From 653cc004d0f0fab99ab0bbf06b6c19df541b1755 Mon Sep 17 00:00:00 2001 From: Ben Irving Date: Wed, 6 Jul 2016 07:00:52 -0700 Subject: [PATCH] Split Boulder Config (OCSP Updater) (#2013) --- cmd/config.go | 2 - cmd/ocsp-updater/main.go | 116 ++++++++++++++++++----------- cmd/shell.go | 3 - test/boulder-config-next.json | 37 --------- test/boulder-config.json | 34 --------- test/config-next/ocsp-updater.json | 60 +++++++++++++++ test/config/ocsp-updater.json | 58 +++++++++++++++ 7 files changed, 190 insertions(+), 120 deletions(-) create mode 100644 test/config-next/ocsp-updater.json create mode 100644 test/config/ocsp-updater.json diff --git a/cmd/config.go b/cmd/config.go index 1dc1baf28..b70416fa5 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -74,8 +74,6 @@ type Config struct { ShutdownKillTimeout string } - OCSPUpdater OCSPUpdaterConfig - PA PAConfig Common struct { diff --git a/cmd/ocsp-updater/main.go b/cmd/ocsp-updater/main.go index b871e9545..7bfa7a646 100644 --- a/cmd/ocsp-updater/main.go +++ b/cmd/ocsp-updater/main.go @@ -4,8 +4,10 @@ import ( "crypto/x509" "database/sql" "encoding/base64" + "flag" "fmt" "net/url" + "os" "path" "time" @@ -547,6 +549,21 @@ func (l *looper) loop() error { const clientName = "OCSP" +type config struct { + OCSPUpdater cmd.OCSPUpdaterConfig + + cmd.StatsdConfig + + cmd.SyslogConfig + + Common struct { + IssuerCert string + CT struct { + Logs []cmd.LogDescription + } + } +} + func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Statter) ( core.CertificateAuthority, core.Publisher, @@ -571,50 +588,61 @@ func setupClients(c cmd.OCSPUpdaterConfig, stats metrics.Statter) ( } func main() { - app := cmd.NewAppShell("ocsp-updater", "Generates and updates OCSP responses") - - app.Action = func(c cmd.Config, stats metrics.Statter, auditlogger blog.Logger) { - conf := c.OCSPUpdater - go cmd.DebugServer(conf.DebugAddr) - go cmd.ProfileCmd("OCSP-Updater", stats) - - // Configure DB - dbURL, err := conf.DBConfig.URL() - cmd.FailOnError(err, "Couldn't load DB URL") - dbMap, err := sa.NewDbMap(dbURL, conf.DBConfig.MaxDBConns) - cmd.FailOnError(err, "Could not connect to database") - go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "OCSPUpdater")) - - cac, pubc, sac := setupClients(conf, stats) - - updater, err := newUpdater( - stats, - clock.Default(), - dbMap, - cac, - pubc, - sac, - // Necessary evil for now - conf, - len(c.Common.CT.Logs), - c.Common.IssuerCert, - auditlogger, - ) - - cmd.FailOnError(err, "Failed to create updater") - - for _, l := range updater.loops { - go func(loop *looper) { - err = loop.loop() - if err != nil { - auditlogger.AuditErr(err.Error()) - } - }(l) - } - - // Sleep forever (until signaled) - select {} + configFile := flag.String("config", "", "File path to the configuration file for this service") + flag.Parse() + if *configFile == "" { + flag.Usage() + os.Exit(1) } - app.Run() + var c config + err := cmd.ReadJSONFile(*configFile, &c) + cmd.FailOnError(err, "Reading JSON config file into config structure") + + conf := c.OCSPUpdater + + go cmd.DebugServer(conf.DebugAddr) + + stats, auditlogger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig) + defer auditlogger.AuditPanic() + auditlogger.Info(cmd.VersionString(clientName)) + + go