Saturday, December 5, 2020

Ansible - Setup and configure Load Balancer and Proxy using HAProxy-automatically using ansible

Configure LB and proxy using haproxy

1. Once server for load balancer
2. one or two servers for web servers
In my example I have three servers
Load Balancer: master  -
Web servers: worker1, worker2 -

1. On master server, Install haproxy - comes on RedHat DVD
# yum install haproxy

Note: There is no httpd process running on this host.
# rpm -qa httpd

2. Configure haproxy
[root@master ~]# vi /etc/haproxy/haproxy.cfg

do not modify global and default setting,
Directly go to 'frontend main' section
Here, change the port where you want your Load Balancer to run.
I will be using port 8080
I will be disabling firewall and selinux for this lab.

frontend main
    bind *:8080

go all the way down to section called 'backend app,

In this section, you will be adding all web server information.

backend app
    balance     roundrobin
    server app1 w1 check
    server app2 w2 check

3. Once config is changed, start the service
# systemctl start haproxy
# systemctl enable haproxy
# systemctl status haproxy

4. Now, go to your web server machines. 
a. In my case, its worker node 1 and node2
Install web server and start the service

# yum install httpd
# systemctl start httpd
# systemctl status httpd
# systemctl enable httpd
# systemctl stop firewalld

b. Create a index file
[root@worker1 html]# cat index.html
This is worker node1

[root@worker2 html]# cat index.html
This is Worker node2

5. Now, get the IP of your load balancer server.

You should be able to see the web site. if you refresh, you will see new page.

This proves that load balancer is working.


Until now, we configure haproxy manually, lets start configuring haproxy using ansible

1. Lets configure our inventory file as follows,
# ansible --version
# more /etc/ansible/ansible.conf

# cat myhosts
master  ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh

worker1 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
worker2 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh

Note: There is one option available in inventory to group them. and give them group name say web or load balancer.

2. Lets automate everything using ansible. Here is the yaml file.
[root@master wk6]# cat mylb.yaml
- hosts: myweb  # myweb comes from inventory file
  - package:
      name: "httpd"

  - copy:
      dest: "/var/www/html/index.html"
      content: " Testing Load Balancer on RHEL7/Centos7"

  - service:
      name: "httpd"
      state: restarted

  - service:
      name: "firewalld"
      state: stopped
      enabled: False

- hosts: mylb
  - name: "Install LB software"
      name: "haproxy"

  - template:
      dest: "/etc/haproxy/haproxy.cfg"
      src: "haproxy.cfg"

  - service:
      name: "haproxy"
      state: restarted

3. Lets look at the config file for haproxy

Do not modify global and default values.

[root@master wk6]# cat haproxy.cfg
# Example configuration for a possible web application.  See the
# full configuration options online.

# Global settings
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #    local2.*                       /var/log/haproxy.log
    log local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/
    maxconn     4000
    user        haproxy
    group       haproxy

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

# main frontend which proxys to the backends
frontend main
    bind *:8080  # This is a port where LB will be listening
    #bind *:5000
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js

    use_backend static          if url_static
    default_backend             app

# static backend for serving up images, stylesheets and such
backend static
    balance     roundrobin
    server      static check

# round robin balancing between the various backends
backend app  # app value can be anything
    balance     roundrobin
    #server  app1 check
    #server  app2 check
    #server  app3 check
    #server  app4 check
    #server app1 w1 check
    #server app2 w2 check

{% for i in groups[ 'myweb' ] %}
   server app{{ loop.index }} {{ i }}:80 check
{% endfor %}

4. Lets run your playbook
[root@master wk6]# ansible-playbook mylb.yaml

5. Lets verify the content of haproxy.conf file
# cat /etc/haproxy/haproxy.conf

6. Go to the browser with ip of proxy server which is .50

You should be able to see the page.

Now, modify the content of one of the indexfile from web server and refresh the LB server, you will find the new pages.

No comments:

Post a Comment