In a previous post How to use Ansible to automate the configuration and deployment of load balancers, I covered how to get started with Ansible configuration with Kemp 360 Central and Kemp LoadMaster’s. In this post, I will show how to utilise Ansible via Kemp 360 Central to provide high availability for a Learning Management System (LMS) called Blackboard Learn using Kemp’s LoadMaster.
Getting Started
1. Install Ansible
Follow the installation guide at https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html.
2. Download and extract
the kemp-ansible module from Kemp’s website at https://kemptechnologies.com/kemp360/ansible-module/ Extract this module to somewhere on your system, like /home/configuration/ The Kemp Ansible module reference guide is available at https://support.kemptechnologies.com/hc/en-us/articles/360035479011/
3. Configure Ansible to recognise our modules
Typically Ansible modules are distributed by Ansible themselves, and as our Kemp Ansible module is released currently under Technical Preview, we have to tell Ansible where it is. The Kemp Ansible module contains the core library modules, utility modules and example playbooks for working with Kemp LoadMaster. In order to use the Kemp modules in playbooks, we must create an ansible.cfg file in the directory where we execute the playbooks, to tell Ansible where to find them. Create a file called
ansible.cfg
And add the following lines:
[defaults] library = /home/path/to/kemp_ansible/library/ odule_utils = /home/path/to/kemp_ansible/module_utils/
Ansible playbook runs executed from this directory will identify the config and load the necessary Kemp-specific libraries for use.
4. Choosing values for the playbook run:
Now we can go ahead and fill out required values in the blackboardHTTPS playbook located in the /examples/ folder. This playbook will configure the LoadMaster to your BlackBoard Learn application serversHowever, this playbook will not set any configuration options on your Blackboard Learn application severs directly, either these options will have to be set manually on the application server instances, or the playbook expanded to utilise another module dedicated to configuration BlackBoard Learn application servers. Please refer to:https://help.blackboard.com/Learn/Administrator/Hosting/Performance_Optimization/Load_Balancing for more information on how BlackBoard Learn handles load balancing infrastructure and for values that need to be explicitly set in your application servers configuration.The blackboardHTTPS example playbook is already pre-configured to create the necessary forwarding rules and virtual services required by BlackBoard Learn, such as HTTP to HTTP redirection, health checking, cookie persistence and cookie timeout.
Kemp’s deployment guide for Blackboard Learn was utilized to create the playbook configuration. Please refer to:
https://support.kemptechnologies.com/hc/en-us/articles/203857945 for more information.
All we need to do is choose the balancing method (Round-Robin or Least-Connection are recommended, and the latter is set by default) and fill out the required values for IP addresses for the Blackboard application servers.
Kemp360 Central/LoadMaster specific Values
central_address | The IP address of the Kemp360 Central that manages your LoadMaster. |
central_api_key | Please refer to step 4 of my previous post: https://kemptechnologies.com/blog/how-to-use-ansible-to-automate-the-configuration-and-deployment-of-load-balancers/ to get the required Kemp360 Central API key. |
lm_address | The IP address of the LoadMaster that will balance your BlackBoard traffic. |
vs_ip | The Virtual Service IP that acts as the endpoint for users accessing your application |
Adding more BlackBoard Learn serversEach BlackBoard Learn application server is identified in the playbook by the real_server section located at the bottom of the file that look like this:
name: Add BlackboardLearn Application server 1 as RealServer real_server: central_address: '{{ central_address }}' username: '{{ central_username }}' lm_address: '{{ lm_address }}' lm_port: '{{ lm_port }}' api_key: '{{ central_api_key }}' vs_ip: '{{ vs_ip }}' vs_port: 443 vs_prot: 'tcp' rs_ip: '{{ blackboard_server_1}}' rs_port: '{{ blackboard_server_1_port }}' rs_enable: 'Y'
This adds the learn application server found at the ip/port combination blackboard_server_1:blackboard_server_1_port to the HTTPS virtual service defined above, which allows the Virtual Service to use these as part of the balancing pool. If you have more Blackboard Learn application servers, copy-paste this section in the playbook and set the rs_ip and rs_port values to the ip/port combination of your application server.
Custom certificates for authenticationAs part of your configuration, if you choose to enable TLS re-encryption , you will need to provide a certificate for the LoadMaster to use. This is straightforward; Under the vars section of the playbook, add a variable with the path to your certificate on the local system:
ssl_cert_path: '/absolute/path/to/certificate.pem'
Add a new task before the “Create BBLearn HTTPS Virtual Service on LM” task with the following layout:
- name: Upload Certificate
cert_management:
lm_address: '{{ lm_address }}'
lm_port: '{{ lm_port }}'
central_address: '{{ central_address }}'
central_username: '{{ central_username }}'
cert_name: 'myCertificate'
cert_file: '{{ ssl_cert_path }}'
replace: 0
intermediate: 0
central_api_key: '{{ central_api_key }}'
This will upload the specified certificate PEM file to your LoadMaster, which allows it to be used in the “Create BBLearn HTTPS Virtual Service on LM” task.
To apply it to that virtual service, in the virtual service task add the parameter:
cert_name: “myCertificate” |
Now when the playbook runs, it will first upload the certificate you specified, and during creation of the virtual service, it can reference the certificate on the LoadMaster by name to apply it to the Virtual Service.
5. Run your playbook
Once we save our playbook, we can execute:ansible-playbook “/path/to/our/playbooks/blackboardLearnHTTPS.yml”
to push our desired configuration to our LoadMaster via Kemp 360 Central. If the playbook runs successfully, it will return a message indicating what values were changed or updated on the LoadMaster, otherwise, it will return a concise message indicating what value could not be set.
And that’s it! With Ansible/Kemp360 Central we can now define our traffic management services declaratively and make your Blackboard LMS highly available with one click.
Reference: Blackboard LMS LoadMaster Playbook
name: HTTPS Blackboard Learn High Availability configuration hosts: localhost Global settings must be enabled manually on the LoadMaster for now. Go to System Configuration > Miscellaneous Options > L7 Configuration On the LoadMaster web interface and set [Additional L7 Header] option to 'X-Forwarded-For' If Realservers are in a seperate subnet, go to System Configuration > Miscellaneous Options > Network Options. and enable 'Subnet Originating Requests' globally also. vars: central_address: '' central_username: 'Admin' # only Admin can execute ansible playbooks on Central central_api_key: '' lm_address: '' lm_port: '' vs_ip: '' blackboard_server_1: '' blackboard_server_1_port: '' blackboard_server_2: '' blackboard_server_2_port: '' tasks: - name: Create AddHeader Content Rule X_Forwarded_Proto add_header_rule: lm_address: '{{ lm_address }}' lm_port: '{{ lm_port }}' central_address: '{{ central_address }}' username: '{{ central_username }}' api_key: '{{ central_api_key }}' name: 'X_Forwarded_Proto' header: 'X-Forwarded-Proto' replacement: 'httpsX-Forwarded-For' - name: Create BBLearn HTTPS Virtual Service on LM virtual_service: central_address: '{{ central_address }}' central_username: '{{ central_username }}' central_api_key: '{{ central_api_key }}' lm_address: '{{ lm_address }}' lm_port: '{{ lm_port }}' enable: 'Y' vs_ip: '{{ vs_ip }}' vs_port: '443' vs_protocol: 'tcp' nickname: 'BlackBoard Learn HTTPS Ansible' vs_type: 'http' ssl_acceleration: 1 transparent: 0 persist: 'active-cookie' persist_timeout: 14400 persistence_cookie: 'KempBBCookie' schedule: 'Least-Connection' cache: 1 cache_percent: "20" compress: 1 add_via: 1 check_type: 'http' check_url: '/webapps/portal/healthCheck' request_rules: [ 'X_Forwarded_Proto' ] - name: Create BBLearn HTTP Redirect on LM virtual_service: central_address: '{{ central_address }}' central_username: '{{ central_username }}' central_api_key: '{{ central_api_key }}' lm_address: '{{ lm_address }}' lm_port: '{{ lm_port }}' enable: 'Y' vs_ip: '{{ vs_ip }}' vs_port: 80 vs_protocol: 'tcp' nickname: 'BlackBoard Learn HTTP Redirect Ansible' vs_type: 'http' subnet_originating: 0 error_code: 302 error_url: 'https://%h%s' - name: Add BlackboardLearn Application server 1 as RealServer real_server: central_address: '{{ central_address }}' username: '{{ central_username }}' lm_address: '{{ lm_address }}' lm_port: '{{ lm_port }}' api_key: '{{ central_api_key }}' vs_ip: '{{ vs_ip }}' vs_port: 443 vs_prot: 'tcp' rs_ip: '{{ blackboard_server_1}}' rs_port: '{{ blackboard_server_1_port }}' rs_enable: 'Y' - name: Add BlackboardLearn Application server 2 as RealServer real_server: central_address: '{{ central_address }}' username: '{{ central_username }}' lm_address: '{{ lm_address }}' lm_port: '{{ lm_port }}' api_key: '{{ central_api_key }}' vs_ip: '{{ vs_ip }}' vs_port: 443 vs_prot: 'tcp' rs_ip: '{{ blackboard_server_2}}' rs_port: '{{ blackboard_server_2_port }}' rs_enable: 'Y'