我有这种userdata.sh(请参见下文)用于启动 EC2 实例。但是,hcl 文件无法解释 shell 脚本变量。
我打算设置tls_disable = true,但这部分一直被跳过,因为 hcl 似乎无法解释BOUNDARY_TLS_DISABLED这个变量。任何帮助将不胜感激!
#!/bin/bash
BOUNDARY_TLS_DISABLED=true
...
cat > /home/ubuntu/boundary-worker.hcl << EOF
listener "tcp" {
address = "$BOUNDARY_PRIVATE_IP:9202"
purpose = "proxy"
%{ if "$BOUNDARY_TLS_DISABLED" == true }
tls_disable = true
%{ else }
tls_disable = false
tls_cert_file = "$BOUNDARY_TLS_CERT_PATH"
tls_key_file = "$BOUNDARY_TLS_KEY_PATH"
%{ endif }
#proxy_protocol_behavior = "allow_authorized"
#proxy_protocol_authorized_addrs = "127.0.0.1"
}
worker {
# Name attr must be unique
public_addr = "$BOUNDARY_PUBLIC_IP"
name = "demo-worker-$BOUNDARY_NAME_SUFFIX"
description = "A default worker created for demonstration"
controllers = [
$NEW_VAR
]
}
%{ if "$BOUNDARY_KMS_TYPE" == "aws" }
kms "awskms" {
purpose = "worker-auth"
key_id = "global_root"
kms_key_id = "$BOUNDARY_KMS_WORKER_AUTH_KEY_ID"
}
%{ else }
kms "aead" {
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}
%{ endif }
EOF
sudo mv /home/ubuntu/boundary-worker.hcl /etc/boundary-worker.hcl