cmd.ProfileCmd("OCSP-Updater", stats) + + // Configure DB + dbURL, err := conf.DBConfig.URL() + cmd.FailOnError(err, "Couldn't load DB URL") + dbMap, err := sa.NewDbMap(dbURL, conf.DBConfig.MaxDBConns) + cmd.FailOnError(err, "Could not connect to database") + go sa.ReportDbConnCount(dbMap, metrics.NewStatsdScope(stats, "OCSPUpdater")) + + cac, pubc, sac := setupClients(conf, stats) + + updater, err := newUpdater( + stats, + clock.Default(), + dbMap, + cac, + pubc, + sac, + // Necessary evil for now + conf, + len(c.Common.CT.Logs), + c.Common.IssuerCert, + auditlogger, + ) + + cmd.FailOnError(err, "Failed to create updater") + + for _, l := range updater.loops { + go func(loop *looper) { + err = loop.loop() + if err != nil { + auditlogger.AuditErr(err.Error()) + } + }(l) + } + + // Sleep forever (until signaled) + select {} } diff --git a/cmd/shell.go b/cmd/shell.go index de8243d0b..64c0e9391 100644 --- a/cmd/shell.go +++ b/cmd/shell.go @@ -97,9 +97,6 @@ func (as *AppShell) Run() { if config.Mailer.AMQP == nil { config.Mailer.AMQP = config.AMQP } - if config.OCSPUpdater.AMQP == nil { - config.OCSPUpdater.AMQP = config.AMQP - } if config.OCSPResponder.AMQP == nil { config.OCSPResponder.AMQP = config.AMQP } diff --git a/test/boulder-config-next.json b/test/boulder-config-next.json index c4a831068..a396263b8 100644 --- a/test/boulder-config-next.json +++ b/test/boulder-config-next.json @@ -45,43 +45,6 @@ "debugAddr": "localhost:8005" }, - "ocspUpdater": { - "dbConnectFile": "test/secrets/ocsp_updater_dburl", - "maxDBConns": 10, - "newCertificateWindow": "1s", - "oldOCSPWindow": "2s", - "missingSCTWindow": "1m", - "revokedCertificateWindow": "1s", - "newCertificateBatchSize": 1000, - "oldOCSPBatchSize": 5000, - "missingSCTBatchSize": 5000, - "revokedCertificateBatchSize": 1000, - "ocspMinTimeToExpiry": "72h", - "oldestIssuedSCT": "72h", - "signFailureBackoffFactor": 1.2, - "signFailureBackoffMax": "30m", - "debugAddr": "localhost:8006", - "publisher": { - "serverAddresses": ["boulder:9091"], - "serverIssuerPath": "test/grpc-creds/ca.pem", - "clientCertificatePath": "test/grpc-creds/client.pem", - "clientKeyPath": "test/grpc-creds/key.pem", - "timeout": "10s" - }, - "amqp": { - "serverURLFile": "test/secrets/amqp_url", - "insecure": true, - "SA": { - "server": "SA.server", - "rpcTimeout": "15s" - }, - "CA": { - "server": "CA.server", - "rpcTimeout": "15s" - } - } - }, - "mailer": { "server": "localhost", "port": "9380", diff --git a/test/boulder-config.json b/test/boulder-config.json index df8f1ee52..7c31c8dd7 100644 --- a/test/boulder-config.json +++ b/test/boulder-config.json @@ -46,40 +46,6 @@ "debugAddr": "localhost:8005" }, - "ocspUpdater": { - "dbConnectFile": "test/secrets/ocsp_updater_dburl", - "maxDBConns": 10, - "newCertificateWindow": "1s", - "oldOCSPWindow": "2s", - "missingSCTWindow": "1m", - "revokedCertificateWindow": "1s", - "newCertificateBatchSize": 1000, - "oldOCSPBatchSize": 5000, - "missingSCTBatchSize": 5000, - "revokedCertificateBatchSize": 1000, - "ocspMinTimeToExpiry": "72h", - "oldestIssuedSCT": "72h", - "signFailureBackoffFactor": 