Split Boulder Config (OCSP Updater) (#2013)

2016-07-06 07:00:52 -07:00 · 2016-07-06 07:00:52 -07:00 · 653cc004d0
parent cb45bdea67
commit 653cc004d0
7 changed files with 190 additions and 120 deletions
--- a/cmd/config.go
+++ b/cmd/config.go
@ -74,8 +74,6 @@ type Config struct {
 		ShutdownKillTimeout string
 	}

-	OCSPUpdater OCSPUpdaterConfig
-
 	PA PAConfig

 	Common struct {
--- a/cmd/ocsp-updater/main.go
+++ b/cmd/ocsp-updater/main.go
@ -4,8 +4,10 @@ import (
 	"crypto/x509"
 	"database/sql"
 	"encoding/base64"
+	"flag"
 	"fmt"
 	"net/url"
+	"os"
 	"path"
 	"time"

@ -547,6 +549,21 @@ func (l *looper) loop() error {

 const clientName = "OCSP"

+type config struct {
+	OCSPUpdater cmd.OCSPUpdaterConfig
+
+	cmd.StatsdConfig
+
+	cmd.SyslogConfig
+
+	Common struct {
+		IssuerCert string
+		CT         struct {
+			Logs []cmd.LogDescription
+		}
+	}
+}
+
 func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Statter) (
 	core.CertificateAuthority,
 	core.Publisher,
@ -571,50 +588,61 @@ func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Statter) (
 }

 func main() {
-	app := cmd.NewAppShell("ocsp-updater", "Generates and updates OCSP responses")
-
-	app.Action = func(c cmd.Config, stats metrics.Statter, auditlogger blog.Logger) {
-		conf := c.OCSPUpdater
-		go cmd.DebugServer(conf.DebugAddr)
-		go cmd.ProfileCmd("OCSP-Updater", stats)
-
-		// Configure DB
-		dbURL, err := conf.DBConfig.URL()
-		cmd.FailOnError(err, "Couldn't load DB URL")
-		dbMap, err := sa.NewDbMap(dbURL, conf.DBConfig.MaxDBConns)
-		cmd.FailOnError(err, "Could not connect to database")
-		go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "OCSPUpdater"))
-
-		cac, pubc, sac := setupClients(conf, stats)
-
-		updater, err := newUpdater(
-			stats,
-			clock.Default(),
-			dbMap,
-			cac,
-			pubc,
-			sac,
-			// Necessary evil for now
-			conf,
-			len(c.Common.CT.Logs),
-			c.Common.IssuerCert,
-			auditlogger,
-		)
-
-		cmd.FailOnError(err, "Failed to create updater")
-
-		for _, l := range updater.loops {
-			go func(loop *looper) {
-				err = loop.loop()
-				if err != nil {
-					auditlogger.AuditErr(err.Error())
-				}
-			}(l)
-		}
-
-		// Sleep forever (until signaled)
-		select {}
+	configFile := flag.String("config", "", "File path to the configuration file for this service")
+	flag.Parse()
+	if *configFile == "" {
+		flag.Usage()
+		os.Exit(1)
 	}

