Hello Readers😊😊,
After reading this blog article, you will be able to configure Reverse Proxy i.e. Haproxy, and update its configuration file automatically each time a new Managed node (Configured With Apache WebServer) joins the inventory.
Let us discuss some basic concepts.
What is HAProxy?
HAProxy (High Availability Proxy) is a TCP/HTTP load balancer and proxy server that allows a webserver to spread incoming requests across multiple endpoints. HAProxy is known as “the world’s fastest and most widely used software load balancer.” This is useful in cases where too many concurrent connections over-saturate the capability of a single server. Instead of a client connecting to a single server that processes all the requests, the client will connect to an HAProxy instance, which will use a reverse proxy to forward the request to one of the available endpoints, based on a load-balancing algorithm.
What is Ansible?
Ansible is open-source software that automates software provisioning, configuration management, and application deployment. Ansible is included as part of the Fedora distribution of Linux, owned by Red Hat, and is also available for Red Hat Enterprise Linux, CentOS, OpenSUSE, SUSE Linux Enterprise, Debian, Ubuntu, Scientific Linux, and Oracle Linux via Extra Packages for Enterprise Linux (EPEL), as well as for other operating systems. Ansible is procedural rather than declarative. In ansible, we define what we want to do and ansible go through each and every step for that. Ansible uses SSH to connect to remote hosts and do the setup, no software needed to be installed beforehand on a remote host. It’s simple, powerful and flexible.
Hope you got some basics out of this discussion.
HAProxy Architecture
The above image shows the architecture of Reverse Proxy i.e HAProxy.
Note: To implement this architecture we should have 4 VM(s) or 4 instances. I am using AWS cloud to launch the 4 instances. 1 instance works as Controller Node, 1 instance for Load Balancer and the other 2 instances are Managed Nodes(webservers).
So Let’s Start…..
Configure the Controller node
Firstly, In the controller node, We need to install Ansible. Before this Install Python using the yum install python3 Command.
Now We will setup the configuration file of Ansible by making a directory using mkdir /etc/ansible/ command. We need to write some code inside the configuration file of ansible.
To avoid some warnings given by the command we have to disable it, using command_warnings=false
The remote user is that we are going to log in, here we have launched the ec2 instances hence the remote username is ec2-user.
(Note: Just for information we have implemented this infrastructure on AWS cloud. You can do this in your local systems by launching multiple VM(s))
Also, we need to disable the ssh key, as when we do ssh it asks you for yes or no. We have to write host_key_checking=false to disable it.
Ansible uses existing privilege escalation systems to execute tasks with root privileges or with another user’s permissions. Because this feature allows you to ‘become’ another user, different from the user that logged into the machine (remote user), we call it to become. The become keyword leverages existing privilege escalation tools like sudo, su, pfexec, doas, pbrun, dzdo, ksu, runas, machinectl, and others.
To login into that newly launched OS, we need to provide its respective key. Here .pem format will work. We need to give permission to that key in the read mode. Command for that:-
chmod 400 keyname.pem
After setting up the configuration file, Create an Inventory and add Web server and LoadBalancer IP(s), username, and password.
Now, check the connectivity with Managed Node using the command ansible all -m ping.
Now, we have to make some changes in haproxy.cfg file which is the configuration file of haproxy and we can have that file by installing haproxy software(yum install haproxy). This we did to make things simple. Now just copy this file from /etc/haproxy directory to /root/ directory.
Open the haproxy.cfg file in the controller node and bind the port 8080. Also, write the below-mentioned jinja code to update the haproxy.cfg file to load balancer dynamically.
Great, we are now ready to write an ansible-playbook.
The above code will configure the web server in the target node by installing httpd and PHP software and then copying the webpages and lastly starting the service.
The above code will configure the load balancer by installing haproxy software and uploading the haproxy config file. Lastly starting the service.
Let us run this playbook.
Here we can see that the playbook ran successfully and changes are made in target nodes.
In the real world, we expose the IP of the load balancer to the clients, and the client hits to Load Balancer, and then the load balancer manages the load. Till now we haven’t added the webserver 2, so when we hit the IP of Loadbalancer then we get the webpage as follows.
Now let’s add the IP of webserver 2 to the inventory. The updated inventory is shown below.
After adding the information of a new operating system, we need to run again our playbook.
Now We can see in the above images one new web server has been configured successfully. So let’s check the final output.
It first hits one of the IPs.
Then it hits to another IP.
So, Load Balancer is also working great with all 2 web servers as we can see in the above images.
Now, if the traffic increases and 2 webservers can’t handle it and then we just need to add the information of Webserver 3(not Pre configured) into inventory and run the playbook. In this we solve the use case,
Thank You so Much for reading…
Keep Learning, Keep Hustling🎯🎯
For Your Comfort, I am linking the GitHub repo below.
Link: https://github.com/PiyushBagani15/Ansible_LoadBalancer