From 2fe77e630e3fe7d9183f723722529e15e0977602 Mon Sep 17 00:00:00 2001
From: Phil Porada <pgporada@users.noreply.github.com>
Date: Tue, 9 Jan 2024 16:46:44 -0500
Subject: [PATCH] Add additional service resolution strategy to consul doc
 (#7244)

While working on https://github.com/letsencrypt/boulder/pull/7238, I dug
into why the consul services config has, for example, `[ca-a, ca-b]` in
addition to `[ca1, ca2]`. Boulder test configs use `ca.service.consul`
which will return both CAs (`[ca-a, ca-b]`). For `[ca1, ca2]` though, a
grpc load balancing [integration
test](https://github.com/letsencrypt/boulder/blob/a55bf19ea062febc94b5054a004e447aa5b3a6bd/test/integration-test.py#L121-L143)
individually targets services such as to verify that each backend is
working correctly.
---
 test/consul/README.md | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/test/consul/README.md b/test/consul/README.md
index 59e18e8ce..23d08bc8a 100644
--- a/test/consul/README.md
+++ b/test/consul/README.md
@@ -6,7 +6,8 @@ in-memory server and client with persistence disabled for ease of use.
 
 - Open `./test/consul/config.hcl`
 - Add a `services` stanza for each IP address and (optional) port combination
-  you wish to have returned as an DNS record.
+  you wish to have returned as an DNS record. The following stanza will return
+  two records when resolving `foo-purger`.
   ([docs](https://www.consul.io/docs/discovery/services)).
   
   ```hcl
@@ -24,6 +25,24 @@ in-memory server and client with persistence disabled for ease of use.
     port    = 1338
   }
   ```
+- To target individual `foo-purger`'s, add these additional `service` sections
+  which allow resolving `foo-purger-1` and `foo-purger-2` respectively.
+
+  ```hcl
+  services {
+    id      = "foo-purger-1"
+    name    = "foo-purger-1"
+    address = "10.77.77.77"
+    port    = 1338
+  }
+
+  services {
+    id      = "foo-purger-2"
+    name    = "foo-purger-2"
+    address = "10.88.88.88"
+    port    = 1338
+  }
+  ```
 - For RFC 2782 (SRV RR) lookups to work ensure you that you add a tag for the
   supported protocol (usually `"tcp"` and or `"udp"`) to the `tags` field.
   Consul implemented the the `Proto` field as a tag filter for SRV RR lookups.
@@ -68,4 +87,4 @@ For testing DNS resolution locally using `dig` you'll need to add the following:
 ```
 
 The next time you bring the container up you should be able to access the web UI
-at http://127.0.0.1:8500.
\ No newline at end of file
+at http://127.0.0.1:8500.