This tutorial assumes that you have already created both the instance and configured SSH key-based authentication on the instances with the same key. Here are the goals which we will accomplish using Ansible:
In this tutorial, I will assume that you have already installed Ansible on your local computer.
Create a new project directory in which we will store everything related to our project, the playbooks, roles, and other files throughout the tutorial.
mkdir ~/drupal-ansible
Switch to the newly created directory.
cd ~/drupal-ansible
Create a new local Ansible configuration file.
nano ansible.cfg
Populate the file with the following configuration.
[defaults]
inventory = hosts
host_key_checking = false
private_key_file = ~/.ssh/aliyun.pem
Create a new hosts file using the following command.
nano hosts
Populate the file with the following configuration. Make sure to replace the example IP addresses with the actual ones.
web-server ansible_ssh_host=192.168.0.1 ansible_ssh_user=root
db-server ansible_ssh_host=192.168.0.2 ansible_ssh_user=root
[all:vars]
ansible_python_interpreter=/usr/bin/python3
Before we proceed further to create the roles and tasks, let's verify if Ansible can reach our hosts by running the command ansible all -m ping
. You should see a similar message if the execution is successful.
aliyun@ubuntu:~/drupal-ansible$ ansible all -m ping
db-server | SUCCESS => {
"changed": false,
"ping": "pong"
}
web-server | SUCCESS => {
"changed": false,
"ping": "pong"
}
Now that we know that Ansible can successfully connect to the instances, let start creating the Ansible playbook file. This Ansible playbook file will be used by the "ansible-playbook" command to run the plays.
cd ~/drupal-ansible
nano playbook.yaml
Populate the file with the following YAML code. Make sure to use correct spacing and indentation. Ansible uses two spaces for each indentation.
---
- hosts: all
gather_facts: true
tasks:
- name: update and upgrade system packages
apt:
upgrade: yes
update_cache: yes
- hosts: db-server
roles:
- mariadb
- hosts: web-server
become: true
roles:
- php
- drupal
- nginx
In this tutorial, we will also break our playbook into four various roles.
Similarly, we will run the roles "php", "drupal", and "nginx" on the server named "web-server".
For details, you can go to this tutorial.
In the previous tutorial of the series, we have already created our playbook which we will run using the Ansible. The playbook itself doesn't do anything but will look for the tasks in roles. In this tutorial, we will start creating the roles for our playbook.
Create a new directory to add the roles in our Ansible playbook by running:
cd ~/drupal-ansible
mkdir roles
In previous tutorials of this series, we have created our playbook file and two of the four roles. In the first part of the tutorial, we looked at creating our project and overriding the default Ansible behavior. In the second part of the tutorial, we have written the plays into roles.
In this final part of the tutorial series, we will create the two remaining roles. Once the playbook is created, we will run the playbook using Ansible.
Websoft9 Drupal is a pre-configured, ready to run image for running Drupal on Alibaba Cloud.Drupal is an open source content management framework (CMF) written in PHP, which consists of content management system (CMS) and PHP development framework (Framework).
Drupal 7 provides a database abstraction API to handle SQL injection attacks in the queries it receives. However, an attacker can construct special requests and use the API to run malicious SQL statements, resulting in privilege escalation, PHP code execution, or other security risks.
Alibaba Cloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.
Alibaba Cloud SSL Certificates Service allows customers to directly apply, purchase and manage SSL certificates on Alibaba Cloud. This service is offered in cooperation with qualified certificate authorities. From this platform, customers can select the expected certificate authority and its certificate products to enjoy full-site HTTPS security solutions.
Learn the basic concept of SSL/TLS and how to choose the proper certificate in Alibaba Cloud to serve your business
Alibaba Cloud Now Supports Data at Rest Encryption with Bring Your Own Key (BYOK)
2,599 posts | 762 followers
FollowAlibaba Clouder - July 12, 2018
Alibaba Clouder - June 3, 2019
Alibaba Clouder - July 12, 2018
Alibaba Clouder - May 31, 2019
Alibaba Clouder - May 31, 2019
Alibaba Clouder - July 12, 2018
2,599 posts | 762 followers
FollowIdentify vulnerabilities and improve security management of Alibaba Cloud WAF and Anti-DDoS and with a fully managed security service
Learn MoreMore Posts by Alibaba Clouder