YAML 解析器错误:找不到预期的:在 <unicode 字符串>

【问题标题】:YAML Parser Error: could not found expected : in <unicode string>YAML 解析器错误:找不到预期的:在 <unicode 字符串>
【发布时间】:2017-03-17 00:35:00
【问题描述】:

当我尝试在 Amazon EC2 实例上上传 SSL 证书时遇到困难。我有我的私钥以及从 CA 获得的服务器证书。但是当我在 apache 的 .config 文件中配置它并重新启动服务器时,它失败了。 当我验证 YAML 格式 (http://yaml-online-parser.appspot.com/) 时,它会引发以下错误,

while scanning a simple key
in "<unicode string>", line 51, column 1:
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYD ... 
^
could not found expected ':'
in "<unicode string>", line 52, column 1:
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdp ... 
^

以下是我的 .config 文件语法,它是有效的 YAML 格式。当我将实际的 KEY 和 CERTIFICATE (PEM 格式) 内容放在这里时,它会因上述错误而中断。

Resources:
sslSecurityGroupIngress: 
Type: AWS::EC2::SecurityGroupIngress
Properties:
  GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
  IpProtocol: tcp
  ToPort: 443
  FromPort: 443
  CidrIp: 0.0.0.0/0

packages:
 yum:
    mod_ssl : []

files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
  LoadModule ssl_module modules/mod_ssl.so
  Listen 443
  <VirtualHost *:443>
    <Proxy *>
     Order deny,allow
     Allow from all
    </Proxy>
ServerName            www.mydomain.com
SSLEngine             on
SSLCertificateFile    "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite        EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol           All -SSLv2 -SSLv3
SSLHonorCipherOrder   On

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff

LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>

/etc/pki/tls/certs/server.crt:
  mode: "000400"
  owner: root
  group: root
  content: |
  -----BEGIN CERTIFICATE-----
MIID5jCCAs4CCQCNEX8DqNboazANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSwwKgYD
VQQKDCNCSFNBVkkgQ2FiIFNlcnZpY2VzIFByaXZhdGUgTGltaXRlZDELMAkGA1UE
CwwCSVQxGTAXBgNVBAMMECoudGF4aWNpcmNsZS5jb20xJzAlBgkqhkiG9w0BCQEW
GHByYXNoYW50aEBteW9mZmljZWNhYi5pbjAeFw0xNjAyMDgxNDQ1MzdaFw0xNzAy
MDcxNDQ1MzdaMIG0MQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIw
EAYDVQQHDAlCZW5nYWx1cnUxLDAqBgNVBAoMI0JIU0FWSSBDYWIgU2VydmljZXMg
UHJpdmF0ZSBMaW1pdGVkMQswCQYDVQQLDAJJVDEZMBcGA1UEAwwQKi50YXhpY2ly
Y2xlLmNvbTEnMCUGCSqGSIb3DQEJARYYcHJhc2hhbnRoQG15b2ZmaWNlY2FiLmlu
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvogqbCp8t0UcL9Uspcme
drEF4FBynok2YoSkPfMKBZQ+0m+079ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwK
kszBcmhlYLK5WUCkKHjjxyBaEkU6VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjI
ghjlxcaduLXoheIaDQ/GvS8XXR0+kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ
/TuwgAvZExwzxD+pOr/PauEUmHFIqqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPh
GvAwf+1CMTNq9ThCSRb/UuEKjCwLr7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDT
mwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBICHhx4ozMBcBtUYss9/4Id0aN2GPr
eJLONRKp7gN60NfxiLdl3zI0pIwvrV5/J6mWdyHcGmbBm43bzpKiesG1k7q3ERhY
V7NahaXfMu+hdEtCnwrWgCQa7G1qGX6RyscgCIkBWq87RTAsJjMqXuGDFUiPUezj
12wPQXq0N5F7+abCM5KllZ3lTIuuWV/T5jxFH+SHV+hc5osrWZxipMEOYIG2Ndeg
/RTRO9QflHB/uN7ZaIZWsWHP0dPud6nX92xdWiknz6Sem3sm4698MKATeC6MSHq0
z9J//0wwLdGL5zGipAew6Yu6E/vexTaseQWCAkvN0urWDIJwU+3N2ls7
-----END CERTIFICATE-----

