DEV Community: Josephat Kene

Bash Script: A Demo of User Account and Group Creation.

Josephat Kene — Sat, 06 Jul 2024 07:19:54 +0000

As a SysOps engineer, part of your job will be to manage user accounts and groups effectively for least privilege on the company's systems/servers to maintain security and access control.
Using Bash Script can greatly enhance your performance in that regard and also management and configuration of the systems.

Table of Contents

Prerequisite
What is Bash
What is Bash Scripting
Demo
- Solution
Conclusion

Prerequisite

A Linux system. (Ubuntu, CentOS, etc) with bash installed.
Basic Knowledge of Linux Commands.
Basic Knowledge of Bash Scripting.

What is Bash
Bash means Bourne again shell. It is the shell that Linux environment uses to communicate with the kernel to make requests and receive feedback.

What is Bash Scripting?
Bash scripting involves writing scripts using the Bash (Bourne Again Shell) command language to automate tasks on Unix-like operating systems. These scripts can range from simple commands executed sequentially to complex programs with control structures and functions.

Demo
Your company has employed many new developers. As a SysOps engineer, write a bash script called create_users.sh that reads a text file containing the employee’s usernames and group names, where each line is formatted as user; groups.
The script should create users and groups as specified, set up home directories with appropriate permissions and ownership, generate random passwords for the users, and log all actions to /var/log/user_management.log. Additionally, stores the generated passwords securely in /var/secure/user_passwords.txt.

Solution
First is to create a directory with the command mkdir HNG_Tasks
Then inside the directory, create a script file with the command touch create_users.sh
Next is to open the script with a text editor by running the command sudo vi create_users.sh
Then populate the script with the code below

#!/bin/bash

# Log file and password file creation
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.txt"

# Ensure script is run as root/sudo
if [ "$EUID" -ne 0 ]; then
    echo "Please run as root or use sudo."
    exit 1
fi

# Create directories and files if they don't exist, and set permissions
mkdir -p /var/log
mkdir -p /var/secure
touch $LOG_FILE
touch $PASSWORD_FILE
chmod 600 $PASSWORD_FILE

# Function to create log messages
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a $LOG_FILE
}

# Function to generate a random password
generate_password() {
    echo $(openssl rand -base64 12)
}

# Check if the input file is provided
if [ -z "$1" ]; then
    echo "Usage: sudo bash $0 <name-of-text-file>"
    exit 1
fi

# Read the input file
INPUT_FILE=$1

# Process each line in the input file
while IFS=';' read -r username groups; do
    # Ignore empty lines and lines that start with a hash (#)
    if [[ -z "$username" || "$username" == \#* ]]; then
        continue
    fi

    # Removing all whitespace from username and groups
    username=$(echo "$username" | xargs)
    groups=$(echo "$groups" | xargs)

    # Check if user already exists
    if id "$username" &>/dev/null; then
        log_message "User '$username' already exists."
    else
        # Create user with home directory and bash shell
        useradd -m -s /bin/bash "$username"
        if [ $? -eq 0 ]; then
            log_message "Created user '$username'."
        else
            log_message "Failed to create user '$username'."
            continue
        fi

        # Create personal group with the same name as the user
        usermod -g "$username" "$username"
        if [ $? -eq 0 ]; then
            log_message "Created personal group for user '$username'."
        else
            log_message "Failed to create personal group for user '$username'."
        fi

        # Generate and set a random password for the user
        password=$(generate_password)
        echo "$username:$password" | chpasswd
        if [ $? -eq 0 ]; then
            log_message "Set password for user '$username'."
        else
            log_message "Failed to set password for user '$username'."
        fi

        # Save the password to the secure file
        echo "$username,$password" >> $PASSWORD_FILE
    fi

    # Add user to specified groups if there are any
    if [ -n "$groups" ]; then
        # Split groups by comma and loop through each group
        IFS=',' read -r groups_list <<< "$groups"
        for group in ${groups_list//,/ }; do
            group=$(echo "$group" | xargs) # Trim whitespace
            if getent group "$group" &>/dev/null; then # Checking if group exist
                usermod -aG "$group" "$username"
                if [ $? -eq 0 ]; then
                    log_message "Added user '$username' to group '$group'."
                else
                    log_message "Failed to add user '$username' to group '$group'."
                fi
            else
                groupadd "$group"
                if [ $? -eq 0 ]; then
                    usermod -aG "$group" "$username"
                    log_message "Created and added user '$username' to group '$group'."
                else
                    log_message "Failed to create group '$group' or add user '$username' to group."
                fi
            fi
        done
    fi

done < "$INPUT_FILE"

log_message "User creation and group assignment completed."

