✍ Deploy the Load Balancer on AWS Cloud using Ansible playbook :
HELLO EVERYONE ✌✌,
✨ This article will help you to learn, How we can setup EC2 Instances and Security Group on AWS using Today’s Most Demanding Automation Tool — Ansible.
✨ Next we gonna see How to Deploy multiple HTTPD Web Server as backend server and HAProxy Load Balancer as frontend on top of these backend servers using Ansible Roles.
✨ This particular demonstration will also helps us to learn Distributed Architecture. But before starting let’s understand some basic terms.
✍ TASK DESCRIPTIONS :
👉 Use Ansible playbook to Configure Reverse
Proxy.
👉 Haproxy and update it’s configuration
file automatically on each time new Managed node
(Configured With Apache Webserver) join the inventory.
👉 Configure this setup over AWS
using ec2 instances.
✍What is Load Balancer ?
Load balancing is defined as the methodical and efficient distribution of network or application traffic across multiple servers in a server farm. Each load balancer sits between client devices and backend servers, receiving and then distributing incoming requests to any available server capable of fulfilling them.
✍What is HAProxy Load Balancer ?
HAProxy (High Availability Proxy) is a TCP/HTTP load balancer and proxy server that allows a webserver to spread incoming requests across multiple endpoints. This is useful in cases where too many concurrent connections over-saturate the capability of a single server.
✍What is AWS (Amazon Web Services) ?
Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. Deliver static and dynamic files quickly around the world using a Content Delivery Network (CDN).
First configure the ansible dynamic inventory so that we can fetch IPs dynamically. and then launch all the operating system over cloud then third and setup load balancer through haproxy.
Before doing any practical implementations It’s a good practice to create one directory to store all the files.
This directory is also known as our Workspace. In my system I created one workspace called “task12”. I am putting everything in this workspace and at the end of this article I will provide the GitHub link, from where you can download this workspace and also use it.
# mkdir task12# cd /task12
👉FOR DYNAMIC INVENTORY SETUP :
Here we will set up a dynamic inventory on AWS using boto3, ec2.yml and ec2.ini files.
Boto3 : is the Amazon Web Services (AWS) Software Development Kit (SDK) for Python, which allows Python developers to write software that makes use of services like Amazon S3 and Amazon EC2. You can find the latest, most up to date, documentation at our doc site, including a list of services that are supported.
👉STEP :
- Installing the required software and libraries.
- Now make a new directory for the ansible playbook using this command.
👉TO INSTALL THESE LIBRARIES FIRST :
This command installs boto3 in the Controller node.
# yum install python3-y# pip3 install boto3
👉NEXT :
I already have an access key and private key to log in to AWS. if you don’t have any key then create it through the AWS account.
👉TO CREATE ANSIBLE CONFIGURATION FILE :
# vim /etc/ansible/ansible.cfg
👉TO SEE THE DATA OF THE CONFIGURATION FILE :
# cat /etc/ansible/ansible.cfg
👉TO SEE THE WHOLE DATA INSIDE THE CONFIGURATION FILE :
[defaults]
inventory = /root/my_ec2
host_key_checking = False
roles_path = /root/ansible_roles
private_key_file = /root/aws_ansible.pem
remote_user = ec2-user
ask_pass = false
[privilege_escalation]
become = true
become_user = root
become_method = sudo
become_ask_pass = false
I have already “aws_ansible.pem” key for ssh login in my system. If you don’t have then put here.
👉TO CONFIGURE THE DYNAMIC INVENTORY :
Now create one more directory for dynamic inventory.
# mkdir /my_ec2
Dynamic Inventory Directory -(In my case “/my_ec2”)
For the dynamic inventory, download ec2.py and ec2.ini from this given URL, and paste in /myec2 folder:
👉TO DOWNLOAD EC2.PY BY USING CLI :
# wget https://raw.githubusercontent.com/ansible/ansible/stable-2.9/contrib/inventory/ec2.py
👉TO DOWNLOAD EC2.INI BY USING CLI :
# wget https://raw.githubusercontent.com/ansible/ansible/stable-2.9/contrib/inventory/ec2.ini
Here you also need privilege escalation because in AWS we have to configure all the configuration done by the user root only.
Note: If your controller node has Python3 then replace the location of shebang(#!) from #!/usr/bin/env python to #!/usr/bin/python3
#!/usr/bin/python3'''
EC2 external inventory script
=================================
Generates inventory that Ansible can understand by making API request to
AWS EC2 using the Boto library.
Now open the ec2.ini file and give your access and secret key which will be mentioned at the bottom of the ec2.ini file.
[credentials]# The AWS credentials can optionally be specified here. Credentials specified
# here are ignored if the environment variable AWS_ACCESS_KEY_ID or
# AWS_PROFILE is set, or if the boto_profile property above is set.
#
# Supplying AWS credentials here is not recommended, as it introduces
# non-trivial security concerns. When going down this route, please make sure
# to set access permissions for this file correctly, e.g. handle it the same
# way as you would a private SSH key.
#
# Unlike the boto and AWS configure files, this section does not support
# profiles.
#
aws_access_key_id = AXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXX
To Change your python path in my case it is /usr/bin/python3.
Save it And Make the ec2.py and ec2.ini file executable.
# chmod +x ec2.py
# chmod +x ec2.ini
👉TO CONFIGURE KEY FOR AWS EC2-INSTANCES :
After that, you also need to copy the aws_ansible.pem for the ec2 instance launch. After copying your key, make it executable by this following command:
# chmod 600 <file_name.pem># chmod 600 aws_ansible.pem
👉WE HAVE TO SET THESE ENVIRONMENTAL VARIABLES :
“AWS_REGION “ , “AWS_ACCESS_KEY_ID” , “AWS_SECRET_ACCESS_KEY”
- you need to configure by your IAM user credentials so that we can commute the AWS cloud and launch the ec2 instance.
- Here we need to type some command to configure IAM user.
# export AWS_RGION: <YOUR-AWS-REGION-NAME-HERE># export AWS_ACCESS_KEY_ID: <YOUR-AWS-ACCESS-KEY-HERE># export AWS_SECRET_ACCESS_KEY: <YOUR-AWS-SECRET-KEY-HERE>
- Here u need to type region, AWS access key, AWS secret key provided by the IAM user.
- To check your inventory is working fine then run this command “ansible all — list-hosts” — (I don’t have any instance at this time).
ansible all --list-hosts
- Now we need to write a playbook for launching the ec2 instance.
- Now Here we need to use the vault concept for providing AWS IAM credentials.
- Now got to our workspace folders and type below command and also provides your access key and secret key.
ansible-vault create key.ymlansible-vault view key.yml
👉LETS WRITE THE CODE :
# cd /task12
we need to write code for ec2 instance provisioning configure then as Load Balancer and Backend Server.
Open this EC2.yml
# vim EC2.yml
👉NEXT :
Now open main.yml
# vim main.yml
👉NEXT :
👉NEXT :
Now open variable.yml
# vim variable.yml
👉FOR LAUNCHING THE INSTANCES :
Here I am launching 2 instances as Webserver and 1 instance as loadbalancer.
Command : ansible-playbook — ask-vault-pass EC2.yml
ansible-playbook EC2.yml — ask-vault-pass
So, It will ask the vault password that contains the keys as it needs the keys to login to AWS.
Now use ping command:
ansible all -m ping
👉TO EXCEUTE MAIN.YML FILE AS IT CONTAINS REVERSE PROXY CONFIGURATION FOR THE LOADBALANCER :
Command : ansible-playbook main.yml
# ansible-playbook main.yml
After executing the file check the aws instance that we launched as load balancer in the configuration file.
# vim /etc/haproxy/haproxy.cfg
As we can see that last two lines in the above images are the IP of the backend server that dynamically configured in the haproxy configuration file.
👉CODE :
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:8080
acl url_static path_beg -i /static /images /javascript /styleshe ets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 65.0.108.128:80 check
server app2 13.232.210.171:80 check
👉TO ACCESS THE WEBSITE WE CAN USE PUBLIC IP OF THE LOADBALANACER :
The port number that I specify for Haproxy is 8080 so the format in which we need to access the Webserver is:-
<IP_address_of_loadbalancer>:<port_number>/<page_name>
For example : 15.207.115.249:8080/index.php
As you can see that IP address in both the instances is different that means the loadbalancer works perfectly.
Finally I have successfully completed my this task. Thank you Vimal Daga sir for giving me such a great task. Sir your mentorship is a God gift for me to enhance my skills and I am very blessed because you are my mentor.
So guys, In the upcoming days I am going to be publish a lots of blogs and articles on different different automation tools and other technologies, So definetely follow me on Medium as well as on linkedIn.
I have also provide the link of my GitHub repository for this task which is given below for your reference.
So, Here is my linkedIn profile if you have any queries definitely comment below or DM me on linkedIn.