Creating LAMP server on Centos

with Vagrant using Ansible

Vagrant and Ansible are both of favourite tools in DevOps culture. Vagrant is to automate infrastructure provisioning your as working with virtualization platform VirtualBox. Ansible is configuration management tool that in our case lamp stack server will be configured with its help on specific VMs that created on Vagrant. LAMP stands for Linux, Apache, MySQL, PHP.

• Setting up Centos VMs over Vagrant
LAMP will be hosted on Centos operating system to be deployed by Vagrant working with VirtualBox to create virtual machine. As prerequisites after downloading Vagrant and VirtualBox according to your main operating system, to confirm installation vagrant --version command can be run in command line as I use terminal by Mac OSX. If command returns a version number like Vagrant 2.2.0 which version is installed, means that it's completed.
Vagrant maintains virtual environment via Vagrantfile enabling automation to configure, which means Vagrantfile is to specify how to provision these machines. Initially it should be created and edited before launching new virtual machines.
In total, three VMs will be created via one Vagrantfile with Vagrant; first one will be agent server that Ansible is installed on it and other VMs - apache and mysql servers will be configured via each playbooks with Ansible over this agent server.
• To start with creating project folder, in terminal;

  $ mkdir lamp

  $ cd lamp

• While in lamp project folder, to initiate a Vagrantfile,

[:lamp]$ vagrant init 

• Optional: Set proxy settings from terminal and install vagrant plugin for proxy,

$ export http_proxy=PROXY_ADDRESS:PROXY_PORT 

$ export https_proxy=PROXY_ADDRESS:PROXY_PORT 

$ vagrant plugin install vagrant-proxyconf

Note: This proxy settings is active as long as the terminal session is open. When you restart your terminal session, these proxy settings for http & https should be implemented again.

Then Vagrantfile created in lamp directory should be opened in text editor that I use SublimeText to configure.
• File > Open File > Select lamp folder > Vagrantfile
Note: After editing, please do not forget to save file.
• For Centos 7 operating system it should be updated accordingly instead of "base".

config.vm.box = "bento/centos-7.3"

• To identify hostname and network values of three VMs to be created, add these lines after latest row 'SHELL' in Vagrantfile accordingly. Eventually each VM / agent - web - db will have assigned private IP addresses with own hostnames.

config.vm.define "agent" do |agent|
 agent.vm.hostname = "agent"
 agent.vm.network "private_network", ip: "192.168.33.10"
end
config.vm.define "web" do |web|
 web.vm.hostname = "apache"
 web.vm.network "private_network", ip: "192.168.33.20"
 web.vm.network "forwarded_port", guest: 80, host: 8080
end
config.vm.define "db" do |db|
 db.vm.hostname = "mysql"
 db.vm.network "private_network" , ip: "192.168.33.30"
end

• Optional: Set proxy settings in Vagrantfile.

  if Vagrant.has_plugin?("vagrant-proxyconf")
      config.proxy.http     = "http://PROXY_ADDRESS:PROXY_PORT/"
      config.proxy.https    = "https://PROXY_ADDRESS:PROXY_PORT/"
      config.proxy.no_proxy = "localhost,127.0.0.1,.example.com"
  end

Note: In Vagrantfile, you'll notice it has configuration keys that can be uncommented erasing #'s and their explanations. When you change configuration in Vagrantfile, you need to activate related commands by erasing '#'s where at the beginning of those lines. config.vm.box is uncommented as default and you can assign in here which operating system you will use as we prefer bento/centos-7.3 corresponding to Centos 7.3. For proxy settings new lines should be added to Vagrantfile not containing as default also as shown above with your own values for proxy ip address and port.
• To bring machines up,

[:lamp]$ vagrant up 

• After waiting for installation, to ssh to agent VM,

[:lamp]$ vagrant ssh agent

Now we are on agent VM and ready to install Ansible.

• To update the latest current version of package,

[vagrant@agent ~]$ sudo yum -y update

• To confirm CentOS 7 EPEL repository is installed,

[vagrant@agent ~]$ sudo yum -y install epel-release

• To install Ansible,

[vagrant@agent ~]$ sudo yum -y install ansible

• To check Ansible is installed,

[vagrant@agent ~]$ ansible --version

After checking Ansible version number, installation is confirmed. To work with multiple hosts like web and db over agent, Hosts file & inventory file should be modified with hostnames & IP Addresses to let the agent server know which machines will be configured by Ansible.

• To edit hosts file via vi editor,

[vagrant@agent ~]$ sudo vi /etc/hosts

• Add two lines of IP addresses with hostnames below.

192.168.33.20  apache
192.168.33.30  mysql

• Move your cursor to the latest line with arrow keys and Press O to insert value in a new line. Then Press Enter to insert other value in a new line.
• Press Esc to return the command mode.
• Press Shift + : (colon), type wq! and press Enter to save it.
• To edit inventory file via vi editor,

[vagrant@agent ~]$ sudo vi /etc/ansible/hosts

• Add lines below accordingly with same approach above.

[webservers]
apache
[databases]
mysql

Now we will make ssh connections to web and db servers over agent server to not ask for password.

• To generate public rsa key pair, press Enter until it's completed,

[vagrant@agent ~]$ ssh-keygen

• After viewing public key with command below, copy ( Ctrl + C ) all output of public key,

[vagrant@agent ~]$ cat .ssh/id_rsa.pub

• To connect web (apache) server, (password:vagrant)

[vagrant@agent ~]$ ssh apache

• After opening authorized_keys file via vi editor with command below, paste your public key as new line.

[vagrant@apache ~]$ vi .ssh/authorized_keys

• Press O to insert value in a new line.
• Press mouse right click to paste your public key.

In Mac OS X, click touchpad to select copy and paste functions.

• To exit from web server and go back agent server,

[vagrant@apache ~]$ logout

• To connect db (mysql) server, (password:vagrant)

[vagrant@agent ~]$ ssh mysql

• After opening authorized_keys file via vi editor with command below, paste your same public key as new line.

[vagrant@mysql ~]$ vi .ssh/authorized_keys

• To exit from db server and go back agent server,

[vagrant@mysql ~]$ logout

ssh connections are done; from agent server as logging to servers with ssh apache and ssh mysql commands as above, it can be checked that it will not ask a password anymore. At the first time, it will ask for 'yes/no' in prompt, type yes.

• To ensure that ansible connects to both of servers,

[vagrant@agent ~]$ ansible all -a "cat etc/hosts"

In output, command will give us host list (apache & mysql) that ansible can connect.

• Create Ansible playbooks for application and database
As configuration management tool, Ansible will have provided pre-configured environment via its playbooks specific to each of application and database servers. Playbook is expressed in YAML format that is human-readable and commonly used for configuration files.
Playbooks can be written in Code & Text editor like Sublime Text 3 that I prefer. Before writing playbook, sublime text will be modified by following.
Before writing playbook, sublime text will be modified by following.
• File > Open Folder > Select lamp folder > click Select Folder

You can see lamp folder and its subfolders on the left header in Sublime Text.

• Right click on lamp folder > New File > File > Save As... > File name = application.yml > Save

application.yml file is located as sub-file of lamp folder and ready to write.


application.yml
web/application configuration management as installing Apache & PHP with required packages also EPEL and web-related package like Webtatic repository, downloading CodeIgniter and modifing its attributes.
• Apache web server installation and EPEL & Webtatic repository adding

