I was investigating whether you could provision a droplet and a db at the same time before my time ran out. It would be best to have the droplet and the database communicating over a virtual private network, so that we can close any connections to the db except for the app. To do this would require creating a VPC during the new-do-droplet tasks, storing its unique ID as a variable, and then using that variable in the creation of the db. However, this creates a unique connection string to use for the app to communicate to the db and I wasn't sure how to store that in like an inventory vault file as part of the db creation. You might find that you want to create the database first, set it up, and then provision the droplet to connect to it--so trying to do it as a single ansible playbook may not be practical.
Hopefully this pr gives inspiration on where to go next, though.
This is an incomplete example that is useful hopefully for illustration on provisioning a managed database with ansible.
It uses the digital ocean community module which has a database option. It would work similar to the existing new-do-droplet role.
I was investigating whether you could provision a droplet and a db at the same time before my time ran out. It would be best to have the droplet and the database communicating over a virtual private network, so that we can close any connections to the db except for the app. To do this would require creating a VPC during the new-do-droplet tasks, storing its unique ID as a variable, and then using that variable in the creation of the db. However, this creates a unique connection string to use for the app to communicate to the db and I wasn't sure how to store that in like an inventory vault file as part of the db creation. You might find that you want to create the database first, set it up, and then provision the droplet to connect to it--so trying to do it as a single ansible playbook may not be practical.
Hopefully this pr gives inspiration on where to go next, though.