├── CONTRIBUTING.md
├── group_vars
├── all
└── dbservers
├── roles
├── db
│ ├── templates
│ │ └── my.cnf.j2
│ └── tasks
│ │ └── main.yml
├── common
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
└── web
│ ├── tasks
│ ├── copy_code.yml
│ └── main.yml
│ └── templates
│ └── index.php.j2
├── hosts
├── site.yml
├── LICENSE
├── README.md
└── CODE_OF_CONDUCT.md
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | Contributors are welcome.
2 |
--------------------------------------------------------------------------------
/group_vars/all:
--------------------------------------------------------------------------------
1 | ---
2 | repository: https://github.com/bennojoy/mywebapp.git
--------------------------------------------------------------------------------
/roles/db/templates/my.cnf.j2:
--------------------------------------------------------------------------------
1 | [client]
2 | user=root
3 | password='{{ mysql_root_pw }}'
--------------------------------------------------------------------------------
/hosts:
--------------------------------------------------------------------------------
1 | [webservers]
2 | client1.example.com
3 |
4 | [dbservers]
5 | client2.example.com
6 |
--------------------------------------------------------------------------------
/roles/common/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart ssh
3 | service: name=sshd state=restarted
--------------------------------------------------------------------------------
/group_vars/dbservers:
--------------------------------------------------------------------------------
1 | ---
2 | # Database system variables
3 | mysqlservice: mysqld
4 | mysql_port: 3306
5 | dbuser: webapp
6 | dbname: ANSAP01
7 | upassword: Bond@007
8 | masterpassword: MySQL@007
--------------------------------------------------------------------------------
/roles/web/tasks/copy_code.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # These tasks are responsible for copying the latest dev/production code from
3 | # the version control system.
4 |
5 | - name: Copy the code from repository
6 | git: repo={{ repository }} dest=/var/www/html/ force=yes
7 |
8 | - name: Creates the index.php file
9 | template: src=index.php.j2 dest=/var/www/html/index.php
10 |
11 | - name: Delete index.html if exists
12 | file: path=/var/www/html/index.html state=absent
--------------------------------------------------------------------------------
/site.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # CentOS 7 LAMP Stack
3 | # Author: Arockiasamy K
4 | # Version: 1.0
5 |
6 | - name: Apply for common configuration to all the nodes
7 | hosts: all
8 | remote_user: root
9 |
10 | roles:
11 | - common
12 |
13 | - name: deploy MySQL and configure databases
14 | hosts: dbservers
15 | remote_user: root
16 |
17 | roles:
18 | - db
19 |
20 | - name: deploy Apache, PHP and configure website code
21 | hosts: webservers
22 | remote_user: root
23 |
24 | roles:
25 | - web
--------------------------------------------------------------------------------
/roles/common/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook is to perform common tasks.
3 |
4 | - name: Enable Firewall on all the hosts
5 | service: name=firewalld state=started enabled=yes
6 |
7 | - name: Enable the firewall port for SSH
8 | firewalld: port=22/tcp permanent=true state=enabled immediate=yes
9 |
10 | - name: Disallow password authentication
11 | lineinfile: dest=/etc/ssh/sshd_config
12 | regexp="^PasswordAuthentication"
13 | line="PasswordAuthentication no"
14 | state=present
15 | notify: restart ssh
--------------------------------------------------------------------------------
/roles/web/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Playbook for Web Server
3 |
4 | - name: Install httpd and php
5 | yum: name={{ item }} state=present
6 | with_items:
7 | - httpd
8 | - php
9 | - php-mysql
10 |
11 | - name: Install web role specific dependencies
12 | yum: name={{ item }} state=installed
13 | with_items:
14 | - git
15 |
16 | - name: Start & Enable Apache Server to start on boot
17 | service: name=httpd state=started enabled=yes
18 |
19 | - name: Enable the firewall port for Apache
20 | firewalld: port=80/tcp permanent=true state=enabled immediate=yes
21 |
22 | - include: copy_code.yml
--------------------------------------------------------------------------------
/roles/web/templates/index.php.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 | Ansible Application
4 |
5 |
6 |
7 | Homepage
8 |
9 | ";
13 | echo "List of Databases: ";
14 | {% for host in groups['dbservers'] %}
15 | $link = mysqli_connect('{{ hostvars[host].ansible_default_ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysqli_connect_error($link));
16 | {% endfor %}
17 | $res = mysqli_query($link, "SHOW DATABASES;");
18 | while ($row = mysqli_fetch_assoc($res)) {
19 | echo $row['Database'] . "\n";
20 | }
21 | ?>
22 |
23 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2017 arocki7
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # ansible-centos7-lamp
2 | Ansible Playbook to create LAMP in CentOS 7 with Apache, MySQL, PHP.
