Split up boulder-config.json (VA) (#1979)

2016-07-01 10:06:50 -07:00 · 2016-07-01 10:06:50 -07:00 · bea8e57536
parent 21e0b3bdc7
commit bea8e57536
7 changed files with 247 additions and 192 deletions
--- a/cmd/boulder-va/main.go
+++ b/cmd/boulder-va/main.go
@ -1,6 +1,8 @@
 package main

 import (
+	"flag"
+	"os"
 	"time"

 	"github.com/jmhodges/clock"
@ -10,7 +12,6 @@ import (
 	"github.com/letsencrypt/boulder/cmd"
 	caaPB "github.com/letsencrypt/boulder/cmd/caa-checker/proto"
 	bgrpc "github.com/letsencrypt/boulder/grpc"
-	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/metrics"
 	"github.com/letsencrypt/boulder/rpc"
 	"github.com/letsencrypt/boulder/va"
@ -18,105 +19,158 @@ import (

 const clientName = "VA"

-func main() {
-	app := cmd.NewAppShell("boulder-va", "Handles challenge validation")
-	app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
-		go cmd.DebugServer(c.VA.DebugAddr)
+type config struct {
+	VA struct {
+		cmd.ServiceConfig

-		go cmd.ProfileCmd("VA", stats)
+		UserAgent string

-		pc := &cmd.PortConfig{
-			HTTPPort:  80,
-			HTTPSPort: 443,
-			TLSPort:   443,
-		}
-		if c.VA.PortConfig.HTTPPort != 0 {
-			pc.HTTPPort = c.VA.PortConfig.HTTPPort
-		}
-		if c.VA.PortConfig.HTTPSPort != 0 {
-			pc.HTTPSPort = c.VA.PortConfig.HTTPSPort
-		}
-		if c.VA.PortConfig.TLSPort != 0 {
-			pc.TLSPort = c.VA.PortConfig.TLSPort
-		}
-		var caaClient caaPB.CAACheckerClient
-		if c.VA.CAAService != nil {
-			conn, err := bgrpc.ClientSetup(c.VA.CAAService)
-			cmd.FailOnError(err, "Failed to load credentials and create connection to service")
-			caaClient = caaPB.NewCAACheckerClient(conn)
-		}
-		scoped := metrics.NewStatsdScope(stats, "VA", "DNS")
-		sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing)
-		var cdrClient *cdr.CAADistributedResolver
-		if c.VA.CAADistributedResolver != nil {
-			var err error
-			cdrClient, err = cdr.New(
-				scoped,
-				c.VA.CAADistributedResolver.Timeout.Duration,
-				c.VA.CAADistributedResolver.MaxFailures,
-				c.VA.CAADistributedResolver.Proxies,
-				logger,
-			)
-			cmd.FailOnError(err, "Failed to create CAADistributedResolver")
-		}
-		dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
-		cmd.FailOnError(err, "Couldn't parse DNS timeout")
-		dnsTries := c.VA.DNSTries
-		if dnsTries < 1 {
-			dnsTries = 1
-		}
-		clk := clock.Default()
-		caaSERVFAILExceptions, err := bdns.ReadHostList(c.VA.CAASERVFAILExceptions)
-		cmd.FailOnError(err, "Couldn't read CAASERVFAILExceptions file")
-		var resolver bdns.DNSResolver
-		if !c.Common.DNSAllowLoopbackAddresses {
-			r := bdns.NewDNSResolverImpl(
-				dnsTimeout,
-				[]string{c.Common.DNSResolver},
-				caaSERVFAILExceptions,
-				scoped,
-				clk,
-				dnsTries)
-			r.LookupIPv6 = c.VA.LookupIPv6
-			resolver = r
-		} else {
-			r := bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
-			r.LookupIPv6 = c.VA.LookupIPv6
-			resolver = r
-		}
-		vai := va.NewValidationAuthorityImpl(
-			pc,
-			sbc,
-			caaClient,
-			cdrClient,
-			resolver,
-			c.VA.UserAgent,
-			c.VA.IssuerDomain,
-			stats,
-			clk,
-			logger)
+		IssuerDomain string

-		amqpConf := c.VA.AMQP
+		PortConfig cmd.PortConfig

-		if c.VA.GRPC != nil {
-			s, l, err := bgrpc.NewServer(c.VA.GRPC, metrics.NewStatsdScope(stats, "VA"))
-			cmd.FailOnError(err, "Unable to setup VA gRPC server")
-			err = bgrpc.RegisterValidationAuthorityGRPCServer(s, vai)
-			cmd.FailOnError(err, "Unable to register VA gRPC server")
-			go func() {
-				err = s.Serve(l)
-				cmd.FailOnError(err, "VA gRPC service failed")
-			}()
-		}
+		MaxConcurrentRPCServerRequests int64

