Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.

Adeptia packages Rancher and RKE2 along with Adeptia Connect application and other components in Ansible Playbook. You need to download, extract, and run this package that deploys the followings in the same order.

  • RKE2 – Security focused Kubernetes

  • Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment

  • Longhorn – Cloud native distributed block storage for Kubernetes

  • Prometheus including Grafana – For centralized monitoring

  • Elasticsearch, Fluentd, and Kibana (EFK) – For centralized logging

  • Kubernetes Event Driven Autoscaler (KEDA) – For pods autoscaling

  • Adeptia Connect application

This page discusses the followings:

Prerequisites and configurations for Playbook execution

Before you begin to run Ansible Playbook, ensure that you have,

  • At least three Linux VMs with internet access, each with the following minimum configuration:

    • RAM – 32 GB

    • Processor cores – 8

    • Hard disk – 250 GB

  • One Jumpbox with internet access and SSH connectivity with the above 3 Linux VM machines.

  • Ansible 2.12 (or higher) installed on Jumpbox.
    You can install Ansible on Ubuntu OS by running the following command:

    $ sudo apt install ansible

  • Load Balancer on top of 3 Linux VM nodes.

  • Administrative privileges on Jumpbox and each Linux VM node.

  • SSH Private key in PEM (Privacy Enhanced Mail) format for communication between the VMs.

You can use the PEM file with or without passphrase protection.

  • The following inbound ports opened on Load Balancer and 3 Linux VM:

    • 9345 - required for RKE2 nodes clustering

    • 6443 - required for Kubernetes API

  • DNS domain for accessing Rancher UI.

  • DNS domain for accessing Adeptia Connect portal.

Once you have met the prerequisites, update the following files containing the details of VMs, DNS, SSH connectivity, and other configuration details required for Adeptia Connect installation. These files are available in Ansible Playbook package that you have downloaded and extracted.

  • inventory file – Defines the hosts (or group of hosts) on which the Playbook runs.

  • general-config.yaml - Contains the configuration variables to run the Playbook for Adeptia Connect installation.

  • vault-config.yaml - Contains sensitive information, such as passwords, required to validate and run the Playbook.

Steps to update inventory file

  1. Open the inventory file.

  2. Add the domain name or IP address of the three VMs under the [servers] group as shown in the example code snippet below.

RKE2 server (or master) will be deployed on these nodes.

# rke2 cluster master/server nodes #
[servers]
xxx.xx.xx.xx
xxx.xx.xx.xx
xxx.xx.xx.xx

# rke2 cluster worker/agent nodes #
[agents]
xxx.xx.xx.xx

[k8s:children]
servers
agents

[servers:vars]
rke2_type=“server”

[agents:vars]
rke2_type=“agent”

[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }}

You can also add the domain name or IP address of an RKE2 agent under the [agents] group if you have one.

RKE2 agent (or worker) will be deployed on these nodes.

Steps to update general-config.yaml

  1. Navigate to /vars in the Ansible Playbook extracted folder.

  2. Open the general-config.yaml file.

  3. Update the following properties.

Property

Description

ssh_key_path

Name of SSH private key (pem) file.

rancher_lb_domain

Domain name of Rancher

app_lb_domain

Domain name of Adeptia Connect application

rke2_token

Secret token for node registration.

execute_static_job

AC installation mode.

Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment.

ac_ha_mode

Enable/Disable High Availability (HA) mode.

Possible values are:

  • true

  • false

backend_db_type

Backend database type.

Possible values are:

  • MySQL

  • SQL-Server

  • Oracle

backend_db_url

Value for Azure SQL Database

  • jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Backend Database Name>

Value for Oracle Database

  • jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName>

Value for Azure MySQL Database

  • jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true

log_db_type

Log database type.

