From cd3bbf91ad76520e2dac4c149ade5103eb4796c2 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 10 Jan 2024 10:31:23 -0800 Subject: [PATCH] test: move SRV stanzas from config-next to config (#7243) Service discovery via SRV records is now deployed in prod. --- test/config/admin-revoker.json | 18 ++++++++--- test/config/bad-key-revoker.json | 11 +++++-- test/config/ca.json | 7 +++- test/config/crl-updater.json | 22 ++++++++++--- test/config/expiration-mailer.json | 7 +++- test/config/nonce-a.json | 5 ++- test/config/nonce-b.json | 5 ++- test/config/ocsp-responder.json | 14 ++++++-- test/config/ra.json | 42 ++++++++++++++++++++---- test/config/wfe2.json | 51 ++++++++++++++++++++++-------- 10 files changed, 145 insertions(+), 37 deletions(-) diff --git a/test/config/admin-revoker.json b/test/config/admin-revoker.json index f8038eb22..4e364e3db 100644 --- a/test/config/admin-revoker.json +++ b/test/config/admin-revoker.json @@ -10,13 +10,23 @@ "keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem" }, "raService": { - "serverAddress": "ra.service.consul:9094", - "timeout": "15s", - "hostOverride": "ra.boulder" + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ra", + "domain": "service.consul" + }, + "hostOverride": "ra.boulder", + "noWaitForReady": true, + "timeout": "15s" }, "saService": { - "serverAddress": "sa.service.consul:9095", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "sa", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "sa.boulder" }, "features": {} diff --git a/test/config/bad-key-revoker.json b/test/config/bad-key-revoker.json index 8ecfd85ad..941f20443 100644 --- a/test/config/bad-key-revoker.json +++ b/test/config/bad-key-revoker.json @@ -11,9 +11,14 @@ "keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem" }, "raService": { - "serverAddress": "ra.service.consul:9094", - "timeout": "15s", - "hostOverride": "ra.boulder" + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ra", + "domain": "service.consul" + }, + "hostOverride": "ra.boulder", + "noWaitForReady": true, + "timeout": "15s" }, "mailer": { "server": "localhost", diff --git a/test/config/ca.json b/test/config/ca.json index fc690b5d3..d623faebe 100644 --- a/test/config/ca.json +++ b/test/config/ca.json @@ -34,8 +34,13 @@ } }, "saService": { - "serverAddress": "sa.service.consul:9095", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "sa", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "sa.boulder" }, "issuance": { diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json index b312c6121..c5eb05ffb 100644 --- a/test/config/crl-updater.json +++ b/test/config/crl-updater.json @@ -1,24 +1,38 @@ { "crlUpdater": { - "debugAddr": ":8021", "tls": { "caCertFile": "test/grpc-creds/minica.pem", "certFile": "test/grpc-creds/crl-updater.boulder/cert.pem", "keyFile": "test/grpc-creds/crl-updater.boulder/key.pem" }, "saService": { - "serverAddress": "sa.service.consul:9095", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "sa", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "sa.boulder" }, "crlGeneratorService": { - "serverAddress": "ca.service.consul:9093", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ca", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "ca.boulder" }, "crlStorerService": { - "serverAddress": "crl-storer.service.consul:9109", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "crl-storer", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer.json index f5f320d30..9eaa6442e 100644 --- a/test/config/expiration-mailer.json +++ b/test/config/expiration-mailer.json @@ -22,8 +22,13 @@ "keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem" }, "saService": { - "serverAddress": "sa.service.consul:9095", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "sa", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "sa.boulder" }, "SMTPTrustedRootFile": "test/mail-test-srv/minica.pem", diff --git a/test/config/nonce-a.json b/test/config/nonce-a.json index 0e77516f4..70fdf15e0 100644 --- a/test/config/nonce-a.json +++ b/test/config/nonce-a.json @@ -1,7 +1,10 @@ { "NonceService": { "maxUsed": 131072, - "noncePrefix": "taro", + "useDerivablePrefix": true, + "noncePrefixKey": { + "passwordFile": "test/secrets/nonce_prefix_key" + }, "syslog": { "stdoutLevel": 