Deployment to Elastic Beanstalk with Ansible

Question

We are using eb_deployer to deploy to Elastic Beanstalk and we would like to provision each node using .ebextensions and Ansible.

A package created for eb_deployer looks something like this (simplified), it is assembled on the control node with Ansible:

- Procfile
- application.jar
- .ebextensions
    - ansible.config
    - provision.yml
    - roles
        - appdynamics
            - tasks
                - main.yml

ansible.config installs ansible on the Beanstalk node and runs a single playbook:

packages:
  python:
    ansible: []
container_commands:
  ansible:
    command: "ansible-playbook .ebextensions/provision.yml"

provision.yml (simplified) only includes a single role:

- name: provision eb instance
  hosts: localhost
  connection: local
  gather_facts: yes
  roles:
      - role: appdynamics
        controller_host: "example.com"
        controller_port: 443

Now the problem is that appdynamics role uses a variable appdynamics_accesskey which stored in the vault, but the vault password file is stored on the control node. We would like to avoid copying the vault password file from the control machine to the .ebextensions on S3 bucket and then Beanstalk node.

What would you do in such scenario? Maybe there are other tools which are more appropriate in this case?

Answer 1

看来解决此问题的一种方法是启动临时实例，仅在控制计算机上运行ec2_ami对其进行配置 ，使用ec2_ami Ansible模块创建映像，然后使用该映像为自动缩放组配置自定义映像 。