Configuring haproxy and webserver using roles in Ansible

As a beginner we usually don’t care much about managing our playbooks since all the code can be easily managed manually. But in the real world, play might be long and complex, with many included or imported files,and with tasks and handlers to manage various situations. Copying all that code into another playbook might be nontrivial work if we want to setup another controller.

To allow easy management and sharing of playbooks roles are used.

What are roles?

Ansible roles provide a way for us to make it easier to reuse ansible code generically. We can package, in a standardized directory structure, all the tasks, variables, files, templates, and other resources needed to provision infrastructure or deploy applications. Copy that role from project to project simply by copying the directory. You can then simply call that role from a play to execute it.

This makes things very easier to manage.

Ansible roles have the following benefits:

  • Roles group content, allowing easy sharing of code with others
  • Roles can be written that define the essential elements of a system type: web server, database server, Git repository, or other purpose
  • Roles make larger projects more manageable
  • Roles can be developed in parallel by different administrators in addition to writing, using, reusing, and sharing your own roles, we can get roles from other sources. Some roles are included as part of Red Hat Enterprise Linux, in the rhel-system-roles package. We can also get numerous community-supported roles from the Ansible Galaxy website and also share our own created roles there.

I would be setting up the haproxy and the webserver. So if you have unfamiliarity with any of them you can look at one of my previous articles here.

Setting up the apache server

So firstly we need to create a role. I would be setting up the apache server first.

ansible-galaxy role init <role_name>

This command creates a role by the name of myapache in the system. The role is actually a folder.

All these folders are like subsections of the main playbook we create. If we want to specify the tasks they go in the tasks folder, the files folder contain the static content, the template folder contains the dynamic content for the playbook etc.

So firstly since I would be setting up the tasks in the tasks folder.

So the tasks specified would be configuring the apache server on the target node. Since I am loading the static content for the webpage I stored it in files folder.

Configuring the haproxy

Now since the apache web server is configured we can move on to the configuration of the haproxy.

For this let’s create another role.

Let’s create the tasks in the tasks folder just like the previous one.

So the task is simple just like the previous one but here we have to store the config file in template folder since the content in the file is dynamic as it changes along with the IP of the backend apache server.

I would show the down the dynamic content in the configuration file.

We are taking the binding port of the reverse proxy as well as the backend port for the webserver as a variable so we need to specify this variable. For this we need to take help of the vars folder.

Now we have everything setup.

Creating the main playbook

The roles we have created can be now used inside playbooks. So let’s create this playbook

Since everything has been already managed inside roles the main configuration file becomes very easy to create. Since the target node is being created as the webserver and the haproxy is configured in localhost I specified two different hosts. Apart from that we just need to call the roles and the playbook runs accordingly.

So let’s check if the setup works or not.

That’s nice the reverse proxy and the webserver are working just like they should have


In this blog I tried highlighting the importance of roles in ansible and why we need it. Then I proceeded to create a webserver and set up reverse proxy using roles.

One thing should be kept in mind that once we have created a role we can easily call it again or share it without any hassle. So once it is made the work becomes far easier.

Thanks :)