Code Breakdown

#!/bin/bash

# Log file and password file creation
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.txt"

# Ensure script is run as root/sudo
if [ "$EUID" -ne 0 ]; then
    echo "Please run as root or use sudo."
    exit 1
fi

The block of code above starts with the Shebang line, defines the log file and the password file as variables to their paths, and makes sure the script is ran as a root user or with sudo to avoid any permission issues. (if [ "$EUID" -ne 0 ]; then: This condition checks if the effective user ID (EUID) is not equal to 0. In Unix-like systems, the root user has an EUID of 0.)

mkdir -p /var/log
mkdir -p /var/secure
touch $LOG_FILE
touch $PASSWORD_FILE
chmod 600 $PASSWORD_FILE

# Function to create log messages
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a $LOG_FILE
}

The code above creates directories for the log and password files if those directories don't exist already. The -p flag makes sure no error is thrown if the directories already exist.
Using the variable declaration in the first block of code, creates a log file and a password file.
It changes the permission of the password file to '600' for the owner to have read and write permission of the file, to restrict access to the password file.
The next line of code creates a function called log_message. Tis function captures the current date and time and prints it alongside the echo command which is pipped (|) to the tee command. The tee command writes the output to both the standard output (so it appears in the terminal) and appends it (with the -a flag) to the log file specified by LOG_FILE.

# Function to generate a random password
generate_password() {
    echo $(openssl rand -base64 12)
}

# Check if the input file is provided
if [ -z "$1" ]; then
    echo "Usage: sudo bash $0 <name-of-text-file>"
    exit 1
fi

The Code above has a function that generates random passwords with openssl rand -base64 12: The openssl command is used to generate random data. The rand subcommand generates random bytes, and the -base64 option encodes the output in Base64. The 12 specifies the number of random bytes to generate, which after Base64 encoding results in a 16-character string. The 'echo $' captures and prints the random password.
The code also checks if the script is run with an argument. The if condition checks if the first parameter/argument ($1) is empty with the '-z' flag and terminates with an exit status of 1 if no argument is run with the script.

# Read the input file
INPUT_FILE=$1

# Process each line in the input file
while IFS=';' read -r username groups; do
    # Ignore empty lines and lines that start with a hash (#)
    if [[ -z "$username" || "$username" == \#* ]]; then
        continue
    fi

    # Removing all whitespace from username and groups
    username=$(echo "$username" | xargs)
    groups=$(echo "$groups" | xargs)

The next block of code assigns the variable "INPUT_FILE" to the value of the first argument "$1", and uses a while loop to read the input file line by line and with the IFS=';' splits each line into fields based on the semicolon, reads each line and splits it into two variables: username and groups. With an if statement checks if the username is empty or if it's a comment and skips to the next condition if they are both true and uses the xargs command to remove leading and trailing whitespace from username and groups.

 # Check if user already exists
    if id "$username" &>/dev/null; then
        log_message "User '$username' already exists."
    else
        # Create user with home directory and bash shell
        useradd -m -s /bin/bash "$username"
        if [ $? -eq 0 ]; then
            log_message "Created user '$username'."
        else
            log_message "Failed to create user '$username'."
            continue
        fi

        # Create personal group with the same name as the user
        usermod -g "$username" "$username"
        if [ $? -eq 0 ]; then
            log_message "Created personal group for user '$username'."
        else
            log_message "Failed to create personal group for user '$username'."
        fi

This block of code uses an if condition to check if a user already exists, with the id "$username" attempts to retrieve user information for username, &>/dev/null redirects both standard output and standard error to /dev/null, effectively silencing any output from the id command. And if the user doesn't exist, with the useradd -m -s /bin/bash "$username" it creates the user, a home directory for the user with the -m flag and sets the user default shell to bash with the -s /bin/bash. After creating a user, it creates a personal group for the user with the code usermod -g "$username" "$username" where usermod modifies a user account, -g "$username" sets the primary group of the user to a group with the same name as the user and the $username specifies the username to be modified. It checks the exit status of the usermod command, If the group modification is successful, it logs a message indicating the personal group was created and logs the failure message if it fails.

