diff --git a/.release/linux/package/etc/boundary.d/boundary.hcl b/.release/linux/package/etc/boundary.d/boundary.hcl index b5d0766c9b..bef6573048 100644 --- a/.release/linux/package/etc/boundary.d/boundary.hcl +++ b/.release/linux/package/etc/boundary.d/boundary.hcl @@ -1,3 +1,71 @@ -# # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration +# # Note that this is an example config file and is not intended to be functional as-is. +# # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration/controller +# # Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html # disable_mlock = true + +# # Controller configuration block +# controller { +# # This name attr must be unique across all controller instances if running in HA mode +# name = "demo-controller-1" +# description = "A controller for a demo!" + +# # Database URL for postgres. This can be a direct "postgres://" +# # URL, or it can be "file://" to read the contents of a file to +# # supply the url, or "env://" to name an environment variable +# # that contains the URL. +# database { +# url = "postgresql://boundary:boundarydemo@postgres.yourdomain.com:5432/boundary" +# } +# } + +# # API listener configuration block +# listener "tcp" { +# # Should be the address of the NIC that the controller server will be reached on +# address = "10.0.0.1" +# # The purpose of this listener block +# purpose = "api" + +# tls_disable = false + +# # Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s) +# # to appropriate values. +# #cors_enabled = true +# #cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"] +# } + +# # Data-plane listener configuration block (used for worker coordination) +# listener "tcp" { +# # Should be the IP of the NIC that the worker will connect on +# address = "10.0.0.1" +# # The purpose of this listener +# purpose = "cluster" +# } + +# # Root KMS configuration block: this is the root key for Boundary +# # Use a production KMS such as AWS KMS in production installs +# kms "aead" { +# purpose = "root" +# aead_type = "aes-gcm" +# key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung=" +# key_id = "global_root" +# } + +# # Worker authorization KMS +# # Use a production KMS such as AWS KMS for production installs +# # This key is the same key used in the worker configuration +# kms "aead" { +# purpose = "worker-auth" +# aead_type = "aes-gcm" +# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=" +# key_id = "global_worker-auth" +# } + +# # Recovery KMS block: configures the recovery key for Boundary +# # Use a production KMS such as AWS KMS for production installs +# kms "aead" { +# purpose = "recovery" +# aead_type = "aes-gcm" +# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=" +# key_id = "global_recovery" +# } diff --git a/.release/linux/package/etc/boundary.d/controller.hcl b/.release/linux/package/etc/boundary.d/controller.hcl deleted file mode 100644 index 1b7b57a0f8..0000000000 --- a/.release/linux/package/etc/boundary.d/controller.hcl +++ /dev/null @@ -1,71 +0,0 @@ -# # Note that this is an example systemd file and is not intended to be functional as-is. -# # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration/controller - -# # Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html -# # disable_mlock = true - -# # Controller configuration block -# controller { -# # This name attr must be unique across all controller instances if running in HA mode -# name = "demo-controller-1" -# description = "A controller for a demo!" - -# # Database URL for postgres. This can be a direct "postgres://" -# # URL, or it can be "file://" to read the contents of a file to -# # supply the url, or "env://" to name an environment variable -# # that contains the URL. -# database { -# url = "postgresql://boundary:boundarydemo@postgres.yourdomain.com:5432/boundary" -# } -# } - -# # API listener configuration block -# listener "tcp" { -# # Should be the address of the NIC that the controller server will be reached on -# address = "10.0.0.1" -# # The purpose of this listener block -# purpose = "api" - -# tls_disable = false - -# # Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s) -# # to appropriate values. -# #cors_enabled = true -# #cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"] -# } - -# # Data-plane listener configuration block (used for worker coordination) -# listener "tcp" { -# # Should be the IP of the NIC that the worker will connect on -# address = "10.0.0.1" -# # The purpose of this listener -# purpose = "cluster" -# } - -# # Root KMS configuration block: this is the root key for Boundary -# # Use a production KMS such as AWS KMS in production installs -# kms "aead" { -# purpose = "root" -# aead_type = "aes-gcm" -# key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung=" -# key_id = "global_root" -# } - -# # Worker authorization KMS -# # Use a production KMS such as AWS KMS for production installs -# # This key is the same key used in the worker configuration -# kms "aead" { -# purpose = "worker-auth" -# aead_type = "aes-gcm" -# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=" -# key_id = "global_worker-auth" -# } - -# # Recovery KMS block: configures the recovery key for Boundary -# # Use a production KMS such as AWS KMS for production installs -# kms "aead" { -# purpose = "recovery" -# aead_type = "aes-gcm" -# key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=" -# key_id = "global_recovery" -# } diff --git a/.release/linux/package/etc/boundary.d/worker.hcl b/.release/linux/package/etc/boundary.d/worker.hcl index 0c09593136..5ac07e935a 100644 --- a/.release/linux/package/etc/boundary.d/worker.hcl +++ b/.release/linux/package/etc/boundary.d/worker.hcl @@ -1,4 +1,4 @@ -# # Note that this is an example systemd file and is not intended to be functional as-is. +# # Note that this is an example config file and is not intended to be functional as-is. # # Full configuration options can be found at https://www.boundaryproject.io/docs/configuration/worker # listener "tcp" { diff --git a/.release/linux/package/usr/lib/systemd/system/boundary.service b/.release/linux/package/usr/lib/systemd/system/boundary.service index 9682b79afc..617f561796 100644 --- a/.release/linux/package/usr/lib/systemd/system/boundary.service +++ b/.release/linux/package/usr/lib/systemd/system/boundary.service @@ -10,7 +10,7 @@ User=boundary Group=boundary ProtectSystem=full ProtectHome=read-only -ExecStart=/usr/bin/boundary server -config=/etc/boundary.d/%i.hcl +ExecStart=/usr/bin/boundary server -config=/etc/boundary.d/boundary.hcl ExecReload=/bin/kill --signal HUP $MAINPID KillMode=process KillSignal=SIGINT @@ -20,4 +20,4 @@ TimeoutStopSec=30 LimitMEMLOCK=infinity [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target