Giter VIP home page Giter VIP logo

lamp's Introduction

Circle CI Description

This is a template for deploying a LAMP stack on a single Linux server. This template is leveraging ansible with a chef-solo wrapper to setup the server.

Requirements

  • A Heat provider that supports the Rackspace OS::Heat::ChefSolo plugin.
  • An OpenStack username, password, and tenant id.
  • python-heatclient >= v0.2.8:
pip install python-heatclient

We recommend installing the client within a Python virtual environment.

Example Usage

Here is an example of how to deploy this template using the python-heatclient:

heat --os-username <OS-USERNAME> --os-password <OS-PASSWORD> --os-tenant-id \
  <TENANT-ID> --os-auth-url https://identity.api.rackspacecloud.com/v2.0/ \
  stack-create LAMP-Stack -f lamp.yaml -P flavor="4 GB Performance"
  • For UK customers, use https://lon.identity.api.rackspacecloud.com/v2.0/ as the --os-auth-url.

Optionally, set environmental variables to avoid needing to provide these values every time a call is made:

export OS_USERNAME=<USERNAME>
export OS_PASSWORD=<PASSWORD>
export OS_TENANT_ID=<TENANT-ID>
export OS_AUTH_URL=<AUTH-URL>

Parameters

Parameters can be replaced with your own values when standing up a stack. Use the -P flag to specify a custom parameter.

  • server_hostname: Sets the hostname of the server. (Default: web)
  • image: Operating system to install (Default: CentOS 6.5 (PVHVM))
  • flavor: Cloud server size to use. (Default: 1 GB Performance)
  • phpmyadmin_user: User name for the first factor of logging into phpMyAdmin. (Default: serverinfo)
  • kitchen: URL for the kitchen to clone with git. The Chef Solo run will copy all files in this repo into the kitchen for the chef run. (Default: https://github.com/rillip3/ChefAnsibleWrapper/)
  • chef_version: Chef client version to install for the chef run. (Default: 11.12.8)

Outputs

Once a stack comes online, use heat output-list to see all available outputs. Use heat output-show <OUTPUT NAME> to get the value fo a specific output.

  • private_key: SSH private that can be used to login as root to the server.
  • server_ip: Public IP address of the cloud server
  • phpmyadmin_url: URL to the phpMyAdmin installation.
  • phpmyadmin_user: Username for the first factor of authentication for phpMyAdmin
  • phpmyadmin_password: Password for the first factor of authentication for phpMyAdmin
  • mysql_root_password: MySQL Root Password

For multi-line values, the response will come in an escaped form. To get rid of the escapes, use echo -e '<STRING>' > file.txt. For vim users, a substitution can be done within a file using %s/\\n/\r/g.

Stack Details

Getting Started

This deployment is intended for small workloads, such as a site in development. For a larger work load, consider using the PHP Application Deployment instead, as it will provide a much better setup for scaling production workloads.

What is provided

This deployment configures a Cloud Server running Apache, MySQL, PHP, and phpMyAdmin. A simple firewall rule set is configured allowing access to Apache and SSH.

Logging in via SSH

The private key provided in the passwords section can be used to login as root via SSH. We have an article on how to use these keys with Mac OS X and Linux as well as Windows using PuTTY.

Details of Your Setup

Apache v2.2 is installed on Red Hat Enterprise Linux 6, CentOS 6, Debian 7, Ubuntu 10.04 and 12.04. Ubuntu 14.04 and CentOS 7 come with Apache 2.4.

MySQL v5.1 is installed on Ubuntu 10.04. MySQL v5.5 is installed on Ubuntu 12.04, 14.04, Redhat Enterprise Linux 6 and CentOS 6. MariaDB is the default on CentOS 7.

The MySQL root password is recorded in root's home directory in the file .my.cnf and in the View Generated Passwords dialog. Daily database backups are taken using Holland. A rotating seven days of database dumps are stored in /var/lib/mysqlbackup.

PHP is installed at v5.3 on Ubuntu 12.04, v5.4 on Redhat Enterprise Linux 6, CentOS 6 and Debian 7, v5.5 on Ubuntu 14.04, and v5.6 on CentOS 7,

phpMyAdmin is available via HTTP at /phpmyadmin. Apache is configured to require HTTP basic authentication. Log in as the user specified when deploying (the default is admin) with the password displayed in the View Generated Passwords dialog. You may then login using MySQL login credentials which are also available in the View Generated Passwords dialog.

Contributing

There are substantial changes still happening within the OpenStack Heat project. Template contribution guidelines will be drafted in the near future.