   # Generate and set a random password for the user
        password=$(generate_password)
        echo "$username:$password" | chpasswd
        if [ $? -eq 0 ]; then
            log_message "Set password for user '$username'."
        else
            log_message "Failed to set password for user '$username'."
        fi

        # Save the password to the secure file
        echo "$username,$password" >> $PASSWORD_FILE
    fi

This part of the script handles generating and setting a random password for the newly created user, and then saving the password to a secure file. Let's go through it step-by-step:
The first line calls the function generate_password, and stores the value of the function in the variable. The echo "$username:$password" | chpasswd prints the username and password in the format required by chpasswd and pipes this input to the chpasswd command, which updates the user's password in the system. It checks the exit status of the password if it set the password for the user or not and appends the username and password to a file specified by the variable PASSWORD_FILE.

 if [ -n "$groups" ]; then
        # Split groups by comma and loop through each group
        IFS=',' read -r groups_list <<< "$groups"
        for group in ${groups_list//,/ }; do
            group=$(echo "$group" | xargs) # Trim whitespace
            if getent group "$group" &>/dev/null; then # Checking if group exist
                usermod -aG "$group" "$username"
                if [ $? -eq 0 ]; then
                    log_message "Added user '$username' to group '$group'."
                else
                    log_message "Failed to add user '$username' to group '$group'."
                fi
            else
                groupadd "$group"
                if [ $? -eq 0 ]; then
                    usermod -aG "$group" "$username"
                    log_message "Created and added user '$username' to group '$group'."
                else
                    log_message "Failed to create group '$group' or add user '$username' to group."
                fi
            fi
        done
    fi

done < "$INPUT_FILE"

log_message "User creation and group assignment completed."

This section of the script assigns newly created users to specific groups. It checks if the groups exist and creates them if they don't exist. It checks if the variable is empty with the'-n' flag, sets the field separator to a comma (,), and reads the comma-separated groups into group_list. It starts a for loop to go over the group_list, replacing the comma(,) with a space, trims white space from the group variable, it checks if the group exists. If the group exists, it adds the user to the group, but if it does not, it creates the group and then adds the user. It logs the final message indicating the user creation and group assignment.

The next step is to save the script, exit the text editor, and make the script executable by running the command chmod +x create_users.sh

Then create a users.txt file with the command touch users.txt for the script to read from. Open with a code editor with the command sudo vi users.txt and populate with users and groups of your choice. Eg

Then run the script with the command sudo ./create_users.sh users.txt
The output the script gives is in the picture below

Conclusion
At the end of this article, you have learned what bash and bash scripting is, why we use bash script, and understand the code used in the demo. This is a task for the HNG internship stage one program. You can check out available roles at HNG with this link

Ansible with Task Automation Demo

Josephat Kene — Mon, 20 May 2024 18:28:11 +0000

Table of Content

Introduction
- What is Ansible
- How Ansible Works
Demo
- Solution
- Inventory
- Connecting to Slave Nodes
- Playbook
- Playbook Breakdown
  - Updating Packages
  - Installing Apache
  - Starting Apache and Opening Port 80 in the CentOS System
- Running the Playbook
Conclusion

Introduction

You got that lucky break and bagged an internship in cloud engineering. One of your duties is managing over 10 servers on the cloud, updating and upgrading the packages, and installing new applications on new servers.

You'll be wondering how to SSH into all the servers and run all those commands one after the other. That sounds like a lot. However, a way to automate that and make your life easy is by using Ansible.

What is Ansible?
Ansible is an open-source IT automation engine that automates provisioning, configuration management, application deployment, orchestration, and many other IT processes. It is free to use, and the project benefits from the experience and intelligence of its thousands of contributors.

So imagine you have many machines for different purposes and tasks and you have to manage all of them, Ansible is a super robot that helps you connect to those machines and you tell Ansible what you want it to do in all of those machines and it does it for you.

How Ansible works

Ansible needs a master node or controller that will be used to connect to all other nodes, machines, or servers to manage them.
It uses an Inventory file that stores the IP of all the machines it should connect to and perform tasks on.
It also needs a playbook which is a YAML file that tells ansible what it wants it to do and the tasks to perform on all other nodes or machines it is connected to.

Demo

To explain how Ansible works better, You will use a demonstration. In this demo, you are going to provision 3 Linux servers. Two will be Ubuntu and one will be CentOS. The Master node (controller) will be any of the Ubuntu servers and the slave node will be One Ubuntu server and the CentOS server.
You are going to run a playbook that installs Apache on the slave nodes. In the CentOS server, you will start the Apache and enable port 80 in the firewall.

Solution

First, you have to provision 3 virtual machines using Vagrant. An alternative is your AWS EC2.

In the master node, first, install ansible on your master node with the command:
sudo apt install ansible

Then create a directory with any name of your choice. This directory will house all the files and playbooks related to our Ansible project.

