Ansible Playbook To Configure Reverse Proxy
Description:
Creating an Ansible playbook to Configure Reverse Proxy i.e. Haproxy and update it’s configuration file automatically each time a new Managed node (Configured With Apache Webserver) join the inventory.
Ansible:
Ansible is a software tool that provides simple but powerful automation for cross-platform computer support. It is primarily intended for IT professionals, who use it for application deployment, updates on workstations and servers, cloud provisioning, configuration management, intra-service orchestration, and nearly anything a systems administrator does on a weekly or daily basis.
Ansible playbooks:
While modules provide the means of accomplishing a task, the way you use them is through an Ansible playbook. A playbook is a configuration file written in YAML that provides instructions for what needs to be done in order to bring a managed node into the desired state.
HAProxy:
HAProxy is a high-performance, open-source load balancer and reverse proxy for TCP and HTTP applications. Users can make use of HAProxy to improve the performance of websites and applications by distributing their workloads.
In this article, I am using AWS instances to demonstrate this setup. I will also tell you, How you can create this setup in your virtual machine.
Steps to Follow:
➼ Create an ansible configuration file to connect AWS. →
➼ Update Inventory. →
➼ Create a Haproxy Configuration File. →
➼ Create a PHP webpage. →
➼ Create an Ansible Playbook. →
Create an ansible configuration file to connect AWS
Ansible configuration file resite under /etc/ansible directory.
Use the following variables and update in the configuration file.
[defaults]
inventory = inventory_path
host_key_checking=False
command_warning = False
private_key_file = aws_key
remote_user = ec2-user
roles_path: roles_path[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=FalseUpdate Inventory
My AWS instances are
Update them in inventory.
If you are configuring this setup in your virtual Box then you can write username, password and connection type in inventory instead of the configuration file as shown.
192.168.43.70 ansible_user=root ansible_ssh_pass=123 ansible_connection=sshBut to use a password during ssh, you must install sshpass program.
To install sshpass
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm# yum install sshpass
Create a Haproxy Configuration File
You can get haproxy file in directory /etc/haproxy/ as haproxy.cfg.
But if you do not have haproxy then you can install as follow.
Installing Haproxy server
Installing haproxy server in the controller node so that we can copy and update haproxy configuration file.
Bind the port according to your requirement, I am using 8080 port.
bind *: port
{% for i in groups['group_name'] %}
server app{{loop.index}} {{i}}:port check
{% endfor %}
Because we have to balance the load among the available servers, so we use a loop to dynamically retrieve the IP of servers each time a new Managed node (Configured With Apache Webserver) join the inventory.
Now copy the file to the current folder.
Create a PHP webpage
/usr/sbin/ifconfig will help us to see the private IP of the instance.
Create an Ansible Playbook
- hosts: httpd
tasks:
# apache web server
- name: "install httpd package"
package:
name: "httpd"
state: present
- name: "install php package"
package:
name: "php"
state: present
- name: "copy web pages to the server"
copy:
src: "/var/www/html/index.php"
dest: /var/www/html/
notify: restart httpd
- name: "start httpd service"
service:
name: "httpd"
state: "started"
handlers:
- name: "restart httpd"
service:
name: "httpd"
state: "restarted"
# loadbalancer
- hosts: lb
tasks:
- name: "installing HAProxy"
package:
name: "haproxy"
state: present
- name: "copy haproxy configuration file"
template:
src: "haproxy.cfg"
dest: "/etc/haproxy/"
notify: lb restart
- name: "start HAproxy service"
service:
name: "haproxy"
state: started
handlers:
- name: "lb restart"
service:
name: "haproxy"
state: restartedRunning ansible playbook.
Now, You can see we are hitting the load balancer IP and getting two different private IPs of httpd servers.
