Configuring HAProxy using Ansible Playbook
Introduction :
Ansible
Ansible is a open-source tool provided by Redhat for automating configuration management, cloud provisioning, application deployment, intra-service orchestration and many more IT works. It was written by Michael DeHaan. The code of Ansible Modules mainly written in Python, Shell, Ruby. Ansible is a declarative language, we just have to tell what to do. It is agentless, connecting remotely via ssh to do its tasks.
Load Balancer
Load Balancer is a device which works as a Reverse Proxy and manages the traffic from the clients across the multiple servers. But What is Reverse Proxy ? It is a program which takes the request from the clients and sends it to the server on the behalf of client, the output from the server is sent in the same way.
HAProxy
HAProxy, High Availability Proxy, is a open source software which provides Load Balancer and Proxy server for TCP/HTTP based applications. It works on Round Robin Algorithm which sends the request to backend servers turn by turn and distributes equally.
Task :
Now, we have to configure Load Balancer (HAProxy) and backend server (httpd) using Ansible Playbook.
Let’s do step by step…
Step-1 :
First, we have to install HAproxy software. We use package module of Ansible to install. But internally it needs that software from somewhere. Here we can provide DVD iso file which contains so many softwares including HAproxy and we have to mount it to some directory. After that we have to configure yum repo. Because yum is the command who goes to the location of software and install it. Ansible can only tell to the yum to install the software.
- name: "Creating Directory"
file:
state: directory
path: /dvd
- name: "Mounting DVD"
mount:
path: /dvd
src: /dev/sr0
fstype: iso9660
opts: ro,noauto
state: mounted
ignore_errors: yes
- name: "Configuring YUM repo"
yum_repository:
name: AppStream
description: Repo for AppStream
file: dvd.repo
baseurl: file:///dvd/AppStream/
gpgcheck: no
- name: "Configuring Base YUM repo"
yum_repository:
name: BaseOS
description: Repo for BaseOS
file: dvd.repo
baseurl: file:///dvd/BaseOS/
gpgcheck: no
- name: "Installing haproxy"
package:
name: haproxy
state: presentStep-2 :
Then we have to configure HAproxy configuration file i.e., haproxy.cfg. In this file we have to provide port number to bind. Through this port only clients will connect. Then we have to provide backend IP Address, port number as shown in below fig. But in this dynamic world, the IP Address changes anytime and it is not good to do it manually. So we use Python Jinja2 convention and we write code for it and the IP Address will automatically updated according to the inventory file while running playbook.
Here I have given port_number variable in jinja syntax as it automatically update the value of port_number variable. There are some ways to give value to the variable but here I have used vars_prompt and it prompts to enter value for port_number variable.
vars_prompt:
- name: port_number
private: no
prompt: "Enter the port number for load balancer"We have to copy this Python Jinja2 convention configuration file with .j2 extension using template module to the Load Balancer.
- name: "Copying haproxy configuration file"
template:
src: /ws5/haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
notify: Restarting haproxyHere we use notify to notify handler part to restart the service whenever there is a change in the configuration file.
Step-3 :
After Configuration, We have to stop the firewall on particular port number which we enter the value for port_number variable for TCP based conections using firewalld module. As clients connect to the Load Balancer we have to stop the firewall. We also have to make SELinux permissive using selinux module.
- name: "Stopping Firewall on port {{port_number}}"
firewalld:
port: "{{port_number}}/tcp"
zone: public
permanent: true
immediate: true
state: enabled
- name: "Making SElinux permissive"
selinux:
policy: targeted
state: permissiveStep-4 :
All part is done, now we have to start the haproxy service using service module. It will start the service on port_number.
- name: "Starting haproxy service"
service:
name: haproxy
state: started
handlers:
- name: Restarting haproxy
service:
name: haproxy
state: restartedHere I use handlers to run this block whenever notify notifies to this handlers. You can see in step-2 that I used notify. It will notifies to this handler part as configuration changes and it will restart the service.
Then our task of Configuring Load Balancer complete.
Configuring Backend Server with httpd :
Step-5 :
Now, We have to install the httpd software using package module in the same way as we did for HAproxy using Ansible.
tasks:
- name: "Creating Directory"
file:
state: directory
path: /dvd
- name: "Mounting DVD"
mount:
path: /dvd
src: /dev/sr0
fstype: iso9660
opts: ro,noauto
state: mounted
ignore_errors: yes
- name: "Configuring YUM repo"
yum_repository:
name: AppStream
description: Repo for AppStream
file: dvd.repo
baseurl: file:///dvd/AppStream/
gpgcheck: no
- name: "Configuring Base YUM repo"
yum_repository:
name: BaseOS
description: Repo for BaseOS
file: dvd.repo
baseurl: file:///dvd/BaseOS/
gpgcheck: no
- name: "Installing httpd software"
package:
name:
- httpd
- phpHere, we are also installing php as we use php in our web page.
Step-6 :
Now, we have to copy the web page to the default root directory /var/www/html using template module. We can also create our own directory and customise it. But here Iam using default location of httpd.
- name: "Copying web page"
template:
src: "/ws5/m.php"
dest: "/var/www/html/m.php"Here I copied m.php file
<pre>
<?php
print "<br/>";
print `/usr/sbin/ifconfig`;
?>
</pre>Step-7 :
Now, we have to disable the firewall for TCP based connections on default port number 80 where httpd service runs. We can also change this port number and customize it.
- name: "Stopping firewall"
firewalld:
port: "80/tcp"
zone: public
permanent: true
immediate: true
state: enabledStep-8 :
This is the last step where we have to start the httpd service using service module.
Now all process of configuration is done, Now we just need to run the playbook. That all will configure and set up the HAProxy Load Balancer with Backend server.
Now see how it worked by demo pictures.
Here I entered port_number value as 8082.
Here I configured 2 systems as httpd backend servers.
As soon as they configured, we can connect but here we are using Load Balancer IP Address and port number 8082 to connect to the web server.
Here you can see I connected with my Load Balancer IP Address with port number 8082 and it is shwoing the IP Address of my one of the backend webserver.
As soon as I refresh, you can see as it is showing the IP Address of my second webserver.
You can get my repository of Github link :
(For entire customized configuration for httpd, you can refer my github link for configuring httpd).
Thank you…
Keep Learning…
Keep Sharing…