/etc/pki/tls/certs/server.key:
 mode: "000400"
 owner: root
 group: root
 content: |
  -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvogqbCp8t0UcL9UspcmedrEF4FBynok2YoSkPfMKBZQ+0m+0
79ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwKkszBcmhlYLK5WUCkKHjjxyBaEkU6
VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjIghjlxcaduLXoheIaDQ/GvS8XXR0+
kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ/TuwgAvZExwzxD+pOr/PauEUmHFI
qqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPhGvAwf+1CMTNq9ThCSRb/UuEKjCwL
r7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDTmwIDAQABAoIBAQCRSVe//232elaS
CuXuzZ1uOHKYp/+e8FZuLWLockl0E6UL5m58bVdwDeIslJfr+SIdUAtrceXEvtEa
UOn9f77YThY83WpgoChB7M7Apd5a20qToAJpMI46Gt5uOqa12WZoRoHuGwu85FyK
dECqvunWepHLjDZ8wQm7/buLtjn/y3YVGkUvldBzjK56TnKIu6VOiDIHUdgGfR9T
LNZAnnoGQ49WDGy96n3bmBIbTCOGunNOhvnnQFR4XhN/Q9LuQqDb3tEGK8a2CpMM
JjHcAGdsJv3kTvmQDOUG0ety0mRvHhu4CZc3AVcRnvQ0e7l3p2d5SZ3YiXBtzEUb
8w5PejZRAoGBAN/ygKKdJ8Np8kPvIEwu3s8nBG0xbyO4Xkua6fsL/Ks8JbVQCucg
QWrAEL1d1L8nNCY1kxFU2nNk74pBwxXa4SdzcYHjLAnbu9YcrqxUM8tSESbytrzJ
ouYmbVDS7TlLzYGd6a5a42MMudVHhPKHkzbTW1/xeuseBGD5u9/VMv/FAoGBANnN
UD0yYYtdeonwhW7LIXyHAirs45gJ35Vvh89BeEOndEVgPWtSw9t6XQ69xWsAtlDU
G7I3Z9sNeb7cO1Z1au1NqaPgtihOrGCIIjRNKVBf9PuKIosbHy3wab6RuVMbumVw
rPC3sL31TKMzbMZH6FMRLT0DH7EWvEHNeBJxBVvfAoGAH8MWKXoenKGXIbl1nDh9
k2XWQ+Jh/+/zN8fl7Zw6ntKuCnQqx7MUdB5/gUwgk2ftBopMrIWbYghrzPEcySm9
C0pdS+27Xj6S+oAg6gIbQngGRL7h2g7DEt9aW78+tASjRgHulbMAUxkH9k7pdThz
UbBSYl4ub9BXEKX61nk3fX0CgYAt1sE5b/4Jl83vdBiRHd1ZWQzCvgKUgBd3WvbJ
Tu0hx/93jm6+xLeF3LXzIUuIXqkAT/PYSULpXmeuHKm8Y4/yi7LVU7jiuNQcqOoR
+d9lFBz6R7NHdZjVUVDgE8leTWqoaNNtAiwHfrX3bx5IiN/Dg8zyl1K3MaLDcpv/
vZu0HwKBgQCcJ4bw2MEeaJd6KY5pUu+g/rcId5SyIwzZyEwIJ6ai26Nw2pg3hbVv
x6VyMeI559AJevBdrCHx+5F0whaBnIw6/Ccld09+onrDD95lHdMtjvcZqKkX/dC3
rXdRtDphGUdjScgRnV1KL7KU/xgB0xQLYq/SrZSVuXrQB7bMQx/puA==
-----END RSA PRIVATE KEY-----

container_commands:
  killhttpd:
    command: "killall httpd"
  waitforhttpddeath:
    command: "sleep 3"

感谢任何帮助。

【问题讨论】:

  • 能否请您生成新的(假)密钥,然后发布完整的 yaml 文件?
  • 上面用假钥匙更新了。

标签: amazon-web-services tomcat ssl amazon-ec2 yaml


【解决方案1】:

在 YAML 中,空格和正确的缩进是语法的一部分。

在第 50 和 57 行,您需要在多行字符串之前添加两个额外的空格。这样它就不会被视为关键。

  -----BEGIN CERTIFICATE-----<my crt content>-----END CERTIFICATE----- # add two spaces in front

第 57 行也是这样:

