Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.
Adeptia packages Rancher and Rancher Kubernetes Engine (RKE2) along with Adeptia Connect application and other components in Ansible Playbook. You need to download, extract, and run this Playbook to deploy the followings in the same order.
RKE2 – Rancher Kubernetes Engine to set up Kubernetes environment.
Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment.
Longhorn – To implement distributed block storage for Kubernetes.
Prometheus including Grafana – To monitor the system and its execution environment holistically, for example, CPU usage.
Elasticsearch, Fluentd, and Kibana (EFK) – To view the logs for each microservice.
Adeptia Connect application
This page discusses the followings:
Prerequisites and configurations for Playbook execution
Before you begin to run Ansible Playbook, ensure that you have,
At least three Linux VMs (to be used as master/server nodes) with internet access, each with the following minimum configuration:
RAM – 32 GB
Processor cores – 8
Hard disk – 250 GB
One Jumpbox with internet access and SSH connectivity with the Linux nodes to download, extract, and run the Playbook.
Ansible 2.12 (or higher) installed on Jumpbox.
You can install Ansible on Ubuntu OS by running the following set of commands in the same order:$ sudo apt-add-repository ppa:ansible/ansible $ sudo apt install ansible 2.12.10
Where,
The first command adds the Ansible repository and the second one installs Ansible 2.12.10.
Load Balancer on the top of Linux VMs.
Administrative privileges on Jumpbox and each Linux VM.
SSH private key in PEM (Privacy Enhanced Mail) format for communication between one VM to another and with the Jumpbox.
You can use the PEM file with or without passphrase protection.
CA/self signed certificates
The following inbound ports opened on the Load Balancer and the nodes:
9345 - required for RKE2 nodes clustering
6443 - required for Kubernetes API
DNS domain of the Load Balancer for accessing Rancher UI.
DNS domain for accessing Adeptia Connect portal.
Once you have met the prerequisites, update the following files containing the details of VMs, DNS, SSH connectivity, and other configuration details required for Adeptia Connect installation. These files are available in Ansible Playbook that you have downloaded and extracted on the Jumpbox.
inventory file – Defines the hosts (or group of hosts) on which the Playbook runs.
general-config.yaml - Contains the configuration variables to run the Playbook for Adeptia Connect installation.
vault-config.yaml - Contains sensitive information, such as passwords, required to validate and run the Playbook.
Steps to update inventory file
Open the inventory file.
Add the domain name or IP address of the VMs and RKE2 agents (if you have any) under the [servers] and [agents] groups respectively as shown in the example code snippet below.
Important!
It is recommended that you add three VMs (discussed in the prerequisites) to ensure that if one fails, the available one takes over.
RKE2 server (or master) will be deployed on the VMs whose IP addresses or domain name you enter under the [servers] group.
RKE2 agent will be deployed on the VMs whose IP addresses or domain name you enter under the [agents] group.
# rke2 cluster master/server nodes # [servers] xxx.xx.xx.xx xxx.xx.xx.xx xxx.xx.xx.xx # rke2 cluster worker/agent nodes # [agents] xxx.xx.xx.xx
Steps to update general-config.yaml
Navigate to /vars in the Ansible Playbook extracted folder.
Open the general-config.yaml file.
Update the following properties.
Property | Description |
---|---|
ssh_key_path | Name of the SSH private key (PEM) file, for example: abc.pem |
rancher_lb_domain | Domain name for Rancher, for example: rancher.company.com Using this domain, you can access the Rancher UI and RKE2. |
app_lb_domain | Domain name for Adeptia Connect application, for example: rancher-ac-web.company.com Using this domain, you can access the followings:
|
execute_static_job | Adeptia Connect installation mode. Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment. The default value is true. |
ac_ha_mode | Enable/Disable High Availability (HA) mode. Default false Possible values are:
When set to true, the application is deployed in HA mode with all microservice running at least two replicas. Autoscaling wiiol be enabled by default. may aoutoscale to upto 3 replicas |
backend_db_type | Backend database type. Possible values are:
|
backend_db_url | Value for SQL Database
Value for Oracle Database
Value for MySQL Database
|
log_db_type | Log database type. Possible values are:
|
log_db_url | Value for SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<SID/ServiceName> Value for MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true |
tlsCrt | TLS signed certificate in base64 encoding (for Ingress). |
tlsKey | TLS private key of certificate in base64 encoding (for ingress). |
Steps to update vault-config.yaml
Navigate to /vars in the Ansible Playbook extracted folder.
