Burri Akhil Reddy

Automation of reverse proxy and apache websever setup using ansible roles :

ARTH Task 15 :

Burri Akhil Reddy's photo
Burri Akhil Reddy
·

9 min read

Automation of reverse proxy and apache websever setup using ansible roles :

Here I will show how to install and configure the loadbalancer and apache webserver by creating ansible roles for loadbalancer and apache webserver and then use them and configure the required setup

Here you can find how to do the complete setup with ansible playbooks

Creating Ansible role for apache webserver

Firstly to create an ansible role we need to use the command ansible-galaxy role init <ROLE_NAME>. After creating the role we need to write the code to install and configure the apache webserver. We know that as ansible role stores the tasks in tasks/main.yml file we need to edit this file and write the tasks in it. Following are the tasks that we need to create in tasks/main.yml file

  • Configure yum(as I am using RedHat as the Operating System)
  • Install the httpd software
  • Install the php software
  • Copy the php code to the server
  • Copy the configuration file httpd.conf
  • Stop the existing service running on the mentioned port
  • Start the httpd service
  • Configure the firewall to allow the port

To do all the task mentioned above the tasks/main.yml looks as follows

---
# tasks file for myapache
- name : "configuring yum"
  copy :
    src : "yum.repo"
    dest : "/etc/yum.repos.d/reverseproxy.repo"
- name : "installing httpd package for server"
  package :
    name : "httpd"
    state : present
- name : "installing php package for server"
  package :
    name : "php"
    state : present
- name : "removing the index.html file on webserver"
  file :
    path : "/var/www/html/index.html"
    state : absent
- name : "copying the php file to the webserver"
  copy :
    src : "index.php"
    dest : "/var/www/html/index.php"
- name : "copying the httpd configuration file for the server"
  template :
    src : "httpd.conf"
    dest : "/etc/httpd/conf/httpd.conf"
  notify : "restarting httpd service"
- name : "setting the selinux to permissive mode"
  shell : "setenforce 0"
- name : "killing the service running the {{server_port}} port"
  shell : "kill `netstat -tnlp | grep :{{server_port}} | awk '{print $7}' | awk -F/ '{print $1}'`"
  ignore_errors : yes
- name : "starting the httpd service"
  service :
    name : "httpd"
    state : started
- name : "restarting firewall"
  service :
    name : "firewalld"
    state : restarted
- name : "changing settings for firewall"
  firewalld :
    port : "{{server_port}}/tcp"
    state : enabled
    immediate : yes

We can see in this file we have referenced files yum.repo in copy task for yum configuration, index.php in copy task for copying webpages, httpd.conf in template task for configuring httpd server. We need to create files for static files which will be copied to the webserver we use the files folder and for those files which uses the ansible variables we use the templates folder, in my case I created yum.repo, index.php in files folder and httpd.conf in templates folder. To know the contents of these files follow these links yum.repo, index.php, httpd.conf

We can also see that I have used some variable using templating these variables are created in vars/main.yml this file looks as follows

---
# vars file for myapache
server_port : 8084

Similarly, I have done the configuration for haproxy as follows

Creating Ansible role for Loadbalancer

Firstly to create an ansible role we need to use the command ansible-galaxy role init <ROLE_NAME>. After creating the role we need to write the code to install and configure the haproxy service. We know that as ansible role stores the tasks in tasks/main.yml file we need to edit this file and wirte the tasks in it. Following are the tasks that we need to create in tasks/main.yml file

  • Configure yum(as I am using RedHat as the Operating System)
  • Install the haproxy software
  • Copy the configuration file haproxy.cfg
  • Stop the existing service running on the mentioned port
  • Start the haproxy service
  • Configure the firewall to allow the port

To do all the task mentioned above the tasks/main.yml looks as follows

---
# tasks file for myloadbalancer
- name : "configuring yum for all the hosts to install httpd, php and haproxy"
  copy :
    src : "yum.repo"
    dest : "/etc/yum.repos.d/reverseproxy.repo"
- name : "installing haproxy on proxy server"
  package :
    name : "haproxy"
    state : "present"
- name : "copying the haproxy configuration file to proxy server"
  template :
    src : "haproxy.cfg"
    dest : "/etc/haproxy/haproxy.cfg"
  notify : "restarting haproxy service"
- name : "setting selinux to permissive mode"
  shell : "setenforce 0"
- name : "restarting firewall"
  service :
    name : "firewalld"
    state : restarted
- name : "killing the service running on {{proxy_port}} port"
  shell : "kill `netstat -tnlp | grep :{{proxy_port}} | awk '{print $7}' | awk -F/ '{print $1}'`"
  ignore_errors : yes
- name : "starting haproxy service"
  service :
    name : "haproxy"
    state : started
- name : "changing firewall settings"
  firewalld :
    port : "{{proxy_port}}/tcp"
    state : enabled
    immediate : yes

We can see in this file we have referenced files yum.repo in copy task for yum configuration, haproxy.cfg in template task for configuring haproxy server. We need to create files for static files which will be copied to the webserver we use the files folder and for those files which uses the ansible variables we use the templates folder, in my case I created yum.repo and haproxy.cfg in templates folder. To know the contents of these files follow these links yum.repo, haproxy.cfg

Following is the part of code I have used in the haproxy.cfg file to dynamically add hosts and remove hosts from the list of servers

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
{% for i in groups['servers'] %}
    server  app{{loop.index}} {{i}}:{{server_port}} check
{% endfor %}

We can also see that I have used some variable using templating these variables are created in vars/main.yml this file looks as follows

---
# vars file for myapache
server_port : 8084
proxy_port : 80

Testing these roles

To test these roles we need to create a playbook before creating the playbook we need to write the configuration file for the playbook which can either be created in the present working directory as ansible.cfg or in the home directory as .ansible.cfg. The ansible configuration file looks as follows

[defaults]
inventory=<path-to-inventory>
remote_user=root
host_key_checking=false
role_path=<path-to-roles>

To test the roles created above I have created main.yml file which looks as follows

- hosts : servers
  roles :
          - myapache
- hosts : proxy
  roles :
          - myloadbalancer

Note : In the above file I have used the group name these are the only group names that must be used if you are using the same code what I have created

To run the playbook we need to use the command ansible-playbook main.yml

You can find the complete source code here

PHPapacheansible