Open in app

Sign in

Write

Sign in

Configuring Web Server & LoadBalancer on the top of AWS using Ansible

Ankit Pramanik
5 min readDec 8, 2020

HAPROXY

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world’s most visited ones. Over the years it has become the de-facto standard opensource load balancer, is now shipped with most mainstream Linux distributions, and is often deployed by default in cloud platforms. Since it does not advertise itself, we only know it’s used when the admins report it :-)

Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the net, such as below

ANSIBLE

Ansible is an open source IT Configuration Management, Deployment & Orchestration tool. It aims to provide large productivity gains to a wide variety of automation challenges. This tool is very simple to use yet powerful enough to automate complex multi-tier IT application environments.

Ansible is a helpful tool that allows you to create groups of machines, describe how these machines should be configured or what actions should be taken on them. Ansible issues all commands from a central location to perform these tasks.

No other client software is installed on the node machines. It uses SSH to connect to the nodes. Ansible only needs to be installed on the control machine (the machine from which you will be running commands) which can even be your laptop. It is a simple solution to a complicated problem.

I am not boasting off when I say that Ansible has filled up all the holes in Configuration Management and IT Orchestration world. You will know it too, when you take a look at the benefits of Ansible mentioned below:

Setting Up

The following task has been performed on top of AWS EC-2 instances and I have used Red Hat Enterprice Linux (RHEL -8).

So there are 3 Backend Servers where we have the web server running and 1 node having the reverse proxy server

Creating Host Groups in Inventory

here, we will be creating the inventory file which will contain all the information required to connect with the other nodes

[mylb]
172.31.33.248 ansible_user=root ansible_connection=ssh[myweb]
172.31.0.6  ansible_user=root ansible_connection=ssh
172.31.1.195 ansible_user=root ansible_connection=ssh
172.31.1.148 ansible_user=root ansible_connection=ssh
[lbnodes]
65.0.21.166
52.66.249.96
13.233.163.100

Now the main part is to create the playbook.

- hosts: myweb
  tasks:
  - name: "Install httpd"
    package: 
      name: "httpd"  - copy:
      dest: "/var/www/html/index.html"
      content: "Testing for LoadBalancer"  - service:
      name: "httpd"
      state: restarted- hosts: mylb
  tasks:
  - name: "Installing LoadBalancer Software"
    package:
      name: "haproxy"  - template: 
      dest: "/etc/haproxy/haproxy.cfg"
      src: "haproxy.cfg"   - service:
      name: "haproxy"
      state: restarted

Now that we have our playbook ready, only the configuration file of haproxy is to be configured. The only problem is that every time, we need to manage the ip of the web server manually. To overcome that, we have used the ninja template and configured the haproxy file so that it takes up the data automatically and the user doesn’t have to configure the haproxy.cfg file manually.

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
    bind *:8080
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js    use_backend static          if url_static
    default_backend             app#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
    balance     roundrobin
    server      static 127.0.0.1:4331 check#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
{% for i in groups['lbnodes'] %}
    server  app1 {{ i }}:80 check
{% endfor %}

Now that we are done with the configuration, Its time to run the playbook

So, here we can see we have all Success. Now lets check the haproxy configuration file manually from the node,

Automatically this part of main haproxy file was changed. And so is our web server and load balancer configured using Ansible.

And our web server is working perfectly on the address http://13.233.237.17:8080.

***

Thanks for your time…

Ansible
Ansible Playbook
Web Server
Load Balancing
AWS

--

--

Ankit Pramanik

Written by Ankit Pramanik

8 Followers

Cloud-DevOps Enthusiast

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams