Rancher is an an Adeptia enables you to deploy the Adeptia Connect application using Rancher which is useful when you want to use your own VMs for Kubernetes cluster instead of using a managed Kubernetes cluster such as AKS.
Rancher is an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster created by Rancher Kubernetes Engine (RKE2).
Adeptia packages Rancher and Security focused Rancher Kubernetes Engine (RKE2) along with Adeptia Connect application and other components in Ansible Playbook. You need to download and run this package that deploys Adeptia Connect Rancher package. This package helps you deploy the followings in the same order.
RKE2 – Security focused KubernetesRancher Kubernetes Engine to set up Kubernetes environment.
Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment.
Longhorn – Cloud native To implement distributed block storage for Kubernetes.
Prometheus including Grafana – For centralized monitoring To monitor the system and its execution environment holistically, for example, CPU usage.
Elasticsearch, Fluentd, and Kibana (EFK) – For centralized logging
Kubernetes Event Driven Autoscaler (KEDA) – For pods autoscaling
Adeptia Connect application (can be deployed in HA mode with each microservice running 2 replicas)
Prerequisites and
Before you begin to run Ansible Playbook, ensure that you have,
At least three Linux VMs, each with the following minimum configuration:
RAM – 32 GB
Processor cores – 8
Hard disk – 250 GB
One Jumpbox with internet access and SSH connectivity with the above 3 Linux VM machines
Ansible 2.5 (or higher) installed on Jumpbox.
You can install Ansible on Ubuntu OS by running the following command:Code Block language powershell $ sudo apt install ansible
Load Balancer on top of 3 Linux VM nodes
Administrative privileges on Jumpbox and each Linux VM node
SSH Private key in PEM (Privacy Enhanced Mail) format for communication between the VMs
Info |
---|
You can use the PEM file with or without passphrase protection. |
Inbound ports opened on Load Balancer and 3 Linux VM:
9345 - required for RKE2 nodes clustering
6443 - required for Kubernetes API
DNS domain for accessing Rancher UI
DNS domain for accessing Adeptia Connect portal
=================================================================================
DNS
We need 2 different DNS (pointing to Load Balancer) for Ingress traffic routing to different components:
1st DNS for:
managing the RKE2 cluster
routing traffic to the Rancher GUI portal
2nd DNS for routing traffic to:
AC Portal
AC API Gateway (for REST and SOAP API calls)
Kibana dashboard for logging
Grafana dashboard for monitoring
==============================================================================================
Once you have met the prerequisites, update the following files containing the details of VMs, Load Balancer, ports, DNS, SSH connectivity, and other configuration details required for running Ansible Playbook. These files are available in Ansible Playbook package that you have downloaded.
inventory file – Defines the hosts (or group of hosts) on which the Playbook runs
vars/general-config.yaml - Contains the configuration variables to run the Playbook
vars/vault-config.yaml - Contains sensitive information, such as passwords, required to validate and run the Playbook
Steps to update inventory file
Open the inventory file.
Add the domain name or IP address of the three VMs under the [servers] group as shown in the example code snippet below.
Info |
---|
RKE2 server (or master) will be deployed on these nodes. |
Code Block | ||
---|---|---|
| ||
# rke2 cluster master/server nodes #
[servers]
xxx.xx.xx.xx
xxx.xx.xx.xx
xxx.xx.xx.xx
# rke2 cluster worker/agent nodes #
[agents]
xxx.xx.xx.xx
[k8s:children]
servers
agents
[servers:vars]
rke2_type=“server”
[agents:vars]
rke2_type=“agent”
[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }} |
You can also add the domain name or IP address of an RKE2 agent under the [agents] group if you have one.
Info |
---|
RKE2 agent (or worker) will be deployed on these nodes. |
Steps to update vars/general-config.yaml
Navigate to /vars in the Ansible Playbook.
Open the general-config.yaml file.
Update the following properties.
...
Property
...
Description
...
ssh_key_path
...
Name of SSH private key (pem) file.
...
rancher_lb_domain
...
Domain name of Rancher
...
app_lb_domain
...
Domain name of Adeptia Connect application
...
rke2_token
...
Secret token for node registration.
...
execute_static_job
...
AC installation mode.
Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment.
...
ac_ha_mode
...
Enable/Disable High Availability (HA) mode.
Possible values are:
true
false
...
backend_db_type
...
Backend database type.
Possible values are:
MySQL
SQL-Server
Oracle
...
backend_db_url
...
