In this article we will show you what we have set up to automatically update and test the configurations files on 2 failever HAproxy servers.
Both haproxy servers are configured in failover with the keepalived service
We will have a Git repo as the only source of truth, then AWX which will be used to validate the configuration files and apply them on the HAproxy servers.
This setup is in order to avoid uncontrolled changes on your HAproxy config and allow easy rollbacks.
Below an image that summarizes the environment and the flows involved
This public repository contains example yaml and config files that you can use to create your own process: https://github.com/cisel-dev/haproxy-awx-demo.git
-
git_haproxy.cfg : This file is the reason why we have created this automation. It contains the configuration we want to apply on HAproxy servers. Below you can find a very simple example of an haproxy.cfg file. Please adapt it according to your needs https://github.com/cisel-dev/haproxy-awx-demo/blob/main/haproxy.cfg
-
git_keepalived.conf : This is the keepalived configuration file. If you want to add a listener or frontend in haproxy with a new virtual IP, you will need to declare this IP in keepalived.conf before to be able to use it in haproxy. Here also you will find an example file that you will need to adapt. https://github.com/cisel-dev/haproxy-awx-demo/blob/main/keepalived_apply.yaml
-
clone_git_haproxy_project.yaml : This playbook is used to clone files from the git repo to haproxy servers. It will also do a first validation of the git_haproxy.cfg file to avoid performing the following steps if the file is not valid. You need to change the project_dir setting to match your setup. https://github.com/cisel-dev/haproxy-awx-demo/blob/main/clone_git_haproxy_project.yaml
-
keepalived_apply.yaml : This playbook will apply the new keepalived git_keepalived.conf on both servers. The priority between MASTER and SLAVE is configured according to the hostname of the servers. In our case we want to setup HAPROXY01 as master and HAPROXY02 as slave. To do so, the priority will be set to 101 if the server name contains "01" and to 100 if the server name contains "02". You need to change the project_dir setting to match your setup. https://github.com/cisel-dev/haproxy-awx-demo/blob/main/keepalived_apply.yaml
-
haproxy_apply.yaml : This playbook will backup the old configuration. Validate the git_haproxy.cfg file and if validate set it as the actual config. Then the haproxy service is restarted to apply the new config file. You need to change the project_dir setting to match your setup. https://github.com/cisel-dev/haproxy-awx-demo/blob/main/haproxy_apply.yaml
Now that we have all the configuration files and required playbook we need to create the AWX project, templates and workflow.
First we create a new Project that target our dedicated git repository
You also need to have your haproxy servers in an inventory. For this example we created a manual inventory with 2 hosts inside, HAPROXY01 and HAPROXY02. In reality we use dynamic inventories that are interfaced with service-now or other inventory/cmdb tools.
Then we will have to create 3 jobs and 1 workflow to execute these playbooks.
Job to execute the clone_git_haproxy_project.yaml
Job to execute the keepalived_apply.yaml
Job to execute haproxy_apply.yaml
The Workflow will first execute the clone_git_haproxy_project, then we will apply the keepalived configuration and finally apply the haproxy configuration if valid.
As a first try you can copy your actual and working haproxy and keepalived config to your repo and then execute the workflow.
This setup works with 2 HAproxy in failover mode but it can be adapted to be used on standalone haproxy server.
Feel free to contact us directly if you have any question at cloud@cisel.ch https://www.cisel.ch
CISEL | CISEL | CISEL |
---|---|---|
FCA | SME | QBA |
Reach us at one of the following places!
- Website at
cisel.ch
- LinkedIn at
CISEL Informatique SA
- We used the readme.md example from fvcproductions pour créer ce template.
- Copyright 2020 © CISEL.