在使用Terraform创建ec2实例时,我希望将整个pem密钥文件注入到脚本中。
resource "aws_instance" "myinstance" {
...
user_data = base64encode(templatefile(
"${path.module}/userdata.sh", {
conf_tls_private_key = tls_private_key.mykey.private_key_pem
conf_tls_self_signed_cert = tls_self_signed_cert.mykey2.cert_pem
}
))
}
地形文件的实现如上所述。在使用terraform控制台时,我测试了tls_private_key.mykey.private_key_pem表达式,它为我提供了正常的OPENSSH PRIVATE KEY格式。
❯ tf console
> tls_private_key.boundary.private_key_pem
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAql5ImjYHynOkQGWL0DGT/3FGCIM6gouUi57MllyZCztzrBwp
FtWe+zJNWWjAu+WeyESqSnzmdFRnUiIqqo4Fq98yvF3+pjsbSMsC9s4H4wz/gp4o
ZzYXja4u7fBWGFMUKfU53M6zZS0FL0QQ/Tgt9u+p9q6HlyhtxiNKY0e3aX4xdCMH
QSrBLBIHLlpapkl/bvWk1xkSPEPNkNHbTvBd+3z2iWtxANEqO6ARItCCI+DcGyWP
W1FIwwKFBftNQAgxfs2pxdSnqpoaHSi4M9XjY7r7bADUItf9zpAy+PbqJr+F3Bzc
然而,当userdata.sh在ec2中执行时,它会给出如下错误。
/var/lib/cloud/instance/scripts/part-001: line 8: RSA: command not found
/var/lib/cloud/instance/scripts/part-001: line 9: MIIEogIBAAKCAQEAql5ImjYHynOkQGWL0DGT/3FGCIM6gouUi57MllyZCztzrBwp: No such file or directory
/var/lib/cloud/instance/scripts/part-001: line 10: FtWe+zJNWWjAu+WeyESqSnzmdFRnUiIqqo4Fq98yvF3+pjsbSMsC9s4H4wz/gp4o: No such file or directory
/var/lib/cloud/instance/scripts/part-001: line 11: ZzYXja4u7fBWGFMUKfU53M6zZS0FL0QQ/Tgt9u+p9q6HlyhtxiNKY0e3aX4xdCMH: No such file or directory
/var/lib/cloud/instance/scripts/part-001: line 12: QSrBLBIHLlpapkl/bvWk1xkSPEPNkNHbTvBd+3z2iWtxANEqO6ARItCCI+DcGyWP: No such file or directory
/var/lib/cloud/instance/scripts/part-001: line 13: W1FIwwKFBftNQAgxfs2pxdSnqpoaHSi4M9XjY7r7bADUItf9zpAy+PbqJr+F3Bzc: command not found
文件中的每一行似乎都被解释为一个命令,这不是我想要的。
导致问题的userdata.sh中的代码如下所示。
echo $conf_tls_private_key | sudo tee "/etc/pki/tls/boundary/boundary.key"
有什么我不知道的,或者有什么我可以解决这个问题的吗?非常感谢!
如果可以,我建议您检查以下使用heredoc的userdata.sh版本:
#!/bin/bash
tee /etc/pki/tls/boundary/boundary.key << END
${conf_tls_private_key}
END
这应该是使用tee将多行字符串写入/etc/pki/tls/boundary/boundary.key并将其输出到stdout的更自然的方式。