-	app.Run()
+	var c config
+	err := cmd.ReadJSONFile(*configFile, &c)
+	cmd.FailOnError(err, "Reading JSON config file into config structure")
+
+	conf := c.OCSPUpdater
+
+	go cmd.DebugServer(conf.DebugAddr)
+
+	stats, auditlogger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig)
+	defer auditlogger.AuditPanic()
+	auditlogger.Info(cmd.VersionString(clientName))
+
+	go cmd.ProfileCmd("OCSP-Updater", stats)
+
+	// Configure DB
+	dbURL, err := conf.DBConfig.URL()
+	cmd.FailOnError(err, "Couldn't load DB URL")
+	dbMap, err := sa.NewDbMap(dbURL, conf.DBConfig.MaxDBConns)
+	cmd.FailOnError(err, "Could not connect to database")
+	go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "OCSPUpdater"))
+
+	cac, pubc, sac := setupClients(conf, stats)
+
+	updater, err := newUpdater(
+		stats,
+		clock.Default(),
+		dbMap,
+		cac,
+		pubc,
+		sac,
+		// Necessary evil for now
+		conf,
+		len(c.Common.CT.Logs),
+		c.Common.IssuerCert,
+		auditlogger,
+	)
+
+	cmd.FailOnError(err, "Failed to create updater")
+
+	for _, l := range updater.loops {
+		go func(loop *looper) {
+			err = loop.loop()
+			if err != nil {
+				auditlogger.AuditErr(err.Error())
+			}
+		}(l)
+	}
+
+	// Sleep forever (until signaled)
+	select {}
 }
--- a/cmd/shell.go
+++ b/cmd/shell.go
@ -97,9 +97,6 @@ func (as *AppShell) Run() {
 		if config.Mailer.AMQP == nil {
 			config.Mailer.AMQP = config.AMQP
 		}
-		if config.OCSPUpdater.AMQP == nil {
-			config.OCSPUpdater.AMQP = config.AMQP
-		}
 		if config.OCSPResponder.AMQP == nil {
 			config.OCSPResponder.AMQP = config.AMQP
 		}
--- a/test/boulder-config-next.json
+++ b/test/boulder-config-next.json
@ -45,43 +45,6 @@
    "debugAddr": "localhost:8005"
  },

-  "ocspUpdater": {
-    "dbConnectFile": "test/secrets/ocsp_updater_dburl",
-    "maxDBConns": 10,
-    "newCertificateWindow": "1s",
-    "oldOCSPWindow": "2s",
-    "missingSCTWindow": "1m",
-    "revokedCertificateWindow": "1s",
-    "newCertificateBatchSize": 1000,
-    "oldOCSPBatchSize": 5000,
-    "missingSCTBatchSize": 5000,
-    "revokedCertificateBatchSize": 1000,
-    "ocspMinTimeToExpiry": "72h",
-    "oldestIssuedSCT": "72h",
-    "signFailureBackoffFactor": 1.2,
-    "signFailureBackoffMax": "30m",
-    "debugAddr": "localhost:8006",
-    "publisher": {
-      "serverAddresses": ["boulder:9091"],
-      "serverIssuerPath": "test/grpc-creds/ca.pem",
-      "clientCertificatePath": "test/grpc-creds/client.pem",
-      "clientKeyPath": "test/grpc-creds/key.pem",
-      "timeout": "10s"
-    },
-    "amqp": {
-      "serverURLFile": "test/secrets/amqp_url",
-      "insecure": true,
-      "SA": {
-        "server": "SA.server",
-        "rpcTimeout": "15s"
-      },
-      "CA": {
-        "server": "CA.server",
-        "rpcTimeout": "15s"
-      }
-    }
-  },
-
  "mailer": {
    "server": "localhost",
    "port": "9380",
--- a/test/boulder-config.json
+++ b/test/boulder-config.json
@ -46,40 +46,6 @@
    "debugAddr": "localhost:8005"
  },