Possible values are:

  • MySQL

  • SQL-Server

  • Oracle

log_db_url

Value for Azure SQL Database

jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name>

Value for Oracle Database

jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID/ServiceName>

Value for Azure MySQL Database

jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true

tlsCrt

TLS signed certificate in base64 encoding (for Ingress)

tlsKey

TLS private key of certificate in base64 encoding (for ingress)

Steps to update vault-config.yaml

  1. Navigate to /vars in the Ansible Playbook extracted folder.

  2. Open the vault-config.yaml file.

  3. Provide the sensitive information, such as RKE2 token, in the respective properties.

Property

Value

vault_ansible_sudo_pass

<User defined password for Jumpbox>

The same password is used for accessing the three nodes.

vault_rancher_gui_password

<User defined password for rancher GUI>

vault_rke2_token

<User defined RKE2 token>

vault_backend_db_username

<User defined Backend DB username>

vault_backend_db_password

<User defined Backend DB password>

vault_log_db_username

<User defined Log DB username>

vault_log_db_password

<User defined Log DB password>

Encrypting/Decrypting vault-config.yaml

You can encrypt the sensitive information specified in the vault-config.yaml file by using Ansible Vault.

To encrypt the file, run the following command:

$ ansible-vault encrypt vault-config.yaml

You will be prompted to provide and confirm a password for the file. Once you have confirmed the password, a message “Encryption successful” confirming the encryption will be displayed.

To decrypt the file, run the following command:

$ ansible-vault decrypt vault-config.yaml

You will be prompted to enter the encryption password that you had set for the file. Once you enter the password, the file will be decrypted and you will see a message confirming the decryption.

Executing the Ansible Playbook

After you have met all the prerequisites and configured the inventory, general-config.yaml, and vault-config.yaml files, you are ready to run the Ansible Playbook by executing the adeptia-connect.sh shell file (with appropriate arguments). Here are the steps to run the adeptia-connect.sh file in default mode by which all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect get installed.

  1. Log in to the Jumpbox.

  2. Run the following command to set Read/Write permission on the SSH private key file (PEM):

    $ chmod 0600 <pem file>

  3. Run the following command to set executable permission on the adeptia-connect.sh shell file:

    $ chmod +x adeptia-connect.sh

  4. Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:

    $ sudo ./adeptia-connect.sh

You can use the tag argument while running the command to execute the shell file to install different components as per your requirement. For example, if you want to install all the components except for the Adeptia Connect application, run the following command:

$ sudo ./adeptia-connect.sh --tag=install-basic

To run multiple tags, provide comma separated values as shown below:

$ sudo ./adeptia-connect.sh --tag=install-basic,install-ac

Following table contains the the list describing some tags that you can use:

Tag

Description

--tag=install-all

Installs all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect in one go.

This is the default tag considered by the system when you do not use any tag while executing the adeptia-connect.sh file.

--tag=install-basic

Installs all the components (RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA) except for the Adeptia Connect application.

--tag=install-ac

Installs Adeptia Connect application only.

--tag=install-rke2

Installs RKE2 (server/agent) only.

--tag=install-prometheus

Installs Prometheus (including Grafana) only

--tag=install-efk

Installs EFK only.

Uninstalling the Ansible Playbook

Here are the steps to uninstall all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect.

  1. Log in to the Jumpbox.

  2. Run the following command to set Read/Write permission on the SSH private key file (PEM):

    $ chmod 0600 <pem file>

  3. Run the following command to set executable permission on the adeptia-connect.sh shell file:

    $ chmod +x adeptia-connect.sh

  4. Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:

    $ sudo ./adeptia-connect.sh --tag=uninstall-all

This uninstalls all the components. If you want to install different components based on your requirement, you can use the tag argument while executing the shell file. For example, if you want to uninstall Adeptia Connect application only, run the following command:

$ ./adeptia-connect.sh --tag=uninstall-ac

To run multiple tags, provide comma separated values as shown below:

$ sudo ./adeptia-connect.sh --tag=uninstall-basic,uninstall-ac

Important!

If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file (during install or uninstall) as shown in the example below:

$ sudo ./adeptia-connect.sh --ask-vault-pass

  • No labels