Value for Azure SQL Database
jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Backend Database Name>
Value for Oracle Database
jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName>
Value for Azure MySQL Database
jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true
...
log_db_type
...
Log database type.
Possible values are:
MySQL
SQL-Server
Oracle
...
log_db_url
...
Value for Azure SQL Database
jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name>
Value for Oracle Database
jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName>
Value for Azure MySQL Database
jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true
...
tlsCrt
...
TLS signed certificate in base64 encoding (for Ingress)
...
tlsKey
...
TLS private key of certificate in base64 encoding (for ingress)
Update vars/vault-config.yaml
Find the vault-config.yaml file from /vars in Ansible extracted folder.
Define the sensitive information (like passwords) in the vault-config.yaml.
...
Code Block |
---|
vault_ansible_sudo_pass:
vault_rancher_gui_password: adeptia1243
vault_rke2_token: defaultSecret123456
#envSecret#
vault_backend_db_username:
vault_backend_db_password:
vault_log_db_username:
vault_log_db_password: |
, this file can be encrypted/decrypted using Ansible Vault
...
For added security, you can encrypt the sensitive information specified inside the vars/vault-config.yaml file.
Encrypt/Decrypt with Ansible Vault
Encrypting the file
To encrypt with Vault, use the ansible-vault encrypt
command.
...
Code Block |
---|
$ ansible-vault encrypt vault-config.yaml |
Again, you will be prompted to provide and confirm a password. Afterward, a message will confirm the encryption:
...
Viewing Encrypted File
The ansible-vault view
command feeds the contents of a file to standard out. By default, this means that the contents are displayed in the terminal.
...
Code Block |
---|
$ ansible-vault view vault-config.yaml |
You will be asked for the file’s password. After entering it successfully, the contents will be displayed:
...
As you can see, the password prompt is mixed into the output of file contents.
Decrypting Encrypted Files
To decrypt a vault-encrypted file, use the ansible-vault decrypt
command.
...
Code Block |
---|
$ ansible-vault decrypt vault-config.yaml |
You will be prompted for the encryption password for the file. Once you enter the correct password, the file will be decrypted and you will see decryption successfully message.
Execution
The package contains a shell file (adeptia-connect.sh) that can be run to execute the Ansible playbook with appropriate arguments.
Install
...
Login into the Jump Box.
...
Download and extract the Ansible Playbook package.
...
Update the Ansible playbook configurations as per the instructions.
Run the shell file (adeptia-connect.sh) to deploy the Rancher and AC application with the required dependencies.
Code Block |
---|
# set RW permission to the ssh private file (pem)
$ chmod 0600 <pem file>
# set executable permission to the shell file(adeptia-connect.sh)
$ chmod +x adeptia-connect.sh
# run the shell file
$ ./adeptia-connect.sh |
You have the flexibility to pass the tag argument during the execution of the shell file to install different components as per requirement.
tagComponents--tag=install-all
Install all the components including RKE2, Rancher, AC, EFK, Prometheus, etc.
This is the default mode (if you don't provide any tag argument during the execution of the shell file)
--tag=install-basicInstalls all the components (RKE2, Rancher, AC, EFK, Prometheus, etc.) except the AC application--tag=install-acInstalls only AC application--tag=install-rke2Installs only RKE2 (server/agent)--tag=install-prometheusInstalls only Prometheus (and Grafana)--tag=install-efkInstalls only EFK
Code Block |
---|
# to deploy only AC application
$ ./adeptia-connect.sh --tag=install-ac
# to run multiple tags, provide comma separated values
$ ./adeptia-connect.sh --tag=install-basic,install-ac |
Using Ansible Vault encryption
You need to pass the argument --ask-vault-pass with the command to run the shell file (adeptia-connect.sh).
Ansible will prompt you for a password which it will use to decrypt any vault-protected content it finds.
...
Code Block |
---|
$ ./adeptia-connect.sh --ask-vault-pass |
Uninstall
...
Description
...
Command
...
Uninstall the complete package:
RKE2
Rancher
Longhorn
Prometheus (and Grafana)
EFK
AC
Code Block |
---|
$ ./adeptia-connect.sh --tag=uninstall-all |
...
Uninstall only AC
Code Block |
---|
$ ./adeptia-connect.sh --tag=uninstall-ac |
...
To view the logs for each microservice.
Adeptia Connect application
To deploy the application and the other components, you need to refer to the following pages sequentially.