Ansible Role to configure Apache httpd server and HAProxy for Load Balancing
Roles let you automatically load related vars_files, tasks, handlers, and other Ansible artifacts based on a known file structure. Once you group your content in roles, you can easily reuse them and share them with other users.
In the previous article, I've shown How to configure Backend apache httpd server and the HAproxy load balancer using ansible playbook. Now, I'll show how to create exact setup using Ansible Roles.
The first step is to specify the directory of roles in /etc/ansible/ansible.cfg file :
[defaults] inventory = /root/inventory.txt host_key_checking = false command_warnings = false deprecation_warnings = false roles_path = /root/task15/ [privilege_escalation] become = true become_method = sudo become_user = root
become_ask_pass = false
I've specified "/root/task15" as my roles_path.
Role for HTTPD server :
Next, go to the directory of the roles_path you specified and initialize a role for configuring httpd server :
ansible-galaxy role init myapache
Now, a directory with Name: myapache will be created in the directory where you run the above command.
Now. goto the directory "myapache" and go inside "tasks" folder :
Inside the main.yml file, we need to write the playbook for configuring the httpd server which I did in the previous article
Before that, I'm using the host group names : "LB" for load balancer and "Servers" for the httpd servers. So, my inventory file looks like this :
[LB] 192.168.43.131 ansible_user=root ansible_ssh_pass=122020 [Servers]
192.168.43.71 ansible_user=root ansible_ssh_pass=122020
Now, I'm using the same playbook which I've used before, for configuring the httpd server and copying it inside the main.yml file inside the directory: /myapache/tasks/main.yml :
# tasks file for myapache
- name: "Installing httpd software"
package:
name: httpd
state: present
- name: "Installing php"
package:
name: php
state: present
- name: "Starting and Enabling httpd service"
service:
name: httpd
state: started
enabled: yes
- name: "Copying php file"
copy:
src: index.php
dest: /var/www/html/index.php
- name: "Enabling port no {{ Server_Port }} in firewall"
firewalld:
port: "{{ Server_Port }}/tcp"
state: enabled
permanent: yes
Now, copy the following "index.php" inside the myapache/files/index.php directory which will provide the content for our web page :
<pre> <?php print `/usr/sbin/ifconfig` ?> </pre>
Now goto myapache/vars/main.yml file and add the "Server_Port" variable which is the port number on which the backend server works :
--- # vars file for myapache
Server_Port: 80
Role for HAProxy Load Balancer :
Now, initiate another ansible role with name "myloadbalancer" :
ansible-galaxy role init myloadbalancer
Inside the tasks/main.yml file, add the following playbook which configures the haproxy :
---
# tasks file for myloadbalancer
- name: "Installing Haproxy"
package:
name: haproxy
state: present
- name: "Setting SELinux to Permissive"
selinux:
state: permissive
policy: targeted
- name: "Enabling port no. {{ LB_port }} in firewall"
firewalld:
port: "{{ LB_port }}/tcp"
state: enabled
permanent: yes
- name: "Starting and enabling haproxy"
service:
name: haproxy
state: started
enabled: yes
- name: "Updating HAProxy conf. file"
template:
src: haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
notify: "restart_haproxy"
Now, inside the myloadbalancer/vars/main.yml file, add the variable "LB_port" which is the port on which HAProxy runs, and "Server_Port" :
--- # vars file for myloadbalancer
LB_port: 1234 Server_Port: 80
Now, go to myloadbalancer/templates/ and add the file with name "haproxy.cfg" with the following content (This is the configuration file for haproxy which automatically adds the backend severs in it) :
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:{{ LB_port }}
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
{% for i in groups['Servers'] %}
server app{{ loop.index }} {{ i }}:{{ Server_Port }} check
{% endfor %}
One more thing left is, we need to add handler!
Go to myloadbalancer/handlers/main.yml file and add the following handler :
--- # handlers file for myloadbalancer - name: "restart_haproxy" service: name: haproxy
state: restarted
Hooray!! We have completed the Roles.
The remaining thing left is to use and run the Roles.
Create a new file with name "myrole.yml" and add the following in it :
- hosts: Servers roles: - myapache - hosts: LB roles:
- myloadbalancer
Finally, run the "myrole.yml" playbook :
Now go to the browser and type : "http://LoadBalancerIP:PortExposed" and you can see the output of index.php file which runs the ifconfig command :
Thus, We configured the HAProxy and apache httpd server through Ansible Roles.
The code can be found at GitHub :