Configure Haproxy and update its configuration file automatically on each time new Webserver) join the inventory

What is Ansible?

Ansible is an automation tool that is written in python. it is an open-source software used for provisioning, configuration management, and application deployment. it is agentless and can configure both Unix-like systems as well as Microsoft Windows. It includes its own declarative language to describe system configuration. Ansible was written by Michael DeHaan and acquired by Red Hat in 2015.

What is Reverse proxy ??

 The reverse proxy is a type of proxy server that works as a load balancer. it accepts the request from the client and forwards it to backend servers and returns the server's response to the client. We can implement reverse proxy using  Haproxy which is free and open-source software. Haproxy is a load balancer and the proxy server for web applications running on multiple servers. 

First, install ansible in your OS:

We will install ansible by pip3 so we have to first install python3 in our OS:

yum install python3

Now install ansible using pip3

pip3 install ansible

After it creates an inventory file which contains IP, username, and password of two web servers and one Haproxy server at any location as given below:

vim /root/inventory.txt

[mywb]
<webserver1_ip>  ansible_user=root  ansible_ssh_password=<password> ansible_connection=ssh 

<webserver2_ip> ansible_user=root  ansible_ssh_password=<password> ansible_connection=ssh


[mylb]
<haproxy_ip> ansible_user= <user> ansible_ssh_password = <password> ansible_connection = ssh

After creating this file, Encrypt it using ansible-vault:

ansible-vault encrypt /root/inventory.txt

Create ansible.cfg file at location /etc/ansible/ and give the location of the inventory file.

mkdir /etc/ansible
vim /etc/ansible/ansible.cfg

inventory=/root/inventory.txt
host_key_checking=False
command_warnings= False

Check the connectivity of hosts:

ansible all -m ping --ask-vault-password                                                                     

Follow the following steps to configure haproxy and web server using ansible:

1. Configure yum in target nodes:

- hosts: all
  vars_files:
    - /var_file.yml
  tasks:
  - name: "creating a folder"
    file:
       state: directory
       path: "/{{ dvd_dir }}"
       
  - name: mount disk with folder
    mount:
       path: "/{{ dvd_dir }}"
       src: "/dev/sr0"
       fstype: "iso9660"
       state: mounted
       
  - name: "configuring yum"
    yum_repository:
       name: "dvd1"
       description: "yum for Appstream"
       baseurl: "file:///{{ dvd_dir }}/AppStream"
       gpgcheck: no


  - name: "configuring yum"
    yum_repository:
       name: "dvd2"
       description: "yum for BaseOS"
       baseurl: "file:///{{ dvd_dir }}/BaseOS"
                                              
       gpgcheck: no

here var_file contains variables used in our ansible-playbook

 haproxy_port: 8085
 dvd_dir: dvd
             
 haproxy_confFile: /task12.1/haproxy.cfg

2. Configure web servers:

- hosts: mywb
  tasks: 
  - name: "installing httpd software"
    package:
          name: "httpd"
          state: present

  - name: "installing php software"
    package:
          name: "php"
          state: present

  - name : "copying pages"
    copy:
          dest: "/var/www/html/index.php"
          src: "index.php"


  - name: "restarting httpd service"
    service:
          name: "httpd"
          state: restarted

  - name: "creating firewall rule for port 80" 
    firewalld:
          port: 80/tcp
          permanent: yes
          state: enabled
          immediate: yes

create a index.php in current directory:

#vim index.php


<pre>

<?php

print `/usr/sbin/ifconfig`;

?>
</pre>

 

3. Configure Haproxy: -

first, copy the haproxy.cfg file from /etc/haproxy.cfg to your current directory:

# cp /etc/haproxy/haproxy.cfg  haproxy.cfg

Open the haproxy.cfg file and write the below-given code at the end. this code will retrieve IP from group variable(mywb). which we defined in inventory and also used in ansible-playbook.

backend app
    balance     roundrobin
    {% for i in groups['mywb'] %}
    server  app{{ loop.index }}  {{ i }}:80 check
    {% endfor %}

Now use the haproxy.cfg file in the playbook. it will replace the /etc/haproxy/haproxy.cfg file in haproxy node. it will automatically add new node whenever that node join the inventory.

- hosts: mylb
  tasks:
  - name: "installing haproxy"
    package:
          name: "haproxy"
          state: present

  - name: "Configuring  haproxy.cfg file"
    template:
          dest: "/etc/haproxy/haproxy.cfg"
          src: "{{ haproxy_confFile }}"


  - name: "restarting haproxy"
    service:
          name: "haproxy"
          state: restarted

  - name: "creating firwall rule for port 8085"
    firewalld:
          port: "{{ haproxy_port }}/tcp"
          permanent: yes
          state: enabled
          immediate: yes

Now our complete playbook will look like this:

- hosts: all
  vars_files:
    - /var_file.yml

  tasks:
  - name: "creating a folder"
    file:
       state: directory
       path: "/{{ dvd_dir }}"
       
  - name: mount disk with folder
    mount:
       path: "/{{ dvd_dir }}"
       src: "/dev/sr0"
       fstype: "iso9660"
       state: mounted
       
  - name: "configuring yum"
    yum_repository:
       name: "dvd1"
       description: "yum for Appstream"
       baseurl: "file:///{{ dvd_dir }}/AppStream"
       gpgcheck: no


  - name: "configuring yum"
    yum_repository:
       name: "dvd2"
       description: "yum for BaseOS"
       baseurl: "file:///{{ dvd_dir }}/BaseOS"
       gpgcheck: no


- hosts: mywb
  tasks:
  - name: "installing httpd software"
    package:
          name: "httpd"
          state: present

  - name: "installing php software"
    package:
          name: "php"
          state: present

  - name : "copying pages"
    copy:
          dest: "/var/www/html/index.php"
          src: "index.php"


  - name: "restarting httpd service"
    service:
          name: "httpd"
          state: restarted

  - name: "creating firewall rule for port 80" 
    firewalld:
          port: 80/tcp
          permanent: yes
          state: enabled
          immediate: yes



- hosts: mylb
  tasks:

  - name: "installing haproxy"
    package:
          name: "haproxy"
          state: present

  - name: "Configuring  haproxy.cfg file"
    template:
          dest: "/etc/haproxy/haproxy.cfg"
          src: "{{ haproxy_confFile }}"


  - name: "restarting haproxy"
    service:
          name: "haproxy"
          state: restarted

  - name: "creating firwall rule for port 8085"
    firewalld:
          port: "{{ haproxy_port }}/tcp"
          permanent: yes
          state: enabled
          immediate: yes

4. Now run the playbook

ansible-playbook <playbook_name> --ask-vault-password

Now check the haproxy setup using browser:

We can see, we are connecting to our webserver using the haproxy server IP and port.

Now refresh browser, we will connect to another browser:

Thus we have configured Haproxy that will update configuration file automatically on each time new Webserver) join the inventory.

Thanks for reading