  -----BEGIN RSA PRIVATE KEY-----<my private key content>-----END RSA  PRIVATE KEY----- #two additional spaces in front

【讨论】:

    【解决方案2】:

    您的示例文件有多个缩进问题,需要更改两行以上才能进入可接受的 YAML:

    Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
Properties:
  GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
  IpProtocol: tcp
  ToPort: 443
  FromPort: 443
  CidrIp: 0.0.0.0/0

packages:
  yum:
    mod_ssl : []

files:
  /etc/httpd/conf.d/ssl.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      LoadModule ssl_module modules/mod_ssl.so
      Listen 443
      <VirtualHost *:443>
        <Proxy *>
         Order deny,allow
         Allow from all
        </Proxy>
      ServerName            www.mydomain.com
      SSLEngine             on
      SSLCertificateFile    "/etc/pki/tls/certs/server.crt"
      SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
      SSLCipherSuite        EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
      SSLProtocol           All -SSLv2 -SSLv3
      SSLHonorCipherOrder   On

      Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
      Header always set X-Frame-Options DENY
      Header always set X-Content-Type-Options nosniff

      LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
      ErrorLog /var/log/httpd/elasticbeanstalk-error_log
      TransferLog /var/log/httpd/elasticbeanstalk-access_log
      </VirtualHost>

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      MIID5jCCAs4CCQCNEX8DqNboazANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMC
      SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSwwKgYD
      VQQKDCNCSFNBVkkgQ2FiIFNlcnZpY2VzIFByaXZhdGUgTGltaXRlZDELMAkGA1UE
      CwwCSVQxGTAXBgNVBAMMECoudGF4aWNpcmNsZS5jb20xJzAlBgkqhkiG9w0BCQEW
      GHByYXNoYW50aEBteW9mZmljZWNhYi5pbjAeFw0xNjAyMDgxNDQ1MzdaFw0xNzAy
      MDcxNDQ1MzdaMIG0MQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIw
      EAYDVQQHDAlCZW5nYWx1cnUxLDAqBgNVBAoMI0JIU0FWSSBDYWIgU2VydmljZXMg
      UHJpdmF0ZSBMaW1pdGVkMQswCQYDVQQLDAJJVDEZMBcGA1UEAwwQKi50YXhpY2ly
      Y2xlLmNvbTEnMCUGCSqGSIb3DQEJARYYcHJhc2hhbnRoQG15b2ZmaWNlY2FiLmlu
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvogqbCp8t0UcL9Uspcme
      drEF4FBynok2YoSkPfMKBZQ+0m+079ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwK
      kszBcmhlYLK5WUCkKHjjxyBaEkU6VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjI
      ghjlxcaduLXoheIaDQ/GvS8XXR0+kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ
      /TuwgAvZExwzxD+pOr/PauEUmHFIqqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPh
      GvAwf+1CMTNq9ThCSRb/UuEKjCwLr7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDT
      mwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBICHhx4ozMBcBtUYss9/4Id0aN2GPr
      eJLONRKp7gN60NfxiLdl3zI0pIwvrV5/J6mWdyHcGmbBm43bzpKiesG1k7q3ERhY
      V7NahaXfMu+hdEtCnwrWgCQa7G1qGX6RyscgCIkBWq87RTAsJjMqXuGDFUiPUezj
      12wPQXq0N5F7+abCM5KllZ3lTIuuWV/T5jxFH+SHV+hc5osrWZxipMEOYIG2Ndeg
      /RTRO9QflHB/uN7ZaIZWsWHP0dPud6nX92xdWiknz6Sem3sm4698MKATeC6MSHq0
      z9J//0wwLdGL5zGipAew6Yu6E/vexTaseQWCAkvN0urWDIJwU+3N2ls7
      -----END CERTIFICATE-----