6, "syslogLevel": 6 diff --git a/test/config/nonce-b.json b/test/config/nonce-b.json index 9472d7948..70fdf15e0 100644 --- a/test/config/nonce-b.json +++ b/test/config/nonce-b.json @@ -1,7 +1,10 @@ { "NonceService": { "maxUsed": 131072, - "noncePrefix": "zinc", + "useDerivablePrefix": true, + "noncePrefixKey": { + "passwordFile": "test/secrets/nonce_prefix_key" + }, "syslog": { "stdoutLevel": 6, "syslogLevel": 6 diff --git a/test/config/ocsp-responder.json b/test/config/ocsp-responder.json index eed32cc2c..8d5df0b0a 100644 --- a/test/config/ocsp-responder.json +++ b/test/config/ocsp-responder.json @@ -26,13 +26,23 @@ "keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem" }, "raService": { - "serverAddress": "ra.service.consul:9094", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ra", + "domain": "service.consul" + }, "hostOverride": "ra.boulder", + "noWaitForReady": true, "timeout": "15s" }, "saService": { - "serverAddress": "sa.service.consul:9095", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "sa", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "sa.boulder" }, "logSampleRate": 1, diff --git a/test/config/ra.json b/test/config/ra.json index c44bb9ece..9ff7d7023 100644 --- a/test/config/ra.json +++ b/test/config/ra.json @@ -24,33 +24,63 @@ "keyFile": "test/grpc-creds/ra.boulder/key.pem" }, "vaService": { - "serverAddress": "va.service.consul:9092", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "va", + "domain": "service.consul" + }, "timeout": "20s", + "noWaitForReady": true, "hostOverride": "va.boulder" }, "caService": { - "serverAddress": "ca.service.consul:9093", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ca", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "ca.boulder" }, "ocspService": { - "serverAddress": "ca.service.consul:9093", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ca", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "ca.boulder" }, "publisherService": { - "serverAddress": "publisher.service.consul:9091", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "publisher", + "domain": "service.consul" + }, "timeout": "300s", + "noWaitForReady": true, "hostOverride": "publisher.boulder" }, "saService": { - "serverAddress": "sa.service.consul:9095", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "sa", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "sa.boulder" }, "akamaiPurgerService": { - "serverAddress": "akamai-purger.service.consul:9099", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "akamai-purger", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "akamai-purger.boulder" }, "grpc": { diff --git a/test/config/wfe2.json b/test/config/wfe2.json index a53c95d87..ee3b86fe0 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json @@ -22,13 +22,23 @@ "keyFile": "test/grpc-creds/wfe.boulder/key.pem" }, "raService": { - "serverAddress": "ra.service.consul:9094", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "ra", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "ra.boulder" }, "saService": { - "serverAddress": "sa.service.consul:9095", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "sa", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "sa.boulder" }, "accountCache": { @@ -36,21 +46,34 @@ "ttl": "5s" }, "getNonceService": { - "serverAddress": "nonce.service.consul:9101", + "dnsAuthority": "consul.service.consul", + "srvLookup": { + "service": "nonce", + "domain": "service.consul" + }, "timeout": "15s", + "noWaitForReady": true, "hostOverride": "nonce.boulder" }, - "redeemNonceServices": { - "taro": { - "serverAddress": "nonce1.service.consul:9101", - "timeout": "15s", - "hostOverride": "nonce1.boulder" - }, - "zinc": { - "serverAddress": "nonce2.service.consul:9101", - "timeout": "15s", - "hostOverride": "nonce2.boulder" - } + "redeemNonceService": { + "dnsAuthority": "consul.service.consul", + "srvLookups": [ + { + "service": "nonce1", + "domain": "service.consul" + }, + { + "service": "nonce2", + "domain": "service.consul" + } + ], + "srvResolver": "nonce-srv", + "timeout": "15s", + "noWaitForReady": true, + "hostOverride": "nonce.boulder" + }, + "noncePrefixKey": { + "passwordFile": "test/secrets/nonce_prefix_key" }, "chains": [ [