- Inventory

Now you have to create your Inventory file. An Inventory in Ansible contains the IP address or domain name of all the servers or slave nodes we want to manage with Ansible.
It can also contain some other data like groupings, group variables, and host variables (which we will address later for better understanding). The inventory file should be inside the directory we created.
To create an inventory file, run the command:
sudo vim inventory
The picture below is the inventory file with the IP addresses of both our slave nodes.

Remember that an inventory file can contain data like groupings? That means that we can group our slave nodes into whatever groups we want to put them in. The groups can be web servers, databases, or by their Linux distribution.
The picture below shows how to group the IP addresses of our slave nodes.

- Connecting to Slave nodes

For Ansible to be able to run tasks on your slave nodes with the playbook, it needs some form of connection to those slave nodes in your inventory.
The way to get that connection is to generate an SSH key on your master node or controller, copy the public keys, and paste them into the authorized keys of your slave nodes.
The command to generate the SSH key is:
ssh-keygen -t ed25519 -C "default"
The "ssh-keygen" is the command line utility for generating SSH keys, the "-t ed25519" specifies the type of key to create which is ed25519, the "-C "default" add a comment 'default' to key for information purposes.
The picture below is the result after creating the ssh key.

Do the same thing for the second one but this time the comment will be ansible and you will change the path to where the keys will to /home/vagrant/.ssh/ansible.pub
This is how your ansible key creation will look

For this article, please don't create a password when you create the SSH keys. To get the public key, navigate into /home/vagrant/.ssh/ the copy the keys of ansible.pub and id_ed25519.pub. Then paste it into the authorized key file in your slave nodes separately.
The default key is for you to be able to connect or SSH into your slave nodes from the controller and the Ansible key is the one Ansible will use to connect to the slave nodes.
To be sure your master node can connect to your slave nodes in your inventory, make sure your slave nodes are up and running then run the command in the directory that has your inventory:
ansible all --key-file ~/.ssh/ansible -i inventory -m ping
"ansible" is the command line tool. You are calling ansible.
"all" is specifying that the command should run against all the IP addresses or hosts in the inventory file.
"--key-file ~/.ssh/ansible" is telling ansible the particular SSH key to use for authentication. In the case the key located in (~/.ssh/ansible)
"-i inventory" is you specifying the inventory file that contains all the IP addresses of your slave nodes
"-m ping" specifies the ansible module to use. In this case 'ping' which just testing to check if the IPs in the Inventory are reachable.

- Playbook

A playbook in Ansible is like a blueprint of tasks you want to automate. These tasks are executed with little manual effort across all the hosts in your inventory. The playbook tells Ansible what to do and which device to do it in.
One or more tasks are combined to make a play and these tasks can be mapped to a specific host, a group of hosts, or all the hosts. A playbook can also include one or more plays. The tasks/plays are executed the way they are written.
Tasks are executed by Ansible modules. These modules contain some data that determines when and where a task is executed and the user that executes the tasks.

Now to open a playbook file, still inside the directory you created that your inventory is in, run the command:
sudo vim playbook.yml

The playbook for our demo is the code block below.

---
- hosts: all
  become: true
  pre_tasks:
    - name: install updates (centOS)
      tags: always
      yum:
        update_only: yes
        update_cache: yes
      when: ansible_os_family == 'RedHat'

    - name: install updates (Ubuntu)
      tags: always
      apt:
        upgrade: dist
        update_cache: yes
      when: ansible_os_family == 'Ubuntu'

#Installing apache for ubuntu and centos
- hosts: all
  become: true
  tasks:
    - name: install apache for ubuntu server
      tags: apache,apache2,ubuntu
      apt:
        name: apache2
        state: latest
      when: ansible_distribution == "Ubuntu"

    - name: install Apache for CentOS server
      tags: apache,centos,httpd
      yum:
        name: httpd
        state: latest
      when: ansible_distribution == "CentOS"

    #Start and enable apache for CentOS
    - name: start httpd (CentOS)
      tags: apache,centos,httpd
      service:
        name: httpd
        state: started
        enabled: yes
      when: ansible_distribution == "CentOS"

    #Open port 80/tcp for CentOS
    - name: Open port 80/tcp in firewalld
      firewalld:
        service: http
        permanent: yes
        state: enabled
      when: ansible_distribution == "CentOS
      notify: Reload firewalld

    #Reload Firewall for CentOS
  handlers:
    - name: Reload firewalld
      service:
        name: firewalld
        state: reloaded
      when: ansible_distribution == "CentOS"

N.B You should note that when writing your ansible playbook, your indentation is very important. You miss a single line of indentation in a task or a play and that particular task or play won't run. Sometimes the entire playbook might not work.