  - hosts: webservers
    become: yes
    tasks:
      - name: Install the Apache web server
        yum: name=httpd state=present
      - name: Ensure that Apache is started and enabled on system boot
        service: name=httpd state=started enabled=yes
      - name: Add EPEL repository
        yum_repository:
          name: epel 
          description: EPEL YUM repo 
          baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
      - name: Add public key of EPEL 
        rpm_key:
          state: present
          key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
      - name: Add Webtatic repository
        yum:
          name: https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
          state: present 

hosts - hostnames that specified in ansible inventory file will be configured
become: yes - to run commands as sudo
tasks - to identify multitask for playbook
name - definitions of tasks
yum - package manager that will be used, name=httpd - package that will be installed , state=present - latest version of package to install
service - to identify start/stop/restart services, state=started - to ensure apache started , enabled=yes - to start apache on boot

• Install PHP and related packages, CodeIgniter download and extract & change ownership

      - name: Install PHP 7 and some required packages
        yum: 
          name:
            - mod_php71w
            - php71w-cli
            - php71w-common
            - php71w-gd
            - php71w-mbstring
            - php71w-mcrypt
            - php71w-mysqlnd
            - php71w-xml
            - unzip
            - vim
            - mariadb
          state: present
      - name: Download and extract the CodeIgniter archive to /var/www/html
        unarchive:
          src: https://github.com/bcit-ci/CodeIgniter/archive/3.1.5.zip 
          dest: /var/www/html 
          remote_src: yes
      - name: Change the files ownership to be owned by vagrant 
        file:
          path: /var/www/html
          owner: vagrant
          group: vagrant
          recurse: yes

name - package names to be installed with yum
unarchive - to use unzip module
src - from where you get the file to be unzipped
dest - to where you unzip
remote_src: yes - to identify the file to be unarchived is not a local file from remote source
file - to set attributes of files
path - path to the file being managed
owner - user that should own the file/directory
group - user of the group that should own the file/directory
recurse: yes - to apply the change of ownership to also rest of files underneath of directory specified in path

• Change web home directory to CodeIgniter and Ugly URL to Pretty URL modification

      - name: Change the web home directory to point at /var/www/html/CodeIgniter-3.1.5
        lineinfile: 
          path: /etc/httpd/conf/httpd.conf
          regexp: '^.*DocumentRoot "/var/www/html".*$'
          line: DocumentRoot "/var/www/html/CodeIgniter-3.1.5"
          state: present
        notify:
          - restart Apache
      - name: Ensure that mod_rewrite is enabled in Apache
        lineinfile: 
          path: /etc/httpd/conf.modules.d/00-base.conf
          regexp: '^.*rewrite_module.*$'
          line: 'LoadModule rewrite_module modules/mod_rewrite.so'
          state: present

lineinfile - function to manage lines in file
path - file to be managed
regexp - regular expression to find line to be modified
To search every line with whole text indicated via regular expression starting from ^.* ending with .*$
line - line to be replaced with regexp in file
state: present - to check line is there: if not there, to add it; if there, to change it.
notify - to trigger an action to handlers module
mod_rewrite provides a way to rewrite URLs, it's already uncommented in 00-base.conf file however this step is required to be sure it's enabled.
Ugly URL - www.example.com/index.php?key1=val1&key2=val2
Pretty URL - www.example.com/key1/val1/key2/val2

• Adding handlers module between 'become: yes' and 'tasks' in existing code

- hosts: webservers
  become: yes 
  handlers: 
    - name: restart Apache
      service: name=httpd state=restarted
  tasks:

handlers - to identify list of tasks triggered by notify
name: - should be same as notify action name
state=restarted - to restart Apache specified as name=httpd

htaccess file creation to invoke rewrite rule as second step of URL modification
• Right click on lamp folder > New File > Copy data below to file > File > Save As... > File name = htaccess > Save

RewriteEngine on
RewriteCond $1 !^(index\.php|resources|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]

RewriteEngine on - enables mod_rewrite
RewriteCond $1 !^(index\.php|resources|robots\.txt) - a condition to rewrite as long as $1 doesn't equal on of the files listed to the right of the condition or allow these directories and files to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f - a condition to requested filename is not an existing file
RewriteCond %{REQUEST_FILENAME} !-d - a condition to requested filename is not an existing directory
RewriteRule ^(.*)$ index.php/$1 [L,QSA] - rewrite URL as appending any query strings to the request - QSA and how to add the parameter - $1 with index.php in whole requested path as one parameter - ^(.*)$ then stop processing this .htaccess file - L

• Copy & Allow htaccess to CodeIgniter

    - name: Copy htaccess to CodeIgniter
      copy: 
        src: htaccess
        dest: /var/www/html/CodeIgniter-3.1.5/.htaccess
        owner: vagrant
        group: vagrant
    - name: Allow .htaccess file to be used
      lineinfile: 
        path: /etc/httpd/conf/httpd.conf
        insertafter: '</Directory>'
        line: |
          <Directory "/var/www/html/CodeIgniter-3.1.5">
            AllowOverride all
          </Directory>
      notify:
        - restart Apache

copy - module to copy local file to remote machine
src - filename to be copied
dest - to where you copy
insertafter - to insert the line after a specified string
line: | - to add more then one line

So far all steps in application.yml are done to configure web/application server, we can go through running playbook.

• To run playbook for application.yml file,

[vagrant@agent ~]$ ansible-playbook /vagrant/application.yml

It will take some time to complete process and in prompt task names will showed up while proceeding. Thus every step can be easily followed to confirm it's ok or to look into which step is causing failure. After all process is done, we can check further web/application server is ready.

• To check status of Apache,

[vagrant@agent ~]$ ssh apache

[vagrant@apache ~]$ sudo systemctl status httpd

In output, Started The Apache HTTP Server. is showed up and it works as we expected.

• To check EPEL and Webtatic repositories,

[vagrant@apache ~]$ cd /etc/yum.repos.d/

[vagrant@apache ~]$ ls -l

epel.repo and webtatic.repo are showed up in yum repository list as we expected.

• To check PHP is installed,

[vagrant@apache ~]$ php -v

PHP version number is appeared in output to confirm installation.

• To check ownership of /var/www/html and CodeIgniter directory & its sub-folders,

[vagrant@apache ~]$ ls -l /var/www/html

[vagrant@apache ~]$ ls -l /var/www/html/CodeIgniter-3.1.5/

First command will give CodeIgniter directory in list owned by vagrant for user and group. Second command is to check vagrant user & group for sub-folders of CodeIgniter as well.

• To check CodeIgniter is assigned to web home directory,

[vagrant@apache ~]$ vim /etc/httpd/conf/httpd.conf

• Press / to use search mode in vim editor and type DocumentRoot & press Enter
• Press n for next result or type N for previous result.

DocumentRoot text will be highlighted when you search it, you can confirm it's changed to "/var/www/html/CodeIgniter-3.1.5" from default page "/var/www/html" as we are intended.

Note: Also as typing localhost:8080 in web browser, it can be checked that CodeIgniter is home page now.
• To check mod_rewrite is enabled,

[vagrant@apache ~]$ vim /etc/httpd/conf.modules.d/00-base.conf

mod_rewrite.so can be searched to see it's in there and uncommented.

• To check permission to the use of .htaccess file,

[vagrant@apache ~]$ vim /etc/httpd/conf/httpd.conf

When you search AllowOverride, you will see it's added after the latest </Directory> line.


database.yml
database configuration management including MariaDB installation ensuring it's started and enabled, assigning root password for MySQL, uploading my.cnf as well, creating application database and user & password and also database.php credentials update to connect database server.
• Right click on lamp folder > New File > File > Save As... > File name = database.yml > Save

database.yml file is located as sub-file of lamp folder and ready to write.

