HAProxy/NGINX installation on GCP with Ansible

Task

To install the base packages and to start appropriate services on the nodes

Topology

on Google Cloud Platform Compute Engine

Generate SSH keys on the Master

This is needed to SSH all the nodes from the master

[networkandcode@ansible-master ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/networkandcode/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/networkandcode/.ssh/id_rsa.
Your public key has been saved in /home/networkandcode/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:L7C3LsDLyUQPgWEz63+kKzIRSI3BqiEcniWdkuPzwfQ networkandcode@ansible-master
The key's randomart image is:
+---[RSA 2048]----+
|..@o.            |
| @.X.            |
|B @ ..           |
|*B ooE           |
|oo+o.oo S        |
|o  o+o.o .       |
| . +o+o o .      |
|o . =o.. o       |
| o ..  oo  |
+----[SHA256]-----+

View the public key

[networkandcode@ansible-master ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKidfQW6xyhJQaDrFvUmA3C6bNJvqGVo+7aKe+ZvlTdw46pxYczBP4lMLYbu1nl22KpxDK0HHn60tKgpx3VKkO9WGSKbiFb0UwTaqX4pRjPkVtXER2lRU6M6TxD16HFAQ+w9vIG2f
2lL1ultzqR6OUgDm3jYxUQU+EusNMFKhou9XKPkNfJtKkLIWTPgZkYM/M78uY+GHs2w4ItFf4gJITVXpJPnDruNB5rsFBCErvjF0AIG7xDBYn/Gazx1B5DzSE15TUOEvOZWdk2v7pZr15L9Wk4vrSfwxY5wMnUrglv+5FUNv0hU+8iP
K2xjjO22w8084BWvwjCLHvIiCr5OOj networkandcode@ansible-master

Copy and Paste this on Compute Engine > Metadata > SSH keys

Install nano text editor if required, or use the default vim editor

[networkandcode@ansible-master ~]$ sudo yum install nano

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: mirrors.advancedhosters.com

* epel: mirror.umd.edu

* extras: mirrors.advancedhosters.com

* updates: mirrors.advancedhosters.com

Resolving Dependencies

...

Installed:  nano.x86_64 0:2.3.1-10.el7                                                                                                                                                   Complete!

Install Ansible on the Master

…

Rename the defaults hosts file

This file is handy for any reference

[networkandcode@ansible-master ~]$ sudo mv /etc/ansible/hosts /etc/ansible/hosts-backup

Add a new default hosts file

[networkandcode@ansible-master ~]$ sudo vim /etc/ansible/hosts

[haproxy]haproxy-server[1:2]

[nginx]nginx-web-server[1:2]

Run an adhoc command to test connectivity

type yes(y) when prompted (not shown here)

[networkandcode@ansible-master ~]$ ansible all -a id
haproxy-server1 | CHANGED | rc=0 >>
uid=1000(networkandcode) gid=1001(networkandcode) groups=1001(networkandcode),4(adm),39(video),1000(google-sudoers)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
haproxy-server2 | CHANGED | rc=0 >>
uid=1000(networkandcode) gid=1001(networkandcode) groups=1001(networkandcode),4(adm),39(video),1000(google-sudoers)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
nginx-web-server1 | CHANGED | rc=0 >>
uid=1000(networkandcode) gid=1001(networkandcode) groups=1001(networkandcode),4(adm),39(video),1000(google-sudoers)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
nginx-web-server2 | CHANGED | rc=0 >>
uid=1000(networkandcode) gid=1001(networkandcode) groups=1001(networkandcode),4(adm),39(video),1000(google-sudoers)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Write a playbook