- Component Breakdown

Updating Package

---
- hosts: all
  become: true
  pre_tasks:
    - name: install updates (centOS)
      tags: always
      yum:
        update_only: yes
        update_cache: yes
      when: ansible_os_family == 'RedHat'

    - name: install updates (Ubuntu)
      tags: always
      apt:
        upgrade: dist
        update_cache: yes
      when: ansible_os_family == 'Ubuntu'

--- represents the beginning of a YAML file
- hosts: all specifies that the playbook should run on all hosts. You can also pick any specific host group. become: true This ensures that all tasks are executed with sudo privileges. Although it is optional. Your plays can run without it.
pre_tasks: You can also use "tasks" here however, using pre_tasks means the tasks here are executed before any other tasks. The first part of the task here updates the packages for the CentOS servers and the second task does the same for the Ubuntu server
name This is the description of the tasks
tags when running an ansible playbook, you can specify a tag you want the playbook to run on, setting this tag to always makes sure these tasks run regardless of the tags specified when running the playbook. It is also optional.
yum and apt These are modules used to manage packages in the RedHat and Debian-based systems.
- update_only This ensures only updates are installed
- update_cache This refreshes the package database cache -upgrade Specifies the type of upgrade to perform. 'dist' in this case performs a full distribution upgrade.
when This is a conditional statement in Ansible that states a task should run on Ubuntu or RedHat systems.

So the above Play is you going into that system to run sudo apt update or sudo yum upgrade as it is best practice to update your packages before any installation but this time you are doing it remotely with Ansible!
Installing Apache

 #Installing apache for ubuntu and centos
- hosts: all
  become: true
  tasks:
    - name: install apache for ubuntu server
      tags: apache,apache2,ubuntu
      apt:
        name: apache2
        state: latest
      when: ansible_distribution == "Ubuntu"

    - name: install apache for CentOS server
      tags: apache,centos,httpd
      yum:
        name: httpd
        state: latest
      when: ansible_distribution == "CentOS"

The code block above is the part of the playbook that installs Apache for both Ubuntu and CentOS systems.
Now if you had used 'tasks' instead of 'pre_tasks' you would not have to repeat the host, become, and tasks parts. It will all be under the first one.

name describes the name of the task
tags keywords to use in running a specific task by adding --tags "apache,ubuntu,httpd,apache2" to the ansible command
apt and yum These are modules used to manage Ubuntu and RedHat-based systems
- name This is the name of the package to install. "apache2" for Ubuntu and "httpd" for centOS
- state This ensures the package installed is up to date by setting it to "latest"
when This is a conditional statement that makes sure the tasks run on Ubuntu or CentOS systems.

This play is you going into the slave nodes to run the command sudo apt install apache2 or sudo yum install httpd
Starting Apache and Opening Port 80 in the CentOS System

#Start and enable apache for CentOS
    - name: start httpd (CentOS)
      tags: apache,centos,httpd
      service:
        name: httpd
        state: started
        enabled: yes
      when: ansible_distribution == "CentOS"

    #Open port 80/tcp for CentOS
    - name: Open port 80/tcp in firewalld
      firewalld:
        service: http
        permanent: yes
        state: enabled
      when: ansible_distribution == "CentOS
      notify: Reload firewalld

    #Reload Firewall for CentOS
  handlers:
    - name: Reload firewalld
      service:
        name: firewalld
        state: reloaded
      when: ansible_distribution == "CentOS"

These tasks configure Apache or httpd as it is called for the CentOS system.
Here, you are using a few different modules and their arguments. The new modules used are the service module which manages the state of a service and firewalld module which manages firewall settings.

The first task using the service module, starts the service (httpd) and enables it.
The second task using the firewalld module, enables the http service (which corresponds to port 80), makes the change permanent, and enables it.
It uses notify to alert the handler which is used in the third task that a change has been made. The handler will only run if the change was made.
The third task introduces a new concept called "handlers". It is used to perform actions when notified of a task. It is mostly used to perform actions like restarting services or reloading configurations only when necessary.
In this case, from the arguments of the service module, it is used to reload the firewalld service.
You can also find out more about the ansible module with the ansible documentation

- Running the Playbook

Now that you understand what the entire playbook does, it's time to check if it works. The command to run an ansible playbook is:
ansible-playbook -i inventory playbook.yml
The "inventory" should be the name of your inventory file and the playbook.yml should be the name of your playbook file.
This command should be run inside the directory that has your playbook and inventory file
If your playbook runs successfully you should get this output

If you check the play recap at the bottom, you will see that no task failed for each of the slave nodes.

