systemd: merge controller/worker config examples (#3342)

Our systemd setup included both a controller and worker
configuration example, and a %i templated config file meant
to be used to determine which to use. For ease of use, merge
the two config files into a predictably named "boundary.hcl".
pull/3355/head
Johan Brandhorst-Satzkorn 3 years ago committed by GitHub
parent 7de0a299e4
commit f698f2a442
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,3 +1,71 @@
# # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration
# # Note that this is an example config file and is not intended to be functional as-is.
# # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration/controller
# # Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html
# disable_mlock = true
# # Controller configuration block
# controller {
# # This name attr must be unique across all controller instances if running in HA mode
# name = "demo-controller-1"
# description = "A controller for a demo!"
# # Database URL for postgres. This can be a direct "postgres://"
# # URL, or it can be "file://" to read the contents of a file to
# # supply the url, or "env://" to name an environment variable
# # that contains the URL.
# database {
# url = "postgresql://boundary:boundarydemo@postgres.yourdomain.com:5432/boundary"
# }
# }
# # API listener configuration block
# listener "tcp" {
# # Should be the address of the NIC that the controller server will be reached on
# address = "10.0.0.1"
# # The purpose of this listener block
# purpose = "api"
# tls_disable = false
# # Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s)
# # to appropriate values.
# #cors_enabled = true
# #cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"]
# }
# # Data-plane listener configuration block (used for worker coordination)
# listener "tcp" {
# # Should be the IP of the NIC that the worker will connect on
# address = "10.0.0.1"
# # The purpose of this listener
# purpose = "cluster"
# }
# # Root KMS configuration block: this is the root key for Boundary
# # Use a production KMS such as AWS KMS in production installs
# kms "aead" {
# purpose = "root"
# aead_type = "aes-gcm"
# key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
# key_id = "global_root"
# }
# # Worker authorization KMS
# # Use a production KMS such as AWS KMS for production installs
# # This key is the same key used in the worker configuration
# kms "aead" {
# purpose = "worker-auth"
# aead_type = "aes-gcm"
# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
# key_id = "global_worker-auth"
# }
# # Recovery KMS block: configures the recovery key for Boundary
# # Use a production KMS such as AWS KMS for production installs
# kms "aead" {
# purpose = "recovery"
# aead_type = "aes-gcm"
# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
# key_id = "global_recovery"
# }

@ -1,71 +0,0 @@
# # Note that this is an example systemd file and is not intended to be functional as-is.
# # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration/controller
# # Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html
# # disable_mlock = true
# # Controller configuration block
# controller {
# # This name attr must be unique across all controller instances if running in HA mode
# name = "demo-controller-1"
# description = "A controller for a demo!"
# # Database URL for postgres. This can be a direct "postgres://"
# # URL, or it can be "file://" to read the contents of a file to
# # supply the url, or "env://" to name an environment variable
# # that contains the URL.
# database {
# url = "postgresql://boundary:boundarydemo@postgres.yourdomain.com:5432/boundary"
# }
# }
# # API listener configuration block
# listener "tcp" {
# # Should be the address of the NIC that the controller server will be reached on
# address = "10.0.0.1"
# # The purpose of this listener block
# purpose = "api"
# tls_disable = false
# # Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s)
# # to appropriate values.
# #cors_enabled = true
# #cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"]
# }
# # Data-plane listener configuration block (used for worker coordination)
# listener "tcp" {
# # Should be the IP of the NIC that the worker will connect on
# address = "10.0.0.1"
# # The purpose of this listener
# purpose = "cluster"
# }
# # Root KMS configuration block: this is the root key for Boundary
# # Use a production KMS such as AWS KMS in production installs
# kms "aead" {
# purpose = "root"
# aead_type = "aes-gcm"
# key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
# key_id = "global_root"
# }
# # Worker authorization KMS
# # Use a production KMS such as AWS KMS for production installs
# # This key is the same key used in the worker configuration
# kms "aead" {
# purpose = "worker-auth"
# aead_type = "aes-gcm"
# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
# key_id = "global_worker-auth"
# }
# # Recovery KMS block: configures the recovery key for Boundary
# # Use a production KMS such as AWS KMS for production installs
# kms "aead" {
# purpose = "recovery"
# aead_type = "aes-gcm"
# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
# key_id = "global_recovery"
# }

@ -1,4 +1,4 @@
# # Note that this is an example systemd file and is not intended to be functional as-is.
# # Note that this is an example config file and is not intended to be functional as-is.
# # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration/worker
# listener "tcp" {

@ -10,7 +10,7 @@ User=boundary
Group=boundary
ProtectSystem=full
ProtectHome=read-only
ExecStart=/usr/bin/boundary server -config=/etc/boundary.d/%i.hcl
ExecStart=/usr/bin/boundary server -config=/etc/boundary.d/boundary.hcl
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
@ -20,4 +20,4 @@ TimeoutStopSec=30
LimitMEMLOCK=infinity
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target

Loading…
Cancel
Save