Deploying Load Balancer and HTTPD using Ansible
Vaibhav S.
Lead Cybersecurity Engineer | Cybersecurity Engineering | ex-PwC | Helping Companies Prevent Cyberattacks | RHCSA | RHCE | eJPT | CEH(P) | ICCA | RHCSSMA | CCP | CSA | CIAP-DIAT| CSIL-CDWI | CSIL-COA
Statement: Deploy a Load Balancer and multiple Web Servers on AWS instances through ANSIBLE!
-Provision EC2 instances through ansible.
-Retrieve the IP Address of instances using the dynamic inventory concept.
-Configure the web servers through the ansible role.
-Configure the load balancer through the ansible role.
-The target nodes of the load balancer should auto-update as per the status of web servers.
As all the dynamic inventory concepts was completed in the previous article here we will look only the important stuffs
Steps
Creating Roles
ansible-galaxy init loadbalancer ansible-galaxy init httpd ansible-galaxy init installhttpd ansible-galaxy init installhaproxy
Here we created 4 roles
loadbalancer to provision Load Balancer EC2 Instance
httpd to provision HTTPD EC2 Instance
installhaproxy to configure Load Balancer EC2 Instance and install haproxy and configure all the HTTPD instance in Load Balancer conf file.
installhttpd to configure HTTPD EC2 Instance and install HTTPD and configure all the HTTPD index.html pages with there respective IP Addresses.
Creating loadbalancer role
vim loadbalancer/tasks/main.yml
- ec2:
instance_type: t2.micro
image: ami-052c08d70def0ac62
count: 1
instance_tags:
name: "loadbalancer"
group_id: sg-00fc82c95aeb70e6e
key_name: "awscli"
Creating httpd role
vim httpd/tasks/main.yml
- ec2:
instance_type: t2.micro
image: ami-052c08d70def0ac62
count: 3
instance_tags:
name: "HTTPD"
group_id: sg-00fc82c95aeb70e6e
key_name: "awscli"
Creating yml file to provision httpd and load balancer instances from there roles.
Exporting the Credentials
Create AWS Programmatic User in AWS and export its Access key and secret key
export AWS_ACCESS_KEY=yourcred export AWS_ACCESS_SECRET_KEY=yourcred export AWS_REGION=ap-south-1
The ec2.py and ec2.ini is present in inventory to see more see previous article.
vim /root/run.yml
- hosts: localhost
roles:
- role: httpd
- hosts: localhost
roles:
- role: loadbalancer
ansible-playbook /root/run.yml
Above we are getting some errors with ec2.py and ec2.ini but we didn't need that at this moment.
Creating installhttpd role
vim /etc/ansible/roles/installhttpd/tasks/main.yml
---# tasks file for installhttpd
- name: "install httpd"
package:
name: "httpd"
state: present
- name: "copy the content"
copy:
content: "This is a server deployed on ip {{ ansible_hostname }}"
dest: "/var/www/html/index.html"
- name: "restart httpd"
service:
name: "httpd"
state: started
Creating installhaproxy role
vim /etc/ansible/roles/installhaproxy/tasks/main.yml
---# tasks file for installhaproxy
- package:
name: "haproxy"
state: present- template:
src: "templates/haproxy.j2"
dest: "/etc/haproxy/haproxy.cfg"
notify: restart lb
- service:
name: "haproxy"
state: started
enabled: yes
Creating restart lb handler
vim /etc/ansible/roles/installhaproxy/handlers/main.yml
---# handlers file for installhaproxy
- name: "restart lb"
service:
name: "haproxy"
state: restarted
Configuring haproxy.conf
vim /etc/ansible/roles/installhaproxy/templates/haproxy.j2
{% for hosts in groups['tag_name_HTTPD'] %}
server app {{ hosts }}:80 check
{% endfor %}
Here am not changing the port 5000 if you need it you can change to as you need and haproxy.conf is renamed to haproxy.j2 its up to you.
Creating the file for running and configuring everything
vim /root/final.yml
- hosts: tag_name_HTTPD
roles:
- role: installhttpd
- hosts: tag_name_loadbalancer
roles:
- role: installhaproxy
ansible-playbook /root/final.yml
Configuring the Firewall
vim /root/firewall.yml
- hosts: ec2
tasks:
- name: Disable firewall
command: setenforce 0
Am simply setting SELinux to permissive if up to you can also create a rule its been told in some old articles.
ansible-playbook /root/firewall.yml
The Result
Here we can see the Ip of the server.
Here we can see the Ip of the server and can conclude load balancer is working properly.
Summary: One-Click Instance Launched, Web Servers provisioned and Load Balancer ready!