Prerequisites and configurations

There are some prerequisites to meet and configurations to make before you begin to deploy the application and the other components using Rancher. Adeptia packages Rancher and Rancher Kubernetes Engine (RKE2) along with Adeptia Connect application and other components in Adeptia Connect Rancher package.

Prerequisites

To use the Adeptia Connect Rancher package for deployment, ensure that you have:

Log and backend databases accessible through TCP/IP (The port must be fixed and opened) and you have the required permissions on those databases.
At least three Linux VMs (to be used as master/server nodes) with internet access and private IPs assigned to them, each with the following minimum configuration.
- RAM – 32 GB
- Processor cores – 8
- Hard disk – 500 GB
Kubernetes cluster and the application will be deployed on these VMs.
One Jumpbox with internet access and SSH connectivity with the Linux nodes to download, extract, and run the package. The minimum configuration for Jumpbox is given below:
- RAM – 4 GB
- Processor cores – 2
- hard disk – 100 GB
A Jumpbox is a secure computer system used to provide secure access to the VMs in the network. The purpose of a jumpbox is to provide a single entry point for administrators to access the VMs through private IPs.
When an administrator wants to access a system within the network, they first connect to the jumpbox using a secure protocol such as SSH (Secure Shell). From the jumpbox, they can then connect to the target VMs.
Publically accessible Load Balancer on the top of Linux VMs.
Note: This Load Balancer accesses the VMs through private IPs.
The following inbound ports opened on the Load Balancer and the VM nodes:
- 9345 - required for RKE2 nodes clustering
- 6443 - required for Kubernetes API
DNS domain of the Load Balancer for accessing Rancher UI.
DNS domain for accessing Adeptia Connect portal.
Administrative privileges on Jumpbox and each Linux VM.
The user Id 1000 is assigned to you before you begin to install the Adeptia Connect Rancher package on cluster nodes.
SSH private key in PEM (Privacy Enhanced Mail) format for communication between one VM to another and with the Jumpbox.

Important!

You need to use the PEM file without passphrase protection.

CA/self signed certificates.
Python 2.7 (or higher) and Python Package Manager (PIP) installed on Jumpbox.
Ansible 2.12 (or higher) installed on Jumpbox.
You can install Ansible on Ubuntu as well as Red Hat OS.
- To install Ansible on Ubuntu OS, run the following set of commands in the same order:
  $ sudo apt-add-repository ppa:ansible/ansible $ sudo apt install ansible
  Where,
  The first command adds the Ansible repository and the second one installs Ansible 2.12.10.
- To install Ansible on Red Hat OS v9.2, follow the steps given below.
  1. Disable and stop the firewall by running the following set of commands in the same order:
    sudo systemctl disable firewalld sudo systemctl stop firewalld
  2. Disable and stop the nm-cloud-setup.timer network manager service by running the following set of commands in the same order:
    sudo systemctl disable nm-cloud-setup.timer sudo systemctl stop nm-cloud-setup.timer
  3. Disable and stop the nm-cloud-setup.service network manager service by running the following set of commands in the same order:
  4. Run the following set of commands in the same order to install the nfs-utils, iptables, and open-iscsi packages:
  5. Start and then stop the iptables service by running the following set of commands in the same order.
  6. Run the following set of commands in the same order to enable the and start the open-iscsi service.
  7. Install the latest pip from the Python Packaging Authority by running the following set of commands:
  8. Run the following command to install Ansible v2.12.10.
Downloaded and extracted the Adeptia Connect Rancher package on Jumpbox.
You can run the following command to extract the package. The name of the package differs based on the version of the application.
Where adeptia-connect-4.2.7.tar.gz is the name of the package which differs based on version of the application.
The following screenshot is an example that shows the hierarchy of an extracted Adeptia Connect Rancher package.

Configurations

Once you have met the prerequisites, update the following files containing the details of VMs, DNS, SSH connectivity, and other configuration details required for Adeptia Connect installation. These files are available in Adeptia Connect Rancher package that you have downloaded and extracted on the Jumpbox.

inventory file – Defines the hosts (or group of hosts) on which the package runs.
general-config.yaml - Contains the configuration variables to run the package for Adeptia Connect installation.
vault-config.yaml - Contains sensitive information, such as passwords, required to validate and run the package.

Steps to update inventory file

Open the inventory file.
Add the domain name or IP address of the VMs and RKE2 agents (if you have any) under the [servers] and [agents] groups respectively as shown in the example code snippet below.

Important!

It is recommended that you add three VMs (discussed in the prerequisites) to ensure that if one fails, the available one takes over.

RKE2 server (or master) will be deployed on the VMs whose IP addresses or domain name you enter under the [servers] group.
RKE2 agent will be deployed on the VMs whose IP addresses or domain name you enter under the [agents] group.

Steps to update general-config.yaml

Navigate to the /vars folder in the extracted package.
Open the general-config.yaml file.
Update the following properties.

