Creating a HaProxy LoadBalancer Cluster on AWS using Ansible as Automation Tool

What is Ansible?

What is “HA-Proxy”?

Pre-Requistes for this creation :

  • IAM role in AWS
  • Pre-Installed Ansible on a system to run playbooks and other stuff –
  • tasks directory is for containing the main file/playbook.
  • cars directory is for storing variables.
  • templates directory is for storing templates written in jinja format.
    There are other folders also which have different uses.
# chmod +x ec2.py
# chmod +x ec2.ini
Initial Image
Changes made
# ./ec2.py --list
2nd line will be commented
# ansible all --list-hosts
# chmod 400 ansibletask3key.pem
# ansible-galaxy init lb
# ansible-galaxy init webserver
# ansible-galaxy role list
  • Firstly, I am configuring webserver role, following are the editing you can do by going to described directories :
tasks/main.yml
-
# tasks file for webserver
- name: install httpd
package:
name: "httpd"
state: present
- name: copy content
copy:
content: "Task3 Successfully completed\n, hello from {{ ansible_hostname }} "
dest: /var/www/html/index.html
notify: restart service
- name: service httpd start
service:
name: "httpd"
state: started
enabled: yes
handlers/main.yml
# handlers file for webserver
- name: "restart service"
service:
name: "httpd"
state: restarted
  • Now, we will be configuring “lb” role, following are the editing you can do by going to described directories:
tasks/main.yml
---
# tasks file for lb
- name: "installing haproxy"
package:
name: "haproxy"
state: present
- template:
src: "haproxy.j2"
dest: "/etc/haproxy/haproxy.cfg"
notify: "restart service"- service:
name: "haproxy"
state: started
enabled: yes
handlers/main.yml
---
# handlers file for LB
- name: "restart service"
service:
name: "haproxy"
state: restarted
templates/
haproxy.j2
---
# handlers file for webserver
- name: "restart service"
service:
name: "httpd"
state: restarted
[root@ansiblecn ansibletask3]# cat lb/templates/haproxy.j2
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:2629
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
{% for webserver in groups["tag_Name_Ansible_WebServer"] %}
server app {{ webserver }}:80 check
{% endfor %}
# vi vault.yml
# ansible-vault encrypt vault.yml
- hosts: localhost
gather_facts: false
vars_files:
- vault.yml
tasks:
- name: "installing boto"
pip:
name: "boto"
executable: pip3
- name: "installing boto3"
pip:
name: "boto3"
executable: pip3
- name: "creating security group"
ec2_group:
aws_access_key: "{{ ak }}"
aws_secret_key: "{{ sak }}"
name: 'launch-wizard-1'
description: 'sg with rule descriptions'
vpc_id: 'vpc-224d514a'
tags:
Name: "task3-sg"
region: "ap-south-1"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 22 for ssh
- proto: tcp
cidr_ip: 0.0.0.0/0
ports:
- 80
rule_desc: allow all on port 80 for webserver
- proto: tcp
cidr_ip: 0.0.0.0/0
ports:
- 2629
rule_desc: allow all on port 2629 for loadbalancer
rules_egress:
- proto: all
from_port: 0
to_port: 0
cidr_ip: 0.0.0.0/0

- name: "LoadBalancer"
ec2:
count: 1
image: "ami-0ebc1ac48dfd14136"
instance_type: t2.micro
region: "ap-south-1"
wait: yes
instance_tags:
Name: Ansible_LoadBalancer
group: "launch-wizard-1"
key_name: "ansibletask3key"
state: present
aws_access_key: "{{ ak }}"
aws_secret_key: "{{ sak }}"
- name: "webserver"
ec2:
count: 3
image: "ami-0ebc1ac48dfd14136"
instance_type: t2.micro
region: "ap-south-1"
wait: yes
instance_tags:
Name: Ansible_WebServer
group: "launch-wizard-1"
key_name: "ansibletask3key"
state: present
aws_access_key: "{{ ak }}"
aws_secret_key: "{{ sak }}"
# ansible-playbook ec2.yml --ask-vault-pass
# ansible-playbook lbcluster.yml
# ./ec2.py --list
In this image, you can see that 3rd and 4th group contains our VM’s IP

Github URL :

--

--

--

I am a student and persuing under graduation in computer science and engineering.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Implementing OrderedMap in Go 2.0 by Using Generics with Delete Operation in O(1) Time Complexity

Quick Guide: 5 Steps to Prioritising New Product Features

Simple React Native iOS Releases

How to build a Scala API following the best practices?

Using inline images as background images with dynamic height

Building to Scale: How Can You Approach Scaling Your Product?

ZKSwap Weekly Dev & Operations Update April 12 — April 16

why didn’t they create a modular phone?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akhilesh Jain

Akhilesh Jain

I am a student and persuing under graduation in computer science and engineering.

More from Medium

Terraform AWS Provider — Default Tags

How to publish private and public docker images to AWS ECR

How-to setup a HA/DR database in AWS? [7 — Dynamic Terraform backend definition]

K3s HA running in AWS