1.2, - "signFailureBackoffMax": "30m", - "debugAddr": "localhost:8006", - "amqp": { - "serverURLFile": "test/secrets/amqp_url", - "insecure": true, - "SA": { - "server": "SA.server", - "rpcTimeout": "15s" - }, - "CA": { - "server": "CA.server", - "rpcTimeout": "15s" - }, - "Publisher": { - "server": "Publisher.server", - "rpcTimeout": "15s" - } - } - }, - "mailer": { "server": "localhost", "port": "9380", diff --git a/test/config-next/ocsp-updater.json b/test/config-next/ocsp-updater.json new file mode 100644 index 000000000..ecd3b5fd7 --- /dev/null +++ b/test/config-next/ocsp-updater.json @@ -0,0 +1,60 @@ +{ + "ocspUpdater": { + "dbConnectFile": "test/secrets/ocsp_updater_dburl", + "maxDBConns": 10, + "newCertificateWindow": "1s", + "oldOCSPWindow": "2s", + "missingSCTWindow": "1m", + "revokedCertificateWindow": "1s", + "newCertificateBatchSize": 1000, + "oldOCSPBatchSize": 5000, + "missingSCTBatchSize": 5000, + "revokedCertificateBatchSize": 1000, + "ocspMinTimeToExpiry": "72h", + "oldestIssuedSCT": "72h", + "signFailureBackoffFactor": 1.2, + "signFailureBackoffMax": "30m", + "debugAddr": "localhost:8006", + "publisher": { + "serverAddresses": ["boulder:9091"], + "serverIssuerPath": "test/grpc-creds/ca.pem", + "clientCertificatePath": "test/grpc-creds/client.pem", + "clientKeyPath": "test/grpc-creds/key.pem", + "timeout": "10s" + }, + "amqp": { + "serverURLFile": "test/secrets/amqp_url", + "insecure": true, + "SA": { + "server": "SA.server", + "rpcTimeout": "15s" + }, + "CA": { + "server": "CA.server", + "rpcTimeout": "15s" + } + } + }, + + "statsd": { + "server": "localhost:8125", + "prefix": "Boulder" + }, + + "syslog": { + "stdoutlevel": 6, + "sysloglevel": 4 + }, + + "common": { + "issuerCert": "test/test-ca.pem", + "ct": { + "logs": [ + { + "uri": "http://127.0.0.1:4500", + "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYggOxPnPkzKBIhTacSYoIfnSL2jPugcbUKx83vFMvk5gKAz/AGe87w20riuPwEGn229hKVbEKHFB61NIqNHC3Q==" + } + ] + } + } +} \ No newline at end of file diff --git a/test/config/ocsp-updater.json b/test/config/ocsp-updater.json new file mode 100644 index 000000000..f29a98168 --- /dev/null +++ b/test/config/ocsp-updater.json @@ -0,0 +1,58 @@ +{ + "ocspUpdater": { + "dbConnectFile": "test/secrets/ocsp_updater_dburl", + "maxDBConns": 10, + "newCertificateWindow": "1s", + "oldOCSPWindow": "2s", + "missingSCTWindow": "1m", + "revokedCertificateWindow": "1s", + "newCertificateBatchSize": 1000, + "oldOCSPBatchSize": 5000, + "missingSCTBatchSize": 5000, + "revokedCertificateBatchSize": 1000, + "ocspMinTimeToExpiry": "72h", + "oldestIssuedSCT": "72h", + "signFailureBackoffFactor": 1.2, + "signFailureBackoffMax": "30m", + "debugAddr": "localhost:8006", + "amqp": { + "serverURLFile": "test/secrets/amqp_url", + "insecure": true, + "SA": { + "server": "SA.server", + "rpcTimeout": "15s" + }, + "CA": { + "server": "CA.server", + "rpcTimeout": "15s" + }, + "Publisher": { + "server": "Publisher.server", + "rpcTimeout": "15s" + } + } + }, + + "statsd": { + "server": "localhost:8125", + "prefix": "Boulder" + }, + + "syslog": { + "network": "", + "server": "", + "stdoutlevel": 6 + }, + + "common": { + "issuerCert": "test/test-ca.pem", + "ct": { + "logs": [ + { + "uri": "http://127.0.0.1:4500", + "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYggOxPnPkzKBIhTacSYoIfnSL2jPugcbUKx83vFMvk5gKAz/AGe87w20riuPwEGn229hKVbEKHFB61NIqNHC3Q==" + } + ] + } + } +} \ No newline at end of file