Ansible: Setting-up HAProxy(Loadbalancer) to create High-Availability environment. (AWS and VM)
Today I have come up with an interesting task, let’s first under what exactly we are going to do. In this blog I will create a high availability environment for servers so that if there is load on one, it will redirect it to the another replica server so that load between them can be kept balanced, and there would be no threat of server down or server failure.
What is HAProxy ?
HAProxy stands for High Availability Proxy which is nothing but a reliable, high performance TCP/HTTP loadbalancer which helps to reduce load on one server and redirects it to the another and maintains the traffic flow between the servers.
- Use Ansible playbook to Configure Reverse Proxy i.e. Haproxy and update it’s configuration file automatically on each time new Managed node (Configured With Apache Webserver) join the inventory.
- Configure the same setup over AWS using instance over there.
Now let us start with Task no 1st i.e Setting up Haproxy in VM instance
Prerequisite: Make sure you do this network setting in all three Virtual instances, so that they can connect and communicated with the Virtual environment.
Now let us start with configuring our Ansible playbook…
Creation of inventory file in controller node:
In above picture, I have create a host IP database file which includes IPs of webserver and LoadBalancer.
To setup ansible please refer my blog : Ansible: Configuring docker and setting up HTTPD server inside docker container using ansible playbook.
Creation of Ansible playbook:
Above is the playbook, which will install Httpd server on managed nodes and setup Loadbalancer and services for the same.
Creation of index.php file:
Here in index.php file we are printing system ip address, using linux command ifconfig. so that whenever loadbalancer redirects you, you can visibly see the change in IP address.
*Before running ansible playbook, make sure you close the SELinux security in all instances, because it may create any failure due to security concerns*
Command: setenforce 0
Command: ansible-playbook filename.yml
After successfully execution of playbook, you can now head on to Loadbalancer instance, and configure the haproxy.cfg file.
Simply add these following above lines at the end, now what these line will do is it will automatically fetch the Ips of webservers from ansible inventory file and transfers the load automatically on those webserver IPs
Let us check whether all the installation are done properly or not….
Packages: Httpd and PHP has installed successfully on target node.
Command: rpm -q httpd
command: rpm -q php
Httpd services has also been started..
command: systemctl status httpd
Lets check HAProxy is installed and services have been started or not…
command: rpm -q haproxy
Command: systemctl status haproxy
As everything is been configured successfully, now its time to check the output of our load balancer..
Now on the browser, we will check our webserver’s are running or not.
To check, you require Ip address of the loadbalancer, you will get it from vm-instance where you have configured HAProxy.
Now we have exposed the webserver to port 8080, so it is require to attach it with the loadbalancer Ip address.
When you run the above link, you will see the webpage, where it is displaying the IP address of webserver 1st, Now to check whether it is redirecting or not, simply refresh the page…
Now you will see the change in IP address of webserver, this signifies that our load balancer is configured successfully.
Also one point to be noted here, IP of Loadbalancer remains unchanged, only the webpages are switching automatically. This actually means that Client/User will not be aware what’s happening in the background, he only can see the webpage, but actually user will be unaware about the IP address and Loadbalancing mechanism. So we have also maintained transparency.
Now to check, internally how Loadbalancer is switching webpages..
Head on to path: vi /etc/haproxy/haproxy.cfg
You will see, haproxy has fetched the ip’s of webserver from inventory file. So now we have created a dynamic Haproxy.cfg file which will dynamically fetch the IPs and there is no need to go on and manually add the IPs in the file.
So, here we have successfully set-up HAProxy, i.e High Availability environment for webservers on our virtual machine.
Lets configure the same on AWS cloud instance….
Task no 2nd begin:
Creation of cloud instance in Amazon EC2 :
In security group, select allow all traffic, so that ansible can communicate with other instance. Also keep same subnet-region for all three instance. And choose the same public key for all three instance.
Above I have created Three instances, where my controller node is also a webserver1 and rest includes webserver2 instance, LoadBalancer instance.
Now let us gather, the required resource:
- **Imp*** :Using winscp, you can connect to cloud instance, and transfer the instance private key, which is in .pem extension into the controller instance, where we are setting-up ansible. Now why key is required?? I will explain it when we are creating Hosts database also called as inventory file.
- Give the key read permission command: chmod 400 keyname.pem.
Lets start with configuring ansible in controller instance:
Ansible is basically designed in python, so the first and foremost prerequisite is to install python3.
Command: yum install python3
Once done, now we can install ansible using python pip3
Command: pip3 install ansible — user
So lets set up the inventory file:
Now, we are creating Inventory file hosts.txt, so as we created it for our Virtual machine instances, same we have to do here, just there we were having password for instance, and here in AWS we need to provide the private key. So at the place of ansible_private_key we need to provide the location where the key is present. Rest all is same.
Now Let us configure the ansible.cfg file:
Now, ansible.cfg file is important because we are doing two important configuration inside it.
First, giving the path for the inventory file, Providing private key. Host key checking is kept is false because at the connection via ssh protocol, it will check the host key and ask for authenticity, so keeping it false wont be an issue.
Second, We are doing a privilege escalation because Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
Now next step is to configure the sudoers file in all the three instances, so that to give ec2-user sudo privileges.
Head on to the path: vi /etc/sudoers
In sudoers file, all the privilege line for ec2-user
Now we are all set to run playbook, so use the same above code and run the playbook, and you can configure the same High Availability environment on AWS EC2 instances.
Github-link: Ansible:Virtual-box Instances
Thank you for reading, Keep supporting..! Keep Learning…!