github.com/letsencrypt/boulder@v0.20251208.0/test/consul/config.hcl (about) 1 # Keep this file in sync with the ports bound in test/startservers.py 2 3 client_addr = "0.0.0.0" 4 bind_addr = "10.77.77.10" 5 log_level = "ERROR" 6 // When set, uses a subset of the agent's TLS configuration (key_file, 7 // cert_file, ca_file, ca_path, and server_name) to set up the client for HTTP 8 // or gRPC health checks. This allows services requiring 2-way TLS to be checked 9 // using the agent's credentials. 10 enable_agent_tls_for_checks = true 11 tls { 12 defaults { 13 ca_file = "test/certs/ipki/minica.pem" 14 ca_path = "test/certs/ipki/minica-key.pem" 15 cert_file = "test/certs/ipki/consul.boulder/cert.pem" 16 key_file = "test/certs/ipki/consul.boulder/key.pem" 17 verify_incoming = false 18 } 19 } 20 ui_config { 21 enabled = true 22 } 23 ports { 24 dns = 53 25 grpc_tls = 8503 26 } 27 28 services { 29 id = "email-exporter-a" 30 name = "email-exporter" 31 address = "10.77.77.77" 32 port = 9603 33 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 34 } 35 36 services { 37 id = "boulder-a" 38 name = "boulder" 39 address = "10.77.77.77" 40 } 41 42 services { 43 id = "boulder-a" 44 name = "boulder" 45 address = "10.77.77.77" 46 } 47 48 services { 49 id = "ca-a" 50 name = "ca" 51 address = "10.77.77.77" 52 port = 9393 53 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 54 } 55 56 services { 57 id = "ca-b" 58 name = "ca" 59 address = "10.77.77.77" 60 port = 9493 61 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 62 } 63 64 services { 65 id = "crl-storer-a" 66 name = "crl-storer" 67 address = "10.77.77.77" 68 port = 9309 69 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 70 } 71 72 services { 73 id = "dns-a" 74 name = "dns" 75 address = "10.77.77.77" 76 port = 8053 77 tags = ["udp"] // Required for SRV RR support in VA RVA. 78 } 79 80 services { 81 id = "dns-b" 82 name = "dns" 83 address = "10.77.77.77" 84 port = 8054 85 tags = ["udp"] // Required for SRV RR support in VA RVA. 86 } 87 88 services { 89 id = "doh-a" 90 name = "doh" 91 address = "10.77.77.77" 92 port = 8343 93 tags = ["tcp"] 94 } 95 96 services { 97 id = "doh-b" 98 name = "doh" 99 address = "10.77.77.77" 100 port = 8443 101 tags = ["tcp"] 102 } 103 104 # Unlike most components, we have two completely independent nonce services, 105 # simulating two sets of nonce servers running in two different datacenters: 106 # taro and zinc. 107 services { 108 id = "nonce-taro-a" 109 name = "nonce-taro" 110 address = "10.77.77.77" 111 port = 9301 112 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 113 } 114 115 services { 116 id = "nonce-taro-b" 117 name = "nonce-taro" 118 address = "10.77.77.77" 119 port = 9501 120 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 121 } 122 123 services { 124 id = "nonce-zinc" 125 name = "nonce-zinc" 126 address = "10.77.77.77" 127 port = 9401 128 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 129 } 130 131 services { 132 id = "publisher-a" 133 name = "publisher" 134 address = "10.77.77.77" 135 port = 9391 136 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 137 } 138 139 services { 140 id = "publisher-b" 141 name = "publisher" 142 address = "10.77.77.77" 143 port = 9491 144 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 145 } 146 147 services { 148 id = "ra-sct-provider-a" 149 name = "ra-sct-provider" 150 address = "10.77.77.77" 151 port = 9594 152 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 153 } 154 155 services { 156 id = "ra-sct-provider-b" 157 name = "ra-sct-provider" 158 address = "10.77.77.77" 159 port = 9694 160 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 161 } 162 163 services { 164 id = "ra-a" 165 name = "ra" 166 address = "10.77.77.77" 167 port = 9394 168 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 169 } 170 171 services { 172 id = "ra-b" 173 name = "ra" 174 address = "10.77.77.77" 175 port = 9494 176 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 177 } 178 179 services { 180 id = "rva1-a" 181 name = "rva1" 182 address = "10.77.77.77" 183 port = 9397 184 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 185 } 186 187 services { 188 id = "rva1-b" 189 name = "rva1" 190 address = "10.77.77.77" 191 port = 9498 192 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 193 } 194 195 services { 196 id = "rva1-c" 197 name = "rva1" 198 address = "10.77.77.77" 199 port = 9499 200 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 201 } 202 203 # TODO(#5294) Remove rva2-a/b in favor of rva1-a/b 204 services { 205 id = "rva2-a" 206 name = "rva2" 207 address = "10.77.77.77" 208 port = 9897 209 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 210 } 211 212 services { 213 id = "rva2-b" 214 name = "rva2" 215 address = "10.77.77.77" 216 port = 9998 217 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 218 } 219 220 services { 221 id = "sa-a" 222 name = "sa" 223 address = "10.77.77.77" 224 port = 9395 225 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 226 checks = [ 227 { 228 id = "sa-a-grpc" 229 name = "sa-a-grpc" 230 grpc = "10.77.77.77:9395" 231 grpc_use_tls = true 232 tls_server_name = "sa.boulder" 233 tls_skip_verify = false 234 interval = "2s" 235 }, 236 { 237 id = "sa-a-grpc-sa" 238 name = "sa-a-grpc-sa" 239 grpc = "10.77.77.77:9395/sa.StorageAuthority" 240 grpc_use_tls = true 241 tls_server_name = "sa.boulder" 242 tls_skip_verify = false 243 interval = "2s" 244 }, 245 { 246 id = "sa-a-grpc-saro" 247 name = "sa-a-grpc-saro" 248 grpc = "10.77.77.77:9395/sa.StorageAuthorityReadOnly" 249 grpc_use_tls = true 250 tls_server_name = "sa.boulder" 251 tls_skip_verify = false 252 interval = "2s" 253 } 254 ] 255 } 256 257 services { 258 id = "sa-b" 259 name = "sa" 260 address = "10.77.77.77" 261 port = 9495 262 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 263 checks = [ 264 { 265 id = "sa-b-grpc" 266 name = "sa-b-grpc" 267 grpc = "10.77.77.77:9495" 268 grpc_use_tls = true 269 tls_server_name = "sa.boulder" 270 tls_skip_verify = false 271 interval = "2s" 272 }, 273 { 274 id = "sa-b-grpc-sa" 275 name = "sa-b-grpc-sa" 276 grpc = "10.77.77.77:9495/sa.StorageAuthority" 277 grpc_use_tls = true 278 tls_server_name = "sa.boulder" 279 tls_skip_verify = false 280 interval = "2s" 281 }, 282 { 283 id = "sa-b-grpc-saro" 284 name = "sa-b-grpc-saro" 285 grpc = "10.77.77.77:9495/sa.StorageAuthorityReadOnly" 286 grpc_use_tls = true 287 tls_server_name = "sa.boulder" 288 tls_skip_verify = false 289 interval = "2s" 290 } 291 ] 292 } 293 294 services { 295 id = "va-a" 296 name = "va" 297 address = "10.77.77.77" 298 port = 9392 299 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 300 } 301 302 services { 303 id = "va-b" 304 name = "va" 305 address = "10.77.77.77" 306 port = 9492 307 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 308 } 309 310 services { 311 id = "bredis3" 312 name = "redisratelimits" 313 address = "10.77.77.4" 314 port = 4218 315 tags = ["tcp"] // Required for SRV RR support in DNS resolution. 316 } 317 318 services { 319 id = "bredis4" 320 name = "redisratelimits" 321 address = "10.77.77.5" 322 port = 4218 323 tags = ["tcp"] // Required for SRV RR support in DNS resolution. 324 } 325 326 // 327 // The following services are used for testing the gRPC DNS resolver in 328 // test/integration/srv_resolver_test.go and 329 // test/integration/testdata/srv-resolver-config.json. 330 // 331 332 // CaseOne config will have 2 SRV records. The first will have 0 backends, the 333 // second will have 1. 334 services { 335 id = "case1a" 336 name = "case1a" 337 address = "10.77.77.77" 338 port = 9301 339 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 340 checks = [ 341 { 342 id = "case1a-failing" 343 name = "case1a-failing" 344 http = "http://localhost:12345" // invalid url 345 method = "GET" 346 interval = "2s" 347 } 348 ] 349 } 350 351 services { 352 id = "case1b" 353 name = "case1b" 354 address = "10.77.77.77" 355 port = 9401 356 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 357 } 358 359 // CaseTwo config will have 2 SRV records. The first will not be configured in 360 // Consul, the second will have 1 backend. 361 services { 362 id = "case2b" 363 name = "case2b" 364 address = "10.77.77.77" 365 port = 9401 366 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 367 } 368 369 // CaseThree config will have 2 SRV records. Neither will be configured in 370 // Consul. 371 372 373 // CaseFour config will have 2 SRV records. Neither will have backends. 374 services { 375 id = "case4a" 376 name = "case4a" 377 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 378 address = "10.77.77.77" 379 port = 9301 380 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 381 checks = [ 382 { 383 id = "case4a-failing" 384 name = "case4a-failing" 385 http = "http://localhost:12345" // invalid url 386 method = "GET" 387 interval = "2s" 388 } 389 ] 390 } 391 392 services { 393 id = "case4b" 394 name = "case4b" 395 address = "10.77.77.77" 396 port = 9401 397 tags = ["tcp"] // Required for SRV RR support in gRPC DNS resolution. 398 checks = [ 399 { 400 id = "case4b-failing" 401 name = "case4b-failing" 402 http = "http://localhost:12345" // invalid url 403 method = "GET" 404 interval = "2s" 405 } 406 ] 407 }