diff --git a/tasks/install.yml b/tasks/install.yml
index d246696ad9efb102e09e24a97f43f209b12170e5..bea448cb01e6e32e26b32356a4294c2ce1b9ba0c 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -172,24 +172,5 @@
     - crontabs
   tags: 'cron'
 
-- name: "Ensure Database"
-  mysql_db:
-    name='{{ item.db.name }}'
-    state='present'
-  with_items: '{{ drupal.domains }}'
-
-- name: "Create MySQL User"
-  mysql_user:
-    user='{{ item.0.db.username }}'
-    password='{{ item.0.db.password|default(mysql_root_password|default("root")) }}'
-    host='{{ item.1 }}'
-    check_implicit_admin=yes
-    priv='{{ item.0.db.name }}.*:ALL'
-  with_nested:
-    - '{{ drupal.domains }}'
-    - ['localhost', '127.0.0.1', '::1', '{{ inventory_hostname }}']
-  when: item.0.db.username is defined and item.0.db.username != 'root'
-  notify: "MySQL | Restart MySQL"
-
 - name: "Set Extended Permissions"
   command: setfacl -dRm u:{{ apacheUser }}:rwX,g:{{ apacheUser }}:rwX,o::rX {{ webRoot }}/files
diff --git a/tasks/main.yml b/tasks/main.yml
index d11467e8974ef00a47c6bac309797d8e444ed813..9fbdeb90cf399057e9bb71b6a888ad866f9fc19a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,7 +19,15 @@
 
   when: '"letsencrypt" not in excluded_roles'
 
-- name: "Install Drupal"
-  include: install.yml
-  with_items: '{{ drupal_settings }}'
+- block:
+  - name: "Install Drupal"
+    include: install.yml
+    with_items: '{{ drupal_settings }}'
+
+  - name: "Install Drupal Databases and Users"
+    include: mysql.yml
+    with_subelements:
+      - '{{ drupal_settings }}'
+      - domains
+
   when: '"drupal" not in excluded_roles and drupal_install_drupal'
diff --git a/tasks/mysql.yml b/tasks/mysql.yml
new file mode 100644
index 0000000000000000000000000000000000000000..02363dacd009890f54e103d257b0dc2476d2fc7f
--- /dev/null
+++ b/tasks/mysql.yml
@@ -0,0 +1,37 @@
+---
+# file: roles/drupal/tasks/mysql.yml
+
+- block:
+  - set_fact: domain='{{ item.1 }}'
+  - set_fact: port='3306'
+  - set_fact: port='{{ hostvars[item.db.host|default(inventory_hostname)]["ssh_tunnel_ports"][0]["local"] }}'
+    when: hostvars[domain.db.host|default(inventory_hostname)]["ssh_tunnel_ports"] is defined
+  tags: always
+
+- name: "Ensure Database"
+  mysql_db:
+    name='{{ domain.db.name }}'
+    login_user='root'
+    login_password='{{ mysql_root_password|default("root") }}'
+    login_host='127.0.0.1'
+    login_port='{{ port }}'
+    state='present'
+
+- name: "Create MySQL User"
+  mysql_user:
+    user='{{ domain.db.username }}'
+    password='{{ domain.db.password|default(mysql_root_password|default("root")) }}'
+    host='{{ item }}'
+    check_implicit_admin=yes
+    priv='{{ domain.db.name }}.*:ALL'
+    login_user='root'
+    login_password='{{ mysql_root_password|default("root") }}'
+    login_host='127.0.0.1'
+    login_port='{{ port }}'
+  with_items:
+    - 'localhost'
+    - '127.0.0.1'
+    - '::1'
+    - '{{ inventory_hostname }}'
+  when: domain.db.username is defined and domain.db.username != 'root'
+  notify: "MySQL | Restart MySQL"