We are using eb_deployer to deploy to Elastic Beanstalk and we would like to provision each node using .ebextensions and Ansible.
A package created for eb_deployer
looks something like this (simplified), it is assembled on the control node with Ansible:
- Procfile
- application.jar
- .ebextensions
- ansible.config
- provision.yml
- roles
- appdynamics
- tasks
- main.yml
ansible.config
installs ansible
on the Beanstalk node and runs a single playbook:
packages:
python:
ansible: []
container_commands:
ansible:
command: "ansible-playbook .ebextensions/provision.yml"
provision.yml
(simplified) only includes a single role:
- name: provision eb instance
hosts: localhost
connection: local
gather_facts: yes
roles:
- role: appdynamics
controller_host: "example.com"
controller_port: 443
Now the problem is that appdynamics
role uses a variable appdynamics_accesskey
which stored in the vault, but the vault password file is stored on the control node. We would like to avoid copying the vault password file from the control machine to the .ebextensions
on S3 bucket and then Beanstalk node.
What would you do in such scenario? Maybe there are other tools which are more appropriate in this case?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.