![[Compatible with over 200 countries] Global eSIM “Beyond SIM”](https://beyondjapan.com/cms/wp-content/uploads/2024/05/beyond_esim_blog_slider1-768x345.jpg)
![[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”](https://beyondjapan.com/cms/wp-content/uploads/2024/05/china-sim_blogbanner-768x345.jpg)
![[Global exclusive service] Beyond's MSP in North America and China](https://beyondjapan.com/cms/wp-content/uploads/2024/06/gloval_surport_blog_slider-768x345.jpg)
![[YouTube] Beyond official channel “Biyomaru Channel”](https://beyondjapan.com/cms/wp-content/uploads/2021/07/バナー1-768x339.jpg)
![[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!](https://beyondjapan.com/cms/wp-content/uploads/2022/12/recruit_blog_banner-768x344.jpg)
[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!
![[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services](https://beyondjapan.com/cms/wp-content/uploads/2021/03/AWS_構築・運用保守-768x344.png)
[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services
![[Successor to CentOS] AlmaLinux OS server construction/migration service](https://beyondjapan.com/cms/wp-content/uploads/2023/08/almalinux_blogbanner-768x344.png)
[Successor to CentOS] AlmaLinux OS server construction/migration service
![[For WordPress only] Cloud server “Web Speed”](https://beyondjapan.com/cms/wp-content/uploads/2022/11/webspeed_blog_banner-768x344.png)
[For WordPress only] Cloud server “Web Speed”
![[Cheap] Website security automatic diagnosis “Quick Scanner”](https://beyondjapan.com/cms/wp-content/uploads/2023/04/quick_eyecatch_blogbanner-768x345.jpg)
![[Reservation system development] EDISONE customization development service](https://beyondjapan.com/cms/wp-content/uploads/2023/06/edisone_blog_banner-768x345.jpg)
![[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”](https://beyondjapan.com/cms/wp-content/uploads/2021/03/Appmill_ブログバナー-768x344.png)
My first time with IaC - Let's build a LAMP environment with Ansible Edition
table of contents [非表示]
Thank you. This is Daimyojin Chikuwa, who joined as a new graduate last year.
Time passes quickly.
I feel like I'm eager to write a blog about last August.
So I set up a LAMP environment using Ansible, so I'll briefly introduce it in this article.
I don't have any deep knowledge yet, so I would like to write about it in a rough way that makes Ansible work.
Let's try running Ansible
premise
environment
Virtualbox: Version 7.0.20
Vagrant: version 2.4.1
Vagrant box: AlmaLinux 9
Ansible: Version 2.14.17
Ansible is a type of configuration management tool that can be used not only for virtual environments but also for building clouds such as AWS.
This time, we will prepare three virtual environments, one as an Ansible execution server, and the other two as a server to set up a LAMP environment.
For more information on how to install and Ansible, please see an article written by a great senior.
Configuring Ansible
The basic configuration of Ansible is as follows:
1 | /etc/ansible └── roles └── hosts └── playbook.yml └── ansible.cfg |
hosts
- Name : Inventory file
- Role : Defines the target hosts managed by Ansible.
- Contents : Host names and IP addresses can be grouped together. You can also classify hosts by category such as web servers and database servers. This time, we will describe the IP of the Ansible adaptive server mentioned above.
playbook.yml
- Name : Playbook file
- Role : Define specific operations and tasks.
- Content : Defines how a set of tasks is performed on a particular host. It often contains specific instructions such as packages to install and services to start. Here we will write the instructions for installing the LAMP environment.
ansible.cfg
- Role : Controls the overall behavior of Ansible in the Ansible configuration file.
- Contents : You can specify various options such as inventory path, remote user, SSH key path, and whether to check host keys. I won't touch it this time.
Basically, Ansible works if the above three files exist.
The roles directory will be explained later.
How to write an inventory file
In this section, we will look at how to write an inventory file.
This time, this is easy so I'll finish it quickly.
1 | [all:vars] ansible_user=vagrant ansible_password=vagrant [test_ansibleclient] ansibleclients_host=192.168.33.10 [ansibleclients] ansibleclients_host1 ansible_host=192.168.33.30 ansibleclients_host2 ansible_host=192.168.33.40 |
The inventory file is written in the form shown above.
- Group definition : Hosts can be grouped in the form
[XXX]The two servers we are targeting this time are grouped byansibleclients - Group Variables :
:varssection to define variables that apply to all hosts in that group. This time, we will be writing about the username and password. Additionally,[all:vars]is specified to set it to be common to all hosts.
How to write a playbook
The basic playbook structure is as follows:
- hosts: Specify the group defined in the inventory file and apply subsequent processing.
- vars: You can define variables. It's not a problem if it doesn't exist.
- tasks: Describes the processing that is adapted to the target server. The processes described here are executed in order from top to bottom. It is the core part of the playbook.
- handlers: Processes can be written in a separate frame from tasks. It can be used when you want to add conditions to the execution of the process, such as when the result of ○○ is ▼▼. It's not a problem if it doesn't exist.
Let the above four groups one play
Then, a collection of multiple plays becomes a playbook file
Now let's take a look at the specific processing.
1 | --- #hosts - hosts: ansibleclients become: yes #tasks tasks: - name: install Apache yum: name: httpd state: latest |
It is written in yaml format, so it's very easy to understand. No matter what knowledge you have, you can read it and know what you want to do.