Open the vault-config.yaml file.
Provide the sensitive information, such as RKE2 token, in the respective properties.
Property | Description |
---|---|
vault_ansible_sudo_pass | Password for Jumpbox. |
vault_rancher_gui_password | Password for rancher GUI. |
vault_rke2_token | RKE2 token. |
vault_backend_db_username | Backend DB username. |
vault_backend_db_password | Backend DB password. |
vault_log_db_username | Log DB username. |
vault_log_db_password | Log DB password. |
If you want, you can encrypt the sensitive information specified in the vault-config.yaml file by using Ansible Vault.
Encrypting vault-config.yaml
To encrypt the file, do the followings:
Navigate to the /vars folder,
Run the following command:
$ ansible-vault encrypt vault-config.yaml
Provide a password for the file.
Confirm the password.
Once you have confirmed the password, a message “Encryption successful” confirming the encryption will be displayed.
To view (content) or decrypt the vault-config.yaml file, navigate to the /vars folder, and then run the respective commands.
Following are the commands to view or decrypt the file:
To view
$ ansible-vault view vault-config.yaml
To decrypt
$ ansible-vault decrypt vault-config.yaml
After you run the command, you will need to enter the encryption password that you had set for the file.
Executing the Ansible Playbook
You can run the Ansible Playbook by executing the adeptia-connect.sh shell file (with appropriate arguments) after you have fulfilled all the prerequisites. Here are the steps to run the adeptia-connect.sh file in default mode by following which all the components get installed.
Log in to the Jumpbox.
Run the following command to set Read/Write permission on the SSH private key file (PEM):
$ chmod 0600 <pem file>
Run the following command to set executable permission on the adeptia-connect.sh shell file:
$ chmod +x adeptia-connect.sh
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
$ sudo ./adeptia-connect.sh
Important!
If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file as shown in the example below:
$ sudo ./adeptia-connect.sh --ask-vault-pass
You can use the tag argument while running the command to execute the shell file for installing different components as per your requirement. For example, if you want to install all the components except for the Adeptia Connect application, run the following command:
$ sudo ./adeptia-connect.sh --tag=install-basic
To use multiple tags, provide comma separated values as shown below:
$ sudo ./adeptia-connect.sh --tag=install-basic,install-ac
Following table contains the the list of some tags and their description:
If same cluster but different namespaces for different env
Tag | Description |
---|---|
--tag=install-all | Installs all the components in one go. This is the default tag considered by the system when you do not use any tag while executing the adeptia-connect.sh file. |
--tag=install-basic | Installs all the components except for the Adeptia Connect application. recommended |
--tag=install-ac | Installs Adeptia Connect application only. |
Uninstalling the Ansible Playbook
Here are the steps to uninstall all the components.
Log in to the Jumpbox.
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
$ sudo ./adeptia-connect.sh --tag=uninstall-all
Important!
If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file as shown in the example below:
$ sudo ./adeptia-connect.sh --ask-vault-pass
This uninstalls all the components. If you want to install different components based on your requirement, you can use the tag argument while executing the shell file. For example, if you want to uninstall Adeptia Connect application only, run the following command:
$ sudo ./adeptia-connect.sh --tag=uninstall-ac
While uninstalling AC application we need to specify namespace with same configuration same at the time of installation. | Prashant >>You have to update only namespace which you want to uninstall ac application. And this information will be added in documentation. |
How end-user can update min/max pod replicas and pvc size ? | Require Discussion with Prashant Prashant >> It should be documented. |
When we deploy using helm then in DB Url we give the use SSL=true jdbc:mysql://adeptia-qa-mysql.mysql.database.azure.com:3306/qabackend?useSSL=true | Prashant >> This should be documented. |
| Prashant>> It will be handle in document |