-		vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, stats, logger)
-		cmd.FailOnError(err, "Unable to create VA RPC server")
-		err = rpc.NewValidationAuthorityServer(vas, vai)
-		cmd.FailOnError(err, "Unable to setup VA RPC server")
+		LookupIPv6 bool

-		err = vas.Start(amqpConf)
-		cmd.FailOnError(err, "Unable to run VA RPC server")
+		GoogleSafeBrowsing *cmd.GoogleSafeBrowsingConfig
+
+		CAAService *cmd.GRPCClientConfig
+
+		CAADistributedResolver *cmd.CAADistributedResolverConfig
+
+		// The number of times to try a DNS query (that has a temporary error)
+		// before giving up. May be short-circuited by deadlines. A zero value
+		// will be turned into 1.
+		DNSTries int
+
+		// Feature flag to enable enforcement of CAA SERVFAILs.
+		CAASERVFAILExceptions string
 	}

-	app.Run()
+	Statsd cmd.StatsdConfig
+
+	Syslog cmd.SyslogConfig
+
+	Common struct {
+		DNSResolver               string
+		DNSTimeout                string
+		DNSAllowLoopbackAddresses bool
+	}
+}
+
+func main() {
+	configFile := flag.String("config", "", "File path to the configuration file for this service")
+	flag.Parse()
+	if *configFile == "" {
+		flag.Usage()
+		os.Exit(1)
+	}
+
+	var c config
+	err := cmd.ReadJSONFile(*configFile, &c)
+	cmd.FailOnError(err, "Reading JSON config file into config structure")
+
+	go cmd.DebugServer(c.VA.DebugAddr)
+
+	stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
+	defer logger.AuditPanic()
+	logger.Info(cmd.VersionString(clientName))
+
+	go cmd.ProfileCmd("VA", stats)
+
+	pc := &cmd.PortConfig{
+		HTTPPort:  80,
+		HTTPSPort: 443,
+		TLSPort:   443,
+	}
+	if c.VA.PortConfig.HTTPPort != 0 {
+		pc.HTTPPort = c.VA.PortConfig.HTTPPort
+	}
+	if c.VA.PortConfig.HTTPSPort != 0 {
+		pc.HTTPSPort = c.VA.PortConfig.HTTPSPort
+	}
+	if c.VA.PortConfig.TLSPort != 0 {
+		pc.TLSPort = c.VA.PortConfig.TLSPort
+	}
+
+	var caaClient caaPB.CAACheckerClient
+	if c.VA.CAAService != nil {
+		conn, err := bgrpc.ClientSetup(c.VA.CAAService)
+		cmd.FailOnError(err, "Failed to load credentials and create connection to service")
+		caaClient = caaPB.NewCAACheckerClient(conn)
+	}
+
+	scoped := metrics.NewStatsdScope(stats, "VA", "DNS")
+	sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing)
+
+	var cdrClient *cdr.CAADistributedResolver
+	if c.VA.CAADistributedResolver != nil {
+		var err error
+		cdrClient, err = cdr.New(
+			scoped,
+			c.VA.CAADistributedResolver.Timeout.Duration,
+			c.VA.CAADistributedResolver.MaxFailures,
+			c.VA.CAADistributedResolver.Proxies,
+			logger)
+		cmd.FailOnError(err, "Failed to create CAADistributedResolver")
+	}
+
+	dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
+	cmd.FailOnError(err, "Couldn't parse DNS timeout")
+	dnsTries := c.VA.DNSTries
+	if dnsTries < 1 {
+		dnsTries = 1
+	}
+	clk := clock.Default()
+	caaSERVFAILExceptions, err := bdns.ReadHostList(c.VA.CAASERVFAILExceptions)
+	cmd.FailOnError(err, "Couldn't read CAASERVFAILExceptions file")
+	var resolver bdns.DNSResolver
+	if !c.Common.DNSAllowLoopbackAddresses {
+		r := bdns.NewDNSResolverImpl(
+			dnsTimeout,
+			[]string{c.Common.DNSResolver},
+			caaSERVFAILExceptions,
+			scoped,
+			clk,
+			dnsTries)
+		r.LookupIPv6 = c.VA.LookupIPv6
+		resolver = r
+	} else {
+		r := bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
+		r.LookupIPv6 = c.VA.LookupIPv6
+		resolver = r
+	}
+
+	vai := va.NewValidationAuthorityImpl(
+		pc,
+		sbc,
+		caaClient,
+		cdrClient,
+		resolver,
+		c.VA.UserAgent,
+		c.VA.IssuerDomain,
+		stats,
+		clk,
+		logger)
+
+	amqpConf := c.VA.AMQP
+	if c.VA.GRPC != nil {
+		s, l, err := bgrpc.NewServer(c.VA.GRPC, metrics.NewStatsdScope(stats, "VA"))
+		cmd.FailOnError(err, "Unable to setup VA gRPC server")
+		err = bgrpc.RegisterValidationAuthorityGRPCServer(s, vai)
+		cmd.FailOnError(err, "Unable to register VA gRPC server")
+		go func() {
+			err = s.Serve(l)
+			cmd.FailOnError(err, "VA gRPC service failed")
+		}()
+	}
+
+	vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, stats, logger)
+	cmd.FailOnError(err, "Unable to create VA RPC server")
+	err = rpc.NewValidationAuthorityServer(vas, vai)
+	cmd.FailOnError(err, "Unable to setup VA RPC server")
+
+	err = vas.Start(amqpConf)
+	cmd.FailOnError(err, "Unable to run VA RPC server")
 }
--- a/cmd/config.go
+++ b/cmd/config.go
@ -25,34 +25,6 @@ type Config struct {
 	// TODO(jsha): Delete this after a deploy.
 	AMQP *AMQPConfig

