HAProxy Load balancer setup with Ansible

What Is HAProxy?

HAProxy is a free, very fast, and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. Load balancers like HAProxy allow you to split traffic over multiple servers, making it easier to handle. Instead of pointing your IP at your web server, you’d point it at an HAProxy server, which would decide where to send it from there. Since it is light weighted, you can use a single load balancer for many backend servers. 
Since we are going to use the HAProxy as the load balancer for k8s control plane nodes master1 and master2.

Three steps:
1. Install HAproxy software
2. configure backend servers
3. Start the service 

Step1: Installation of haproxy package with Ansible configuration management tool.

$ # execute the below snippet and run the ansible-playbook with the below command.


cat <<EOF> haproxy.yaml 
- name: HAProxy install                                     
   hosts: lb
   gather_facts: no
   become: yes
   tasks:
      - name: Install software
        package:
            name: haproxy
            state: present
EOF     

$ ansible-playbook -i inventory ha-proxy.yaml --ask-become-pass

Step2: Backend Servers block configuration using jinja2 templates. 

create templates folder under the current working directory and use the below template as a reference.

First snippet:

cat <<EOF> templates/haproxy.j2     
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
    bind *:6443
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js

    use_backend static          if url_static
    default_backend             app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
    balance     roundrobin
    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
{%for host in groups['master'] %}
    server {{hostvars[host].inventory_hostname}}  {{hostvars[host].ansible_host}}:6443 check
{%endfor%}
 EOF

second snippet: 

 cat <<EOF> haproxy-config.yaml 
- name: haproxy configuration
  hosts: lb
  become: yes
  tasks:
    - name: haproxy config template
      template:
        src: haproxy.j2
        dest: /etc/haproxy/haproxy.cfg

EOF     

$ ansible-playbook -i inventory haproxy-config.yaml --ask-become-pass


Step3: Start the HAproxy service and validate the service.

# execute the below snippet and run the ansible-playbook with the below command.
 
 cat <<EOF> haproxy-config.yaml   
- name: start the haproxy service
  gather_facts: no
  hosts: lb
  become: yes
  tasks:
      - service: name=haproxy state=started
EOF     

$  ansible-playbook -i inventory haproxy-service.yaml --ask-become-pass

Now that our front-end service was ready, we can move forward to install the control plane and worker nodes setup to form a HA k8s cluster.

Previous: Docker Runtime                                                 Next: Install K8s master plane

Comments

Popular Posts