Create a new directory to add the roles in our Ansible playbook by running:
cd ~/drupal-ansible
mkdir rolesCreate a new directory for "mariadb" role and subdirectories for tasks, handlers, and templates.
mkdir -p roles/mariadb/{tasks,handlers,templates}Now, create a new YAML file to write the tasks of "mariadb" role.
nano roles/mariadb/tasks/main.yamlThere are several tasks which we will write into the tasks file. We will go through each task to know more about what it does. We will also see the uses of different modules of Ansible.
Note: All the tasks provided below are part of the "main.yaml" file of "drupal" role. Copy and paste the tasks serially until you are instructed to close the file. Tasks are divided in such manner just to explain them. You can click here to check how the whole file should look.
By default, MariaDB listens to the localhost addresses only. In our scenario, we are using one server to host the database server and the other one will be used for installing Drupal. We will need to modify the MariaDB configuration so that it can listen to all address. In our case, the ECS server running Drupal will make queries to the database server instance. The below task will find the line starting with bind-address in the MySQL configuration file /etc/mysql/my.cnf. Upon matching, it will take the backup of the file and will replace the whole line with bind-address = 0.0.0.0. It will then notify the handler to run the job named with restart mariadb.
Finally, create the database for Drupal and also create a new database user having all the privileges over the database we have created.
- name: create a new database for Drupal
mysql_db: name={{ drupal_db_name }} state=present
- name: create a new database user for Drupal
mysql_user: name={{ drupal_db_user }} password={{ drupal_db_pass }}
priv="{{ drupal_db_name }}.*:ALL" state=present host={{ hostvars['web-server']['ansible_default_ipv4']['address'] }}Notice the variable hostvars'web-server'['address'] in the last task. The variable will result in the private IP address of instance named "web-server" which is the instance on which we will install Drupal. This will make sure that our database can be used only from that instance.
Populate the file with the variables we have used in "mariadb" role.
---
# mariadb role variables
mysql_root_pass: VeryStrongPassword
drupal_db_user: drupal-data
drupal_db_name: drupal-user
drupal_db_pass: StrongPassFor details, please go to this tutorial.
In this article, you will get some information on the basics of the Ansible and how Ansible playbook is created.
This tutorial assumes that you have already created both the instance and configured SSH key-based authentication on the instances with the same key. Here are the goals which we will accomplish using Ansible:
In previous tutorials of this series, we have created our playbook file and two of the four roles. In the first part of the tutorial, we looked at creating our project and overriding the default Ansible behavior. In the second part of the tutorial, we have written the plays into roles.
In this final part of the tutorial series, we will create the two remaining roles. Once the playbook is created, we will run the playbook using Ansible.
It is equipped with a potent blend of features and can support a variety of websites ranging from personal blogs to corporate brochures to large community-driven websites.
On June 21, 2017, Drupal officially released a vulnerability numbered CVE-2017-6920, which was rated Critical. The remote code execution vulnerability results from incorrect processing of DrupalCore’s YAML parser. It affects 8.x DrupalCore.
Alibaba Cloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.
Alibaba Cloud SSL Certificates Service allows customers to directly apply, purchase and manage SSL certificates on Alibaba Cloud. This service is offered in cooperation with qualified certificate authorities. From this platform, customers can select the expected certificate authority and its certificate products to enjoy full-site HTTPS security solutions.
The "Alibaba Cloud Technical Operations" course is designed to provide Developers, Technical Operators, Solution Achitecturing Engineers with deployment and management skills for Alibaba Cloud basic products including ECS, OSS, SLB, RDS etc. Moreover, it includes intuitive online labs led by experienced instructors to help you obtain direct hands-on experience on those products's configration and operations.
Alibaba Cloud's "All-in-Cloud" Future: 8 Key Takeaways from the Alibaba Cloud Singapore Summit
2,605 posts | 747 followers
FollowAlibaba Clouder - May 31, 2019
Alibaba Clouder - July 12, 2018
Alibaba Clouder - June 3, 2019
Alibaba Clouder - May 29, 2019
Alibaba Clouder - July 12, 2018
Alibaba Clouder - July 12, 2018
2,605 posts | 747 followers
Follow
Managed Security Service
Identify vulnerabilities and improve security management of Alibaba Cloud WAF and Anti-DDoS and with a fully managed security service
Learn MoreMore Posts by Alibaba Clouder