-	VA struct {
-		ServiceConfig
-
-		UserAgent string
-
-		IssuerDomain string
-
-		PortConfig PortConfig
-
-		MaxConcurrentRPCServerRequests int64
-
-		LookupIPv6 bool
-
-		GoogleSafeBrowsing *GoogleSafeBrowsingConfig
-
-		CAAService *GRPCClientConfig
-
-		CAADistributedResolver *CAADistributedResolverConfig
-
-		// The number of times to try a DNS query (that has a temporary error)
-		// before giving up. May be short-circuited by deadlines. A zero value
-		// will be turned into 1.
-		DNSTries int
-
-		// Feature flag to enable enforcement of CAA SERVFAILs.
-		CAASERVFAILExceptions string
-	}
-
 	Statsd StatsdConfig

 	Syslog SyslogConfig
--- a/cmd/shell.go
+++ b/cmd/shell.go
@ -94,12 +94,6 @@ func (as *AppShell) Run() {
 		}

 		// Provide default values for each service's AMQP config section.
-		if config.VA.AMQP == nil {
-			config.VA.AMQP = config.AMQP
-			if config.VA.AMQP != nil && config.AMQP.VA != nil {
-				config.VA.AMQP.ServiceQueue = config.AMQP.VA.Server
-			}
-		}
 		if config.Mailer.AMQP == nil {
 			config.Mailer.AMQP = config.AMQP
 		}
--- a/test/boulder-config-next.json
+++ b/test/boulder-config-next.json
@ -17,48 +17,6 @@
    }
  },

-  "va": {
-    "CAASERVFAILExceptions": "test/caa-servfail-exceptions.txt",
-    "userAgent": "boulder",
-    "debugAddr": "localhost:8004",
-    "portConfig": {
-      "httpPort": 5002,
-      "httpsPort": 5001,
-      "tlsPort": 5001
-    },
-    "lookupIPV6": true,
-    "maxConcurrentRPCServerRequests": 16,
-    "dnsTries": 3,
-    "issuerDomain": "happy-hacker-ca.invalid",
-    "caaService": {
-      "serverAddresses": ["boulder:9090"],
-      "serverIssuerPath": "test/grpc-creds/ca.pem",
-      "clientCertificatePath": "test/grpc-creds/client.pem",
-      "clientKeyPath": "test/grpc-creds/key.pem"
-    },
-    "caaPublicResolver": {
-        "timeout": "10s",
-        "keepalive": "30s",
-        "maxFailures": 1,
-        "proxies": []
-    },
-    "grpc": {
-      "address": "boulder:9092",
-      "serverCertificatePath": "test/grpc-creds/server.pem",
-      "serverKeyPath": "test/grpc-creds/key.pem",
-      "clientIssuerPath": "test/grpc-creds/ca.pem"
-    },
-    "amqp": {
-      "serverURLFile": "test/secrets/amqp_url",
-      "insecure": true,
-      "serviceQueue": "VA.server",
-      "RA": {
-        "server": "RA.server",
-        "rpcTimeout": "15s"
-      }
-    }
-  },
-
  "revoker": {
    "dbConnectFile": "test/secrets/revoker_dburl",
    "maxDBConns": 1,
--- a/test/boulder-config.json
+++ b/test/boulder-config.json
@ -18,28 +18,6 @@
    }
  },