Property	Description

Property	Description
ssh_key_path	Name of the SSH private key (PEM) file, for example: abc.pem
rancher_lb_domain	Domain name for Rancher, for example: rancher.company.com Using this domain, you can access the Rancher UI and RKE2.
app_lb_domain	Domain name for Adeptia Connect application, for example: rancher-ac-web.company.com Using this domain, you can access the followings: Adeptia Connect Portal Adeptia Connect API Gateway (for REST and SOAP API calls) Kibana dashboard Grafana dashboard
ac_namespace	A namespace is created in the Kubernetes cluster with the name you set here for AC deployment. The default value for this property is set to adeptia-connect.
execute_static_job	Adeptia Connect installation mode. Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment. The default value is true.
ac_ha_mode	Enable/Disable High Availability (HA) mode. The possible values for this property are true and false (default). When set to true, the application is deployed in HA mode with all the microservices having at least two replicas. When set to false, all microservices have only one replica (default).
backend_db_type	Backend database type. Possible values are: MySQL SQL-Server Oracle
backend_db_url	Value for SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Backend Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<SID/ServiceName> Value for MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true
log_db_type	Log database type. Possible values are: MySQL SQL-Server Oracle
log_db_url	Value for SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<SID/ServiceName> Value for MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true
tlsCrt	TLS signed certificate in base64 encoding (for Ingress). To know how to extract the certificate and convert it to Base64 encoding, refer to this page.
tlsKey	TLS private key of the certificate in base64 encoding (for ingress). To know how to extract the private key and convert it to Base64 encoding, refer to this page.

You can also modify the the other required configurations that are fetched from the values-adeptia-connect file located at …/<Adeptia Connect Rancher package>/vars.

Steps to update vault-config.yaml

Navigate to the /vars folder in the extracted package.
Open the vault-config.yaml file.
Provide the sensitive information, such as RKE2 token, in the respective properties.

Property	Description

Property	Description
vault_ansible_sudo_pass	Password for Jumpbox.
vault_rancher_gui_password	Password for rancher GUI.
vault_rke2_token	RKE2 token.
vault_elastic_gui_password	Password for accessing the EFK
vault_backend_db_username	Backend DB username.
vault_backend_db_password	Backend DB password.
vault_log_db_username	Log DB username.
vault_log_db_password	Log DB password.

If you want, you can encrypt the sensitive information specified in the vault-config.yaml file by using Ansible Vault.

Encrypting vault-config.yaml

To encrypt the file, do the followings:

Navigate to the /vars folder,
Run the following command:
Provide a password for the file.
Confirm the password.
Once you have confirmed the password, a message “Encryption successful” confirming the encryption will be displayed.

Creating a new user for Kibana

It is recommended that you use a different user credentials instead of using the Superuser credentials to access the logs. You can create a new user in EFK by following the instructions given below.

Access the EFK UI using your credentials.
On the Elastic Home page, click the Menu icon in the left panel.
Scroll down to the Management section and then select Stack Management.
On the Stack Management screen, scroll down to the Security section in the left panel and then select Users.
On the Users screen, click Create user.
In the Profile section, enter the following details in the corresponding fields:
1. Username
2. Full name
3. Email address
In the Password section, complete the Password and Confirm Password fields.
In the Privileges section, select the Roles for the new user.
Click Create user.

Restoring the Superuser password

It is recommended that you do not change the Superuser password as the password synchronization doesn't happen across the EFK services and you won’t be able to access and view the logs. However, if you happen to change the Superuser password deliberately or accidentally, you can restore it by performing the following steps:

Access the Rancher UI using your credentials.
On the Rancher Home page, click the Menu icon in the top-left corner.
Select Local under Explore Cluster.
Expand the Workload section and then select StatefulSets in the left panel.
On the StatefulSets screen, click the More options icon against elasticsearch-master and then select Edit YAML.
Change the password for the elasticsearch-master StatefulSet in the section as shown in the following example screenshot.
Click Save.
Expand the Storage section and then select ConfigMaps in the left panel.
1. Click the More options icon against the fluentd-config ConfigMap and then select Edit YAML.
2. In the YAML file change the password in the section as shown in the following example screenshot.
3. Click Save.
4. Click the More options icon against the fluentd-main ConfigMap and then select Edit YAML.
5. In the YAML file change the password in the section as shown in the following example screenshot.
6. Click Save.
7. Click the More options icon against the efk-stack-kibana-config ConfigMap and then select Edit YAML.
8. In the YAML file change the password in the section as shown in the following example screenshot.
9. Click Save.
Select Deployments under Workload.
On the Deployment screen, scale down efk-stack-kibana and then scale it up by using (-) and (+) respectively available in the Scale option.
Select DeamonSets under Workload.
Select the check box against efk-stack-fluentd DeamonSet and then click Redeploy.