Automate HAproxy with ansible and AWX
In this article we will show you how update and test the configurations files on 2 failover HAproxy servers using AWX. The goal is to have a single source of truth wich will be a Git repo. This is some kind of GitOps approach that will prevent from unwanted change, keep a trace from changes and facilitate rollbacks.
Both haproxy servers are configured in failover with the keepalived service
A Git repo will contain the Haproxy config files. AWX will be used to validate the configuration files and apply them on the HAproxy servers. FYI AWX is a free web interface using Ansible as backend.
Below an image that summarizes the environment and the flows involved
This public repository contains example yaml and config files that you can use to create your own process: github.com/cisel-dev/haproxy-awx-demo.git
git_haproxy.cfg : This file is the reason why we have created this automation. It contains the configuration we want to apply on HAproxy servers. Below you can find a very simple example of an haproxy.cfg file. Please adapt it according to your needs github.com/cisel-dev/haproxy-awx-demo/blob/..
git_keepalived.conf : This is the keepalived configuration file. If you want to add a listener or frontend in haproxy with a new virtual IP, you will need to declare this IP in keepalived.conf before to be able to use it in haproxy. Here also you will find an example file that you will need to adapt. Note: keepalived config is only needed when you have more than one Haproxy server. github.com/cisel-dev/haproxy-awx-demo/blob/..
clone_git_haproxy_project.yaml : This is the ansible playbook wich is used to clone files from the git repo to haproxy servers. It will also do a first validation of the git_haproxy.cfg file to avoid performing the next steps when the file is not valid. You need to change the project_dir setting to match your setup. github.com/cisel-dev/haproxy-awx-demo/blob/..
keepalived_apply.yaml : This ansible playbook will apply the new keepalived git_keepalived.conf on both servers. The priority between MASTER and SLAVE is configured according to the hostname of the servers. In our case we want to setup HAPROXY01 as master and HAPROXY02 as slave. To do so, the priority will be set to 101 if the server name contains "01" and to 100 if the server name contains "02". You need to change the project_dir setting to match your setup. github.com/cisel-dev/haproxy-awx-demo/blob/..
haproxy_apply.yaml : This playbook will backup the old configuration. Validate the git_haproxy.cfg file and if validate set it as the actual config. Then the haproxy service is restarted to apply the new config file. You need to change the project_dir setting to match your setup. github.com/cisel-dev/haproxy-awx-demo/blob/..
Now that we have all the configuration files and required playbook we need to create the AWX project, templates and workflow.
First we create a new Project that target our dedicated git repository on AWX. By doing this we can then create template with yaml playbooks directly from our Git!
You also need to have your haproxy servers in an inventory. For this example we created a manual inventory with 2 hosts inside, HAPROXY01 and HAPROXY02. Please have a look on inventory script which is realy usefull to populate inventory from other sources dynamicaly (from a CMDB for example).
Then we will have to create 3 task template and 1 workflow to execute these playbooks.
Task templateto execute the clone_git_haproxy_project.yaml
Task template to execute the keepalived_apply.yaml
Task template to execute haproxy_apply.yaml
The Workflow will first execute the clone_git_haproxy_project, then we will apply the keepalived configuration and finally apply the haproxy configuration if valid.
This setup works with 2 HAproxy in failover mode but it can be adapted to be used on standalone haproxy server.
Feel free ask questions in the comment below! cisel.ch