Configuring reverse proxy that is Haproxy and updating its configuration file automatically over AWS using instance with dynamic inventory.
✔️Provisioning ec2 instances using ansible
✔️Retrieving the IP address of instances using dynamic inventory
✔️Configuring the web server and load balancer using the ansible role
✔️configuring load balancer using ansible role target
✔️Automatically updating HAproxy.cfg file of load balancer as new backend server launched in ec2 service.
- Provisioning ec2 instances using ansible
Since to launch instance we need to provide our access key and secret key to our playbook for which we need to provide it in a secure way
so, we can secure such sensitive data using ansible vault.
•What is Ansible-vault?
Ansible Vault encrypts variables and files so you can protect sensitive content such as passwords or keys rather than leaving it visible as plaintext in playbooks or roles. To use Ansible Vault you need one or more passwords to encrypt and decrypt content. If you store your vault passwords in a third-party tool such as a secret manager, you need a script to access them. Use the passwords with the ansible-vault command-line tool to create and view encrypted variables, create encrypted files, encrypt existing files, or edit, re-key, or decrypt files.
• Creating vault and storing the AWS access key and secret key there.
Now, before Creating Playbook for launching ec2 instance need to add privilege escalation
- What is privilege escalation?
Ansible uses existing privilege escalation systems to execute tasks with root privileges or with another user’s permissions. Because this feature allows you to ‘become’ another user, different from the user that logged into the machine (remote user), we call it
so, go in ansible configuration file
Now, Creating Playbook to launch ec2 instance in AWS
here, we are launching 3 instance for webserver and 1 for load balancer
Note: since, we have launched ec2-instance every time you launch or start instance its IP Address changes . thus, we need some program which would itself go to our AWS account and retrieve IP from there, this program is nothing but dynamic inventory.
downloading this pre created dynamic inventory using python. this inventory used boto3 module. using which it automatically goes to our AWS account and retrieves the IP-Address . for which we need to give our access key and secret key, we can simply save them in environment variable.
copied these file in a folder /etc/dinv
and this path to ansible configuration file
to make ansible run dynamic inventory while running final playbook you need to make them executable
You can check this using command
Now, creating role for webserver and loadbalancer
Adding Handler to notify if there are any changes in haproxy.cfg file.
To update haproxy configuration file automatically on each time new Managed node added jinja for loop that will get all IP address from group tag_Name_ansiblewebserver that consist of IP of the webserver.
Note: when ansible run the dynamic inventory behind the scene this inventory creates several groups based on tag given to ec2-instances
so, this group is used in this for loop in haproxy.cfg file , you can check those groups using command
Creating role for webserver
Creating main playbook:
assigned hosts referring these group created by dynamic inventory.
Running the playbook awslb.yml
I hope you all find my blog interesting and informative !!!