-  "va": {
-    "userAgent": "boulder",
-    "debugAddr": "localhost:8004",
-    "portConfig": {
-      "httpPort": 5002,
-      "httpsPort": 5001,
-      "tlsPort": 5001
-    },
-    "maxConcurrentRPCServerRequests": 16,
-    "dnsTries": 3,
-    "issuerDomain": "happy-hacker-ca.invalid",
-    "amqp": {
-      "serverURLFile": "test/secrets/amqp_url",
-      "insecure": true,
-      "serviceQueue": "VA.server",
-      "RA": {
-        "server": "RA.server",
-        "rpcTimeout": "15s"
-      }
-    }
-  },
-
  "revoker": {
    "dbConnectFile": "test/secrets/revoker_dburl",
    "maxDBConns": 1,
--- a/test/config-next/va.json
+++ b/test/config-next/va.json
@ -0,0 +1,59 @@
+{
+  "va": {
+    "CAASERVFAILExceptions": "test/caa-servfail-exceptions.txt",
+    "userAgent": "boulder",
+    "debugAddr": "localhost:8004",
+    "portConfig": {
+      "httpPort": 5002,
+      "httpsPort": 5001,
+      "tlsPort": 5001
+    },
+    "lookupIPV6": true,
+    "maxConcurrentRPCServerRequests": 16,
+    "dnsTries": 3,
+    "issuerDomain": "happy-hacker-ca.invalid",
+    "caaService": {
+      "serverAddresses": ["boulder:9090"],
+      "serverIssuerPath": "test/grpc-creds/ca.pem",
+      "clientCertificatePath": "test/grpc-creds/client.pem",
+      "clientKeyPath": "test/grpc-creds/key.pem"
+    },
+    "caaPublicResolver": {
+        "timeout": "10s",
+        "keepalive": "30s",
+        "maxFailures": 1,
+        "proxies": []
+    },
+    "grpc": {
+      "address": "boulder:9092",
+      "serverCertificatePath": "test/grpc-creds/server.pem",
+      "serverKeyPath": "test/grpc-creds/key.pem",
+      "clientIssuerPath": "test/grpc-creds/ca.pem"
+    },
+    "amqp": {
+      "serverURLFile": "test/secrets/amqp_url",
+      "insecure": true,
+      "serviceQueue": "VA.server",
+      "RA": {
+        "server": "RA.server",
+        "rpcTimeout": "15s"
+      }
+    }
+  },
+
+  "statsd": {
+    "server": "localhost:8125",
+    "prefix": "Boulder"
+  },
+
+  "syslog": {
+    "stdoutlevel": 6,
+    "sysloglevel": 4
+  },
+
+  "common": {
+    "dnsResolver": "127.0.0.1:8053",
+    "dnsTimeout": "10s",
+    "dnsAllowLoopbackAddresses": true
+  }
+}
--- a/test/config/va.json
+++ b/test/config/va.json
@ -0,0 +1,40 @@
+{
+  "va": {
+    "userAgent": "boulder",
+    "debugAddr": "localhost:8004",
+    "portConfig": {
+      "httpPort": 5002,
+      "httpsPort": 5001,
+      "tlsPort": 5001
+    },
+    "maxConcurrentRPCServerRequests": 16,
+    "dnsTries": 3,
+    "issuerDomain": "happy-hacker-ca.invalid",
+    "amqp": {
+      "serverURLFile": "test/secrets/amqp_url",
+      "insecure": true,
+      "serviceQueue": "VA.server",
+      "RA": {
+        "server": "RA.server",
+        "rpcTimeout": "15s"
+      }
+    }
+  },
+
+  "statsd": {
+    "server": "localhost:8125",
+    "prefix": "Boulder"
+  },
+
+  "syslog": {
+    "network": "",
+    "server": "",
+    "stdoutlevel": 6
+  },
+
+  "common": {
+    "dnsResolver": "127.0.0.1:8053",
+    "dnsTimeout": "10s",
+    "dnsAllowLoopbackAddresses": true
+  }
+}