Shulou(Shulou.com)06/03 Report--

Rancher provides two installation methods, single node installation and highly available installation. Single-node installation allows users to quickly deploy Rancher 2.x for short-term development or PoC, while high-availability deployment is significantly more suitable for long-term Rancher deployment.

Key points to be noted

For open source users, Rancher Labs does not provide official technical support for migrating from a single node to HA. In case of problems during this process, you should be familiar with the Rancher architecture and troubleshooting methods.

Preparation in advance

In order to successfully migrate a single-node Rancher installation to a high-availability installation, you must make the following preparations:

You need to run version 2.1.x of Rancher and version 0.1.x of RKE. The server-url parameter must be the name of the DNS that can be changed to point to the HA Rancher installation. If your server-url is an IP address, you must first change the server-url to the DNS name and update the node / cluster agent of the user cluster to allow the nginx ingress controller of the HA cluster to route Rancher traffic correctly after migration. Otherwise, you will not be able to access all workload clusters. You need to configure a new instance specifically for running Rancher in HA. Because performing an in-place migration is very dangerous and there is no rollback strategy. We strongly recommend that you refer to the officially proposed framework.

(https://rancher.com/docs/rancher/v2.x/en/installation/ha/#recommended-architecture)

You need to be familiar with the architectural differences between single-node and high-availability installations. Do not change the CA installed on a single node. In other words, if you are already using a custom certificate, continue to use it.

Migration tutorial

The process of migrating from a single node in Rancher to a high availability installation can be summarized as follows:

On a single node instance of Rancher

1. Backup Rancher single-node container

2. Assemble pki.bundle.tar.gz with the certificate found in the single-node container

3. Run a temporary utility container to execute an etcd snapshot of the embedded etcd running in the container

4. Stop the old Rancher single-node container

5. Change the DNS record of server-url to point to the new HA load balancer

On your workstation or bastion host

1. Transfer the generated pki.bundle.tar.gz and single-node-etcd-snapshot from the Rancher single-node instance to the workstation in the working directory (the working directory had better be empty)

2. Generate a rke cluster configuration file that points to the new HA node

3. Rke etcd snapshot-restore retrieves snapshots from a single-node container

4 、 rke up

5. Install Rancher in HA according to the documentation

Before we begin

Throughout the tutorial, you will enter a series of commands to replace the data in your environment with placeholders. These placeholders are represented by diagonal brackets and all uppercase letters ().

The following table shows the various placeholders used in this tutorial. Please write down this information before you begin, which will help you with your follow-up operations.

On a single node instance of Rancher

Step 1 back up the Rancher single-node container

First, you should back up the Rancher single-node container to ensure that if you encounter problems during the migration, you can roll back to the previously running Rancher single-node. For more information on this, see:

Https://rancher.com/docs/rancher/v2.x/en/backups/backups/single-node-backups/

Step 2 assemble pki.bundle.tar.gz using the certificate found in the single-node container

First, type docker exec to enter the Rancher container:

[root@single-node-rancher ~] # docker exec-it / bin/bash

After entering the container, tar the / etc / kubernetes / ssl directory to pki.bundle.tar.gz:

Root@9f4b1729d8ca:/var/lib/rancher# tar-zcvf pki.bundle.tar.gz / etc/kubernetes/sslroot@9f4b1729d8ca:/var/lib/rancher# exit

Transfer the pki.bundle.tar.gz you just generated to the current working directory on the single-node instance:

[root@single-node-rancher ~] # docker cp: / var/lib/rancher/pki.bundle.tar.gz.

Step 3 run the temporary utility container to perform an etcd snapshot of the embedded etcd running within the container

Docker runs a temporary rke-tools container called etcd-utility with a network of Rancher containers attached. In addition, mount the current working directory (put pki.bundle.tar.gz into it:

Docker run-- net=container:-it-v $(pwd): / cwd-- name etcd-utility rancher/rke-tools:v0.1.20

Create a folder named ssl in this container, and then extract the pki.bundle.tar.gz to:

Bash-4.4# mkdir ssl & & cd sslbash-4.4# cp / cwd/pki.bundle.tar.gz. Bash-4.0 tar-zxvf pki.bundle.tar.gz-- strip-components 3

Take a single-node etcd snapshot to a file named single-node-etcd-snapshot

Bash-4.4# cd / bash-4.4# ETCDCTL_API=3 etcdctl snapshot save-cacert=/ssl/kube-ca.pem-cert=/ssl/kube-etcd-127-0-0-1.pem-- key=/ssl/kube-etcd-127-0-0-1-key.pem single-node-etcd-snapshotbash-4.4# exit

Copy the etcd snapshot from the etcd-utility container to the current working directory

[root@single-node-rancher] # docker cp etcd-utility:/single-node-etcd-snapshot.

The current working directory on a single-node instance should contain two files: pki.bundle.tar.gz and single-node-etcd-snapshot. These are the two components required to migrate Rancher from a single node to HA.

Step 4 stop the old Rancher single-node container

[root@single-node-rancher ~] # docker stop

Step 5 change the DNS record of server-url to point to the new HA load balancer

In order to migrate Rancher correctly, you should update the DNS record in the DNS infrastructure to point the Rancher server-url to the new HA load balancer.

On your workstation or bastion host

Transfer the generated pki.bundle.tar.gz and single-node-etcd-snapshot from the Rancher single-node instance to the workstation in the working directory (preferably the working directory is empty)

Endeavor:single-node-to-ha-migration chriskim$ scp root@:/root/pki.bundle.tar.gz .Endeavor: single-node-to-ha-migration chriskim$ scp root@:/root/single-node-etcd-snapshot.

