. After entering it successfully, the contents will be displayed:
...
As you can see, the password prompt is mixed into the output of file contents.
Decrypting Encrypted Files
To decrypt a vault-encrypted file, use the ansible-vault decrypt
command.
...
Code Block |
---|
$ ansible-vault decrypt vault-config.yaml |
You will be prompted for the encryption password for the file. Once you enter the correct password, the file will be decrypted and you will see decryption successfully message.
Execution
The package contains a shell file (adeptia-connect.sh) that can be run to execute the Ansible playbook with appropriate arguments.
Install
...
Login into the Jump Box.
...
Download and extract the Ansible Playbook package.
...
Update the Ansible playbook configurations as per the instructions.
Run the shell file (adeptia-connect.sh) to deploy the Rancher and AC application with the required dependencies.
Code Block |
---|
# set RW permission to the ssh private file (pem)
$ chmod 0600 <pem file>
# set executable permission to the shell file(adeptia-connect.sh)
$ chmod +x adeptia-connect.sh
# run the shell file
$ ./adeptia-connect.sh |
You have the flexibility to pass the tag argument during the execution of the shell file to install different components as per requirement.
tagComponents--tag=install-all
Install all the components including RKE2, Rancher, AC, EFK, Prometheus, etc.
This is the default mode (if you don't provide any tag argument during the execution of the shell file)
--tag=install-basicInstalls all the components (RKE2, Rancher, AC, EFK, Prometheus, etc.) except the AC application--tag=install-acInstalls only AC application--tag=install-rke2Installs only RKE2 (server/agent)--tag=install-prometheusInstalls only Prometheus (and Grafana)--tag=install-efkInstalls only EFK
Code Block |
---|
# to deploy only AC application
$ ./adeptia-connect.sh --tag=install-ac
# to run multiple tags, provide comma separated values
$ ./adeptia-connect.sh --tag=install-basic,install-ac |
Using Ansible Vault encryption
You need to pass the argument --ask-vault-pass with the command to run the shell file (adeptia-connect.sh).
Ansible will prompt you for a password which it will use to decrypt any vault-protected content it finds.
...
Code Block |
---|
$ ./adeptia-connect.sh --ask-vault-pass |
Uninstall
...
Description
...
Command
...
Uninstall the complete package:
RKE2
Rancher
Longhorn
Prometheus (and Grafana)
EFK
AC
Code Block |
---|
$ ./adeptia-connect.sh --tag=uninstall-all |
...
Uninstall only AC
Code Block |
---|
$ ./adeptia-connect.sh --tag=uninstall-ac |
vault-pAdeptia enables you to deploy the Adeptia Connect application using Rancher which is useful when you want to use your own VMs for Kubernetes cluster instead of using a managed Kubernetes cluster such as AKS.
Rancher is an open-source multi-cluster orchestration platform that makes it easy for you to manage an application on Kubernetes cluster created by Rancher Kubernetes Engine (RKE2).
Adeptia packages Rancher and Rancher Kubernetes Engine (RKE2) along with Adeptia Connect application and other components in Adeptia Connect Rancher package. This package helps you deploy the followings in the same order.
RKE2 – Rancher Kubernetes Engine to set up Kubernetes environment.
Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment.
Longhorn – To implement distributed block storage for Kubernetes.
Prometheus including Grafana – To monitor the system and its execution environment holistically, for example, CPU usage.
Elasticsearch, Fluentd, and Kibana (EFK) – To view the logs for each microservice.
Adeptia Connect application
To deploy the application and the other components, you need to refer to the following pages sequentially.