Load balancing Django

– name: Setup App Server(s) hosts: app_servers sudo: True vars: home_folder: /home/mark venv: faulty tasks: – ufw: state=enabled logging=on – ufw: direction=incoming policy=deny – ufw: rule=limit port=ssh proto=tcp – ufw: rule=allow port=22 proto=tcp – ufw: > rule=allow port=80 proto=tcp from_ip={{ hostvars['lb']['ansible_default_ipv4']['address'] }} – name: Install python virtualenv apt: name=python-virtualenv – name: Install python dev apt: name=python-dev – name: Install git apt: name=git – name: Checkout Django code git: > repo=https://bitbucket.org/marklit/faulty.git dest={{ home_folder }}/faulty update=no – file: > path={{ home_folder }}/faulty owner=mark group=mark mode=755 state=directory recurse=yes – name: Install Python requirements pip: > requirements={{ home_folder }}/faulty/requirements.txt virtualenv={{ home_folder }}/.virtualenvs/{{ venv }} – template: > src=files/venv_activate.sh dest={{ home_folder }}/.virtualenvs/{{ venv }}/exec mode=755 – command: > {{ home_folder }}/.virtualenvs/{{ venv }}/exec python manage.py syncdb –noinput args: chdir: '{{ home_folder }}/faulty' – command: > {{ home_folder }}/.virtualenvs/{{ venv }}/exec python manage.py migrate args: chdir: '{{ home_folder }}/faulty' – name: Install supervisor apt: name=supervisor – template: > src=files/supervisord.conf dest=/etc/supervisor/conf.d/django_app.conf – command: /usr/bin/supervisorctl reload – supervisorctl: name=web_app state=restarted – supervisorctl: name=celeryd state=restarted – name: Install nginx apt: name=nginx – name: copy nginx config file template: > src=files/nginx-app.conf dest=/etc/nginx/sites-available/default – name: enable configuration file: > dest=/etc/nginx/sites-enabled/default src=/etc/nginx/sites-available/default state=link – service: name=nginx state=restarted The load balancer The load balancer has a simpler task list: Block all incoming traffic except for tcp 22, 80, 443; rate limit ssh..Install Nginx and copy in the self-signed certificates..Copy in the load balancer configuration and launch nginx..- name: Setup Load balancer(s) hosts: load_balancers sudo: True tasks: – ufw: state=enabled logging=on – ufw: direction=incoming policy=deny – ufw: rule=limit port=ssh proto=tcp – ufw: rule=allow port=22 proto=tcp – ufw: rule=allow port=80 proto=tcp – ufw: rule=allow port=443 proto=tcp – apt: name=nginx – name: copy nginx config file template: > src=files/nginx-load-balancer.conf dest=/etc/nginx/sites-available/default – copy: src=files/nginx.key dest=/etc/nginx/ssl/ – copy: src=files/nginx.crt dest=/etc/nginx/ssl/ – name: enable configuration file: > dest=/etc/nginx/sites-enabled/default src=/etc/nginx/sites-available/default state=link – service: name=nginx state=restarted Running the playbook I used the following command to run the playbook and setup the cluster: $ ansible-playbook -i inventory –ask-sudo-pass playbook.yml I then tested that I could communicate via the load balancer. If –insecure is not passed as a flag to curl youll not be able to complete the request as curl is setup to not trust self-signed ssl certificates by default: $ curl –insecure https://lb k2b71#v!l0_sf7y$0)x(=cw2u_^q05etbf9ediptp(#0m+&=^0 81jy$7n=!3ay%p3o%$e!iv8hknbuyl64*o-sue1xcgygp^owlb fne-$j$^qyv*^me3r5kx=p^#*+y!t)gq!^a)9_dhs4afcx2x!2 7s5@po!&)zo#ca=16-o0gmv!440%1$q2xgne+uerpp7@*bt*l8 m!y*$2o)8r(tmf!b(*72$knb$&(gt1jspn&h4tu^s#9-3(+x&b s#(vta0x68#4ihpw1sds06=fjcj9!am8c4c32zy95_0=%==$s( -j(3pnb^4x)##(^@n)&)fe3#zl2mb&(s1qj5#)9%+ng6%sj%7n c02$ahq#t$t)1s12-nj!yolz+v687zpefug_o7!+w7055gt5g$ 7j8v%$)o50ch(-^#q3^7(dtgl3lvg2orirk$e54l&k89jxj#-1 g@^_eanx#*@4&8kg!xi(va^_@@4xyjz7h497$iw*1=^sb797il 88hmb=+c9+^#2r3x$e7nl)nlf8rb^. More details

Leave a Reply