  /etc/pki/tls/certs/server.key:
   mode: "000400"
   owner: root
   group: root
   content: |
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpAIBAAKCAQEAvogqbCp8t0UcL9UspcmedrEF4FBynok2YoSkPfMKBZQ+0m+0
    79ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwKkszBcmhlYLK5WUCkKHjjxyBaEkU6
    VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjIghjlxcaduLXoheIaDQ/GvS8XXR0+
    kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ/TuwgAvZExwzxD+pOr/PauEUmHFI
    qqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPhGvAwf+1CMTNq9ThCSRb/UuEKjCwL
    r7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDTmwIDAQABAoIBAQCRSVe//232elaS
    CuXuzZ1uOHKYp/+e8FZuLWLockl0E6UL5m58bVdwDeIslJfr+SIdUAtrceXEvtEa
    UOn9f77YThY83WpgoChB7M7Apd5a20qToAJpMI46Gt5uOqa12WZoRoHuGwu85FyK
    dECqvunWepHLjDZ8wQm7/buLtjn/y3YVGkUvldBzjK56TnKIu6VOiDIHUdgGfR9T
    LNZAnnoGQ49WDGy96n3bmBIbTCOGunNOhvnnQFR4XhN/Q9LuQqDb3tEGK8a2CpMM
    JjHcAGdsJv3kTvmQDOUG0ety0mRvHhu4CZc3AVcRnvQ0e7l3p2d5SZ3YiXBtzEUb
    8w5PejZRAoGBAN/ygKKdJ8Np8kPvIEwu3s8nBG0xbyO4Xkua6fsL/Ks8JbVQCucg
    QWrAEL1d1L8nNCY1kxFU2nNk74pBwxXa4SdzcYHjLAnbu9YcrqxUM8tSESbytrzJ
    ouYmbVDS7TlLzYGd6a5a42MMudVHhPKHkzbTW1/xeuseBGD5u9/VMv/FAoGBANnN
    UD0yYYtdeonwhW7LIXyHAirs45gJ35Vvh89BeEOndEVgPWtSw9t6XQ69xWsAtlDU
    G7I3Z9sNeb7cO1Z1au1NqaPgtihOrGCIIjRNKVBf9PuKIosbHy3wab6RuVMbumVw
    rPC3sL31TKMzbMZH6FMRLT0DH7EWvEHNeBJxBVvfAoGAH8MWKXoenKGXIbl1nDh9
    k2XWQ+Jh/+/zN8fl7Zw6ntKuCnQqx7MUdB5/gUwgk2ftBopMrIWbYghrzPEcySm9
    C0pdS+27Xj6S+oAg6gIbQngGRL7h2g7DEt9aW78+tASjRgHulbMAUxkH9k7pdThz
    UbBSYl4ub9BXEKX61nk3fX0CgYAt1sE5b/4Jl83vdBiRHd1ZWQzCvgKUgBd3WvbJ
    Tu0hx/93jm6+xLeF3LXzIUuIXqkAT/PYSULpXmeuHKm8Y4/yi7LVU7jiuNQcqOoR
    +d9lFBz6R7NHdZjVUVDgE8leTWqoaNNtAiwHfrX3bx5IiN/Dg8zyl1K3MaLDcpv/
    vZu0HwKBgQCcJ4bw2MEeaJd6KY5pUu+g/rcId5SyIwzZyEwIJ6ai26Nw2pg3hbVv
    x6VyMeI559AJevBdrCHx+5F0whaBnIw6/Ccld09+onrDD95lHdMtjvcZqKkX/dC3
    rXdRtDphGUdjScgRnV1KL7KU/xgB0xQLYq/SrZSVuXrQB7bMQx/puA==
    -----END RSA PRIVATE KEY-----

container_commands:
  killhttpd:
    command: "killall httpd"
  waitforhttpddeath:
    command: "sleep 3"

    文字块样式标量下的所有行(由content: | 中的| 引入的行需要缩进多于前一行的首字母(即多于c 的缩进)。

    并定义:

    Resources:
sslSecurityGroupIngress:

    会给Resources 一个None/null 值,如果您希望该值再次成为映射,则必须缩进该映射的键。

    Resources:
  sslSecurityGroupIngress:

    【讨论】:

    • 感谢您强调这些问题。哪个是处理 YAML 结构的最佳编辑器?
    • @Prashanth 我通常使用 emacs(在 Linux 上),它的 YAML 模式不是 100% 但可以使用。我不使用编辑器生成更大的新文档,我以编程方式收集部分并转储 YAML,经常在此过程中更新 YAML 文件。我使用ruamel.yaml(我是作者),它允许我转储这些文字块标量,并在 YAML 文件中保留 cmets。
    猜你喜欢
    • 1970-01-01
    • 2021-09-14
    • 2017-10-16
    • 1970-01-01
    • 2015-09-15
    • 1970-01-01
    • 2021-02-04
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode