I'm facing difficulty when I am trying to upload an SSL certificate on Amazon EC2 instance. I have my private key and also server certificate obtained from CA. But when I configure it in .config file of apache and restart the server, it fails. When I validate the YAML format (http://yaml-online-parser.appspot.com/) it throws the below error,
当我试图在Amazon EC2实例上上传SSL证书时,我遇到了困难。我有我的私钥和从CA获得的服务器证书,但是当我在apache .config文件中配置它并重新启动服务器时,它失败了。当我验证YAML格式(http://yaml-online-parser.appspot.com/)时,它会抛出以下错误,
while scanning a simple key
in "<unicode string>", line 51, column 1:
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYD ...
^
could not found expected ':'
in "<unicode string>", line 52, column 1:
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdp ...
^
Below is my .config file syntax which is valid YAML format. It breaks with above error when I put my actual KEY and CERTIFICATE (PEM Format) Content here.
下面是我的.config文件语法,它是有效的YAML格式。当我将实际的密钥和证书(PEM格式)的内容放在这里时,它会打破上面的错误。
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
packages:
yum:
mod_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ServerName www.mydomain.com
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
MIID5jCCAs4CCQCNEX8DqNboazANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSwwKgYD
VQQKDCNCSFNBVkkgQ2FiIFNlcnZpY2VzIFByaXZhdGUgTGltaXRlZDELMAkGA1UE
CwwCSVQxGTAXBgNVBAMMECoudGF4aWNpcmNsZS5jb20xJzAlBgkqhkiG9w0BCQEW
GHByYXNoYW50aEBteW9mZmljZWNhYi5pbjAeFw0xNjAyMDgxNDQ1MzdaFw0xNzAy
MDcxNDQ1MzdaMIG0MQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIw
EAYDVQQHDAlCZW5nYWx1cnUxLDAqBgNVBAoMI0JIU0FWSSBDYWIgU2VydmljZXMg
UHJpdmF0ZSBMaW1pdGVkMQswCQYDVQQLDAJJVDEZMBcGA1UEAwwQKi50YXhpY2ly
Y2xlLmNvbTEnMCUGCSqGSIb3DQEJARYYcHJhc2hhbnRoQG15b2ZmaWNlY2FiLmlu
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvogqbCp8t0UcL9Uspcme
drEF4FBynok2YoSkPfMKBZQ+0m+079ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwK
kszBcmhlYLK5WUCkKHjjxyBaEkU6VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjI
ghjlxcaduLXoheIaDQ/GvS8XXR0+kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ
/TuwgAvZExwzxD+pOr/PauEUmHFIqqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPh
GvAwf+1CMTNq9ThCSRb/UuEKjCwLr7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDT
mwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBICHhx4ozMBcBtUYss9/4Id0aN2GPr
eJLONRKp7gN60NfxiLdl3zI0pIwvrV5/J6mWdyHcGmbBm43bzpKiesG1k7q3ERhY
V7NahaXfMu+hdEtCnwrWgCQa7G1qGX6RyscgCIkBWq87RTAsJjMqXuGDFUiPUezj
12wPQXq0N5F7+abCM5KllZ3lTIuuWV/T5jxFH+SHV+hc5osrWZxipMEOYIG2Ndeg
/RTRO9QflHB/uN7ZaIZWsWHP0dPud6nX92xdWiknz6Sem3sm4698MKATeC6MSHq0
z9J//0wwLdGL5zGipAew6Yu6E/vexTaseQWCAkvN0urWDIJwU+3N2ls7
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvogqbCp8t0UcL9UspcmedrEF4FBynok2YoSkPfMKBZQ+0m+0
79ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwKkszBcmhlYLK5WUCkKHjjxyBaEkU6
VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjIghjlxcaduLXoheIaDQ/GvS8XXR0+
kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ/TuwgAvZExwzxD+pOr/PauEUmHFI
qqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPhGvAwf+1CMTNq9ThCSRb/UuEKjCwL
r7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDTmwIDAQABAoIBAQCRSVe//232elaS
CuXuzZ1uOHKYp/+e8FZuLWLockl0E6UL5m58bVdwDeIslJfr+SIdUAtrceXEvtEa
UOn9f77YThY83WpgoChB7M7Apd5a20qToAJpMI46Gt5uOqa12WZoRoHuGwu85FyK
dECqvunWepHLjDZ8wQm7/buLtjn/y3YVGkUvldBzjK56TnKIu6VOiDIHUdgGfR9T
LNZAnnoGQ49WDGy96n3bmBIbTCOGunNOhvnnQFR4XhN/Q9LuQqDb3tEGK8a2CpMM
JjHcAGdsJv3kTvmQDOUG0ety0mRvHhu4CZc3AVcRnvQ0e7l3p2d5SZ3YiXBtzEUb
8w5PejZRAoGBAN/ygKKdJ8Np8kPvIEwu3s8nBG0xbyO4Xkua6fsL/Ks8JbVQCucg
QWrAEL1d1L8nNCY1kxFU2nNk74pBwxXa4SdzcYHjLAnbu9YcrqxUM8tSESbytrzJ
ouYmbVDS7TlLzYGd6a5a42MMudVHhPKHkzbTW1/xeuseBGD5u9/VMv/FAoGBANnN
UD0yYYtdeonwhW7LIXyHAirs45gJ35Vvh89BeEOndEVgPWtSw9t6XQ69xWsAtlDU
G7I3Z9sNeb7cO1Z1au1NqaPgtihOrGCIIjRNKVBf9PuKIosbHy3wab6RuVMbumVw
rPC3sL31TKMzbMZH6FMRLT0DH7EWvEHNeBJxBVvfAoGAH8MWKXoenKGXIbl1nDh9
k2XWQ+Jh/+/zN8fl7Zw6ntKuCnQqx7MUdB5/gUwgk2ftBopMrIWbYghrzPEcySm9
C0pdS+27Xj6S+oAg6gIbQngGRL7h2g7DEt9aW78+tASjRgHulbMAUxkH9k7pdThz
UbBSYl4ub9BXEKX61nk3fX0CgYAt1sE5b/4Jl83vdBiRHd1ZWQzCvgKUgBd3WvbJ
Tu0hx/93jm6+xLeF3LXzIUuIXqkAT/PYSULpXmeuHKm8Y4/yi7LVU7jiuNQcqOoR
+d9lFBz6R7NHdZjVUVDgE8leTWqoaNNtAiwHfrX3bx5IiN/Dg8zyl1K3MaLDcpv/
vZu0HwKBgQCcJ4bw2MEeaJd6KY5pUu+g/rcId5SyIwzZyEwIJ6ai26Nw2pg3hbVv
x6VyMeI559AJevBdrCHx+5F0whaBnIw6/Ccld09+onrDD95lHdMtjvcZqKkX/dC3
rXdRtDphGUdjScgRnV1KL7KU/xgB0xQLYq/SrZSVuXrQB7bMQx/puA==
-----END RSA PRIVATE KEY-----
container_commands:
killhttpd:
command: "killall httpd"
waitforhttpddeath:
command: "sleep 3"
Any help is appreciated.
任何帮助都是感激。
2 个解决方案
#1
1
In YAML whitespaces and correct indentation is part of syntax.
在YAML中,空格和正确的缩进是语法的一部分。
In line 50 and 57, you need to add two additional spaces before multiline string. This way it won't be treated as key.
在第50行和第57行中,需要在多行字符串之前添加两个额外的空格。这样它就不会被当作钥匙。
-----BEGIN CERTIFICATE-----<my crt content>-----END CERTIFICATE----- # add two spaces in front
Same thing in line 57:
同样的事情在第57行:
-----BEGIN RSA PRIVATE KEY-----<my private key content>-----END RSA PRIVATE KEY----- #two additional spaces in front
#2
1
Your example file has multiple indentation issues that need more than two lines changed to get into acceptable YAML:
您的示例文件有多个缩进问题,需要修改超过两行才能进入可接受的YAML:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
packages:
yum:
mod_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ServerName www.mydomain.com
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
MIID5jCCAs4CCQCNEX8DqNboazANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSwwKgYD
VQQKDCNCSFNBVkkgQ2FiIFNlcnZpY2VzIFByaXZhdGUgTGltaXRlZDELMAkGA1UE
CwwCSVQxGTAXBgNVBAMMECoudGF4aWNpcmNsZS5jb20xJzAlBgkqhkiG9w0BCQEW
GHByYXNoYW50aEBteW9mZmljZWNhYi5pbjAeFw0xNjAyMDgxNDQ1MzdaFw0xNzAy
MDcxNDQ1MzdaMIG0MQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIw
EAYDVQQHDAlCZW5nYWx1cnUxLDAqBgNVBAoMI0JIU0FWSSBDYWIgU2VydmljZXMg
UHJpdmF0ZSBMaW1pdGVkMQswCQYDVQQLDAJJVDEZMBcGA1UEAwwQKi50YXhpY2ly
Y2xlLmNvbTEnMCUGCSqGSIb3DQEJARYYcHJhc2hhbnRoQG15b2ZmaWNlY2FiLmlu
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvogqbCp8t0UcL9Uspcme
drEF4FBynok2YoSkPfMKBZQ+0m+079ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwK
kszBcmhlYLK5WUCkKHjjxyBaEkU6VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjI
ghjlxcaduLXoheIaDQ/GvS8XXR0+kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ
/TuwgAvZExwzxD+pOr/PauEUmHFIqqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPh
GvAwf+1CMTNq9ThCSRb/UuEKjCwLr7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDT
mwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBICHhx4ozMBcBtUYss9/4Id0aN2GPr
eJLONRKp7gN60NfxiLdl3zI0pIwvrV5/J6mWdyHcGmbBm43bzpKiesG1k7q3ERhY
V7NahaXfMu+hdEtCnwrWgCQa7G1qGX6RyscgCIkBWq87RTAsJjMqXuGDFUiPUezj
12wPQXq0N5F7+abCM5KllZ3lTIuuWV/T5jxFH+SHV+hc5osrWZxipMEOYIG2Ndeg
/RTRO9QflHB/uN7ZaIZWsWHP0dPud6nX92xdWiknz6Sem3sm4698MKATeC6MSHq0
z9J//0wwLdGL5zGipAew6Yu6E/vexTaseQWCAkvN0urWDIJwU+3N2ls7
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvogqbCp8t0UcL9UspcmedrEF4FBynok2YoSkPfMKBZQ+0m+0
79ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwKkszBcmhlYLK5WUCkKHjjxyBaEkU6
VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjIghjlxcaduLXoheIaDQ/GvS8XXR0+
kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ/TuwgAvZExwzxD+pOr/PauEUmHFI
qqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPhGvAwf+1CMTNq9ThCSRb/UuEKjCwL
r7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDTmwIDAQABAoIBAQCRSVe//232elaS
CuXuzZ1uOHKYp/+e8FZuLWLockl0E6UL5m58bVdwDeIslJfr+SIdUAtrceXEvtEa
UOn9f77YThY83WpgoChB7M7Apd5a20qToAJpMI46Gt5uOqa12WZoRoHuGwu85FyK
dECqvunWepHLjDZ8wQm7/buLtjn/y3YVGkUvldBzjK56TnKIu6VOiDIHUdgGfR9T
LNZAnnoGQ49WDGy96n3bmBIbTCOGunNOhvnnQFR4XhN/Q9LuQqDb3tEGK8a2CpMM
JjHcAGdsJv3kTvmQDOUG0ety0mRvHhu4CZc3AVcRnvQ0e7l3p2d5SZ3YiXBtzEUb
8w5PejZRAoGBAN/ygKKdJ8Np8kPvIEwu3s8nBG0xbyO4Xkua6fsL/Ks8JbVQCucg
QWrAEL1d1L8nNCY1kxFU2nNk74pBwxXa4SdzcYHjLAnbu9YcrqxUM8tSESbytrzJ
ouYmbVDS7TlLzYGd6a5a42MMudVHhPKHkzbTW1/xeuseBGD5u9/VMv/FAoGBANnN
UD0yYYtdeonwhW7LIXyHAirs45gJ35Vvh89BeEOndEVgPWtSw9t6XQ69xWsAtlDU
G7I3Z9sNeb7cO1Z1au1NqaPgtihOrGCIIjRNKVBf9PuKIosbHy3wab6RuVMbumVw
rPC3sL31TKMzbMZH6FMRLT0DH7EWvEHNeBJxBVvfAoGAH8MWKXoenKGXIbl1nDh9
k2XWQ+Jh/+/zN8fl7Zw6ntKuCnQqx7MUdB5/gUwgk2ftBopMrIWbYghrzPEcySm9
C0pdS+27Xj6S+oAg6gIbQngGRL7h2g7DEt9aW78+tASjRgHulbMAUxkH9k7pdThz
UbBSYl4ub9BXEKX61nk3fX0CgYAt1sE5b/4Jl83vdBiRHd1ZWQzCvgKUgBd3WvbJ
Tu0hx/93jm6+xLeF3LXzIUuIXqkAT/PYSULpXmeuHKm8Y4/yi7LVU7jiuNQcqOoR
+d9lFBz6R7NHdZjVUVDgE8leTWqoaNNtAiwHfrX3bx5IiN/Dg8zyl1K3MaLDcpv/
vZu0HwKBgQCcJ4bw2MEeaJd6KY5pUu+g/rcId5SyIwzZyEwIJ6ai26Nw2pg3hbVv
x6VyMeI559AJevBdrCHx+5F0whaBnIw6/Ccld09+onrDD95lHdMtjvcZqKkX/dC3
rXdRtDphGUdjScgRnV1KL7KU/xgB0xQLYq/SrZSVuXrQB7bMQx/puA==
-----END RSA PRIVATE KEY-----
container_commands:
killhttpd:
command: "killall httpd"
waitforhttpddeath:
command: "sleep 3"
All of the lines under a literal block style scalar ( introduced by the | in content: | need to be indented more than the initial letter of the previous line (i.e. more than the indentation of c).