• MariaDB installation, started & enabled and set root password for MySQL with also my.cnf uploading

  - hosts: databases
    become: yes
    tasks:
      - name: Ensure that MariaDB is installed
        yum: 
          name:
            - mariadb-server
            - MySQL-python
      - name: Ensure that MariaDB is started and enabled
        service: name=httpd state=present enabled=yes
      - name: Set the root password for MySQL 
        mysql_user:
          name: root
          password: admin
          state: present
      - name: Upload the .my.cnf file to save the credentials
        copy:
          src: my.cnf
          dest: /root/.my.cnf 
          owner: root
          mode: 0600 


my.cnf file creation for root password
• Right click on lamp folder > New File > Copy data below to file > File > Save As... > File name = my.cnf > Save

[client]
user=root
password=admin

MariaDB is free source edition of MySQL
MySQL-python - it's required to use mysql_user services/modules
mysql_user - to manage user and password in MySQL database, password is assigned for root user because root user has empty password as default.
root/admin user can not login any remote host/machine, it's just allowed to login where database is installed
state: present - to make the user exist
my.cnf - other way to assign password for root user as credentials file for MariaDB
owner: root - root is default user however we confirm it with this step
mode: 0600 - read/write permission for only owner not other user & group

• Create application database & user and remove unknown accounts

      - name: Remove anonymous accounts
        mysql_user: 
           name: ''
           host_all: yes
           state: absent
      - name: Create application database 
        mysql_db:
          name: ci_database
          state: present
      - name: Create an application user   
        mysql_user:
          name: ci_user
          password: cipassword
          host: '%'
          priv: ci_database.*:ALL
          state: present

name: '' - to identify anonymous user accounts
host_all: yes - to apply removing to all hostnames
state: absent - to remove account
mysql_db - module to create database
Application user and password are created to connect database server(mysql) from application server(apache). MariaDB was installed in application server as package via application.yml.
host: '%' - to connect all hosts with specified application user and password
priv: ci_database.*:ALL - privilege to access all tables of application database ci_database

CodeIgniter database credentials should be configured to it's able to connect database server. database.php file containing credentials will be copied to lamp folder, edited and uploaded again via application.yml updated with proper values.

• While in agent server to copy database.php to under /vagrant accessible in lamp folder,

$ scp apache:/var/www/html/CodeIgniter-3.1.5/application/config/database.php /vagrant/


In SublimeText to open database.php,
• File > Open File > Select lamp folder > database.php
• Edit credentials values in database.php as below and Save,

    'hostname' => '192.168.33.30',
    'username' => 'ci_user',
    'password' => 'cipassword',
    'database' => 'ci_database',

• To upload database.php, add this step below to bottom of application.yml,

      notify: 
        - restart Apache 
    - name: Upload the database.php file
      copy: 
         src: database.php
         dest: /var/www/html/CodeIgniter-3.1.5/application/config/database.php
         owner: vagrant
         group: vagrant

When we run ansible-playbook /vagrant/application.yml on agent server again, database.php will be uploaded with updated credentials values. To check, login to webserver with ssh apache and run vim /var/www/html/CodeIgniter-3.1.5/application/config/database.php You will see that credential values are same as we updated above.

Finally we have completed database configuration management. We can go through running playbook for database.yml.

• To run playbook for database.yml file,

[vagrant@agent ~]$ ansible-playbook /vagrant/database.yml

It will take some time to complete process same as applicaton.yml. After completed, we can check further database server and connection between application and database.

• To check root password,

[vagrant@agent ~]$ ssh mysql

[vagrant@mysql ~]$ mysql -u root -padmin

MariaDB[(none)]> prompt is showed up. In database server, we are logged into MariaDB with root user and admin password. To exit MariaDB, type exit or \q

• To check connection to database server with application user & password,

[vagrant@agent ~]$ ssh apache

[vagrant@apache ~]$ mysql -u ci_user -pcipassword -h 192.168.33.30

MariaDB[(none)]> prompt is showed up. From web/application server we are logged into MariaDB as connecting database server with ci_user user, cipassword password and 192.168.33.30 IP number of database server.