-  "ocspUpdater": {
-    "dbConnectFile": "test/secrets/ocsp_updater_dburl",
-    "maxDBConns": 10,
-    "newCertificateWindow": "1s",
-    "oldOCSPWindow": "2s",
-    "missingSCTWindow": "1m",
-    "revokedCertificateWindow": "1s",
-    "newCertificateBatchSize": 1000,
-    "oldOCSPBatchSize": 5000,
-    "missingSCTBatchSize": 5000,
-    "revokedCertificateBatchSize": 1000,
-    "ocspMinTimeToExpiry": "72h",
-    "oldestIssuedSCT": "72h",
-    "signFailureBackoffFactor": 1.2,
-    "signFailureBackoffMax": "30m",
-    "debugAddr": "localhost:8006",
-    "amqp": {
-      "serverURLFile": "test/secrets/amqp_url",
-      "insecure": true,
-      "SA": {
-        "server": "SA.server",
-        "rpcTimeout": "15s"
-      },
-      "CA": {
-        "server": "CA.server",
-        "rpcTimeout": "15s"
-      },
-      "Publisher": {
-        "server": "Publisher.server",
-        "rpcTimeout": "15s"
-      }
-    }
-  },
-
  "mailer": {
    "server": "localhost",
    "port": "9380",
--- a/test/config-next/ocsp-updater.json
+++ b/test/config-next/ocsp-updater.json
@ -0,0 +1,60 @@
+{
+  "ocspUpdater": {
+    "dbConnectFile": "test/secrets/ocsp_updater_dburl",
+    "maxDBConns": 10,
+    "newCertificateWindow": "1s",
+    "oldOCSPWindow": "2s",
+    "missingSCTWindow": "1m",
+    "revokedCertificateWindow": "1s",
+    "newCertificateBatchSize": 1000,
+    "oldOCSPBatchSize": 5000,
+    "missingSCTBatchSize": 5000,
+    "revokedCertificateBatchSize": 1000,
+    "ocspMinTimeToExpiry": "72h",
+    "oldestIssuedSCT": "72h",
+    "signFailureBackoffFactor": 1.2,
+    "signFailureBackoffMax": "30m",
+    "debugAddr": "localhost:8006",
+    "publisher": {
+      "serverAddresses": ["boulder:9091"],
+      "serverIssuerPath": "test/grpc-creds/ca.pem",
+      "clientCertificatePath": "test/grpc-creds/client.pem",
+      "clientKeyPath": "test/grpc-creds/key.pem",
+      "timeout": "10s"
+    },
+    "amqp": {
+      "serverURLFile": "test/secrets/amqp_url",
+      "insecure": true,
+      "SA": {
+        "server": "SA.server",
+        "rpcTimeout": "15s"
+      },
+      "CA": {
+        "server": "CA.server",
+        "rpcTimeout": "15s"
+      }
+    }
+  },
+
+  "statsd": {
+    "server": "localhost:8125",
+    "prefix": "Boulder"
+  },
+
+  "syslog": {
+    "stdoutlevel": 6,
+    "sysloglevel": 4
+  },
+
+  "common": {
+    "issuerCert": "test/test-ca.pem",
+    "ct": {
+      "logs": [
+        {
+          "uri": "http://127.0.0.1:4500",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYggOxPnPkzKBIhTacSYoIfnSL2jPugcbUKx83vFMvk5gKAz/AGe87w20riuPwEGn229hKVbEKHFB61NIqNHC3Q=="
+        }
+      ]
+    }
+  }
+}
--- a/test/config/ocsp-updater.json
+++ b/test/config/ocsp-updater.json
@ -0,0 +1,58 @@
+{
+  "ocspUpdater": {
+    "dbConnectFile": "test/secrets/ocsp_updater_dburl",
+    "maxDBConns": 10,
+    "newCertificateWindow": "1s",
+    "oldOCSPWindow": "2s",
+    "missingSCTWindow": "1m",
+    "revokedCertificateWindow": "1s",
+    "newCertificateBatchSize": 1000,
+    "oldOCSPBatchSize": 5000,
+    "missingSCTBatchSize": 5000,
+    "revokedCertificateBatchSize": 1000,
+    "ocspMinTimeToExpiry": "72h",
+    "oldestIssuedSCT": "72h",
+    "signFailureBackoffFactor": 1.2,
+    "signFailureBackoffMax": "30m",
+    "debugAddr": "localhost:8006",
+    "amqp": {
+      "serverURLFile": "test/secrets/amqp_url",
+      "insecure": true,
+      "SA": {
+        "server": "SA.server",
+        "rpcTimeout": "15s"
+      },
+      "CA": {
+        "server": "CA.server",
+        "rpcTimeout": "15s"
+      },
+      "Publisher": {
+        "server": "Publisher.server",
+        "rpcTimeout": "15s"
+      }
+    }
+  },
+
+  "statsd": {
+    "server": "localhost:8125",
+    "prefix": "Boulder"
+  },
+
+  "syslog": {
+    "network": "",
+    "server": "",
+    "stdoutlevel": 6
+  },
+
+  "common": {
+    "issuerCert": "test/test-ca.pem",
+    "ct": {
+      "logs": [
+        {
+          "uri": "http://127.0.0.1:4500",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYggOxPnPkzKBIhTacSYoIfnSL2jPugcbUKx83vFMvk5gKAz/AGe87w20riuPwEGn229hKVbEKHFB61NIqNHC3Q=="
+        }
+      ]
+    }
+  }
+}