Now if you check the IP address of your slave nodes on your browser to be sure Apache was installed, you should get the Apache default page as shown in the pictures below

Apache default page for Ubuntu

Apache default page for CentOS

- Conclusion

In this article you have learned what Ansible is, how it works and a few concepts used like the playbook and inventory using a demo. You should also remember that indentations are important when writing your playbooks.

The playbook written in this article is not the best way to write a playbook as there are a few repetitions. We can consolidate it by using variables and Roles. Those will be discussed in the second part of this article!

Deploying Laravel on Lamp Stack with Linux(Ubuntu)

Josephat Kene — Thu, 09 May 2024 17:33:17 +0000

Table of Content

Introduction
- Lamp Stack
- Laravel
Prerequisites
Steps of Deploying Laravel with Lamp
- Installing Lamp
- Installing PHP Dependencies
- Downloading Composer
- Cloning the Laravel Git Repository and installing Dependencies
- Installing Composer Dependencies and Setting up Environment Variables
- Setting Up MySQL Database
- Reconfigure Apache
Conclusion

Introduction

There is a cool website that is being built and you are tasked with deploying the website on a Linux server and to make the website work, you have to install Lamp stack.

In this article i will guide you through the steps of manually setting up laravel with lamp stack. By the end of this article, you will know the steps of doing that and what the commands actually mean or do and why you had to run some of the commands.

Lamp Stack
Lamp is a web development platform that consist of four main components. They are: Linux, Apache, MySQL, PHP. You can say LAMP is an acronym for those four components.

Linux: This is the Operating System which the other 3 components of the stack runs. It is chosen because of its security, stability and it is open source. It’s a good foundation to host web applications.

Apache: This is the web server software that handles requests from your web browsers and responds to it. Basically, when you open a web browser and search for a website, your web browser makes a request for that website and you get your desired web page (that is the response). That whole process is handled by apache.

MySQL: This is a database management system that is used for storing, sorting and managing the web application’s data like usernames, passwords etc. These are all sorted and managed by MySQL.

PHP: This is the server-side scripting language for developing dynamic web pages. Can be called backend side. It helps the server that is hosting the web application understand what and it should do when someone visits the web application page.

Laravel
This is an open source PHP framework used for web development, providing rich sets of features for efficient and structured way of building web applications.
It is basically like a set of instruction template or booklet that web developers get to follow or use in organizing the ready to use tools for building web applications so they don’t get to start from scratch every time.

Prerequisites

A Linux(Ubuntu) Operating System or a virtual machine running the Ubuntu OS.
A user on your Linux OS with sudo privileges or a root user
Terminal window or command line (i prefer git bash)
Knowledge of some linux command

Steps of Deploying Laravel with Lamp Stack

- Installing Lamp

The first thing to is to update your Linux server. It is best practice to always update so you can get recent packages on your server. You can also upgrade the packages if you want. It is like updating your windows OS.

So run sudo apt update for updating your Linux packages. And sudo apt upgrade to upgrade the packages

The next step is to install the Linux, Apache, MySQL and PHP.

Now the command to install Apache is:
sudo apt install apache2 -y

You can check if apache is active by using the command:
sudo systemctl status apache2

Or you could enter the IP of your virtual machine on your browser, and you should get the picture below which is the apache default page

To Install MySQL, the command to run is:
sudo apt install mysql-server -y

Now for PHP, you need to install the PHP version 8.2 or a higher version because that is the version Laravel works with, and by default the sudo apt install module installs a version of PHP that is lower than PHP8.2.
So to get the PHP version 8.2 command you need to first run the command:
sudo add-apt-repository ppa:ondrej/php
This command adds a Personal Package Archive (PPA) maintained by Ondřej Surý, which contains PHP packages, to the system's list of repositories. This enables the system to install PHP8.2 packages from this PPA using the apt package manager.

After this, you can now install PHP8.2 with the command
sudo apt install php8.2 -y

- Installing PHP Dependencies

Now Laravel needs some dependencies to run on your PHP and it doesn’t come when you install the PHP8.2 so you have to install those dependencies.

