How to Create Ansible playbook for Deploying Drupal 8


  1. Two Alibaba Cloud ECS instances with Ubuntu 16.04 64-bit installed. You can follow this Quick Start Guide to create the instances. Let’s call the first instance as “web-server” and assume the public IP assigned to the server is “”. We will use this server to install Drupal using Drush on NGINX with PHP 7.2. Similarly, we will call our second server as “db-server” having public IP “”. We will install MariaDB server on this instance to host the Drupal database. Make sure to use SSH Key based authentication rather than password authentication and use the same key for both the instance.
  2. Important: Firewall or Security group rules configured to allow the port “80”, “443” for everyone from the “web-server” instance. For the database server, you will only need to allow access to the private IP address of the “web-server” instance on port “3306”.
  1. Install the PHP 7.2 on the instance “web-server”.
  2. Clone the Drupal 8 and Drush 9 Github repository and install Drupal on the instance “web-server”.
  3. Install the NGINX Web server to host the Drupal site with optional Let’s Encrypt SSL on the instance “web-server”.

Getting Started with Ansible

In this tutorial, I will assume that you have already installed Ansible on your local computer.

mkdir ~/drupal-ansible
cd ~/drupal-ansible
nano ansible.cfg
inventory = hosts
host_key_checking = false
private_key_file = ~/.ssh/aliyun.pem
nano hosts
web-server  ansible_ssh_host= ansible_ssh_user=root
db-server ansible_ssh_host= ansible_ssh_user=root
aliyun@ubuntu:~/drupal-ansible$ ansible all -m ping
db-server | SUCCESS => {
"changed": false,
"ping": "pong"
web-server | SUCCESS => {
"changed": false,
"ping": "pong"
cd ~/drupal-ansible
nano playbook.yaml
- hosts: all
gather_facts: true
- name: update and upgrade system packages
upgrade: yes
update_cache: yes
- hosts: db-server
- mariadb
- hosts: web-server
become: true
- php
- drupal
- nginx
  1. php: This role will add the PPA for PHP 7.2 and then install PHP 7.2 along with the required modules.
  2. drupal: This role will install the latest version of Composer and Git. It will clone the Drush and Drupal repository and will install the dependencies using Composer. Finally, it will install Drupal with the help of Drush.
  3. nginx: This role will install NGINX web-server and configure it to host the Drupal site. If a domain name is provided, it will also install Certbot and generate and install the SSL certificates automatically.
    Once all our systems are updated, we want to proceed to the installation of MariaDB. Notice that on the next block, we have only provided the “db-server” in the hosts. Thus, the tasks in the “mariadb” role will be executed only on the “db-server” host.

Related Blog Posts

Deploying Drupal 8 using Ansible Playbook: Part 2

In the previous tutorial of the series, we have already created our playbook which we will run using the Ansible. The playbook itself doesn’t do anything but will look for the tasks in roles. In this tutorial, we will start creating the roles for our playbook.

cd ~/drupal-ansible
mkdir roles

Deploying Drupal 8 using Ansible Playbook: Part 3

In previous tutorials of this series, we have created our playbook file and two of the four roles. In the first part of the tutorial, we looked at creating our project and overriding the default Ansible behavior. In the second part of the tutorial, we have written the plays into roles.

Related Market Product

Drupal powered by Websoft9(LAMP | CentOS7.4)

Websoft9 Drupal is a pre-configured, ready to run image for running Drupal on Alibaba Cloud.Drupal is an open source content management framework (CMF) written in PHP, which consists of content management system (CMS) and PHP development framework (Framework).

Related Documentation

[Vulnerability notice] SQL injection vulnerability in Drupal

Drupal 7 provides a database abstraction API to handle SQL injection attacks in the queries it receives. However, an attacker can construct special requests and use the API to run malicious SQL statements, resulting in privilege escalation, PHP code execution, or other security risks.

Related Products

Elastic Compute Service

Alibaba Cloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.

Alibaba Cloud SSL Certificates Service

Alibaba Cloud SSL Certificates Service allows customers to directly apply, purchase and manage SSL certificates on Alibaba Cloud. This service is offered in cooperation with qualified certificate authorities. From this platform, customers can select the expected certificate authority and its certificate products to enjoy full-site HTTPS security solutions.

Related Course

Alibaba Cloud SSL Service Introduction

Learn the basic concept of SSL/TLS and how to choose the proper certificate in Alibaba Cloud to serve your business

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.