License

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

lamp's People

Contributors

brint avatar chrishultin avatar dragorosson avatar jasonboyles avatar jasondunsmore avatar linuturk avatar mikeruu avatar pratikmallya avatar rillip3 avatar rmharwood avatar rocco-muscaritolo avatar rs-randallburt avatar seeafish avatar zully avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

rocco-muscaritolo zully jasonboyles test-templates midhunkandoth dragorosson beenzsyed pratikmallya alonwinner jasondunsmore vampires-united chrishultin vikomall mikeruu algowave joeashcraft jacksonargo adampickeral cloudxtreme stafdehat jamrok immanetize dannylujan amrita1337 ornel-clark

lamp's Issues

Running against Ubuntu 16.04 and phpMyAdmin not authenticating.

Observations: phpMyAdmin will not work out of the box after running the LAMP Install scripts.

Behavior:
a) Apache Auth works as intended. (serverinfo : password)

b) Attempting to Authenticate using MySQL credentials will not work, with the following error being reported at the http:///phpmyadmin portal:
#1698 - Access denied for user 'root'@'localhost'

Cause: MySQL is installed configured to use the "auth_socket" Plugin.
https://dev.mysql.com/doc/mysql-security-excerpt/5.7/en/socket-authentication-plugin.html

Able to resolve the authentication issue by changing the plugin to "mysql_native_password"
https://dev.mysql.com/doc/refman/5.7/en/native-authentication-plugin.html

mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<Password found in /root/.my.cnf>';

Not sure if this can be corrected at this LAMP script level.

Duplicate text/html MIME type with nginx playbook 

The Nginx v1.10.0 deployment includes an /etc/nginx/mime.types with the "text/html" MIME type declared within it.

The provided /etc/nginx/nginx.conf duplicates this on line 30 in the gzip_types declaration, leading to the following warning.

    [warn] 30382#30382: duplicate MIME type "text/html" in /etc/nginx/nginx.conf:30

Removing "text/html" from the gzip_types declaration permits Nginx to start without any warnings.

Kind Regards,
-Camisa

CentOS v5: php_prefork role

Hello,

The site playbook fails on CentOS v5 in the php_prefork role. Execution
stops after the "Install PHP and packages - RHEL" task. A CentOS v5 box was
being built to model a best practices environment for the purpose of fixing and
repairing an SLU'd server.

Kind Regards,
-Camisa

session.save_path for site playbook on Ubuntu 14.04 LTS 

I noticed the /etc/php5/apache2/php.ini has a typo with regard to the session.save_path. For some reason, "session_save_path" is there instead of session.save_path. If "session_save_path" is used as if it were the correct variable, than its value is not reflected in a PHP info page. Only when the variable is renamed to session.save_path will its value be honored.

Holland temporarily disbled for ubuntu 16

Holland 1.0.10-2 does not work with Python3 (gives stack trace when trying to dump). 1.0.12 is supposed to fix that, but is not in the repos yet. Once it comes out, the playbooks should be updated

mysql_password is not complex

We should use more complex passwords for the mysql_password, which is used for MySQL user's 'root' and 'holland'. This can easily be accomplished by removing the "chars" parameter.

We've limited the password generation to only letters (both upper and lower) and digits by using the "chars" parameter.
The default password generation includes upper- and lower-case letters, digits, and 5 punctuation marks (". , : - _"). Removing the "chars" parameter will cause Ansible to generate more complex passwords than we're creating now.

ssl_protocols and ssl_ciphers in example.com.conf for the Nginx playbook includes SSLv3

Hello,

I noticed the ssl_protocols and ssl_ciphers directives, which are commented out in both example.com.conf and 000-default.conf within the Nginx playbook include SSLv3.

This should be removed to avoid Man-In-The-Middle and Fallback attacks due to the "POODLE" - SSLv3 vulnerability (CVE-2014-3566).

Recommended configurations for Server Side TLS may be evaluated at the following location.
    https://wiki.mozilla.org/Security/Server_Side_TLS

Kind Regards,
-Camisa

holland_mysqldump.yaml broken for at least rackspace-monitoring-agent-2.6.6-1

The trailing-slash for line continuation isn't valid YAML. The monitoring-agent fails to parse our holland_mysqldump.yaml.j2 file with trailing-slashes.
Affects rackspace-monitoring-agent version 2.6.6 (and probably older).

Example Broken:

        criteria              : |
      if (metric['sql_creds_exist'] == 'false') {
        return new AlarmStatus(CRITICAL, 'holland-plugin: MySQL credentials file \
                does not exist.');
      }

Error in /var/log/rackspace-monitoring-agent.log:

ERR: Confd -> config_file post operation result: failure for alarm at create validation, handle:
{"alarm":"alarm1","filename":"holland_mysqldump.yaml"},
error {"message":{"nt":"unicode","pos":120,"col":76,"parser":{"input":"<snip>"

Fix: remove trailing slashes.

Example Fixed:

        criteria              : |
      if (metric['sql_creds_exist'] == 'false') {
        return new AlarmStatus(CRITICAL, 'holland-plugin: MySQL credentials file
                does not exist.');
      }

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.