To check the default dependencies you have, run the command:
php -m
The output below are the dependencies that are installed with php8.2

To install the other dependencies needed, run the command:
sudo apt install php8.2-curl php8.2-dom php8.2-mbstring php8.2-xml php8.2-mysql zip unzip -y

- Downloading Composer

Why Download Composer?
Remember those PHP dependencies you installed? Composer is the tool used in managing them, ensuring that the correct version of these packages are installed and compatible with each other. It generates autoloader for your project. This autoloader allows Laravel load classes and files automatically.

First step to installing composer is to change directory into an executable path. You do that by running the command
cd /usr/bin

Then you run the command below which uses the curl command that transfers data from and to a server to download the Composer installer script from the official Composer website (https://getcomposer.org/installer), uses the grep symbol (|) to pipe it to sudo php and then executes it. The -sS means its should run in silent mode and show error if it occurs.
curl -sS https://getcomposer.org/installer | sudo php

The result of the is you having a composer.phar file. For better readability and usability you should renamed it to just composer with the command below:
sudo mv composer.phar composer

- Cloning the Laravel Git Repository and installing Dependencies

First you want to run these next commands in your home directory so you change back to your home directory with the command:
cd

Considering you will be hosting the Laravel on Apache, you navigate to our default apache directory hosting the default apache page with the command:
cd /var/www/html

This path is where you will clone your Laravel repository, so it’s best you remove the content html directory and change the owner of the directory to your current user (you could just clone the repository on that directory without removing the contents of the html though) with the next 2 commands:
sudo rm -r *
sudo chown -R $USER:$USER /var/www/html

Now to actually clone the git repository, you need to be sure you are in the /var/www/html directory. You can run the command cd /var/www/html to be sure.

Then clone with the command:
git clone https://github.com/laravel/laravel

It is important you do not run the command above with sudo because it changes the ownership of the cloned repository to root. Which should not happen considering we changed the owner to the current user. You only use sudo if you are running the command as a root user.

- Installing Composer Dependencies and Setting up Environment Variables

Next set of command should be executed in the Laravel directory so run the command
cd laravel/

Now, install composer managed dependencies with the command
sudo composer install --optimize-autoloader --no-dev

This command above tells composer to install the dependencies listed in the composer.json file. It reads the json file, resolve dependencies and the required packages into the vendor directory.
The –optimize-autoloader tells composer to generate an optimized autoloader for better performance and --no-dev tells composer to exclude development dependencies to reduce the size of installed packages and speed up installation.
Now you have installed the environment variables, they are saved in the env.example file and this application has been configured to read variables from the .env file. So the next step is to copy the .env.example file to the .env file (you can also rename instead by using mv instead of cp) with the command
sudo cp .env.example .env

The command above should be executed in the Laravel directory
Now if you open the .env file with a code editor, you’ll see that the APP_KEY part of the configuration is empty.

To populate it, execute the command:
sudo php artisan key:generate

The application key is important because is used for encrypting various types of data, like cookies and passwords. Without a proper key, your application's security could be compromised.
The image below shows the generated app key after running the command to generate it

In many web server configurations, the web server process for apache runs as a specific user for security reasons. To get that user for apache, execute the command below
ps aux | grep “apache” | awk ‘{print $1}’ | grep -v root | head -n 1

The result of command above is used to change the ownership of laravel’s storage directory and the bootstrap/cache directory so that apache is able to read into it and avoid permission issues. The commands to do these are the next commands to execute. Run them one after the other

sudo chown -R www-data storage
sudo chown -R www-data bootstrap/cache

- Setting Up MySQL Database

Setting up a database for deploying Laravel is important because Laravel utilizes a database to store and retrieve application data.
Some of the reasons why you need to set up a database are for storing and retrieving data, data security and scalability.
So for Laravel to work properly you have to create a new database. And doing that means you have to create a database name, user and password.
To do that you should run the following commands one after the other:
sudo mysql -uroot CREATE DATABASE database_name; CREATE USER 'Username'@'localhost' IDENTIFIED BY 'Password'; GRANT ALL PRIVILEGES ON *.* TO 'Username'@'localhost'; SHOW DATABASES; exit
N.B: Replace “database_name”, “Username” and “Password” with your preferred names for these values
The output will look like the picture below if you did it correctly:

Remember that .env file, you have to populate it with the values of the database details you created. Change the value of DB_CONNECTION to “mysql”, The values of the DB_DATABASE, DB_USERNAME, DB_PASSWORD to the names of the database, username and the password of the database you created. Run the command;
sudo vim .env
The image below is the part of the .env file you should populate

After making the changes, putting the values of your database name, username and password, the .env file should look like this:

To confirm that the .env file configuration and the Laravel application are in sync, run the command
php artisan migrate
The output should be the picture below

- Reconfigure Apache

To access the Laravel page directly from the IP of your virtual machine, or the local host or assigned domain name, you have to reconfigure apache.

