Ansible Task-3: Deploy Loadbalancer and manage webserver using Ansible
Hello everyone, I am sharing my task-3 implementation of RHCE 8 Automation using Ansible training by Mr Vimal Daga sir and LinuxWorld Informatics. In this task we have to deploy one loadbalancer on aws ec2 instance and manage three webserver running on different aws ec2 instances. All these have to be implemented using Ansible.
# About Task :-
?? Launch an AWS instance with the help of ansible.
?? Retrieve the public IP which is allocated to the launched instance using Dynamic Inventory Concept
?? Configuration of WebServer and LoadBalancer with the help of Ansible
?? The Target Nodes of the Load Balancer Should Auto Update As per the status of Web Servers.
# Requirements :-
2) Ansible
3) python and boto module
Let's start implementation, our first task is to install all required modules. Here we installing python boto/boto3 module
pip3 install boto pip3 install boto3
Now our task is to launch ec2 instance one for loadbalancer and other three for webserver. For this we have to create ansible playbook which will launch instances for us.
- hosts: localhost vars_files: - creds.yml tasks: - name: launch linux os in aws ec2: key_name: "aws-os-test1" instance_type: "t2.micro" image: "ami-0ebc1ac48dfd14136" wait: yes count: 1 vpc_subnet_id: "subnet-52cff53a" assign_public_ip: yes region: "ap-south-1" state: present group_id: "sg-0db3aafb5b62de47e" aws_access_key: "{{ username }}" aws_secret_key: "{{ userpass }}" register: ec2 - name: launch linux os in aws ec2: key_name: "aws-os-test1" instance_type: "t2.micro" image: "ami-0ebc1ac48dfd14136" wait: yes count: 1 vpc_subnet_id: "subnet-52cff53a" assign_public_ip: yes region: "ap-south-1" state: present group_id: "sg-0db3aafb5b62de47e" aws_access_key: "{{ username }}" aws_secret_key: "{{ userpass }}" register: ec2 - name: launch linux os in aws ec2: key_name: "aws-os-test1" instance_type: "t2.micro" image: "ami-0ebc1ac48dfd14136" wait: yes count: 1 vpc_subnet_id: "subnet-52cff53a" assign_public_ip: yes region: "ap-south-1" state: present group_id: "sg-0db3aafb5b62de47e" aws_access_key: "{{ username }}" aws_secret_key: "{{ userpass }}" register: ec2 - name: launch linux os in aws ec2: key_name: "aws-os-test1" instance_type: "t2.micro" image: "ami-0ebc1ac48dfd14136" wait: yes count: 1 vpc_subnet_id: "subnet-52cff53a" assign_public_ip: yes region: "ap-south-1" state: present group_id: "sg-0db3aafb5b62de47e" aws_access_key: "{{ username }}" aws_secret_key: "{{ userpass }}" register: ec2
In above playbook i have used some variables like username and userpass which will retrieve from creds.yml valut.
Now create vault:
ansible-vault create --vault-id creds@prompt creds.yml
inside vault add username variable and add your aws IAM credentials same with userpass variable. Now save and exit from file.
after creating vault now run our playbook.
ansible-playbook --vault-id creds@prompt ec2.yml
Now our task is to retireve all running ec2 instance ip address dynamically. And later we will use them to perform out task.
For dynamic inventory here we using python files
download both files inside /etc/ansible/ directory
now export variables:
After this before running python program check your current python version is 3 and set your python as python3 or you can change header with python3
ex: #!/etc/bin/env python3
Make both file executible :
chmod +x ec2.ini
chmod +x
Now run below command to list all available host. Before this first set your /etc/ansible/ansible.cfg inventory path to /etc/ansible
ansible all --list-hosts
Here we get 4 IP addressess now choose one as loadbalancer and other as webserver.
Now create new inventory.txt file and add two groups same as below
Download your aws ec2 ssh private key and store it to /etc/ansible directory
Now change your inventory path to /etc/ansible/inventory.txt inside /etc/ansible/ansible.cfg file
Now our task is to create roles for both loadbalancer and webserver
create folder named roles inside /etc/ansible/ directory
ansible-galaxy init webserver ansible-galaxy init lbserver
And add roles path inside /etc/ansible/ansible.cfg
Now our task to write roles.
--- # tasks file for lbserver - name: install haproxy package package: name: "haproxy" state: present - name: copy haproxy config file template: src: "haproxy.cfg" dest: "/etc/haproxy/haproxy.cfg" notify: loadbalancer restart - name: start haproxy service service: name: "haproxy" state: started
--- # handlers file for lbserver - name: restart loadbalancer service: name: "haproxy" state: restarted
#--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log local2 chroot /var/lib/haproxy pidfile /var/run/ maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats # utilize system-wide crypto-policies ssl-default-bind-ciphers PROFILE=SYSTEM ssl-default-server-ciphers PROFILE=SYSTEM #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main bind *:5000 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin server static check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balance roundrobin {% for hosts in groups['webserver'] %} server app1 {{ hosts }}:80 check {% endfor %}
Now writing webserver roles
--- # tasks file for webserver - name: install httpd package package: name: "httpd" state: present - name: copy webpage content copy: content: "website address {{ ansible_hostname }}" dest: /var/www/html/index.html - name: start httpd service service: name: "httpd" state: started
Now our task is to create a playbook which runs these roles
- hosts: webserver remote_user: ec2-user become: yes roles: - role: webserver - hosts: loadbalancer remote_user: ec2-user become: yes roles: - role: lbserver
Before running this ssh to every instance and set permitrootlogin no inside /etc/ssh/sshd_config
Now goto webserver ip to check webpage is hosted or not
All webserver are running perfectly, now checking haproxy files
Everything is setup perfectly and task completed as per requirements.
Github Link :
Software Developer | TCS Expertise in Java, Python, and Financial Software Development
4 年??