▼#hosts part
hosts:Specifies the host or group to which the inventory file explained in the previous section is to be targeted.become:Specifies whether the task is run with administrator privileges.
▼#tasks part
tasks:Describes the tasks to be performed later.name:Describes the name of the task.yumSpecifies the module to use This time I want to install Apache, so I'll use yum. For Ubuntu, etc., specify apt.name:Specifies the package name to be installed.state:Specifies the state of the package.
This means that the latest Apache is installed with administrator privileges.
You can also change the module you use by obtaining keys and changing permissions.
▼Getting the key
1 | - name: Install MySQL GPG key rpm_key: state: present key: https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 |
▼Change permissions and ownership
1 | - name: chmod and chown for HTML and PHP files file: path: "/var/www/html/{{ item }}" owner: apache group: apache mode: '0644' loop: - test.html - test.php |
There is an official list of modules that can be used with Ansible.
https://docs.ansible.com/ansible/2.9_ja/modules/modules_by_category.html#modules-by-category
You should use this as a reference to write the process.
...I would like to say that, but there are too many, so I think it's better to search for "Ansible Modules" and refer to blogs that introduce versatile modules.
Let's try it out
Check the actual machine
Now let's try running Ansible.
The playbook files used are as follows:
1 | - hosts: ansibleclients become: true tasks: - name: install httpd yum: name=httpd state=latest - name: Apache start / enable service: name=httpd state=started enabled=yes - name: Add MySQL repository get_url: url: https://repo.mysql.com/mysql80-community-release-el9-5.noarch.rpm dest: /tmp/mysql80-community-release-el9-5.noarch.rpm - name: Install MySQL GPG key rpm_key: state: present key: https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 yum: name: /tmp/mysql80-community-release-el9-5.noarch.rpm state: present - name: Install MySQL server yum: name: mysql-community-server state: latest - name: Start MySQL service service: name: mysqld state: started enabled: yes - name: Import Remi GPG key rpm_key: state: present key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2021 - name: Install Remi repository yum: name: https://rpms.remirepo.net/enterprise/remi-release-9.rpm state: present - name: Install PHP and related packages yum: name: - php - php-devel - php-mbstring - php-mysqli - php-gd state: present notify: - httpd restart # Copy html and PHP scripts for testing - name: html copy copy: src: /etc/ansible/test.html dest: /var/www/html - name: PHP copy copy: src: /etc/ansible/test.php dest: /var/www/html - name: chmod and chown for HTML and PHP files file: path: "/var/www/html/{{ item }}" owner: apache group: apache mode: '0644' loop: - test.html - test.php handlers: - name: httpd restart service: name=httpd state=restarted |
When running Ansible, if you cannot connect to ssh, an error will occur, so register it with keyscan in advance.
1 | ssh-keyscan XXX.XXX.XXX.XXX /root/.ssh/known_hosts |
Click here for the command to run the playbook.
1 | ansible-playbook/playbook pass |
If it completes normally, the following results will be output:
1 | PLAY RECAP **** ansibleclients_host1 : ok=15 changed=14 unreachable=0 failed=0 skipped=0 respond=0 ignored=0 ansibleclients_host2 : ok=16 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
If failed or unreachable is 0, there's no problem.
All that's left is to check the operation of the test html and PHP scripts and see if you can log in to MySQL.
Divide the process into directories
Now, some people may have looked at the playbook in the previous section and thought that if you put it all together into one file, it would be difficult to maneuver.
There are times when you want to install Apache but don't need MySQL.
But creating multiple playbooks is a hassle...
yes. Of course, for those people, there are ways to divide the process into small pieces and use it.
Use roles to separate the processes
I'll use the roles that I mentioned later in the Ansible configuration chapter.
By using roles, you can split the playbook process as shown below.
1 | roles └──httpd_install └──tasks └──main.yml └──mysqld_install └──tasks └──main.yml └──php_install └──tasks └──main.yml └──handlers └──main.yml └──remi_repo └──tasks └──main.yml |
A directory for each process is created under roles, and then a directory such as tasks and handlers is created under that.
Finally, the actual processing will be described in main.yml.
Below is the processing contents of /roles/httpd_install/tasks/main.yml.
1 | --- - name: install httpd yum: name=httpd state=latest - name: Apache start / enable service: name=httpd state=started enabled=yes |
Then, by writing a playbook as shown below, you can adjust the processing you want to adapt.
1 | --- - name: select roles hosts: ansibleclient3 remote_user: vagrant become: yes roles: - httpd_install - mysqld_install #- remi_repo #- php_install |
In this case, the processing of httpd and MySQL will be adapted, while the processing that has been commented out will not be adapted.
With roles, you can maneuver more easily than creating a single playbook and manage it easily.
It's fine to create all the playbooks once, but if you consciously divide them up with roles, you can reuse them even later, so it's recommended.
summary
How was it?
I've started using Ansible myself and haven't really understood much, but Ansible is so easy that it can be used for me.
It's so casual that you all go for a walk, so why not start for the first time?
Thank you for watching until the end.
2
Loading...2 
![[2026.6.30 Amazon Linux 2 end of support] Amazon Linux server migration solution](https://beyondjapan.com/cms/wp-content/uploads/2025/01/amazon-linux-migration_eyecatch_2026.jpg)
[2026.6.30 Amazon Linux 2 end of support] Amazon Linux server migration solution
The person who wrote this article
About the author