The default apache configuration is located in the sites-available file. So change directory to the path of the sites-available file with the command:
cd /etc/apache2/sites-available/

Then you create a new configuration file with the command:
sudo vim Laravel.conf

Populate it with the new configuration file with the details below:
<VirtualHost *:80> ServerName webmaster@localhost DocumentRoot /var/www/html/laravel/public <Directory /var/www/html/laravel> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/demo-error.log CustomLog ${APACHE_LOG_DIR}/demo-access.log combined </VirtualHost>

Next thing to do is to disable the default configuration of apache with the command:
sudo a2dissite 000-default.conf

Now enable the Laravel configuration file you created with the command:
sudo a2ensite Laravel.conf

For your new configuration to kick in, restart apache with the command:
sudo systemctl reload apache2

N.B: If you are getting any errors when you try to reload apache, check the laravel.conf file you created and make sure the configuration lines are well indented.
The configuration should look like the picture below

Now when you enter the IP of your virtual machine in your browser, your output would look like the picture below.

Conclusion

Now you can manually deploy Laravel with lamp stack on an ubuntu server or an ubuntu virtual machine. Also knowing why you had to use some of the commands that were complicated.
This process can be automated with bash script also which is on this Git Repository. I automated this process with bash script and ran it on a slave node using ansible.

How to Enable a Virtual Machine on Your Windows Laptop With Vagrant and Git Bash

Josephat Kene — Tue, 30 Apr 2024 17:33:41 +0000

Introduction
For someone wanting to learn and use linux and you have a windows machine, You most likely won’t want to remove the windows OS on your laptop and lose all your files.
Maybe you want to learn Linux for a course you are running or something else, the good news is you can enable a virtual machine on your windows machine.

What is a virtual machine and what does it do? A virtual machine is a software that emulates your physical computer. You can see it as a box(software) that allows you have another computer inside your physical computer (host machine) without messing up the files on it or having to delete anything.
You can run multiple virtual machines with multiple OS on your host machine. Each separate machine behaves like a computer on its own with its own CPU, OS, memory and network interface.

What is Vagrant?
This is a software or tool that helps us simplify the process of creating and configuring a virtual machine. you basically tell it, “this is the kind of virtual machine we want", and it creates it for you automatically. It can manage all the virtual machines you create.

In this article I will walk you through setting up a virtual machine in your windows computer where you can run a Linux OS

Prerequisites

The tools you need to download and install on your computer for this article are:

Enable Virtualization on your computer via the BIOS
Command line or Terminal. I prefer Git Bash
Vagrant
Oracle VirtualBox 7.0
Microsoft visual C++ 2019

And of course you need an internet connection for this.

Steps to Run a Linux(Ubuntu) Virtual Machine on Your Computer

So now that you have all your tools installed, the following steps are used to provision a Linux Ubuntu machine on your laptop and it will run virtually.

Create a new folder on your desktop or anywhere in your computer (your computer will be called local machine from here on out). Now you can do this via your normal windows desktop by right clicking on your desktop screen and create a new folder
After creating the folder, right click on the folder and click “open git bash here” and you will get the output below

On the git bash terminal, type the command vagrant init ubuntu/focal64 and press enter. NB: the commands should all be in lowercase. This places a vagrant file which contains the configuration of the Linux(ubuntu) OS inside the folder your created.

The next step is to type vagrant up and press enter. This command is to start your virtual machine. It is more like booting up your local machine but this time you are booting up your virtual machine!!!

The next step is for you to be able to access the Linux OS you created so you can be able to do…well just about anything you want to do there. So the next command to run is vagrant ssh and press enter. And that is it!!! You are now on your Linux(ubuntu) server!!!

From the picture above, you can see that path on your terminal before the vagrant ssh is a path on your local machine, but after that command, it welcomes you to Ubuntu 20.04.6. Below the screen you can see the time and date of your login, which means your are logged in to the ubuntu server. And there is also the "Vagrant@ubuntu-focal" before the prompt which means at the moment you are logged into the ubuntu-focal server as vagrant. These are how you know you are inside your linux virtual machine.

Conclusion
So after reading through this article, you have learnt what virtual machines and vagrant are, you have installed all the softwares needed to boot up a virtual machine with vagrant and you have seen the steps of how to boot up a virtual machine on your local machine running a Linux(ubuntu) OS with vagrant on your computer