Reputation: 1935
Deployment with Ansible in Jenkins pipeline
I have an Ansible playbook to deploy a java application (jar) on AWS EC2. I would like to use it inside a Jenkins pipeline as 'Deploy' step. To deploy on EC2, I need the downloaded private ssh key when the instance was created.
I have 2 choices :
- Install ansible on the machine hosting Jenkins, insert the private SSH key in Jenkins, and use ansible-playbook plugin to deploy my app
- Take a base docker image with ansible installed, extend it by inserting my private SSH key, and use this docker image to deploy my app
From a security point of view, what is best ?
Upvotes: 1
Views: 911
Answers (1)
Reputation: 327
For option 1, it's recommended to create a new user account, e.g. jenkins in the EC2 instance without sudo privilege, or at least passcode protected sudo And it's a good scenario that using Ansible to manage those users accounts, it limits usage of the super key created by AWS
While for option 2, Docker is a good scenario of immutable deployment, which means the configuration should be determined even before the image is ready, so that Ansible is not quite useful in this scenario. Different conf means different images to be created Maybe you still use Ansible to manage those DockerFiles rather than initiate Ansible and interact with the application itself
The 2 options look quite different from each other in terms of how you design your system more than security concern
Do let me know you need more clarification
Upvotes: 1
Related Questions
- Error trying to install Ansible in Jenkins image
- Ansible prompt with jenkins job
- Jenkins Job status is SUCCESS but Ansible playbook fails
- run ansible playbook on jenkins pipeline
- Executing Ansible Playbook using Jenkins
- docker build inside official jenkins container
- Configure Jenkins job to install Docker via ansible
- using ansible for provisioning docker containers
- enabling jenkins for continuous delivery with ansible
- Ansible vs Jenkins