• Integrating Ansible with Vagrant
So far we have created three VMs for database, web/application and agent server. Over agent server, other both servers are managed and configured according to specified playbooks for each. Actually LAMP stack is ready to use however in this case our intention is to automate to all process integrating ansible with vagrant.
At this time we will launch web/application and database servers directly over local machine not an agent server. So we need to be sure that ansible is installed in local machine that we use MacOSX.
• To install Homebrew - package manager for MacOSX, in terminal;

  $ /usr/bin/ruby -e "$(curl -fsSL 
  https://raw.githubusercontent.com/Homebrew/install/master/install)"

Press Enter and type your password when it requires to complete installation.

• To install ansible with homebrew,

$ brew install ansible

Lastly with ansible --version command as checking version number, installation can be confirmed.

Vagrantfile will be modified to run playbooks, thus vagrant up command will be sufficient to launch pre-configured LAMP stack environment automatically.
• Before integrating, apache and mysql VMs are supposed to be destroyed over terminal,

  [:lamp]$ vagrant destroy web

  [:lamp]$ vagrant destroy db

• Open Vagrantfile in lamp folder to add playbook integratings accordingly,

config.vm.define "agent" do |agent|
 agent.vm.hostname = "agent"
 agent.vm.network "private_network", ip: "192.168.33.10"
end
config.vm.define "web" do |web|
 web.vm.hostname = "apache"
 web.vm.network "private_network", ip: "192.168.33.20"
 web.vm.network "forwarded_port", guest: 80, host: 8080
 web.vm.provision "ansible" do |ansible|
   ansible.playbook = "application.yml"
 end
end
config.vm.define "db" do |db|
 db.vm.hostname = "mysql"
 db.vm.network "private_network" , ip: "192.168.33.30"
 db.vm.provision "ansible" do |ansible|
   ansible.playbook = "database.yml"
 end
end

Vagrantfile is ready however we need to change hosts value in playbooks. With latest changes, Vagrantfile is already updated according to which VM will be configured by specific playbook. On the other hand, webservers and databases values are identified in etc/hosts and etc/ansible/host on agent server that we will not use to connect web/application and database server over it at this time. I mean local machine will not figure out these hosts so changing value to all is required.

• To change hosts to all from webservers value in application.yml

- hosts: all
  become: yes 
  handlers: 
    - name: restart Apache
      service: name=httpd state=restarted
  tasks:

• To change hosts to all from databases value in database.yml

- hosts: all
  become: yes 
  tasks:

All changes are completed and ready to run.

• To bring machines up with pre-configured,

[:lamp]$ vagrant up

While Vagrant is creating VMs also Ansible will run playbooks that specified to each VMs. After completed, we can confirm that they are accessible and configured properly. Vagrant may give error in some cases and quit unexpectedly, you can run vagrant provision command to complete process somehow. Another way to handle instant errors, over VirtaulBox GUI you are able to power off & remove VMs so you can bring VMs up from scratch with vagrant up command.

• To check web/application server login and connection to database server,

[:lamp]$ vagrant ssh web 

[vagrant@apache ~]$ mysql -u ci_user -pcipassword -h 192.168.33.30

MariaDB[(none)]> prompt is showed up so connection is confirmed to database server with database.php credentials.

• To check database server login and root access with password we assigned,

[:lamp]$ vagrant ssh db

[vagrant@mysql ~]$ mysql -u root -padmin

MariaDB[(none)]> prompt is showed up so we can confirm that database server is configured with my.cnf

Finally, we can check access to localhost:8080 in web browser; as we set, CodeIgniter will welcome us.

In conclusion, LAMP stack is prepared in two ways; setting up VMs with Vagrant and configuration with Ansible over agent server, other one is integrating Ansible with Vagrant accessible over local machine directly.
You can find all required files that we worked on from here
Thanks!