Generate a rke cluster profile that points to your new HA node

For example, the rancher-cluster.yml file looks like this:

Nodes:-address: user: centos role: [controlplane,worker,etcd] services: etcd: snapshot: true creation: 6h retention: 24h

Create the / opt / rke / etcd-snapshots directory on the desired HA node and copy the single-node-etcd-snapshot and pki.bundle.tar.gz files to this directory:

Endeavor:single-node-to-ha-migration chriskim$ ssh root@ "mkdir-p / opt/rke/etcd-snapshots" Endeavor:single-node-to-ha-migration chriskim$ scp pki.bundle.tar.gz root@:/opt/rke/etcd-snapshotsEndeavor:single-node-to-ha-migration chriskim$ scp single-node-etcd-snapshot root@:/opt/rke/etcd-snapshots

Use RKE to restore single-node- etcd-snapshot to the new HA node:

Rke etcd snapshot-restore-name single-node-etcd-snapshot-config rancher-cluster.yml

The complete command line is as follows:

INFO [0000] Starting restoring snapshot on etcd hostsINFO [0000] [dialer] Setup tunnel for host [ha-rancher01.fmt01.rancher.com] INFO [0000] [hosts] Cleaning up host [ha-rancher01.fmt01.rancher.com] INFO [0000] [hosts] Running cleaner container on host [ha-rancher01.fmt01.rancher.com] INFO [0000] [kube-cleaner] Pulling image [rancher/rke-tools:v0.1.15] on host [ha-rancher01.fmt01.rancher.com] INFO [0004] [kube-cleaner] Successfully pulled image [rancher/rke-tools:v0.1.15] on host [ha-rancher01.fmt01.rancher.com] INFO [0004] [kube-cleaner] Successfully started [kube-cleaner] container on host [ha-rancher01.fmt01.rancher.com] INFO [0004] [hosts] Removing cleaner container on host [ha-rancher01.fmt01.rancher.com] INFO [0004] [hosts] Removing dead container logs on host [ha-rancher01.fmt01.rancher.com] INFO [0005] [cleanup] Successfully started [rke-log-cleaner] container on host [ha-rancher01.fmt01.rancher.com] INFO [0005] [remove/rke-log-cleaner] Successfully removed container on host [ha-rancher01.fmt01.rancher.com] INFO [0005] [hosts] Successfully cleaned up host [ha-rancher01.fmt01.rancher.com] INFO [0005] [etcd] Restoring [single-node-etcd-snapshot] snapshot on etcd host [ha-rancher01.fmt01.rancher.com] INFO [0005] [etcd] Pulling image [rancher/coreos-etcd:v3.2.18] on host [ha-rancher01.fmt01.rancher.com] INFO [0007] [etcd] Successfully pulled image [rancher/coreos-etcd:v3.2.18] on host [ha-rancher01.fmt01.rancher.com] INFO [0007] [etcd] Successfully started [etcd-restore] container on host [ha-rancher01.fmt01.rancher.com] INFO [0007] [etcd] Building up etcd plane..INFO [0007] [etcd] Successfully started [etcd ] container on host [ha-rancher01.fmt01.rancher.com] INFO [0007] [etcd] Saving snapshot [etcd-rolling-snapshots] on host [ha-rancher01.fmt01.rancher.com] INFO [0007] [etcd] Successfully started [etcd-rolling-snapshots] container on host [ha-rancher01.fmt01.rancher.com] INFO [0012] [certificates] Successfully started [rke-bundle-cert] container on host [ha-rancher01.fmt01.rancher.com] INFO [0013] [certificates] successfully saved certificate bundle [ / opt/rke/etcd-snapshots//pki.bundle.tar.gz] on host [ha-rancher01.fmt01.rancher.com] INFO [0013] [etcd] Successfully started [rke-log-linker] container on host [ha-rancher01.fmt01.rancher.com] INFO [0013] [remove/rke-log-linker] Successfully removed container on host [ha-rancher01.fmt01.rancher.com] INFO [0013] [etcd] Successfully started etcd plane..INFO [0013] [certificates] Successfully started [rke-bundle -cert] container on host [ha-rancher01.fmt01.rancher.com] INFO [0013] [certificates] successfully extracted certificate bundle on host [ha-rancher01.fmt01.rancher.com] to backup path [/ etc/kubernetes/.tmp/] INFO [0013] Finished restoring snapshot [single-node-etcd-snapshot] on all etcd hosts

At this point, you can run rke up-- config rancher-cluster.yml, and go through the other HA installation steps. It is strongly recommended that you immediately change the DNS record of Rancher so that after installing according to the HA instructions, your user cluster can connect back to Rancher. Therefore, you may need to run rke up-- config rancher-cluster.yml twice to ensure that all plug-ins run successfully.

After successfully installing Kubernetes and restoring the Rancher single-node backup to your instance, you can add other HA instances to rancher-cluster.yml and run rke up-- config rancher-cluster.yml to add these nodes to your cluster.

At this point, you can continue to install Rancher using the documentation here:

Https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-init/

Clean up

After the migration is successful, the cleanup can begin. You can remove the Rancher container from a single node instance, or you can delete the instance completely.

[root@single-node-rancher ~] # docker rm

Roll back

"if the migration is unsuccessful, rollback can be achieved with the following two conditions:"

Change the DNS entry of server-url back to a single-node Rancher instance

Start on a single-node instance of Rancher.

[root@single-node-rancher ~] # docker start

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.