一个字块样式标量的所有行(由|在内容中引入:|需要缩进比前一行的初始字母(也就是c的缩进更多)。
And defining:
和定义:
Resources:
sslSecurityGroupIngress:
will give Resources a value of None/null, if you want the value to be a mapping again you have to indent the key of that mapping.
将为资源赋值为None/null,如果您希望该值再次成为映射,则必须缩进映射的键。
Resources:
sslSecurityGroupIngress:
#1
1
In YAML whitespaces and correct indentation is part of syntax.
在YAML中,空格和正确的缩进是语法的一部分。
In line 50 and 57, you need to add two additional spaces before multiline string. This way it won't be treated as key.
在第50行和第57行中,需要在多行字符串之前添加两个额外的空格。这样它就不会被当作钥匙。
-----BEGIN CERTIFICATE-----<my crt content>-----END CERTIFICATE----- # add two spaces in front
Same thing in line 57:
同样的事情在第57行:
-----BEGIN RSA PRIVATE KEY-----<my private key content>-----END RSA PRIVATE KEY----- #two additional spaces in front
#2
1
Your example file has multiple indentation issues that need more than two lines changed to get into acceptable YAML:
您的示例文件有多个缩进问题,需要修改超过两行才能进入可接受的YAML:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
packages:
yum:
mod_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ServerName www.mydomain.com
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
MIID5jCCAs4CCQCNEX8DqNboazANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSwwKgYD
VQQKDCNCSFNBVkkgQ2FiIFNlcnZpY2VzIFByaXZhdGUgTGltaXRlZDELMAkGA1UE
CwwCSVQxGTAXBgNVBAMMECoudGF4aWNpcmNsZS5jb20xJzAlBgkqhkiG9w0BCQEW
GHByYXNoYW50aEBteW9mZmljZWNhYi5pbjAeFw0xNjAyMDgxNDQ1MzdaFw0xNzAy
MDcxNDQ1MzdaMIG0MQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIw
EAYDVQQHDAlCZW5nYWx1cnUxLDAqBgNVBAoMI0JIU0FWSSBDYWIgU2VydmljZXMg
UHJpdmF0ZSBMaW1pdGVkMQswCQYDVQQLDAJJVDEZMBcGA1UEAwwQKi50YXhpY2ly
Y2xlLmNvbTEnMCUGCSqGSIb3DQEJARYYcHJhc2hhbnRoQG15b2ZmaWNlY2FiLmlu
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvogqbCp8t0UcL9Uspcme
drEF4FBynok2YoSkPfMKBZQ+0m+079ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwK
kszBcmhlYLK5WUCkKHjjxyBaEkU6VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjI
ghjlxcaduLXoheIaDQ/GvS8XXR0+kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ
/TuwgAvZExwzxD+pOr/PauEUmHFIqqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPh
GvAwf+1CMTNq9ThCSRb/UuEKjCwLr7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDT
mwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBICHhx4ozMBcBtUYss9/4Id0aN2GPr
eJLONRKp7gN60NfxiLdl3zI0pIwvrV5/J6mWdyHcGmbBm43bzpKiesG1k7q3ERhY
V7NahaXfMu+hdEtCnwrWgCQa7G1qGX6RyscgCIkBWq87RTAsJjMqXuGDFUiPUezj
12wPQXq0N5F7+abCM5KllZ3lTIuuWV/T5jxFH+SHV+hc5osrWZxipMEOYIG2Ndeg
/RTRO9QflHB/uN7ZaIZWsWHP0dPud6nX92xdWiknz6Sem3sm4698MKATeC6MSHq0
z9J//0wwLdGL5zGipAew6Yu6E/vexTaseQWCAkvN0urWDIJwU+3N2ls7
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvogqbCp8t0UcL9UspcmedrEF4FBynok2YoSkPfMKBZQ+0m+0
79ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwKkszBcmhlYLK5WUCkKHjjxyBaEkU6
VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjIghjlxcaduLXoheIaDQ/GvS8XXR0+
kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ/TuwgAvZExwzxD+pOr/PauEUmHFI
qqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPhGvAwf+1CMTNq9ThCSRb/UuEKjCwL
r7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDTmwIDAQABAoIBAQCRSVe//232elaS
CuXuzZ1uOHKYp/+e8FZuLWLockl0E6UL5m58bVdwDeIslJfr+SIdUAtrceXEvtEa
UOn9f77YThY83WpgoChB7M7Apd5a20qToAJpMI46Gt5uOqa12WZoRoHuGwu85FyK
dECqvunWepHLjDZ8wQm7/buLtjn/y3YVGkUvldBzjK56TnKIu6VOiDIHUdgGfR9T
LNZAnnoGQ49WDGy96n3bmBIbTCOGunNOhvnnQFR4XhN/Q9LuQqDb3tEGK8a2CpMM
JjHcAGdsJv3kTvmQDOUG0ety0mRvHhu4CZc3AVcRnvQ0e7l3p2d5SZ3YiXBtzEUb
8w5PejZRAoGBAN/ygKKdJ8Np8kPvIEwu3s8nBG0xbyO4Xkua6fsL/Ks8JbVQCucg
QWrAEL1d1L8nNCY1kxFU2nNk74pBwxXa4SdzcYHjLAnbu9YcrqxUM8tSESbytrzJ
ouYmbVDS7TlLzYGd6a5a42MMudVHhPKHkzbTW1/xeuseBGD5u9/VMv/FAoGBANnN
UD0yYYtdeonwhW7LIXyHAirs45gJ35Vvh89BeEOndEVgPWtSw9t6XQ69xWsAtlDU
G7I3Z9sNeb7cO1Z1au1NqaPgtihOrGCIIjRNKVBf9PuKIosbHy3wab6RuVMbumVw
rPC3sL31TKMzbMZH6FMRLT0DH7EWvEHNeBJxBVvfAoGAH8MWKXoenKGXIbl1nDh9
k2XWQ+Jh/+/zN8fl7Zw6ntKuCnQqx7MUdB5/gUwgk2ftBopMrIWbYghrzPEcySm9
C0pdS+27Xj6S+oAg6gIbQngGRL7h2g7DEt9aW78+tASjRgHulbMAUxkH9k7pdThz
UbBSYl4ub9BXEKX61nk3fX0CgYAt1sE5b/4Jl83vdBiRHd1ZWQzCvgKUgBd3WvbJ
Tu0hx/93jm6+xLeF3LXzIUuIXqkAT/PYSULpXmeuHKm8Y4/yi7LVU7jiuNQcqOoR
+d9lFBz6R7NHdZjVUVDgE8leTWqoaNNtAiwHfrX3bx5IiN/Dg8zyl1K3MaLDcpv/
vZu0HwKBgQCcJ4bw2MEeaJd6KY5pUu+g/rcId5SyIwzZyEwIJ6ai26Nw2pg3hbVv
x6VyMeI559AJevBdrCHx+5F0whaBnIw6/Ccld09+onrDD95lHdMtjvcZqKkX/dC3
rXdRtDphGUdjScgRnV1KL7KU/xgB0xQLYq/SrZSVuXrQB7bMQx/puA==
-----END RSA PRIVATE KEY-----
container_commands:
killhttpd:
command: "killall httpd"
waitforhttpddeath:
command: "sleep 3"
All of the lines under a literal block style scalar ( introduced by the | in content: | need to be indented more than the initial letter of the previous line (i.e. more than the indentation of c).
一个字块样式标量的所有行(由|在内容中引入:|需要缩进比前一行的初始字母(也就是c的缩进更多)。
And defining:
和定义:
Resources:
sslSecurityGroupIngress:
will give Resources a value of None/null, if you want the value to be a mapping again you have to indent the key of that mapping.
将为资源赋值为None/null,如果您希望该值再次成为映射,则必须缩进映射的键。
Resources:
sslSecurityGroupIngress: