amazon-web-services - 在 "provisioner" block 上的 AWS EC2 实例上运行 Hashicorp Vault 服务器

标签 amazon-web-services amazon-ec2 terraform hashicorp-vault

我正在创建一个 AWS 实例,并且在创建时尝试运行 Vault 服务器。我的问题是创建过程永远不会完成,因为服务器没有在后台运行。这是我的配置:

resource "aws_instance" "web" {
  ami           = "ami-466768ac"
  instance_type = "t2.micro"
  key_name = "my_key"

  tags {
    Name = "Vault"
  }

  provisioner "remote-exec" {

    connection {
      type        = "ssh"
      agent       = false
      user        = "ec2-user"
      private_key = "${file("/path/to/my_key")}"
    }

    inline = [
      "curl -O https://releases.hashicorp.com/vault/0.10.4/vault_0.10.4_linux_amd64.zip",
      "unzip vault_0.10.4_linux_amd64.zip",
      "./vault server -dev -dev-listen-address=0.0.0.0:8200"
    ]
  }

}

基本上,我通过 curl 下载 Vault并运行开发服务器。服务器实际上正在运行(我在终端日志中看到它),但实例创建(由 Terraform)从未完成:
aws_instance.web: Still creating... (40s elapsed)
aws_instance.web: Still creating... (50s elapsed)
aws_instance.web: Still creating... (1m0s elapsed)
aws_instance.web: Still creating... (1m10s elapsed)
aws_instance.web: Still creating... (1m20s elapsed)
aws_instance.web: Still creating... (1m30s elapsed)
...

我试图添加 &在启动 Vault 服务器命令的末尾,为了不阻止 shell,但是,当我这样做时,会创建实例,但实际上并未启动 Vault 服务器。

如何在创建实例时以后台模式启动服务器?

编辑

我也试过 nohup :
nohup ./vault server -dev -dev-listen-address=0.0.0.0:8200

但是当terraform完成时服务器没有启动......

最佳答案

最后,正如@StephenKing 在评论中告诉我的那样,我创建了一个 systemd 服务。这是我的配置:

resource "aws_instance" "web" {
  ami           = "ami-466768ac"
  instance_type = "t2.micro"
  key_name = "my_key"

  tags {
    Name = "Vault"
  }

  //upload vault.service file (systemd unit)
  provisioner "file" {
    connection {
      type        = "ssh"
      agent       = false
      user        = "ec2-user"
      private_key = "${file("/path/to/my/key")}"
    }
    source = "./vault.service"
    destination = "/home/ec2-user/vault.service"
  }

  //download vault and start service
  provisioner "remote-exec" {
    connection {
      type        = "ssh"
      agent       = false
      user        = "ec2-user"
      private_key = "${file("/path/to/my/key")}"
    }
    inline = [
      "curl -O https://releases.hashicorp.com/vault/0.10.4/vault_0.10.4_linux_amd64.zip",
      "unzip vault_0.10.4_linux_amd64.zip",
      "sudo mv /home/ec2-user/vault.service /etc/systemd/system/",
      "sudo systemctl start vault.service"
    ]
  }

}

vault.service 
[Unit]
Description=Vault dev server

[Service]
ExecStart=/home/ec2-user/vault server -dev -dev-listen-address=0.0.0.0:8200

关于amazon-web-services - 在 "provisioner" block 上的 AWS EC2 实例上运行 Hashicorp Vault 服务器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51739984/

上一篇:haskell - 我有哪个软件包版本?

下一篇:algorithmic-trading - 如何找到烛条模式在 2 小时到 15 分钟的时间范围内出现的最大次数

相关文章:

amazon-web-services - 在cloudformation cfn-init中使用linux环境变量

amazon-web-services - AWS VPN NAT'ing

azure - Terraform - Azure 如何创建 B2C 身份提供商

azure - 无法通过 SSH 连接到 Azure 虚拟机

amazon-web-services - 如何在长时间运行的启动脚本中使ECS容器保持事件状态

amazon-web-services - 如果双方 VPC CIDR 范围相同,则 VPC 对等互连?

amazon-web-services - 如何在 AWS CDK 的输入区域部署 Elasticsearch 集群?

linux - 如何从Linux中的文件中获取两列?

apache - 使用负载均衡器重定向 AWS Elastic Beanstalk 上的所有 www 和 http ==>> 非 www https

Azure ACR - 如何通过 terraform 分配服务原则?

©2024 IT工具网  联系我们