to install haproxy and nginx and to start/enable those services

[networkandcode@ansible-master ~]$ sudo nano playbook.yml
---  # '---' marks the beginning of a YAML file
# anyline that begins with '#' is a comment
# a playbook is a list of plays, each play can have a list of tasks
- name: play to install nginx # play1
 hosts: nginx  # this matches nginx-web-server1 and nginx-web-server2 on the /etc/ansible/hosts file
 tasks:
 - name: task to install nginx  # task1 of play1
   yum:  # yum module of Ansible refers to the yum package manager of Centos7
     name: nginx  # this is the package name
     state: latest  # the latest version of the nginx package will be installed
 - name: tast to activate nginx  # task2 of play1
   service:
     name: nginx
     state: started
     enabled: yes  # to be enabled after when the system starts
- name: play to install haproxy  # play2
 hosts: haproxy  # this matches haproxy-server1 and haproxy-server2 on the /etc/ansible/hosts file
 tasks:
 - name: task to install haproxy  # task1 of play2
   yum:
     name: haproxy
     state: latest
 - name: task to activate haproxy  # task2 of play2
   service:
     name: haproxy
     state: started
     enabled: yes     
...  # '...' marks the end of a YAML file

Run the playbook

[networkandcode@ansible-master ~]$ ansible-playbook playbook.yml
PLAY [play to install nginx] **************************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [nginx-web-server1]
ok: [nginx-web-server2]
TASK [task to install nginx] **************************************************************************************
changed: [nginx-web-server2]
changed: [nginx-web-server1]
TASK [tast to activate nginx] *************************************************************************************
changed: [nginx-web-server1]
changed: [nginx-web-server2]
PLAY [play to install haproxy] ************************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [haproxy-server1]
ok: [haproxy-server2]
TASK [task to install haproxy] ************************************************************************************
changed: [haproxy-server1]
changed: [haproxy-server2]
TASK [task to activate haproxy] ***********************************************************************************
changed: [haproxy-server1]
changed: [haproxy-server2]
PLAY RECAP ********************************************************************************************************
haproxy-server1            : ok=3 changed=2 unreachable=0    failed=0
haproxy-server2            : ok=3 changed=2 unreachable=0    failed=0
nginx-web-server1          : ok=3 changed=2 unreachable=0    failed=0
nginx-web-server2          : ok=3 changed=2 unreachable=0    failed=0

Actually it’s 4 web servers in the topology, not 2, let’s edit the hosts file

[networkandcode@ansible-master ~]$ cat /etc/ansible/hosts
[haproxy]
haproxy-server[1:2]
[nginx]
nginx-web-server[1:4]

Run the playbook again

[networkandcode@ansible-master ~]$ ansible-playbook playbook.yml
PLAY [play to install nginx] **************************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [nginx-web-server2]
ok: [nginx-web-server1]
ok: [nginx-web-server4]
ok: [nginx-web-server3]
TASK [task to install nginx] **************************************************************************************
ok: [nginx-web-server2]
ok: [nginx-web-server1]
changed: [nginx-web-server4]
changed: [nginx-web-server3]
TASK [tast to activate nginx] *************************************************************************************
ok: [nginx-web-server2]
ok: [nginx-web-server1]
changed: [nginx-web-server4]
changed: [nginx-web-server3]
PLAY [play to install haproxy] ************************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [haproxy-server1]
ok: [haproxy-server2]
TASK [task to install haproxy] ************************************************************************************
ok: [haproxy-server1]
ok: [haproxy-server2]
TASK [task to activate haproxy] ***********************************************************************************
ok: [haproxy-server1]
ok: [haproxy-server2]
PLAY RECAP ********************************************************************************************************
haproxy-server1            : ok=3 changed=0 unreachable=0    failed=0
haproxy-server2            : ok=3 changed=0 unreachable=0    failed=0
nginx-web-server1          : ok=3 changed=0 unreachable=0    failed=0
nginx-web-server2          : ok=3 changed=0 unreachable=0    failed=0
nginx-web-server3          : ok=3 changed=2 unreachable=0    failed=0
nginx-web-server4          : ok=3 changed=2 unreachable=0    failed=0

Since Ansible is idempotent, it checked if the desired state already exists on the remote nodes and thus it has not changed any configuration on the first 4 nodes (haproxy1 and 2,  nginx-webserver1 and 2), and it mentions “changed = 0” at the end of playbook execution. It only changed the configuration on nginx-web-server3 and 4, as we edited the hosts file just before running the playbook to include those 2 nodes

--end-of-post--