Open in app

Sign in

Write

Sign in

ANSIBLE PLAYBOOK FOR CREATING HAPROXY LOAD BALANCER ON AWS

Mustafababude
Globant
Published in
6 min readJan 27, 2022

In this article we are going to configure a reverse proxy called “HAProxy” and update its configuration file automatically each time a new managed node (configured with Apache web server) joins the Ansible inventory.

Introduction

HAProxy (High Availability Proxy) is open source proxy and load balancing server software. It provides high availability at the network (TCP) and application (HTTP/S) layers, improving speed and performance by distributing workload across multiple servers. HAProxy runs on Linux, FreeBSD and Solaris operating systems.

The above architecture diagram is an illustration of what we are going to perform in the task.

i)The requests would be sent to the HAProxy server which serves as a load balancer and further requests can be distributed equally via a round-robin algorithm.

ii)If suppose web1 is down, then the load balancer will route traffic to web2 and web3 i.e. remaining online web servers, thus will then respond to the clients/users via the Load balancer Server.

PRE-REQUISITES:

  • Basic knowledge of AWS is required. Having access to an AWS account with appropriate privileges. We need to have knowledge of creating EC2 instances, assigning security groups rules to the load balancer so that it can be accessible “on port 8080” and also make sure while creating the instance, all the instances should be in the same availability zone.
  • Basic knowledge of Ansible is required.

Implementation:

Here I have created 5 EC2 instances while you can have a minimum of 2 backend servers so that Load Balancer is able to route traffic between those two servers. Here I am using a combination of t2.micro and t3.micro types of EC2 instances. You can take any instance type Ansible controller installation would require a minimum of t3.micro.

1 Server for — — Ansible Node (Controller Node) — t3.micro
1 Server for — — LoadBalancer — t2.micro
3 Servers for — — Web Server — t2.micro

This implementation will be include 16 Steps:

STEP 1) Login to the Controller Node

Need to Install Ansible on the Controller Node follow below steps:

If you’re on RedHat/CentOS 8:

1) yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
2) yum install ansible -y
3) ansible --version

STEP 2) For Creating the user, we can follow the below steps:

sudo su -

Creating user by useradd command on all of the instances/servers

useradd user

STEP 3) Now add the “user” in the sudoers file on all of the instances web1, web2, web3 and load balancer

echo “user ALL=(ALL) NOPASSWD: ALL” > /etc/sudoers.d/user
exec bash

Make Sure SSH should allow for connection between Controller node, load balancer and web servers. For that edit the file “/etc/ssh/sshd_config” and update below line for all instances(web servers, load balancer and controller node) and also restart ssh service after updating below line.

PasswordAuthentication yes

Below are the command to be executed one by one for setting a passwordless connection between Controller node, load balancer and web servers from Controller node Server and also make sure you must be login from normal “user” to execute the below command.


1) ssh-keygen
2) ssh-copy-id user@web1
3) ssh-copy-id user@web2
4) ssh-copy-id user@web3
5) ssh-copy-id user@loadbalancer

STEP 4) For running the ansible playbook from normal “user”, edit the below configuration file of ansible.

sudo vim /etc/ansible/ansible.cfg

uncomment below lines

[defaults]
ask_pass = False
remote_user = user[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

STEP 5) Set the web servers and load balancer inside ansible hosts via /etc/ansible/hosts file as can be below

cat /etc/ansible/hosts

Here [web] is groupname where web1, web2 & web3 are nodes. Similarly [loadserver] is groupname where loadbalancer is a node.

STEP 6) Create a role folder /etc/ansible/roles using mkdir, The directory structure can be downloaded from Ansible Galaxy using below commands :

sudo ansible-galaxy init webserver — -> creates role for web server
sudo ansible-galaxy init lbserver — -> creates role for load balancer

STEP 7) Create a directory called “projects” using the mkdir command to manage hosts files.

sudo mkdir -p /etc/ansible/roles/projects

Here is a complete picture of what the explanation looks like.

/etc/ansible/roles

STEP 8) Set the path of the role inside an ansible configuration file (ansible.cfg). Just by uncommenting the below line

roles_path = /etc/ansible/roles

STEP 9) Start writing the playbook inside the directory called “projects”. Create setup.yml playbook inside the directory called “projects” and code can be written as below

/etc/ansible/roles/projects/setup.yml

STEP 10) Now we have to configure lbserver role. For this, we have to write tasks and handlers in their respective folders.

cd /etc/ansible/roles/lbserver/handlers
sudo vim main.yml
/etc/ansible/roles/lbserver/handlers/main.yml

STEP 11) From the role called lbserver, Change the directory to ‘tasks” and edit main.yml file, so as to define the task of haproxy package to be installed on loadbalancer server. Thus, code can be written as below

/etc/ansible/roles/lbserver/tasks/main.yml

STEP 12) For Managing Web Server, We have to write the playbook (main.yml) inside the tasks directory of web server and code can be written as below

/etc/ansible/roles/webserver/tasks/main.yml

Here we have completed configuring the web server. You can also use Handlers to restart the apache server.

STEP 13) For Configuring & Managing the HAProxy load balancer via Ansible, we have to install the haproxy package on the Controller instance.

sudo yum install haproxy -y  → it will install haproxy on controller node

STEP 14) Edit the file “/etc/haproxy/haproxy.cfg” and change the binding port number, You can use any port e.g. 1234. Here I have used 8080 and also you need to define the private ip for all the web server with port number 80.

Edited “/etc/haproxy/haproxy.cfg” configuration file as can be seen below

/etc/happroxy/haprroxy.cfg
/etc/haproxy/haproxy.cfg

Here HostName is equal to the web server. hostnames which were defined as web1, web2 and web3 as shown in above screenshot.

STEP 15) Copy the haproxy configuration file and paste inside /etc/ansible/roles/lbserver/templates

STEP 16) Finally we are ready to run and execute our the ansible-playbook. Change directory to /etc/ansible/roles/projects. From here we can run the play book.

ansible-playbook setup.yml
/etc/ansible/roles/projects/

Testing our Implementation:

  • Now we can check whether our load balancer is working or not. Take the public IP of the load balancer with port 8080 (binding port), it shows we are connected to web1 server.
Connected to web1
  • Refresh the page of the http://loadbalancerIP:8080. You will be connected to the Web2 server.
Connected to web2
  • Refresh the page again of the http://loadbalancerIP:8080. You will be connected to Web3.
Connected to web3

Summary:

  • Ansible software installed on the controller node.
  • Ansible Playbook roles are defined for managing and configuring lbserver(HAProxy) and web server.
  • Running the main playbook (setup.yml) inside project directory, will configure web server and load balancer server.
  • Load Balancer Public IP hits 3 different web servers via HAProxy software.

GITHUB Link:

https://github.com/mustafa2898/HAPROXYLOADBALNCER_GLOBANT.git

References:

Cloudops
Ansible
DevOps
Load Balancing
Automation

--

--

Mustafababude
Globant

Written by Mustafababude

19 Followers
Writer for

DevOps Engineer @Hitachi Digital Services

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams