Ansible Automation to Configure Reverse Proxy

Playbook to configure reverse proxy and auto-update the configuration file when a new managed node joins the backend server group.

Hello Everyone!!!

I hope you all are fine and excited to learn more about Ansible.

New to Ansible!!! Want to know more about it??? If you don’t have prior knowledge of Ansible, do check out my blog, where I have explained Ansible and its Use Cases.

Now, if you have knowledge of Ansible, we know that we need to configure Ansible in our system so that we can work with it. To make your work easy, I have also explained how we can configure Ansible in my below-mentioned blog, so you can check it out and understand the configuration before we proceed with our task.

Now, as we all are comfortable with everything, we can now start with our task. So here, we will configure a Reverse Proxy for our Webserver with Ansible. When we configure Reverse Proxy, we may need to scale our servers, so during that process, new systems get launched with a new IP address, and we need to update the IP in the Reverse Proxy configuration file. So we also want it to be automatic, which means every time we add a webserver in our Ansible Managed nodes, its IP will automatically be updated in the configuration file.

So let’s get started with our task.

First, let's check our “ansible.cfg” file:

Now let’s check our “inventory.txt” file:

Now, as we have all set up, our “ansible.cfg” file is also configured, and our inventory.txt file is also updated with one load balancer and one webserver. We will try to run our playbook with 1 webserver and then later add one more to check the configuration file of HAProxy (Reverse Proxy tool) to see if it auto-updates or now.

So let’s start writing our playbook. Let's create a workspace to work with. Here I have created a workspace, “haproxyAuto.” And these are the internal files. Don’t worry; I will explain each file.

CREATING THE PLAYBOOKS

First, let’s check our main playbook “haproxy.yml” file.

The first play will be running in the “load balancer” host group. Here I am using some variables which are coming from the “haproxy.yml” file.

Let me explain each task one by one:

The first task is to install “haproxy” software in our managed nodes, and it will run if “haproxy” is not present in the system.

The second task is to copy the configuration file “haproxy.cfg,” which is usually in the “/etc/haproxy/” directory, and this file is the one that configures the system as a reverse proxy server. Here what I have done is I have made some changes in the configuration file from my controller system, and then I transferred that file to the “loadbalancer” managed node using the template module. The template module help to transfer the file; the file can be changed dynamically on the other system. Here is the file haproxy.cfg file in my controller node.

Here we can see at 68 lines and 87–89 lines I have used variable and for loop in the file so the template module can read the file and change the variable which I have declared with their value which will be passed from my variable file, which I have mentioned above. It will list all the IPs of the backend server group, which will be in my inventory file.

The third task is to start the haproxy service as a managed node.

The fourth task is to install firewalld in the system. Normally we have firewalld present in the system, which helps to manage traffic in the system.

The fifth task I have started the firewalld service.

In the sixth task, I have configured the firewalld for allowing the port, which the user will mention in the variable file, which will allow outside traffic to use that port number which our LoadBalancer will be giving service.

Now we have the play for the webservers. Let me explain it.

The first task is to install httpd software and PHP in our backend webservers group.

NOTE: No need of PHP if you want to host a “.html” file as I am using “.php” I need PHP to run the file.

The second task is we are starting our HTTPD service.

The third task is to create an “index.php” file in the “var/www/html/” directory.

This is the “index.php” file which will just display the IP of the system in which it is launched in.

The fourth task is here in these servers. Also, I have installed firewalld.

In the fifth task, I started the firewalld software.

In the sixth task, I have set the firewall rule to add the user-defined port through a variable file that can be accessed by our load-balancer system to the proxy.

RUNNING THE PLAYBOOK

Now I ran the playbook using the command, and we have the output also:

ansible-playbook haproxy.yml

The first image is of the host “load-balancer” and another image is “webservers” from the same playbook play.

Now let's check if the software is installed in both systems or not.

You can see both my IP 116 and 104 are running Haproxy and HTTPD, respectively.

Let's check the “haproxy.cfg” file now in the 116 IP system that is Loadbalancer.

Here we can see that the IP and port are updated as we passed the variable file.

Now let’s add one more system in my inventory with the IP 105.

Now, let's rerun our playbook, and let’s see if another backend server gets added and if the configuration file is changed or not.

In the above image, we can see that the second play was running in the new IP we added. Now let's check the configuration file.

As in the image, we can see that the configuration file is updated as we have used variable with for loop, and each IP is added, which is present in the inventory.

Now let’s check if the webserver is working properly and the load is being balanced or not.

The webserver is being proxy on 8080 by the Loadbalancer with IP “192.168.56.116". We can see when we refresh the page; we land on another web server which means that the load is distributed among two servers. And we have successfully completed our task.

CONCLUSION

So, this is the way we can configure reverse proxy using Haproxy and dynamically update the configuration file with new IP when the IP is added to the inventory.

You can find the whole code in my GitHub, i.e., the below-mentioned link.

I hope I have explained everything, and if you have any doubts or suggestions, you can comment on this blog or contact me on my LinkedIn.

Thank you for staying till the end of the blog, and please do suggest to me some ideas for improvement. Your suggestions will really motivate me.

I blog about ML, Big Data, Cloud Computing. And improving to be the best.