03__configure_app_servers.yml.md

The source files for this tutorial can be downloaded from its GitHub repository, or cloned into your current working directory using the command git clone https://github.com/ionos-cloud/module-ansible.git before changing into the module-ansible/docs/tutorials/06__introducing_the_nat_gateway_and_network_load_balancer sub-directory.

01__create_jumpbox_and_nlb.yml
---
- hosts: app-servers

  vars_files:
    - vars.yml


  tasks:
    # Apply some basic network configurations needed, since these VMs are
    # behind the NAT Gateway and don't have access to a 'full' DHCP server
    - name: Set our default route
      ansible.builtin.shell: "ip route add default via {{ nat_gateway.ip }} || true"


    # Arguably not the most robust solution, but while an approach based upon,
    # say, https://stackoverflow.com/a/67379573 would guarantee the resulting
    # file is always valid, assuming the level of indention doesn't change,
    # the following is simpler, and doesn't remove any comments that said file
    # might contain
    - name: Add our default route to /etc/netplan/50-cloud-init.yaml to make it persistent
      blockinfile:
        path: /etc/netplan/50-cloud-init.yaml
        insertbefore: "match:"
        block: |
          

<div data-gb-custom-block data-tag="filter" data-width='12' data-idth='12' data-first='true'>

          routes:
            - to: default
              via: 192.168.8.1
          

</div>

    - name: Ensure 'DNS=212.227.123.16 212.227.123.17' is in the '[Resolve]' section of /etc/systemd/resolved.conf
      community.general.ini_file:
        path: /etc/systemd/resolved.conf
        section: Resolve
        option: DNS
        value: 212.227.123.16 212.227.123.17
        state: present


    - name: Restart the systemd-resolved service
      ansible.builtin.service:
        name: systemd-resolved
        state: restarted




    - name: Update repositories cache and upgrade the system
      ansible.builtin.apt:
        upgrade: dist
        update_cache: yes
        cache_valid_time: 3600


    - name: Install patch and nginx
      ansible.builtin.package:
        name:
          - patch
          - nginx
        state: present


    # Apply the changes mentioned in https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
    - name: Patch the NGINX config files to support the Proxy Protocol
      ansible.posix.patch:
        src: nginx-config.patch
        basedir: /
        strip: 1
      when: nlb.proxy_protocol != "none"


    - name: And restart NGINX
      ansible.builtin.service:
        name: nginx
        state: restarted
      when: nlb.proxy_protocol != "none"


    - name: Need to recreate the NLB HTTP forwarding rule's targets
      ansible.builtin.debug:
        msg:
          - "NGINX has been configured to support (and expect) the PROXY protocol, however"
          - "until support is also added to the corresponding Ansible module, enabling it"
          - "there will need to be done manually, either via the DCD or an API PATCH call ---"
          - "please see https://docs.ionos.com/cloud/managed-services/network-load-balancer/configure-nlb#create-a-target"
          - "or https://api.ionos.com/docs/cloud/v6/#tag/Network-Load-Balancers/operation/datacentersNetworkloadbalancersForwardingrulesPatch"
          - "for more information"
      when: nlb.proxy_protocol != "none"


    - name: And create our per-host index.html files on the remote servers
      ansible.builtin.template:
        src: templates/index.html.j2
        dest: /var/www/html/index.html

Last updated