Ansible for Configuring HAProxy Load Balancer and Web Servers on AWS (Dynamic Inventory)

In this blog, I will demonstrate how I created an Ansible Playbook that can perform the following operations:

1. Configure the web servers on AWS EC2 Instances.

2. Configure the load balancer on AWS Instance.

3. Retrieve the IP Address of instances using the dynamic inventory concept.

4. The target nodes of the load balancer should auto-update as per the status of web servers.

Requirements:

1. Ansible is configured on the Control Node.
2. EC2 Instances for web servers should be running with Tag (Name: webservers)
3. EC2 Instance for load balancer should be running with Tag (Name: loadbalancer)
4. You should have an IAM User with Programmatic access and PowerUserAccess permission on AWS Cloud. Because you will require the access key and secret key for the dynamic inventory.
5. You should also have the keypair downloaded to your system that was used while launching the EC2 Instances.

NOTE: Perform all the steps from Control Node.

Step 1: Establish Password-less Authentication between Control Node and Managed Nodes

First, we need to change the permissions of the key pair that we have downloaded from AWS.

$ chmod 400 [key_name]

In Linux, ssh-agent is a background program that handles passwords for SSH private keys. The ssh-add command prompts the user for a private key password and adds it to the list maintained by ssh-agent. Once you add a password to thessh-agent, you will not be prompted for it when using SSH or scp to connect to hosts with your public key.

$ ssh-add [key_name]

First, you need to generate authentication key pairs using ssh-keygen in case you haven’t already.

Ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

$ ssh-keygen

Now, copy this generated public key to all the managed nodes.

ssh-copy-id installs an SSH Key on a server as an authorized key. Its purpose is to provide access without requiring a password for each login. This facilitates automated, passwordless logins and single sign-on using the SSH protocol.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub ec2-user@[IP_OF_INSTANCES]

Replace the IP_OF_INSTANCES with the IP Address of all the managed nodes one by one.

Step 2: Dynamic Inventory files.

Url: https://github.com/mtabishk/ansible-playbooks/tree/main/dynamic_inventory/myinventories

Use this URL to download the dynamic inventory files (ec2.py and ec2.ini) for AWS EC2 and store them in the inventory directory.

$ mkdir inventory/

$ cp ec2.py inventory/

$ cp ec2.ini inventory/

Create the environmental variables in your shell:

$ export AWS_ACCESS_KEY_ID=’YOUR_ACCESS_KEY'

$ export AWS_SECRET_ACCESS_KEY=’YOUR_SECRET_KEY'

Step 3: Create Ansible Configuration File in your workspace.

$ vim ansible.cfg

Now as the ansible is configured we can list the hosts:

$ ansible all — list-hosts

$ ansible tag_name_webservers — list-hosts

$ ansible tag_name_load_balancer — list-hosts

Step 4: Create Playbook and other files.

My directory structure looks like this:

You can download these files from: https://github.com/mtabishk/ansible-playbooks/tree/main/haproxy_aws_ec2

$ vim conf_load_balancer_aws.yml

$ vim haproxy.cfg.j2

$ vim index.php.j2

Step 5: Run the Playbook.

$ ansible-playbook conf_load_balancer_aws.yml

As you can see playbook has run successfully. Now we can use the HTTP://[LOAD_BALANCER_IP]:[PORT] to check the load balancing on our webservers.

That’s all for today! I’ll be back with some new articles very soon, thanks! 🤗

Muhammad Tabish Khanday

LinkedIn: https://www.linkedin.com/in/mtabishk/

More content at plainenglish.io