3 | -------------------------------------------
4 |
5 | This playbook require Ansible 2.3.2.0.
6 |
7 | This playbook has been tested on CentOS 7.x.
8 |
9 | CentOS 7 version reflects changes in Red Hat Enterprise Linux and CentOS 6:
10 | 1. Network device naming scheme has changed
11 | 2. iptables is replaced with firewalld
12 | 3. MySQL is replaced with MariaDB - We use MySQL Community Version
13 |
14 | This LAMP stack can be on a single node or multiple nodes. The inventory file
15 | 'hosts' defines the nodes in which the stacks should be configured.
16 |
17 | [webservers]
18 | ipaddress
19 |
20 | [dbservers]
21 | ipaddress
22 |
23 | You can create Digital Ocean droplets and use their IP addresses.
24 | Make sure that you have SSH Key installed and have direct root access.
25 | Mention the webservers and dbservers in hosts file and run the playbook using
26 | the below command:
27 |
28 | ansible-playbook -v -i hosts site.yml
29 |
30 | Once done, you can check the results by browsing to http://ipaddress/.
31 | You should see a simple test page and a list of databases retrieved from the
32 | database server.
--------------------------------------------------------------------------------
/roles/db/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # This playbook is to perform MySQL installations.
3 |
4 | - name: Install MySQL Software Repo
5 | yum:
6 | name: http://repo.mysql.com/mysql57-community-release-el7-10.noarch.rpm
7 | state: present
8 |
9 | - name: Install MySQL Database
10 | yum: name=mysql-server state=present
11 |
12 | - name: Install MySQL-python
13 | yum: name=MySQL-python state=present
14 |
15 | - name: Start & Enable MySQL Server to start on boot
16 | service: name=mysqld state=started enabled=yes
17 |
18 | - shell: grep 'temporary password' /var/log/mysqld.log | awk '{print $NF}';
19 | register: result
20 | - set_fact:
21 | mysql_root_pw: "{{ result.stdout }}"
22 |
23 | - stat: path=/root/.my.cnf
24 | register: sym
25 | - set_fact: mysql_root_pw="{{ masterpassword }}"
26 | when: sym.stat.exists == True
27 |
28 | - name: install .my.cnf with credentials
29 | template: src=my.cnf.j2 dest=/root/.my.cnf
30 | mode=0400
31 | tags: my_cnf
32 |
33 | - name: Set the root password for MySQL Database
34 | command: mysql -u root --connect-expired-password --execute="SET PASSWORD = PASSWORD('{{ masterpassword }}');"
35 |
36 | - set_fact:
37 | mysql_root_pw: "{{ masterpassword }}"
38 |
39 | - name: install .my.cnf with credentials
40 | template: src=my.cnf.j2 dest=/root/.my.cnf
41 | mode=0400
42 | tags: my_cnf
43 |
44 | - name: Create the database for website
45 | mysql_db: name={{ dbname }} state=present
46 |
47 | - name: Create the Application user for the database
48 | mysql_user: name={{ dbuser }} password={{ upassword }} priv='*.*:ALL' host='%' state=present
49 |
50 | - name: Enable the firewall port for MySQL
51 | firewalld: port={{ mysql_port }}/tcp permanent=true state=enabled immediate=yes
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Contributor Covenant Code of Conduct
2 |
3 | ## Our Pledge
4 |
5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
6 |
7 | ## Our Standards
8 |
9 | Examples of behavior that contributes to creating a positive environment include:
10 |
11 | * Using welcoming and inclusive language
12 | * Being respectful of differing viewpoints and experiences
13 | * Gracefully accepting constructive criticism
14 | * Focusing on what is best for the community
15 | * Showing empathy towards other community members
16 |
17 | Examples of unacceptable behavior by participants include:
18 |
19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances
20 | * Trolling, insulting/derogatory comments, and personal or political attacks
21 | * Public or private harassment
22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission
23 | * Other conduct which could reasonably be considered inappropriate in a professional setting
24 |
25 | ## Our Responsibilities
26 |
27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
28 |
29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
30 |
31 | ## Scope
32 |
33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
34 |
35 | ## Enforcement
36 |
37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at arocki7@yahoo.co.uk. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
38 |
39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
40 |
41 | ## Attribution
42 |
43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
44 |
45 | [homepage]: http://contributor-covenant.org
46 | [version]: http://contributor-covenant.org/version/1/4/
47 |
--------------------------------------------------------------------------------